RE: Best TAC Services from Equipment Vendors

[John van Oppen]

That honestly is what my experience used to be but this has not been my 
observation recently, even when we as a large NSP provide all detail and 
literally ask about possible bugs.

From: NANOG  On Behalf Of Joel Esler
Sent: Thursday, March 7, 2024 11:46 AM
To: Pascal Masha 
Cc: nanog 
Subject: Re: Best TAC Services from Equipment Vendors

It may be a pain in the butt to get Cisco equipment, but their TAC is sublime.  
If something is critical enough, and you push hard enough, Cisco will move 
heaven and earth to solve your issue.

RE: Internet Exchange Visualization

[John van Oppen]

I've always been a little less harsh than What Jared mentions, but my theory is 
like within say 5-7 ms is probably reasonable as long as the endpoint is closer 
than the next major IX both are present on.   I don't really know what folks 
think they are getting by peering across the world. I think this might be 
one of those vanity peering type situations instead of any real technical 
justification.   I have a hard time understanding how it would not often make 
routing worse.

John

RE: Do ISP's collect and analyze traffic of users?

[John van Oppen]

As a decent sized north American ISP I think I need totally agree with this 
post.There simply is not any economically justifiable reason to collect 
customer data, doing so is expensive, and unless you are trying to traffic 
shape like a cell carrier has zero economic benefit. In our case we do 
1:4000 netflow samples and that is literally it, we use that data for peering 
analytics and failure modeling.

This is true for both large ISPs I've been involved with and in both cases I 
would have overseen the policy.

What I see in this thread is a bunch of folks guessing that clearly have not 
been involved in large eyeball ISP operations.


-Original Message-
From: NANOG  On Behalf Of Saku Ytti
Sent: Tuesday, May 16, 2023 7:56 AM
To: Tom Beecher 
Cc: nanog@nanog.org
Subject: Re: Do ISP's collect and analyze traffic of users?

I can't tell what large is. But I've worked for enterprise ISP and consumer 
ISPs, and none of the shops I worked for had capability to monetise information 
they had. And the information they had was increasingly low resolution. 
Infraprovider are notoriously bad even monetising their infra.

I'm sure do monetise. But generally service providers are not interesting or 
have active shareholders, so very little pressure to make more money, hence 
firesales happen all the time due infrastructure increasingly seen as a 
liability, not an asset. They are generally boring companies and internally no 
one has incentive to monetise data, as it wouldn't improve their personal 
compensation. And regulations like GDPR create problems people rather not 
solve, unless pressured.

Technically most people started 20 years ago with some netflow sampling ratio, 
and they still use the same sampling ratio, despite many orders of magnitude 
more packets. Meaning previously the share of flows captured was magnitude 
higher than today, and today only very few flows are seen in very typical 
applications, and netflow is largely for volumetric ddos and high level 
ingressAS=>egressAS metrics.

Hardware offered increasingly does IPFIX as if it was sflow, that is,
0 cache, immediately exported after sampled, because you'd need like
1:100 or higher resolution, to have any significant luck in hitting the same 
flow twice. PTX has stopped supporting flow-cache entirely because of this, at 
the sampling rate where cache would do something, the cache would overflow.

Of course there are other monetisation opportunities via other mechanism than 
data-in-the-wire, like DNS


On Tue, 16 May 2023 at 15:57, Tom Beecher  wrote:
>
> Two simple rules for most large ISPs.
>
> 1. If they can see it, as long as they are not legally prohibited, they'll 
> collect it.
> 2. If they can legally profit from that information, in any way, they will.
>
> Now, ther privacy policies will always include lots of nice sounding clauses, 
> such as 'We don't see your personally identifiable information'. This of 
> course allows them to sell 'anonymized' sets of that data, which sounds great 
> , except as researchers have proven, it's pretty trivial to scoop up 
> multiple, discrete anonymized data sets, and cross reference to identify 
> individuals. Netflow data may not be as directly 'valuable' as other types of 
> data, but it can be used in the blender too.
>
> Information is the currency of the realm.
>
>
>
> On Mon, May 15, 2023 at 7:00 PM Michael Thomas  wrote:
>>
>>
>> And maybe try to monetize it? I'm pretty sure that they can be 
>> compelled to do that, but do they do it for their own reasons too? Or 
>> is this way too much overhead to be doing en mass? (I vaguely recall 
>> that netflow, for example, can make routers unhappy if there is too much 
>> "flow").
>>
>> Obviously this is likely to depend on local laws but since this is 
>> NANOG we can limit it to here.
>>
>> Mike
>>


--
  ++ytti

RE: Seattle NANOG 88 things to see

[John van Oppen]

I'm also willing to try and fit in a few real CO tours around the event if 
people are so inclined.   We operate the ILEC territory to both the north and 
east of the venue and it is somewhat unique as it is former GTE territory and 
not bell system.

I also recommend the telecom museum. 

-Original Message-
From: NANOG  On Behalf Of William 
Herrin
Sent: Wednesday, May 31, 2023 4:59 PM
To: nanog@nanog.org
Subject: Seattle NANOG 88 things to see

Howdy,

We're a couple weeks out from NANOG 88 so I thought I'd repost a list of things 
I think folks with computer and engineering backgrounds might enjoy doing up 
here in Seattle.

1. The Connections Museum is a must-see for telecom enthusiasts (which I assume 
you are since you're attending a NANOG meeting). Six different phone switches 
(some electromechanical) and a boatload of other telecom stuff taking up a 
floor and a half of a "central office"
building. In good working order. You can see and, to some extent, touch. 
https://www.telcomhistory.org/connections-museum-seattle/

Beware: It's only open on Sundays from 10 am to 3 pm, so if you want to check 
it out, you'll have to come in early for it.


2. The monorail (https://www.seattlemonorail.com/) is a well maintained 
German-engineered 1960s vision of the future. Departs from Westlake Center 
about 3 blocks from the hotel. Runs to the Space Needle and MoPop (the Museum 
of Popular Culture) which are also worth seeing. Both the monorail and space 
needle were built for the 1962 World's Fair. Buy tickets for the Space Needle 
the day before. Sunset is particularly nice.


3. Snoqualmie Falls Hydroelectric Museum and power plant 
https://www.pse.com/en/pages/tours-and-recreation/snoqualmie-tours

Beware that Snoqualmie Falls is a half hour or so outside of the city.


4. Northwest Railway Museum (also near Snoqualmie Falls) 
https://www.trainmuseum.org/


5.  Museum of Flight (this is Boeing's home town, so it's a high quality 
aircraft museum) https://www.museumofflight.org/


6. Pike Place Market, about 10 blocks from the hotel, is a Seattle icon.


7. Mt. Rainer, if you want to check it out, is a full-day trip: 2.5 hours to 
get there, 2.5 hours to get back plus the time you spend in the park. They 
finally cleared the snow from the roads last weekend so it's open but it's too 
far to catch it in an afternoon. Decent odds of getting a shirtsleeves on the 
snow pack picture like this one:
https://bill.herrin.us/pictures/20210627-rainier/img-20210627-145745.jpg

If you've been to Rainier before, Diablo Lake, Cascades National Park and 
Washington Pass in the opposite direction are also beautiful.



Some things to know about Seattle:

* Summer weather is good weather in Seattle. Expect sunshine, mild to warm 
temperatures in the day, crisp in the morning. Light if any rain.
5 am sunrise, 9 pm sunset.

* Downtown Seattle parking spaces are super-tight. If you rent a car, get a 
small one.

* Seattle is -very- dog friendly. You'll encounter our generally well-behaved 
canine companions on the street, in stores and possibly even in the hotel and 
event venues. Pack your allergy medication if you need it.


Regards,
Bill Herrin

--
William Herrin
b...@herrin.us
https://bill.herrin.us/

RE: Increasing problems with geolocation/IPv4 access

[John van Oppen]

Honestly, the only way I’ve found to fix this is completely fill it with 
subscribers off a BNG and give support a script about what to tell customers.

I’ve had folks literally get the wrong TV channels because we assign unused 
blocks in Portland Oregon out of our parent large aggrigates and the geo folks 
have our whois address in the seattle area so give them seattle channels.
God forbid these OTT folks just design the product right and use the verified 
billing zip code on the account or something else that actually is 
authoritative.

From: NANOG  On Behalf Of Josh 
Luthman
Sent: Monday, January 23, 2023 1:09 PM
To: Jared Mauch 
Cc: nanog 
Subject: Re: Increasing problems with geolocation/IPv4 access

Every block I've gotten I just went through TheBrothersWisp geo location page 
and just had them fix their information.  This includes virgin and re-issued 
blocks from ARIN.

I've had a couple of random issues like Hulu thinking I'm a VPN, PSN blocking a 
/24 because a /32 failed his password too many times, and various streaming 
issues of which I tell customers to complain to the streaming provider because 
all of the other ones work.

On Fri, Jan 20, 2023 at 7:32 PM Jared Mauch 
mailto:ja...@puck.nether.net>> wrote:
I’ve been seeing an increasing problem with IP space not having the ability to 
be used due to the behaviors of either geolocation or worse, people blocking IP 
space after it’s been in-use for a period of time.

Before I go back to someone at ARIN and say “your shiny unused 4.10 IP space” 
is non-functional and am at a place where I need to start/restart/respawn the 
timer, I have a few questions for people:

1) Do you see 23.138.114.0/24 in any feeds from a 
security provider that say it can/should be blocked?  If so, I’d love to hear 
from you to track this down.  Over the new year we had some local schools start 
to block this IP space.

2) many companies have geolocation feeds and services that exist and pull in 
data.  The reputable people are easy to find, there are those that are 
problematic from time-to-time (I had a few customers leave Sling due to the 
issues with that service).

3) Have you had similar issues?  How are you chasing all the issues?  We’ve 
seen things from everything works except uploading check images to banks, to 
other financial service companies block the space our customers are in.  If we 
move them to another range this solves the problem.

4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.

5) IRR+geofeed are published of course.  I’m thinking that it might be 
worthwhile that IP space have published placeholders when it’s well understood, 
eg: ARIN 4.9 space, I can predict what our next allocation would be, it would 
be great to have it be pre-warmed.

I’ve only seen a few complaints against all our IP space over time, so I don’t 
think there’s anything malicious coming from the IP space to justify it, but 
it’s also possible they didn’t make it through.

If you’re with the FKA Savvis side, can you also ping me, I’d like to see if 
you can reach out to our most recent complaint source to see if we can find who 
is publishing this.  Same if you’re with Merit or the Michigan Statewide 
Educational Network - your teachers stopped being able to post to powerschool 
for their students over the new year break.  They’ve fed it up to their tech 
people towards the ISD.  Details available off-list.

Any insights are welcome, and as I said, I’d like to understand where the 
source list is as it starts out working then gradually breaks, so someone is 
publishing things and they are going out further.

- Jared

RE: Typical last mile battery runtime (protecting against power cuts)

[John van Oppen]

20 KW should easily cover the 9KW you could max draw with your strip heat.   It 
is super uncommon to have even peak loads over 20 KW in a house.   Even your 
peak day was only an average of 6 KW.

You might need some load shedding just to keep the big stuff from coming on all 
at once but that is pretty easy.   If you have instant hot water that also 
could be a problem those are huge, typically 15-20 KW by themselves. 

-Original Message-
From: NANOG  On Behalf Of Roy
Sent: Saturday, February 4, 2023 10:56 PM
To: Mark Tinka ; nanog@nanog.org
Subject: Re: Typical last mile battery runtime (protecting against power cuts)

On 2/4/2023 9:31 PM, Mark Tinka wrote:
>
>
> On 2/5/23 07:02, Roy wrote:
>
>>
>> My all electric house is in a rural area.  The generator that came 
>> with the place is a 20KW Onan,  The bad news is in can't handle the 
>> house.  I think it is the Aux Heat on the heat pump that is the 
>> problem.  I have to also power the well pump and the septic pump.
>
> Is your house single or 3-phase?

Single phase.  The house is 200A service and the barn is another 200A service

>
> I'd be curious how much horsepower your well and septic pumps require. 
> The most I've seen is 15hp @ 11kW, but that is pretty massive for an 
> average home, even an off-grid one. Typical requirements would be in 
> 0.75kW - 5kW range, which is a wide range.
>
> Do you know how much power the heat pump requires?

I don't know how much the pumps require.  The water well is about 100 feet from 
the house and the pressure tank.

The septic pump has to pump uphill to the drainage field.  Distance is about 
250 feet and elevation gain of 100 feet or so.

The heat pump doesn't seem to be a problem but the aux heat is on two 20amp 
220v circuits.   There is a switch on the fan enclosure to disable the aux heat.

Another biggie is the electric hot water heater.

On 1/30 it never broke 32 degrees and the house used 145KWHR (average was 
6KWH).  Thank goodness I am not far from the Columbia River and the BPA has a 
major substation about 5 miles away so I pay less than 10 cents per KWH

Over 2022, I lost power about 8 times.  The longest outage was 15 hours.


>
> I'd struggle to see how a 20kW generator struggles to to run a home, 
> unless you've also got heated floors, saunas, steam baths, water and 
> space heaters, electric stoves and ovens all running at the same time 
> :-).
>
> Mark.

RE: Frontier Dark Fiber

[John van Oppen]

When working with ILECs it is important to differentiate what must be offered 
via ICAs and what is offered commercially.  We for example sell a ton 
commercially but effectively none through our interconnection agreements 
anymore.

(we being Ziply Fiber in WA/OR/ID/MT)


From: NANOG  On Behalf Of Mike 
Hammett
Sent: Friday, July 22, 2022 2:24 PM
To: Paul Timmins 
Cc: nanog@nanog.org
Subject: Re: Frontier Dark Fiber

Here's the list of CLLI codes where you're no longer able to order dark fiber:


https://www.fcc.gov/clli-code-list


It seems odd as I look through there, finding COs with no competitive fiber and 
yet, they're on the list.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Paul Timmins" 
To: nanog@nanog.org
Sent: Thursday, July 14, 2022 1:45:37 PM
Subject: Re: Frontier Dark Fiber

Your rights under the ICA are dead. Since 2002 you were only able to order it 
if one end was in a tier 3 wirecenter, and it was killed in 2021 as an 
orderable product.



https://www.federalregister.gov/documents/2021/01/08/2020-25254/modernizing-unbundling-and-resale-requirements-in-an-era-of-next-generation-networks-and-services



There's an 8 year transition for existing unbundled dark fiber (February 28, 
2029). Dark fiber loops were dead in 2002 under the TRRO.






On 7/13/22 07:45, Mike Hammett wrote:
Oh, and I forgot to mention that my ICA has it.


-
Mike Hammett
Intelligent Computing Solutions
[Image removed by sender.][Image removed by 
sender.][Image 
removed by 
sender.][Image
 removed by sender.]
Midwest Internet Exchange
[Image removed by sender.][Image removed by 
sender.][Image 
removed by sender.]
The Brothers WISP
[Image removed by sender.][Image 
removed by sender.]

From: "Mike Hammett" 
To: nanog@nanog.org
Sent: Wednesday, July 13, 2022 6:40:47 AM
Subject: Frontier Dark Fiber
I'm looking for a contact at Frontier that can discuss dark fiber.

My current account exec says they don't offer it, yet prior conversations with 
him and a previous SE revealed that they very much did (just didn't have 
availability on the paths I wanted at the time).

Their web site highlights it fairly proudly.


I'm aware that availability varies.

I'm aware that they likely don't want to sell it.



-
Mike Hammett
Intelligent Computing Solutions
[Image removed by sender.][Image removed by 
sender.][Image 
removed by 
sender.][Image
 removed by sender.]
Midwest Internet Exchange
[Image removed by sender.][Image removed by 
sender.][Image 
removed by sender.]
The Brothers WISP
[Image removed by sender.][Image 
removed by sender.]

RE: Reminder: Never connect a generator to home wiring without transfer switch

[John van Oppen]

I told my wife that she is my critical load as such I like to treat our place 
like a datacenter.   House wide UPS for all lights and all bedroom and office 
outlets, large generator system, ATS and lots of fuel.   Last time I was at a 
nanog and the power went out she chuckled when I told her it was out, she had 
just come home from work and driven right into the garage with all the lights 
on thinking the utility was still working.

I did all my commissioning and calculations myself, even coordinated breakers 
for both sources into the sub panels, but I'm far from a home DIY when it comes 
to electrical.   My home 277/480v service is pretty cute compared to the stuff 
I normally play with and design.

I've cabled my other portables into panels at people's houses before but I 
refuse to talk them through how to do it, if you don't know how to properly 
pull the utility breakers etc you have no business temping anything up, and 
making cables that make it easy is irresponsible safety wise.

Power is serious business and mistakes can be very dangerous.

The last few days has me feeling for all the folks keeping the hospitals and 
critical facilities running in Louisiana, seems like most made it through 
pretty well, huge testament to planning and the reliability of backup systems.

-Original Message-
From: NANOG  On Behalf Of Mark Tinka
Sent: Wednesday, August 25, 2021 8:12 AM
To: Jared Mauch 
Cc: nanog@nanog.org
Subject: Re: Reminder: Never connect a generator to home wiring without 
transfer switch



On 8/25/21 16:59, Jared Mauch wrote:

> This is why I personally spent the $$ on a proper standby generator with 
> multiple ATS for the multiple panels.

Same here.

Massively painful, which led to some boring moments testing, testing and more 
testing. But after 5 months with electricians, electrical certifiers, battery 
vendors and inverter vendors (and a little voltage/amp sensor to capture slow 
voltage grid brownouts that kept tripping my battery), it's been solid for 
nearly a year. And looking good.

I can now travel and not worry about the Mrs. waking me up from my sleep, on 
the far side of the world :-).

Mark.

RE: Reminder: Never connect a generator to home wiring without transfer switch

[John van Oppen]

Yes, most grounding out now that utilities do for work is all phases to one 
another, to the neutral and to the ground.

From: NANOG  On Behalf Of Mel Beckman
Sent: Monday, August 30, 2021 10:59 AM
To: Aaron C. de Bruyn 
Cc: NANOG Operators' Group 
Subject: Re: Reminder: Never connect a generator to home wiring without 
transfer switch

Aaron,

Your incorrect assumption is that lineman are tying phases to earth ground, a 
discontinued practice that killed many lineman up through 1980, despite its 
seeming faultless logic.

The current safety practice is called “equipotential grounding”, which doesn’t 
go to earth. Thus an backed can change the balance of potentials, resulting in 
lethal currents. As other have pointed out with real-word examples, this is a 
major safety issue, cause by the many “dumb enough” DIYers out there.

All explained elsewhere in the thread. I recommend you review the previous 
discussion, to avoid creating a NANOG bridge loop :)

 -mel

On Aug 30, 2021, at 9:43 AM, Aaron C. de Bruyn 
mailto:aa...@heyaaron.com>> wrote:

I've been following the thread.
If I'm dumb enough to back feed through the transformer into the downstream 
side of the downed line, how is it going to be a problem if linemen are 
grounding the phases on *both sides* of the work area.
That's what Ben seemed to be implying.

RE: Texas internet connectivity declining due to blackouts

[John van Oppen]

Unless you have storage, you are using the utility for services.   It is no 
realistic to assume that they will do net metering forever, it simply does not 
allow them to fund the distribution network.

I honestly think the current rates for solar in-feed at places like Hawaiian 
electric are more fair to all parties, you get power at retail rates and send 
it back at about half the retail rate.   This encourages battery storage 
adoption and actually funds the distribution network.


From: NANOG  On Behalf Of Sabri 
Berisha
Sent: Wednesday, February 17, 2021 11:43 AM
To: Haudy Kazemi 
Cc: nanog 
Subject: Re: Texas internet connectivity declining due to blackouts

- On Feb 17, 2021, at 11:21 AM, nanog 
mailto:nanog@nanog.org>> wrote:



Hi,
Using the sample bill on the GA power website you linked, I see a bottom line 
price of $76.17 for 606 kWh delivered to the customer. That is effectively 
12.57 cents per kWh.

Utilities (both investor owned and coops) have a multitude of ways of hiding 
the effective price in a variety of fixed and variable fees not included in the 
nominal 'energy' fee. These include mandatory fixed connection fees and also 
fuel cost recovery fees that are tied to consumption.
Exactly. In a message earlier today which is held and presumably lost due to 
moderation, I shared screenshots of an actual bill of mine here in California.

Long story short, using that bill I show that I paid a grand total of $239.14 
for 656.928 KwH of electricity. That makes 36.4 cents per KwH.

In addition to that, I also shared another bill, where I paid $2.63 for the 
privilige of providing the net with 31.993 KwH of energy. That's right. My 
solar panels produced more power than I consumed and I still sponsored the 
crooks at PG

Utility companies are worse than airlines when it comes to hidden fees and 
surcharges. They know we have no choice.

The only reason I want more solar panels is to give a bigger middle finger to 
PG Nothing is a better motivator to go green than to see PG go bankrupt. 
It's a sad state of affairs when the disgust for the utility company's 
deceptive practices somehow outweighs the need to save the planet. Yet here we 
are.

Thanks,

Sabri

RE: AT is suspending broadband data caps for home internet customers due to coronavirus

[John van Oppen]

We are seeing the peak spread out…   we carry mostly pacific northwest 
residential networks…  we are also seeing new, slightly higher evening peaks.

From: NANOG  On Behalf Of Rishi Singh
Sent: Friday, March 13, 2020 8:25 AM
To: Jared Mauch 
Cc: nanog@nanog.org
Subject: Re: AT is suspending broadband data caps for home internet customers 
due to coronavirus

Curious if anyone here (especially at CenturyLink / AT/ Comcast) has seen any 
graphs of network traffic over time and could share details (redacted of course 
due to the sensitivity). Would love to hear if/how capacity is constrained with 
more people working form home.

On Thu, Mar 12, 2020 at 4:36 PM Jared Mauch 
mailto:ja...@puck.nether.net>> wrote:
I do worry if the broadband networks have the capacity. WFH traffic is usually 
different from regular consumer traffic. My neighbors were telling me about the 
mandatory work from home they had today and how the VPN struggled to work.

To those upgrading those things, keep at it. You will get there.

Sent from my iCar

> On Mar 12, 2020, at 6:29 PM, Sean Donelan 
> mailto:s...@donelan.com>> wrote:
>
> 
> The first data cap waiver I've seen due to coronavirus.  I expect other ISPs 
> to quickly follow.
>
> https://www.vice.com/en_us/article/v74qzb/atandt-suspends-broadband-usage-caps-during-coronavirus-crisis
>
> AT is the first major ISP to confirm that it will be suspending all 
> broadband usage caps as millions of Americans bunker down in a bid to slow 
> the rate of COVID-19 expansion. Consumer groups and a coalition of Senators 
> are now pressuring other ISPs to follow suit.

RE: Disney+ Geolocation issues

[John van Oppen]

Did you happen to have this contact?   I have a couple of CIDR blocks still 
having this problem.

The blocks involved all seem right on the main geolocation blocks.

John

From: NANOG  On Behalf Of Cassidy B. Larson
Sent: Tuesday, November 12, 2019 3:54 PM
To: Michael Crapse 
Cc: nanog@nanog.org
Subject: Re: Disney+ Geolocation issues

We're seeing the same thing.  Actually we saw it during pre-signup.  Reached 
out to Disney+ weeks ago as well, with no response.  Now it's launched, our 
support lines are flooded with people unable to give Disney all their moneys.   
 We finally got through to Disney+ support after 2.5hrs on hold to supply them 
the error code, IP address, and zip code.. we'll see if it's passed to the 
right folks.

On Tue, Nov 12, 2019 at 3:30 PM Michael Crapse 
mailto:mich...@wi-fiber.io>> wrote:
Myself and a few other ISPs are having our eyeballs complain about disney+ 
saying that they're on a VPN. Does anyone have any idea, or who to contact 
regarding this issue?
This is most likely improper geolocation databases. Anyone have an idea who 
they use?

Mike

RE: Cisco NCS5501 as a P Router

[John van Oppen]

We were looking at them for the same role as well, P router makes a lot of 
sense in places where the network comes together (for us often ahead of CMTS 
boxes etc) but routing is still required due to many paths being available.
We are using juniper ACX5000s for this as well currently.  

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Saku Ytti
Sent: Thursday, May 18, 2017 6:37 AM
To: Erik Sundberg 
Cc: nanog@nanog.org
Subject: Re: Cisco NCS5501 as a P Router

On 18 May 2017 at 16:21, Erik Sundberg  wrote:

Hey,

> We're at the growing point where we need a dedicated P router for a core 
> device. We are taking a serious look at the NCS5501. Is there anyone else 
> using a NCS5501 as P Router or just general feedback on the NCS5501 if you 
> are using it?
>
> The big downside is it's only has a single processor

P would be the position I'd be most comfortable with NCS5501.
Particularly BGP free core and Internet-in-VRF. Single control-plane does not 
seem problematic, usually design should allow any single core node to be taken 
out of service without customer impact.

Please talk to your account team about roadmap, what features are coming in 
which release in next 3 years. And ask them what are their plans with this IP 
http://www.cisco.com/c/en/us/about/corporate-strategy-office/acquisitions/leaba.html

--
  ++ytti

RE: John Van Oppen - Wave Broadband

[John van Oppen]

Hi   j...@vanoppen.com if you need me or anything from 11404 in general. 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rod Beck
Sent: Sunday, April 16, 2017 9:40 AM
To: nanog@nanog.org
Subject: John Van Oppen - Wave Broadband

If John is on the list, please have him contact me. Thanks.


Regards,


Roderick.

Sales

Cross Lake

SeaX-1 and SeaX-2

RE: NTT Charles

[John van Oppen]

That is awesome!

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Dorian Kim
Sent: Sunday, February 14, 2016 3:25 AM
To: Jared Geiger 
Cc: nanog@nanog.org
Subject: Re: NTT Charles

AS2914 has a tradition of bidding farewell to technical team members who
move on via router dns record . Charles was one of our NOC engineers.

IIRC, we stole this idea from the vBNS team back in the 90s.

-dorian


> On Feb 13, 2016, at 3:12 PM, Jared Geiger  wrote:
> 
> So who is this Charles fellow in the NTT reverse DNS?
> 
> ge-102-0-0-0.happy-trails-Charles.r05.asbnva02.us.bb.gin.ntt.net
> 
> ae-10.happy-trails-Charles.r22.asbnva02.us.bb.gin.ntt.net
> 
> ae-5.happy-trails-Charles.r25.nycmny01.us.bb.gin.ntt.net
> 
> ae-2.happy-trails-Charles.r08.nycmny01.us.bb.gin.ntt.net
> 
> ae-7.happy-trails-Charles.r00.lsanca07.us.bb.gin.ntt.net

RE: high latency on West Coast?

[John van Oppen]

Not that we could tell, it was a really annoying location to fix and we saw 
lots of traffic show up from customers that were multi-homed between us and the 
affected carriers (L3 and integra), likely amazon saw the same issues we did.  
RFO I heard was fiber cut on an island in the Columbia river.

John 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Florin Andrei
Sent: Saturday, September 19, 2015 8:59 PM
To: nanog@nanog.org
Subject: Re: high latency on West Coast?

On 2015-09-18 14:57, andrew wrote:
> L3 fiber cut .

Is this related to the wave of deliberate fiber cuts on the West Coast this 
year?

--
Florin Andrei
http://florin.myip.org/

RE: IP DSCP across the Internet

[John van Oppen]

seems pretty real to me, I know we (AS11404) mark to zero on ingress...   I 
think that is the typical case otherwise people would just tag their flood 
style ddos traffic as max and try to take out everything.

John 

From: NANOG [nanog-boun...@nanog.org] on behalf of Mike Hammett 
[na...@ics-il.net]
Sent: Thursday, May 07, 2015 4:46 AM
To: nanog list
Subject: Re: IP DSCP across the Internet

That sounds like a rather poor implementation. What if they had more than one 
VoIP call?

Seems like this thread has more FUD than real examples.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

- Original Message -

From: Mikael Abrahamsson swm...@swm.pp.se
To: Mark Tinka mark.ti...@seacom.mu
Cc: nanog list nanog@nanog.org
Sent: Thursday, May 7, 2015 4:32:52 AM
Subject: Re: IP DSCP across the Internet

On Wed, 6 May 2015, Mark Tinka wrote:

 With color-aware policing toward a customer in Uganda, any traffic
 coming from that peer in South Africa was getting dropped toward that
 customer in Uganda. After a very odd sequence of troubleshooting events,
 we found that the AF DSCP alues being set by the peer in South Africa
 (and us passing them due to the old kit not being able to remark on
 ingress) was causing the color-aware policer in Uganda to drop traffic
 toward the customer there.

I have heard similar stories where game traffic ended up in a 100
kilobit/s VoIP queue which worked fine until there were a lot of nearby
players in the game, then things started working very badly. Also nice
corner case :P

So yes, setting all external Internet traffic to DSCP=BE (0) is something
one wants to do.

--
Mikael Abrahamsson email: swm...@swm.pp.se

RE: Facebook outage?

[John van Oppen]

Dead here at AS11404 from all locations where we PNI or public peer...   

must be bad over there, v4 dies at their edge, v6 makes it in but no page loads.

John

RE: another cogent oddity

[John van Oppen]

cogent is well known not to filter in any useful way... in terms of sources 
that should not be there, we see the same thing (or did the last time I looked).



John van Oppen
Spectrum Networks
Direct: 206-973-8302
Main: 206-973-8300


From: NANOG [nanog-bounces+jvanoppen=spectrumnet...@nanog.org] on behalf of 
ryanL [ryan.lan...@gmail.com]
Sent: Thursday, October 09, 2014 10:35 AM
To: North American Network Operators Group
Subject: another cogent oddity

you may remember me from the weird cogent route retention / loop
problem i brought up last week. it remains unsolved by cogent to date.

also remembering i'm a relatively new cogent customer, i recently
noticed some packets floating into my network that had cos and ipp
markings on them. i figured i'd try to find where they were coming
from, so i crafted up something like this and placed it inbound on my
two transits (cogent and xo), excluding network control markings.

from {
dscp [ af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42
af43 cs1 cs2 cs3 cs4 cs5 ef ];
precedence [ 1 2 3 4 5 ];
}

all of it is coming in from cogent:

COGENT-NOT-BE  - 4217788987
XO-NOT-BE  - 0

i shifted all traffic to XO just to make sure. the XO counter doesn't budge.

seems like one transit is remarking everything to best effort before
sending to me (which is preferred), and the other is not.

am i odd to think that this is... odd?

i also get a remarkable amount of hits against these destinations
coming in on the cogent side, whereas i get none on the XO side.

show policy-options prefix-list PUBLIC-BAD-NETS
10.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
192.168.0.0/16;
224.0.0.0/4;

ryan

RE: Upgrade Path Options from 6500 SUP720-3BXL for Edge Routing

[John van Oppen]

We gave up and went to ASR9ks but that that was also a pretty big budget 
upgrade...

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Simon Lockhart
Sent: Tuesday, July 29, 2014 3:57 PM
To: Corey Touchet
Cc: nanog@nanog.org
Subject: Re: Upgrade Path Options from 6500 SUP720-3BXL for Edge Routing

On Tue Jul 29, 2014 at 02:21:32AM +, Corey Touchet wrote:
 Right now my thinking are MX480 or ASR9k platforms.  Opinions on those 
 are equally welcome as alternatives, but I?d love to hear from those 
 with personal experiences today vs sales people trying to tell me it 
 would route the world :)

Or, protect your existing investment in 6500 and replace the SUP720 with the 
SUP2T. You can then deploy the WS-X6904-40G-XL blades which give you 4 * 40G or 
16 * 10G on a 80G backplane (i.e. 2:1 oversubscription). I'm in the process of 
going through this upgrade at the moment and I'm happy with what I'm seeing.

A lot depends on the total traffic throughput you're looking to switch/route.

You can then look to migrate onto the 6880 chassis which gives you a faster 
backplane, whilst retaining compatibility with existing linecards.

Simon

RE: Verizon Public Policy on Netflix

[John van Oppen]

Let's just dispel this, internet bandwidth is not a very significant cost for 
access networks when compared to moving the data internally and maintaining the 
last mile access.   That being said, incremental usage can drive huge capex, 
almost always in the very expensive last mile.

Most of our cost (as a cable provider) on a per-bit basis is between the 
head-end and the customer, or between the head-end and the regional pop.   The 
main driver here should be obvious, the bigger the pipe on the same route, the 
cheaper the bits...A cable carrying 300 kbit/sec costs just as much to 
maintain and install as a cable carrying 300 gbit/sec on the outside plant side 
of the equation, and that is where the real cost is.

John 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rubens Kuhl
Sent: Monday, July 14, 2014 10:07 AM
To: Nanog
Subject: Re: Verizon Public Policy on Netflix


 If Netflix were a good citizen, it would (a) let ISPs cache content; 
 (b) pay them equitably for direct connections (smaller and more remote 
 ISPs have higher costs per customer and should get MORE per account 
 than Comcast, rather than receiving nothing); and (c) work with ISPs 
 to develop updated technology that makes streaming more efficient. 
 Bandwidth is expensive, and unicast streaming without caching is by 
 far the most inefficient conceivable way of delivering fat content 
 to the consumer.


I noted most of the discussion seems to point to Internet bandwidth as a
cost factor to ISPs, but I wonder what's the impact of Netflix on access
network costs ? They might be harder to measure or directly correlate to
streaming usage,  but for non-wired networks (which is usually the case in
rural networks), this impact sounds more harmful to me than uplink costs.


Rubens

RE: Verizon Public Policy on Netflix

[John van Oppen]

The choice for ISPs at larger scale is peering or caching, peering is cheaper 
than caching as power is not as cheap as you think as well as the requirement 
to have two of everything for failover if you do caches (ie can't have my 
transits or more likely my backhaul blow up if the caches go away).   

I also typically don't want to give up the opportunity cost on the power in our 
main pops as it is not what the power costs, but rather what you could sell it 
for that matters in most of our core sites.   We don't cache in head-ends as we 
still would need the backhaul anyway if the caches fail so we can't really 
reduce the backhaul requirement much.  We have some middle tier sites in the 
cable network, but the benefit of throwing caches at those locations has never 
really been there since they are not staffed the same way etc.I think a lot 
of big networks have this issue.

John 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of mcfbbqroast .
Sent: Monday, July 14, 2014 1:09 PM
To: nanog@nanog.org
Subject: Re: Verizon Public Policy on Netflix

I do agree that Netflix could offer caching services for smaller ISPs. But 
that's a fight for another day, right now were focusing on whether Netflix 
should pay for caching content, let's look at the cost comparison.

NOT CACHING with Netflix
- up to 8gbps of transit - what's that, several grand a month from a major hub 
with a big commit?
- a 10gbps port to transit provider

CACHING with Netflix
- up to 500w of power and 4u rack space - in a commercial DC that's a few 
hundred a month, most telecoms have rack space in their own office
- a 10gbps port to server - the same
- transit commitment in off peak hours - most telecoms have plenty of this to 
spare

That's a pretty massive saving.

I still do not understand how Netflix should pay for customers using your 
network. Its like charging another carrier to receive a phone call from your 
network, because you want to have cheaper plans.

The risk is, the policy Brett suggests, will misrepresent ISP pricing. This is 
a huge issue. Brett? How do you think you can compete with big providers when 
they're subsidized by Netflix? Bare in mind they'll have much more power in 
negotiating with Netflix than you. Your customers will be paying for Netflix, 
subsidizing your competitor!

Finally, I'd like to point out that there's an ISP in New Zealand called 
slingshot that popped up on my radar. Transit in NZ appears to be expensive as 
hell ($20+/Mbps for bulk buys from competitive PoPs) yet this ISP, Slingshot, 
encourages customers to use their VPN to access Netflix.

This is notable to our conversation because when any ISPs are proposing whats 
essentially a Netflix tax another one, who pays 20x or more for transit and 
cannot cache Netflix are encouraging use of Netflix. Why?
Publicity.

Brett, you might like a look at that because they charge $10 more than the 
cheapest competitor, but the proxy service they provide (which probably costs 
them pennies) keeps customers flowing like water for its ease of use.
In a age where internet is becoming a commodity these are the types of services 
that can keep you afloat.

Alternatively, use this debacle as advertising! I've seen many cable users 
complain about Netflix being very slow, could advertising that you don't 
throttle Netflix give you a competitive edge in cable territory??

RE: Getting pretty close to default IPv4 route maximum for 6500/7600routers.

[John van Oppen]

On the sup 720 they become unshared if you carve v4 away from the default 
separately, that is why I carve the other two instead.

RE: Getting pretty close to default IPv4 route maximum for 6500/7600 routers.

[John van Oppen]

FIB is not the same as RIB...

Perfectly happy 6509, many paths, only one full table in the FIB:

BGP router identifier XXX , local AS number 11404
BGP table version is 40916063, main routing table version 40916063
494649 network entries using 71229456 bytes of memory
886903 path entries using 70952240 bytes of memory
29 multipath network entries and 58 multipath paths


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Tony Wicks
Sent: Tuesday, June 10, 2014 6:45 PM
To: 'nanog'
Subject: RE: Getting pretty close to default IPv4 route maximum for 6500/7600 
routers.

My 2c:
The obvious thing for me is if people are running a full ipv4 route table on a 
box only just capable of handling one single table of that size, then really 
now is the time to asses if you really need to hold that table or just drop to 
default +internal+peers. If you have multiple up streams and you are using the 
route tables to do your route selection then great, but that means you need at 
least 1M capability now, and really 2+ should be your target. In my experience 
people running a full table on a small capability box normally don't actually 
need to carry it, or they just need a bigger box.

FW: Getting pretty close to default IPv4 route maximum for 6500/7600routers.

[John van Oppen]

It is generally much better to do the following:

mls cef maximum-routes ipv6 90
mls cef maximum-routes ip-multicast 1

This will leave v4 and mpls in one big pool, puts v6 to something useful for 
quite a while and steals all of the multicast space which is not really used on 
most deployments.


This gives us the following (which is pretty great for IP backbone purposes in 
dual stack):

#show mls cef maximum-routes 
FIB TCAM maximum routes :
===
Current :-
---
 IPv4 + MPLS - 832k (default)
 IPv6- 90k 
 IP multicast- 1k 


John


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jon Lewis
Sent: Monday, June 09, 2014 12:10 PM
To: Pete Lumbis
Cc: nanog@nanog.org
Subject: Re: Getting pretty close to default IPv4 route maximum for 
6500/7600routers.

Why, in your example, do you bias the split so heavily toward IPv4 that the 
router won't be able to handle a current full v6 table?  I've been using

mls cef maximum-routes ip 768

which is probably still a little too liberal for IPv6

FIB TCAM maximum routes :
===
Current :-
---
  IPv4- 768k
  MPLS- 16k (default)
  IPv6 + IP Multicast - 120k (default)

given that a full v6 table is around 17k routes today.

A more important question though is how many 6500/7600 routers will fully 
survive the reload required to affect this change?  I've lost a blade 
(presumably to the bad memory issue) each time I've rebooted a 6500 to apply 
this.

On Mon, 9 Jun 2014, Pete Lumbis wrote:

 The doc on how to adjust the 6500/7600 TCAM space was just published.

 http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-serie
 s-switches/117712-problemsolution-cat6500-00.html


 On Tue, May 6, 2014 at 3:48 PM, Pete Lumbis alum...@gmail.com wrote:

 There is currently a doc for the ASR9k. We're working on getting on 
 for
 6500 as well.


 http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-agg
 regation-services-routers/116999-problem-line-card-00.html




 On Tue, May 6, 2014 at 1:34 PM, bedard.p...@gmail.com wrote:

 I would like to see Cisco send something out...

 -Original Message-
 From: Drew Weaver drew.wea...@thenap.com
 Sent: ÿÿ5/ÿÿ6/ÿÿ2014 11:42 AM
 To: 'nanog@nanog.org' nanog@nanog.org
 Subject: Getting pretty close to default IPv4 route maximum for 
 6500/7600routers.

 Hi all,

 I am wondering if maybe we should make some kind of concerted effort 
 to remind folks about the IPv4 routing table inching closer and 
 closer to the 512K route mark.

 We are at about 94/95% right now of 512K.

 For most of us, the 512K route mark is arbitrary but for a lot of 
 folks who may still be running 6500/7600 or other routers which are 
 by default configured to crash and burn after 512K routes; it may be 
 a valuable public service.

 Even if you don't have this scenario in your network today; chances 
 are you connect to someone who connects to someone who connects to 
 someone
 (etc...) that does.

 In case anyone wants to check on a 6500, you can run:  show platform 
 hardware capacity pfc and then look under L3 Forwarding Resources.

 Just something to think about before it becomes a story the 
 community talks about for the next decade.

 -Drew





--
  Jon Lewis, MCP :)   |  I route
  |  therefore you are _ 
http://www.lewis.org/~jlewis/pgp for PGP public key_

RE: FW: Getting pretty close to default IPv4 route maximum for 6500/7600routers.

[John van Oppen]

Yep, exactly… the problem is the carving suggested by most kills the fact that 
MPLS and v4 are pooled, which on a larger network is very nice, especially if 
using 6PE where each v6 route may need an MPLS route too.

From: Bryan Tong [mailto:cont...@nullivex.com]
Sent: Monday, June 09, 2014 12:37 PM
To: John van Oppen
Cc: nanog@nanog.org
Subject: Re: FW: Getting pretty close to default IPv4 route maximum for 
6500/7600routers.

John, great point!

Regardless, shouldn't need more than 626K to make it to v6 and we wont need as 
many for v6. That was one of the problems that v6 was designed to address.

On Mon, Jun 9, 2014 at 1:27 PM, John van Oppen 
jvanop...@spectrumnet.usmailto:jvanop...@spectrumnet.us wrote:
It is generally much better to do the following:

mls cef maximum-routes ipv6 90
mls cef maximum-routes ip-multicast 1

This will leave v4 and mpls in one big pool, puts v6 to something useful for 
quite a while and steals all of the multicast space which is not really used on 
most deployments.


This gives us the following (which is pretty great for IP backbone purposes in 
dual stack):

#show mls cef maximum-routes
FIB TCAM maximum routes :
===
Current :-
---
 IPv4 + MPLS - 832k (default)
 IPv6- 90k
 IP multicast- 1k


John


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.orgmailto:nanog-boun...@nanog.org] On 
Behalf Of Jon Lewis
Sent: Monday, June 09, 2014 12:10 PM
To: Pete Lumbis
Cc: nanog@nanog.orgmailto:nanog@nanog.org
Subject: Re: Getting pretty close to default IPv4 route maximum for 
6500/7600routers.

Why, in your example, do you bias the split so heavily toward IPv4 that the 
router won't be able to handle a current full v6 table?  I've been using

mls cef maximum-routes ip 768

which is probably still a little too liberal for IPv6

FIB TCAM maximum routes :
===
Current :-
---
  IPv4- 768k
  MPLS- 16k (default)
  IPv6 + IP Multicast - 120k (default)

given that a full v6 table is around 17k routes today.

A more important question though is how many 6500/7600 routers will fully 
survive the reload required to affect this change?  I've lost a blade 
(presumably to the bad memory issue) each time I've rebooted a 6500 to apply 
this.

On Mon, 9 Jun 2014, Pete Lumbis wrote:

 The doc on how to adjust the 6500/7600 TCAM space was just published.

 http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-serie
 s-switches/117712-problemsolution-cat6500-00.html


 On Tue, May 6, 2014 at 3:48 PM, Pete Lumbis 
 alum...@gmail.commailto:alum...@gmail.com wrote:

 There is currently a doc for the ASR9k. We're working on getting on
 for
 6500 as well.


 http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-agg
 regation-services-routers/116999-problem-line-card-00.html




 On Tue, May 6, 2014 at 1:34 PM, 
 bedard.p...@gmail.commailto:bedard.p...@gmail.com wrote:

 I would like to see Cisco send something out...

 -Original Message-
 From: Drew Weaver drew.wea...@thenap.commailto:drew.wea...@thenap.com
 Sent: ÿÿ5/ÿÿ6/ÿÿ2014 11:42 AM
 To: 'nanog@nanog.orgmailto:nanog@nanog.org' 
 nanog@nanog.orgmailto:nanog@nanog.org
 Subject: Getting pretty close to default IPv4 route maximum for
 6500/7600routers.

 Hi all,

 I am wondering if maybe we should make some kind of concerted effort
 to remind folks about the IPv4 routing table inching closer and
 closer to the 512K route mark.

 We are at about 94/95% right now of 512K.

 For most of us, the 512K route mark is arbitrary but for a lot of
 folks who may still be running 6500/7600 or other routers which are
 by default configured to crash and burn after 512K routes; it may be
 a valuable public service.

 Even if you don't have this scenario in your network today; chances
 are you connect to someone who connects to someone who connects to
 someone
 (etc...) that does.

 In case anyone wants to check on a 6500, you can run:  show platform
 hardware capacity pfc and then look under L3 Forwarding Resources.

 Just something to think about before it becomes a story the
 community talks about for the next decade.

 -Drew





--
  Jon Lewis, MCP :)   |  I route
  |  therefore you are _ 
http://www.lewis.org/~jlewis/pgp for PGP public key_



--
eSited LLC
(701) 390-9638

RE: NANOG 61 hotel

[John van Oppen]

The westin is for all affective purposes connected to the building where the 
conference is.   It would be the closest, the others are a bit further, blocks 
are very long in Bellevue so keep that in mind when looking at the maps.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Hugo Slabbert
Sent: Tuesday, May 13, 2014 8:07 AM
To: nanog@nanog.org
Subject: Re: NANOG 61 hotel

On Tue 2014-May-13 10:32:48 -0400, Jon Lewis jle...@lewis.org wrote:
The Hyatt appears to have filled up. :(

Anyone have alternate hotel recommendations?

I put together a list when I was making my pitch to go down:

! ---
! Westin Bellevue
http://www.starwoodhotels.com/westin/rates/rate.html?propertyID=1555
- $280/room/night


! 
! Marriot Bellevue (Courtyard Seattle Bellevue/Downtown) 
http://www.marriott.com/hotels/travel/bvudt-courtyard-seattle-bellevue-downtown/
- $269/room/night


! 
! Silver Cloud Inn
http://www.silvercloud.com/bellevuedowntown/
- $229/room/night
- 2 Queens/room


! 
! La Residence Suite Hotel
http://www.bellevuelodging.com/
- $169/room/night
- 2x Queens
- couple of blocks away

These are all within 5-10 minutes walk of the Hyatt, IIRC and if Google Maps 
can be trusted.  Rates at some of them seem a little different from when I 
looked before, e.g.  the Westin now read as $303/night whereas e.g. Silver 
Cloud shows a single king room at $189/night.


--
 Jon Lewis, MCP :)   |  I route
 |  therefore you are _ 
http://www.lewis.org/~jlewis/pgp for PGP public key_

--
Hugo

RE: Experiences with IPv6 and Routing Efficiency

[John van Oppen]

We ended up with 6PE to make the v6 support on our cisco based network behave 
the same way as v4, IE use TE tunnels, etc.Given the v4 MPLS this was the 
only real way to make it the same.

-Original Message-
From: joel jaeggli [mailto:joe...@bogus.com] 
Sent: Saturday, January 18, 2014 10:56 AM
To: John van Oppen; 'mark.ti...@seacom.mu'; nanog@nanog.org
Subject: Re: Experiences with IPv6 and Routing Efficiency

On 1/18/14, 10:30 AM, John van Oppen wrote:
 This is exactly what pushed us into 6PE...   it was the only way to make 
 performance similar to v4 from a routing standpoint.

This statement is a bit facile... What platform are you referring to?

 John @ AS11404
 
 

RE: Experiences with IPv6 and Routing Efficiency

[John van Oppen]

This is exactly what pushed us into 6PE...   it was the only way to make 
performance similar to v4 from a routing standpoint.

John @ AS11404

RE: One of our own in the Guardian.

[John van Oppen]

To be honest, that is the problem with most smaller ISPs, their uplinks are not 
all 10G...   The only way to have users who reliably get high speed tests is to 
make sure one does not have 1G upstream links but obviously for a smaller 
provider that would not be an option.

I think this is why our retail service routinely is in the top few on the 
public speed test sites in the US...   The (obvious) secret is having more than 
1G of headroom on every link to the world and using a lot of 10G internally.   
From my testing on my home link to our network and a bunch of customer links, 
public speed tests of above 800 mbit/sec on gigE are pretty achievable assuming 
the testing server is in the same metro and well provisioned (IE not on a tiny 
ISP).

John

-Original Message-
From: Jeff Kell [mailto:jeff-k...@utc.edu] 
Sent: Sunday, July 14, 2013 10:50 PM
To: Jima
Cc: nanog@nanog.org
Subject: Re: One of our own in the Guardian.

On 7/14/2013 9:08 PM, Jima wrote:
  XMission does offer 1000/1000, as well; I seem to recall the price is 
 something like $300/mo.  For us, the problem was more finding remote 
 sites that can push data rates anywhere near one's own limit (as it's 
 enough of a problem at 100mbit), making the price bump not quite worth it.

Very true.  We have two gigs, but a commercial speedtest comes up seriously 
short (typically 100+ Mbps) while a locally hosted speedtest will show 
800-900+.  Not sure how much is their upstream versus simple physics... you'd 
have to be the only test subject to a gig-connected server to do much better.

We have had some contrived examples over I2 that pushed 500Mbps symmetric, 
but they ran that demo over our I2 pipe because their commodity link couldn't 
deliver the necessary rate/latency.

Jeff

RE: One of our own in the Guardian.

[John van Oppen]

Yep, that would be us. :)   Lots of 100/100 and 1g/1g home Ethernet connections 
around the Seattle area.  :)

Joe was a great guy, we miss him still, one of the nicest guys I knew.

John van Oppen
Spectrum Networks
Direct: 206-973-8302
Main: 206-973-8300


From: Joe Hamelin [j...@nethead.com]
Sent: Saturday, July 13, 2013 10:46 PM
To: Mark Keymer
Cc: NANOG list
Subject: Re: One of our own in the Guardian.

On Sat, Jul 13, 2013 at 9:46 PM, Mark Keymer m...@viviotech.net wrote:

 He might have been talking about Condo Internet if he is in the Seattle
 area. They deliver 1Gig connections to  your Condo/Apartment, if your in
 one of the buildings they service.


I know the guy that does Condo.  He was a very good friend of a very good
friend of NANOG. Joe Wood (RIP) from Google, Flying Croc, and Wolfe.  They
were just starting a CLEC in the Puget Sound area when Joe died.

Damn, I miss that bastard.

--
Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474

RE: Multihop eBGP peering or VPN based eBGP peering

[John van Oppen]

Perhaps I am missing something from your advantage list, but why would you want 
to exchange routing information with a network to which you don't have a 
connection due to a local failure?I think you are attempting to abstract 
routing from the underlying physical infrastructure a bit too much.   If the 
power is out in the carrier pop to which you are connected, they don't have a 
way to give you traffic so why would a multi-hop session help. 

BGP being down is rarely something that happens on its own, it is typically due 
to something far more physical (router failure, pop outage, circuit outage, 
etc).   

John 

-Original Message-
From: Michael McConnell [mailto:mich...@winkstreaming.com] 
Sent: Sunday, June 16, 2013 5:40 PM
To: nanog@nanog.org
Subject: Multihop eBGP peering or VPN based eBGP peering

Hello all,

Any idea why more companies don't offer eBGP peering / multi hop peering? Its 
very common for providers to offer single or double hop peering, so why not 5 
or 10 hops? In many cases people find it logical to perform single or double 
hop peering, why is peering any greater always frowned upon. I understand the 
logic that you can't control the path beyond a point, however I still see 
numerous advantages. 

One obvious advantages one is, imagine you east coast data centre and you had a 
eBGP peering session with a west coast router, you'd be able to control ingress 
via the west coast. (aka routing around an region outage that is effecting 
ingress) For example during the last hurricane around New Jersey, numerous tier 
1's were down towards the atlantic and every peer for the atlantic was 
effected. One could have just made the ingress via the west coast the logical 
route. 

Thoughts?

Mike

--

Michael McConnell
WINK Streaming;
email: mich...@winkstreaming.com
phone: +1 312 281-5433 x 7400
cell: +506 8706-2389
skype: wink-michael
web: http://winkstreaming.com

RE: Cat-5 cables near 200 Paul, SF

[John van Oppen]

an account is not required at least at the locations in Seattle, but an account 
gets you access to the best prices if you buy in quantity.


John - AS11404

From: Carlos Alcantar [car...@race.com]
Sent: Friday, May 31, 2013 3:37 PM
To: nanog@nanog.org
Subject: Re: Cat-5 cables near 200 Paul, SF

I don't think they will care how you pay.  It's just the question if you
do or don't need an account.

Carlos Alcantar
Race Communications / Race Team Member
1325 Howard Ave. #604, Burlingame, CA. 94010
Phone: +1 415 376 3314 / car...@race.com / http://www.race.com





-Original Message-
From: Majdi S. Abbas m...@latt.net
Date: Friday, May 31, 2013 3:26 PM
To: Tim M Edwards t...@lifelike.com
Cc: nanog@nanog.org nanog@nanog.org
Subject: Re: Cat-5 cables near 200 Paul, SF

On Fri, May 31, 2013 at 12:06:50PM -0700, Tim M Edwards wrote:
 Needs to be a Corporate CC though.

Nahh, they take my personal card in Phoenix and SF all the time.

--msa

RE: Level 3 BGP Advertisements

[John van Oppen]

I remember it too...   I had a ticket get escalated from our support group in 
about 2003 of a customer who could not get any internet access...  they had XP 
and had been assigned a .0 IP out of a /23 we were using for a specific pop.   
That /23 came out of 64.0.0.0/8 so it was clearly a bit more blanket than a 
class based filter.   They may have had some third party firewall software on 
their machine, I can't remember, but I know my solution was to be a bit 
disgusted and then exclude .255 and .0 from the pool.

John

RE: Level 3 BGP Advertisements

[John van Oppen]

I have ended up excluding .0 and .255 from our DHCP pools in larger than /24 
subents due to this exact issue in the past...   It is a PITA.   I wish people 
would update filters.

John

RE: Level3 (3356/3549) changes routing policy

[John van Oppen]

It probably should be noted that AS3356's local pref heirarchy is as follows:

Highest: customers of 3356
Next highest: customers of 3549
Lowest: peers

This does not really seem odd at all, and is probably what I would do if I 
owned two separate networks that were going to take a long time to merge...   
We noticed this change at least three months ago so it is not a super recent 
change.

RE: Cogent for ISP bandwidth

[John van Oppen]

We have cogent in the mix, and I do have to say one gets what one pays for...   
 They are a no redundancy, no extra capacity kind of shop...   This often is 
noticeable when they have fiber cuts or equipment failures, it also results in 
a lot more service affecting maintenance than our other providers.

That being said, we have several 10Gs to them as one of our five upstreams, we 
mostly use them for on-net traffic and a couple of selected peers where they 
seem not to have congestion issues. My biggest bone to pick with them 
though is their incredibly crappy BGP community offering. They have no 
selective (ie per peer) announcement control options which severely limits our 
ability to use them more since we end up sending their perpend to [all] peers 
community instead of just prepending to the peers we don't like the return 
routes on.

Thanks,
John @ AS11404

RE: Assymetric routing L3/VZ (FIOS)

[John van Oppen]

from Level3's looking glass (it sure looks like l3 is reaching the prefix in 
this email via AS701 as would be expected):

BGP routing table entry for 173.79.0.0/16
Paths: (2 available, best #2)
  701 19262
  AS-path translation: { ALTERNET VZGNI-TRANSIT }
edge2.Dallas3 (metric 3827)
  Origin IGP, metric 10, localpref 86, valid, internal
  Community: North_America  Lclprf_86 United_States Level3_Peer Dallas
  Originator: edge2.Dallas3
  701 19262
  AS-path translation: { ALTERNET VZGNI-TRANSIT }
edge2.Dallas3 (metric 3827)
  Origin IGP, metric 10, localpref 86, valid, internal, best
  Community: North_America  Lclprf_86 United_States Level3_Peer Dallas
  Originator: edge2.Dallas3

John

RE: fiber cut in California?

[John van Oppen]

We saw the issues on the AS209 backbone as well from our vantage point here in 
Seattle but we also show a circuit we have down (that rides Qwest) between 
Yakima, WA and Spokane, WA.   The outage corresponds to the IP issues so I 
would think that it is probably the same cut affecting both the wave we are 
seeing as out and the IP issues (which mostly seem better now).

Thanks,
John @ AS11404 here in Seattle.

RE: airFiber

[John van Oppen]

We actually have a lot of the old gigabeam radios in service, they are faster 
than the published specs of the airfiber links (1G full duplex vs 750 mbit/sec 
fd) and lower latency due to their very simplistic design. To be honest, 
from a network engineering standpoint, the gigabeams were conveninet as path 
issues would show up as ethernet errors that can be used to trigger reroutes or 
other events.That being said, we did not have a large variety of switches 
as the microwave side of our house is made up entirely of just a couple of 
cisco models.The gigabeams also have a pure OOB management setup.


John

did AS174 and AS4134 de-peer?

[John van Oppen]

All -

I was noticing that it appears from our Seattle-based full route feed from 
cogent that they may have de-peered AS4134 (or vise-versa)...   anyone know 
anything about this?We noticed this recently in a shift of traffic away 
from cogent for traffic to and from china telecom...   Now cogent's path is 
_174_1239_4134_.

In any case, was just wondering if anyone had noticed this.   AS4134 is one 
that often generates NOC calls on our end due to their often saturated peers to 
any number of other upstreams and the cogent route had been remarkably 
uncongested previously so it is sad to see it disappear.



Thanks,
John @ AS11404.

RE: 128.0.0.0/16 configured as martians in some routers

[John van Oppen]

Here is my little table for 128.0.0.0/21 based on our upstreams:

AS7922: Yes
AS174: No
AS2914: Yes
AS3257: Yes
AS2914: Yes
AS2828: No
AS209: Yes


John @ AS11404

RE: TATA problems?

[John van Oppen]

We saw several customers go away this morning as well.   Our network itself is 
cisco so we did not see anything directly. 

John van Oppen
@ AS11404.


-Original Message-
From: Tom Hill [mailto:t...@ninjabadger.net] 
Sent: Monday, November 07, 2011 7:09 AM
To: nanog@nanog.org
Subject: Re: TATA problems?

On Mon, 2011-11-07 at 10:00 -0500, Todd Snyder wrote:
 We seem to be having some problems with our tata links - first seen in 
 EU about 45 minutes ago, now we're seeing problems in NA.  I'm focused 
 on DNS, so I'm seeing a lot of timeouts/servfails, but our networking 
 folks are talking about links dropping.
 
 Anyone else seeing oddness on the NA Internet right now?
 
 http://downrightnow.com/ confirms - something is up.

There are widespread issues across the Internet; certain versions of Juniper 
firmware have core dumped after seeing a particular BGP 'UPDATE'
message. 

(That's the running theory at least).

It's affected multiple service providers, globally, not just those connected to 
TATA.

Tom

RE: Outgoing SMTP Servers

[John van Oppen]

On our retail footprint we block outbound traffic from customers with dynamic 
IPs towards port 25, our support tells them to use their ISP's port 587 
server   That being said, since all of our home users have 50 mbit/sec or 
greater upload speeds we are pretty paranoid about the amount of spam that 
could be originated.

We don't block anything on static assignments.   Honestly, even as a very geeky 
user, I probably would not have noticed the block and I can confirm that it is 
massively important to lowering our spam footprint as a network.

I asked our support people, and none of them had ever really had an issue with 
this policy in terms of keeping customers.   I agree with Ricky's current 
comment on this thread, blocking is unfortunately necessary on the modern 
consumer portions of the internet. 


Thanks,
John van Oppen


-Original Message-
From: Owen DeLong [mailto:o...@delong.com] 
Sent: Monday, October 24, 2011 9:37 PM
To: Dennis Burgess
Cc: nanog@nanog.org
Subject: Re: Outgoing SMTP Servers


On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:

 I am curious about what network operators are doing with outbound SMTP
 traffic.  In the past few weeks we have ran into over 10 providers,
 mostly local providers, which block outbound SMTP and require the users
 to go THOUGH their mail servers even though those servers are not
 responsible for the domains in question!  I know other mail servers are
 blocking non-reversible mail, however, is this common?  And more
 importantly, is this an acceptable practice?
 

It's both unacceptable in my opinion and common. There are even those
misguided souls that will tell you it is best practice, though general 
agreement,
even among them seems to be that only 25/tcp should be blocked and that
465 and 587 should not be blocked.

 
 
 Most of our smaller ISPs that we support; we allow any outbound SMTP
 connection, however we do watch residential users for 5+ outbound SMTP
 connections at the same time.  But if the ISP has their own mail

 servers, and users wish to relay though them, we basically tell them to
 use their mail server that they contract with.  What is the best
 practice? 
 

Best practice is to do what works and block as much SPAM as possible without
destroying the internet in the process. There are those who argue that blocking
25/tcp does not destroy the internet. By and large, they are the same ones who
believe NAT was good for us.

Owen

RE: Not operational, but related to the attendees in Philly

[John van Oppen]

That does not seem to be unique to nanog.


-Original Message-
From: Brett Watson [mailto:br...@the-watsons.org] 
Sent: Thursday, October 06, 2011 4:58 PM
To: nanog@nanog.org
Subject: Not operational, but related to the attendees in Philly

I'm getting a rash of emails (as are some of my colleagues at work that are 
attending in Philly) from vendors that act like they know me, and just want to 
have a drink and catch up while in Philly.

Just me, or are others seeing an increase in spam from vendors that will be 
there?

-b

RE: facebook spying on us?

[John van Oppen]

That comment about wholesale prices is not actually quite true here in the 
northwest where avoiding BPA actually sometimes results in cheaper power (ie 
grant, douglas and chelan counties whoes PUDs own their own dams and are 
obligated to service their customer and as non-profits actually sell to retail 
users at near the wholesale grid rates since they have nearly zero cost).

Because pacificorp is a private utility they are actually only able to get the 
leftovers of the hydro from the northwest, BPA must sell to public utilities 
first (even if it is LA) so there are effectively two prices here in the 
northwest for wholesale and that is why pacificorp, portland general and puget 
sound energy all have far far higher rates than the public utilities, even the 
public utilities with no generation of their own.

I was pretty surprised about facebook's choice as well, almost an identical 
climate can be found along the columbia river in the same places that the very 
cheapest power is located.   They must have some other factors than just 
weather significantly contribute to the costs to justify not going for the 
cheapest power.


John



From: Joel jaeggli [joe...@bogus.com]
Sent: Friday, September 30, 2011 3:48 PM
To: Steven G. Huter
Cc: nanog@nanog.org
Subject: Re: facebook spying on us?

On 9/30/11 15:19 , Steven G. Huter wrote:
 I can't tell you the kind of servers, but I can say that I was
 recently in Prineville, OR, where FB is building a data center (and a
 second data center). I was used to the ol data centers - you know,
 where there's raised floors, cabinets, cool air, a guard and a few
 guys around with some screens?

 But this was massive. I was amazed at the size - a few city blocks
 long and a city block wide, with a transformer and power line the
 size of a small city. I wonder if the Feds were involved.

 the bonneville power administration.

 hey joelja

 this August 2011 article in the Economist outlines some relevant info
 about the prineville, oregon FB datacenter.

 http://www.economist.com/node/21525237

ambient cooling is important just like power is important, by sonic.net
gets ~240days of ambient in santa rosa so it's feasible

wholesale market prices a driven by availability from the largest
producer. so you'll pay market price as benchmarked at the bonnevilla
transmission yard just as is much of california and az the refence price
is at palo verde az.

there's only one coal plan in oregon and it's 600MW of generating
capacity in boardman that's portland general electric.

we've got a 20MW interuptable contract with siliconvalley power
precisely becuase it's vanishingly close to the wholesale rate compared
to PGEs pricing structure so if you ever wonder why the DCs are in
sunnyvale and santa clara but not mountainview, there's a good reason.

 steve

RE: Internet mauled by bears

[John van Oppen]

We had a cow break down a door to a remote microwave site once...now we are 
the proud owners of a generator backed electric fence at that site...Rural 
physical plant issues are almost always entertaining.  :)

John


-Original Message-
From: Eric J Esslinger [mailto:eesslin...@fpu-tn.com] 
Sent: Monday, September 19, 2011 9:45 AM
To: 'nanog@nanog.org'
Subject: RE: Internet mauled by bears




 -Original Message-
 From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com]


 On Mon, Sep 19, 2011 at 4:16 PM, Eugen Leitl eu...@leitl.org wrote:
  He pointed out that these are the kind of problems city
 folk probably
  don't have in an urban area because there is a bear shortage.

 And backwoods towns have rednecks with shotguns, and bubba the backhoe 
 driver exists everywhere there's a road ..
To be honest, while we have had some 'shotgun peppered' fiber runs in our rural 
TN town (mostly in one spot, due to dove hunters), after comparing notes with a 
lady that works for Mediacom I think it is preferable to having to have 
security escorts for their crews in some rough urban areas because gangs will 
shoot up plant then wait for the crews to show up so they can rob them.

Everyone has issues as which are as diverse as the areas we deploy in.
__
Eric Esslinger
Information Services Manager - Fayetteville Public Utilities 
http://www.fpu-tn.com/
(931)433-1522 ext 165

This message may contain confidential and/or proprietary information and is 
intended for the person/entity to whom it was originally addressed. Any use by 
others is strictly prohibited.

RE: Pricing for Comcast Connectivity

[John van Oppen]

I think all pricing is under NDA for the direct connectivity...   we have it, 
and I know it is under NDA for us...

Comcast is in the becoming a tier1 game in a big way so avoiding people who 
don't already peer with the is probably a plus if you want great connectivity 
to them.The AS paths I would avoid are _3356_7922_ (usually fine, but 
subject to the fight de jour between level3 and Comcast) and anything on 
_6453_7911_ (subject to being saturated all the time).   Last I checked AS2914 
and a few others still only see Comcast via 6453 which made that sub-optimal.


I can send you a AS7922 sales contact if you need it, just hit me up off 
list...  they also have a good list of info on peeringdb for people to contact.


Thanks,

John van Oppen
Spectrum Networks  AS 11404

-Original Message-
From: Oscar Caraig [mailto:oscarcar...@safe-mail.net] 
Sent: Friday, September 09, 2011 10:28 AM
To: nanog@nanog.org
Subject: Pricing for Comcast Connectivity

List,

Does anyone have sample pricing for Comcast's Paid Peering 
(http://www.comcast.com/dedicatedinternet/) service they'd be able to share?

Also, are there any transit ISPs to avoid when reaching Comcast?  I remember 
discussion last winter about Tata being congested, and would like to understand 
how common these issues are.  I'm preparing to launch a large video broadcast 
for the state, so any advice would be appreciated.

Thank you,
Oscar Caraig

RE: DDoS - CoD?

[John van Oppen]

i have seen many udp/80 floods as well...  pretty common.


John van Oppen
Spectrum Networks / AS11404


From: Dobbins, Roland [rdobb...@arbor.net]
Sent: Tuesday, September 06, 2011 1:00 AM
To: North American Network Operators' Group
Subject: Re: DDoS - CoD?

On Sep 6, 2011, at 2:53 PM, BH wrote:

 Has anyone seen similar traffic before? I

I've seen DDoS traffic on UDP/80 as far back as 2002 - the miscreants often 
don't know a lot about TCP/IP, and if something happens to work once, they 
incorporate it into their attack tool defaults and keep using it over and over.

In several recent high-profile DDoS attacks, UDP/80 traffic ended up causing 
state exhaustion on load-balancers, as the victim sites weren't following the 
BCP of enforcing network access policies via stateless ACLs in hardware-based 
routers/layer-3 switches, and the load-balancers kept trying to load-balance 
this traffic from multiple purported source IPs/source ports.

---
Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com

The basis of optimism is sheer terror.

  -- Oscar Wilde

RE: IPv6 day fun is beginning!

[John van Oppen]

I was wondering the same thing...   we have v6 enabled to about 700 users in 
our native Ethernet to the home deployment here in Seattle.Unfortunately, 
user routers don't seem to often support v6 resulting in only about 2-8% of 
users in most buildings using it, and most of those are just people plugged 
directly into the wall jacks we provide without routers.   I wonder how long it 
will take for everyone to upgrade their home routers.

John


-Original Message-
From: Jorge Amodio [mailto:jmamo...@gmail.com] 
Sent: Tuesday, June 07, 2011 8:32 PM
To: Jared Mauch
Cc: NANOG list
Subject: Re: IPv6 day fun is beginning!

Thanks for the link Jared.

I wonder how many eye-balls are really enabled to reach the IPv6
sites. Akamai's site doesn't show very impressive numbers, trying to
figure why 300ms latency and 4% packet loss ?

-J

RE: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?

[John van Oppen]

Why does it matter what his position is?   Sounds like they had a forged LOA 
from the customer and that they fixed the issue when they found out about it.   
 I am not sure you can ask too much more from a network operator, the best 
thing we can hope for are companies that will cancel customers if they are 
abuse sources, that is exactly what happened here.

Lots of people are posting on nanog with outside email addresses because they 
don't want to be tied too closely to the corporation for which they work, it 
seems totally reasonable to me especially given the mix of personal and 
professional ties a lot of us have in this community.The main issue here is 
getting results and it sounds like that happened here pretty quickly.   Most 
technical types are good people and for the most part will work though their 
corporate BS to get abuse issues solved as quickly as they can.   I know we do 
try to resolve abuse quickly and people who are nice and provide data up front 
just help expedite the process further, acting like a jerk is by far the least 
productive way to engage people in the nanog community. 


John

-Original Message-
From: Ronald F. Guilmette [mailto:r...@tristatelogic.com] 
Sent: Thursday, March 31, 2011 5:46 PM
To: nanog@nanog.org
Subject: Re: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care? 


In message aanlktinvlqefvykc91d8p-n9zvdgr5prxreyptuim...@mail.gmail.com,
rr rook...@gmail.com wrote:

Hmm, thought it was a NANOG prerequisite to be able to do a google 
search. Should be pretty easy to find this info with that tool in your 
handbag.

Which info is that, exactly?  Your title at Integra Telecom?

Umm... well... yes I guess this is you, right?

  http://www.linkedin.com/pub/randy-rooney/6/9ab/22a

So, are you THE Engineering Manager, or merely AN Engineering Manager at 
Integra Telecom?  I'm guessing that it is a big enough outfit that you probably 
have more than one.

(Sorry, but I can't help snickering a bit at your _prior_ employment.
As I feel sure you are already painfully aware, having that on your resume does 
not exactly inspire a whole lotta confidence in the notion that you are a 
straight shooter.  The words ``cover up'' are the ones that come most 
immediately to mind.)

With the above tool I've got your phone # and would be happy to call 
you if you'd like clarification on our process.

No thanks.  I didn't ask for clarification of your process (whatever the 
hell THAT might mean), and frankly it doesn't interest me.  Your
process is... well... your process.   Whatever it may be, it belongs to
you and you should probably keep it to yourself.  (Who knows?  Since business 
processes are now patentable, maybe someday you can get a patent on it!)

I did however ask for the name of the crook whose name was on the check that 
paid for the hijacked space routing.  Is that something you can respond to, or 
no?  If not, why not?

Was Integra Telecom _actually_ defrauded?  If so, who defrauded you?

Did your customer, Circle Internet defraud you?  If you are claining that THEY 
are also an innocent party in this, then who defrauded them?  Whose name was on 
the check that THEY cashed?

It really is a rather simple question, and doesn't require an elaborate, 
convoluted, or lengthy digression into the details of your process.

Ya know, maybe it's just me, but it would seem to me that that if either you or 
your customer, Circle Internet, were in fact defrauded in this case, that both 
of you would be altogether ready, willing, and indeed eager to ``out'' the 
actual crooked perpetrator... you know... instead of, like, hiding the perp's 
identity and thus helping him to cover his tracks.
But I guess that's just me.  (When somebody cheats _me_, I am not myself in the 
habit of then going out of my way to protect him.)

Don't misunderstand me.  If your company was in fact dedrauded, then allow me 
to express my sincere condolences for your loss.  Or would it be more accurate 
to say your gain?  You DID cash the check right?  I mean your company does NOT 
have a policy of granting everybody three months of free service, right?

Please just reply to me off-list.

No thanks.

As Jodie Foster said in the movie Contact, ``This isn't a person to person 
call.''

Crooks, hijacking, and mass spamming affect everybody on the whole Internet.

I didn't ask for the name of the crook who signed the check just for my private 
or personal edification.  Other ISPs should know who they need to be on the 
lookout for.

I can assure you that just because YOU have now stopped routing space for this 
crook, that doesn't mean that he's going to just fold up his tent and slink 
quietly away into oblivion.  In fact I already have evidence in hand that he's 
still got both IP space and snowshoe spamming domains located elsewhere 
(including elsewhere on Circle Internet, see below) that he is continuing to 
use, even as we speak.

On the other hand, of course, if Integra and/or Circle 

RE: Membership model

[John van Oppen]

I'd be happy if https://newnog.org/join.php loaded a page instead of an SSL 
error.

Good to see that you have working v6 connectivity.  :)This is being worked 
on now, it is ironically only broken in v6.


John

RE: Facebook issue

[John van Oppen]

Yep...Seeing serious issues from our office here at AS11404, we are peered 
directly and all looks good at the IP layer but all of us who wanted to 
procrastinate here at the office are having trouble getting page loads to 
complete.   Oddly, no noc tickets yet.

John

-Original Message-
From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] 
Sent: Thursday, December 16, 2010 1:35 PM
To: nanog@nanog.org
Subject: Facebook issue

Anyone having issue with Facebook?

Andrew



  

RE: Want to move to all 208V for server racks

[John van Oppen]

It is probably worth nothing that a 3-phase input in Europe is actually 240/415 
volt Y (for every panel I have seen in Germany at least, even the places I have 
lived there had 240/415 three phase).   The normal 240v single phase outlet 
circuits were the phase to neutral voltage.   Obviously Europe also runs at 50 
hz vs 60 in the US as well but the three phase still works the same way.

A Europe 64 amp 240/415 circuit is pretty close to equivalent in to a 277/480 Y 
configured 60 amp circuit in the US.   The biggest notable difference is that 
equipment that runs on two different service voltage ranges where Europe has 
far less need for in-building step-down transformers since even small loads 
work on the phase-to-neutral voltage of the big services.   I always find it 
interesting in the US to note how many 480v to 120/208Y step-down transformers 
one can find in a big building or datacenter.



John


-Original Message-
From: Ingo Flaschberger [mailto:i...@xip.at] 
Sent: Thursday, December 02, 2010 10:08 AM
To: Kevin Day
Cc: NANOG list
Subject: Re: Want to move to all 208V for server racks

 I was just recently trying to explain this to a European friend who thought I 
 was hallucinating this system, so I took a picture.

 http://dl.dropbox.com/u/230717/temp/208YPanel.jpg

 That's a picture of one of the breaker boxes in our office, showing what you 
 described.  There are 3 phases coming into the panel, each a different coil 
 off a Y transformer, as well as a neutral. Those are the 4 black wires you 
 see at the bottom. You can see how the three hot phases are staggered as they 
 go up the breaker rails.

 For standard 110V service, you use a single-wide breaker and send one hot 
 phase + neutral and you get 110V. The difference between two phases is 208 
 volts though, so you use a double wide breaker and can send to device without 
 using a neutral wire. Just 2 hots and a ground. If that's all you're doing 
 (you don't need legacy 110V service anywhere) you skip the ground wire going 
 into the panel entirely.

that one looks dangerous.

In europe:
http://img406.imageshack.us/i/verteilerkasten.jpg/

64A 240V 3-Phase input.
Out to Servers single phase, output to airconditioners with 3 phase (not 
at this picture).

Kind regards,
Ingo Flaschberger

RE: Want to move to all 208V for server racks

[John van Oppen]

GFCI breakers are very common, the slightly less common version are arc fault 
breakers which are starting to show up more as well.

GFCI breakers are often required on large services, most large (new) 480v 
services I have seen (1000A and larger) a have Ground fault breakers, in fact I 
have seen some bad outages on entire datacenters where the main breakers had a 
lower ground-fault current setting (for tripping) than a branch circuit that 
had a phase-to-ground fault resulting in the main breakers tripping instead of 
the branch circuit.   I don't know if the ground-fault breakers are required 
just in Washington (I am in seattle) or if it is a NEC requirement.

John

-Original Message-
From: Chris Adams [mailto:cmad...@hiwaay.net] 
Sent: Thursday, December 02, 2010 7:38 PM
To: NANOG list
Subject: Re: Want to move to all 208V for server racks

Once upon a time, Ricky Beam jfb...@gmail.com said:
 Just because someone is selling them doesn't mean they meet building 
 codes. (esp. for residential use.)  None of the dozen or so licensed 
 electricians I've ever talked to will use them.

I saw GFCI breakers installed in a new house this year, and it passed 
inspection.

I think you experienced a recall of a specific device and are confusing that 
with a general removal.  When Toyota recalled a model of car, that didn't mean 
all cars were banned.
--
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services I don't speak for 
anybody but myself - that's enough trouble.

RE: Outage between GBLX and HE?

[John van Oppen]

We saw further evidence of this on paths traversing global crossing to a 
customer last night.I don't know about others but we are intending to make 
some efforts to move traffic other places, this type of repeated failure is 
just terrible, especially since they still continue to announce routes 
indicating reachability that does not exist.


John @ AS11404 in Seattle.

-Original Message-
From: Richard A Steenbergen [mailto:r...@e-gerbil.net] 
Sent: Wednesday, November 17, 2010 9:33 AM
To: Christopher J. Pilkington
Cc: NANOG list
Subject: Re: Outage between GBLX and HE?

On Wed, Nov 17, 2010 at 10:36:09AM -0500, Christopher J. Pilkington wrote:
 On Wed, Nov 17, 2010 at 09:55:10AM +, Paul Kelly :: Blacknight wrote:
  I may have spoken too soon... issues are on going.
 
 We were seeing routing irregularities with GBLX as well.  It seems 
 they sending out our prefix to their peers, but blackholing the 
 traffic coming back.  We've shutdown our session with AS3549 until 
 someone there answers our ticket.

Probably another LSP blackholing issue, look at the archives a few weeks 
back you'll see the same issue on GX in Seattle. As for the issue this 
morning, they have a router that has been blackholing traffic in Ashburn 
for a good long while now.

I almost put on my Global Double Crossing t-shit this morning too. :)

http://www.printfection.com/ras/Global-Double-Crossing-2-T-Shirt/_p_4935066

-- 
Richard A Steenbergen r...@e-gerbil.net   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

RE: Current trends in capacity planning and oversubscription

[John van Oppen]

I am on the technology committee of the college I attended (Whitman) and they 
currently have a 200 mbit/sec via gigE link for a campus of just under 2000 and 
every building has at least 1X gigE into their backbone.They are in a rural 
area (walla walla, wa) but they don't generally have more than 100 or 150 
mbit/sec of usage, fitting nicely in the below recommendations. 

-Original Message-
From: Michael Loftis [mailto:mlof...@wgops.com] 
Sent: Wednesday, November 10, 2010 8:48 AM
To: Sean Donelan
Cc: nanog
Subject: Re: Current trends in capacity planning and oversubscription

On Tue, Nov 9, 2010 at 10:26 PM, Sean Donelan s...@donelan.com wrote:
 While the answer is always it depends, I was wondering what the 
 current rules of thumb university network engineers are using for 
 capacity planning and oversubscription for resnets and admin networks?

 For K-12, SETDA (http://www.setda.org/web/guest/2020/broadband) is
 recommending:

 - An external Internet connection to the Internet Service Provider of 
 at least 100 Mbps per 1,000 students/staff
 - Internal wide area network connections from the district to each 
 school and between schools of at least 1 Gbps per 1,000 students/staff

 How does that compare with university and enterprise network rules of thumb?

RE: Only 5x IPv4 /8 remaining at IANA

[John van Oppen]

I would say for most of our customers, especially in the hosting space, a 
class C is a /24, they just don't know networking at all and build their 
hosting lans using /24s for each vlan.

Very few of the requests that we get are submitted using CIDR notation.   
Personally, I think this is a big reason for random table bloat, I have had so 
many arguments about customers being able to aggregate announcements for BGP it 
is not even funny...   the I want to announce the blocks as a class Cs 
request is irritatingly common.

John

-Original Message-
From: Matthew Walster [mailto:matt...@walster.org] 
Sent: Tuesday, October 19, 2010 7:53 AM
To: nanog list
Subject: Re: Only 5x IPv4 /8 remaining at IANA

On 19 October 2010 14:12,  valdis.kletni...@vt.edu wrote:
 Do you *really* want somebody working on your network that gets confused by a
 reference to 213/8 because it's in Class-C space?

I've met people who just assume anything with a 24-bit netmask is a
Class C network. For instance:

Can I have another Class C out of 83.x please?

No, and neither can anyone else... What's more is that they'll not use
.0, .255, .1 (because apparently only routers are supposed to use
that), .254 (who knows...)

M

RE: reachability problems Europe-US?

[John van Oppen]

Global crossing is having major issues (since yesterday actually) in Seattle.   
 Every path I see to dfn.de is via gblx and Microsoft hosts most of those sites 
out of the seattle area so they may be seeing the same issue.

Based on what we can see gblx has a broken port-channel or something similar 
here as random traffic (into) their network via our transit link gets 
black-holed.   We could not even reach global crossing's own name servers for a 
while.We gave up and turned down BGP yesterday until we hear from them.   
Based on graphs at the time things broke they appeared to be black-holing 
roughly 1/4 of what we were sending them.


Thanks,
John van Oppen
Spectrum Networks / AS 11404


-Original Message-
From: Thomas Schmid [mailto:sch...@dfn.de] 
Sent: Thursday, October 07, 2010 6:10 AM
To: Heath Jones
Cc: nanog@nanog.org
Subject: Re: reachability problems Europe-US?

Hi,

On 07.10.2010 14:35, Heath Jones wrote:
 Seems to be only source-prefix-based, but several ISPs in europe are 
 affected.
 Can you post source and destination IP's ?

source: 131.220.0.0/16, 212.201.68.0/22, 212.201.72.0/21,
destination: 65.122.178.73, 63.228.223.104

traceroute to 65.122.178.73 (65.122.178.73), 30 hops max, 40 byte packets
  1  er-rz-gig-3-3.stw-bonn.de (131.220.99.62)  1.792 ms  1.275 ms  1.125 ms
  2  xr-bon1-te2-3.x-win.dfn.de (188.1.233.193)  0.705 ms  2.132 ms  0.755 ms
  3  xr-bir1-te2-3.x-win.dfn.de (188.1.144.9)  1.477 ms  1.936 ms  1.051 ms
  4  zr-fra1-te0-7-0-5.x-win.dfn.de (188.1.145.46)  4.034 ms  3.734 ms  4.957 ms
  5  64.213.78.237 (64.213.78.237)  3.866 ms  3.295 ms  26.854 ms
  6  jfk-brdr-04.inet.qwest.net (63.146.26.225)  119.511 ms  92.735 ms  99.019 
ms
  7  * * *

or quote from DE-CIX tech-list:

[www.microsoft.com]
---
We also have some connectivity problems to ms, changing the bgp routing to
another tier 1 carrier don t resolve the problem
---

Cheers,

  Thomas

RE: reachability problems Europe-US?

[John van Oppen]

I know for certain it was gblx, noc confirmed, we saw this to multiple 
destinations all with the outbound towards gblx (not just DFN).   We are on the 
same GBLX pop the sites they are talking about are connected to (westin) and 
almost every path I see back to dfn (from seven upstreams in seattle) was via 
gblx not qwest, the only exceptions were level3's and Savvis' routes which are 
via AS1299.

I think the asymmetric routing was obfuscating the problem a bit for the guys 
attached to DFN.

John

-Original Message-
From: Heath Jones [mailto:hj1...@gmail.com] 
Sent: Thursday, October 07, 2010 9:24 AM
To: John van Oppen
Cc: Thomas Schmid; nanog@nanog.org
Subject: Re: reachability problems Europe-US?

It seemed from the symptoms OP was seeing, that Qwest was the issue.
Has GLBX reported to you that they are having a fault? If not, perhaps
try tagging your exported routes to GLBX with 8010 as per this:
http://onesc.net/communities/as3549/



On 7 October 2010 16:59, John van Oppen jvanop...@spectrumnet.us wrote:
 Global crossing is having major issues (since yesterday actually) in Seattle. 
    Every path I see to dfn.de is via gblx and Microsoft hosts most of those 
 sites out of the seattle area so they may be seeing the same issue.

 Based on what we can see gblx has a broken port-channel or something similar 
 here as random traffic (into) their network via our transit link gets 
 black-holed.   We could not even reach global crossing's own name servers for 
 a while.    We gave up and turned down BGP yesterday until we hear from them. 
   Based on graphs at the time things broke they appeared to be black-holing 
 roughly 1/4 of what we were sending them.


 Thanks,
 John van Oppen
 Spectrum Networks / AS 11404


 -Original Message-
 From: Thomas Schmid [mailto:sch...@dfn.de]
 Sent: Thursday, October 07, 2010 6:10 AM
 To: Heath Jones
 Cc: nanog@nanog.org
 Subject: Re: reachability problems Europe-US?

 Hi,

 On 07.10.2010 14:35, Heath Jones wrote:
 Seems to be only source-prefix-based, but several ISPs in europe are 
 affected.
 Can you post source and destination IP's ?

 source: 131.220.0.0/16, 212.201.68.0/22, 212.201.72.0/21,
 destination: 65.122.178.73, 63.228.223.104

 traceroute to 65.122.178.73 (65.122.178.73), 30 hops max, 40 byte packets
  1  er-rz-gig-3-3.stw-bonn.de (131.220.99.62)  1.792 ms  1.275 ms  1.125 ms
  2  xr-bon1-te2-3.x-win.dfn.de (188.1.233.193)  0.705 ms  2.132 ms  0.755 ms
  3  xr-bir1-te2-3.x-win.dfn.de (188.1.144.9)  1.477 ms  1.936 ms  1.051 ms
  4  zr-fra1-te0-7-0-5.x-win.dfn.de (188.1.145.46)  4.034 ms  3.734 ms  4.957 
 ms
  5  64.213.78.237 (64.213.78.237)  3.866 ms  3.295 ms  26.854 ms
  6  jfk-brdr-04.inet.qwest.net (63.146.26.225)  119.511 ms  92.735 ms  99.019 
 ms
  7  * * *

 or quote from DE-CIX tech-list:

 [www.microsoft.com]
 ---
 We also have some connectivity problems to ms, changing the bgp routing to
 another tier 1 carrier don t resolve the problem
 ---

 Cheers,

  Thomas

RE: reachability problems Europe-US?

[John van Oppen]

It looked like a broken aggregated Ethernet bundle or something similar... 
Most annoying was that the issue moved around a bit, over about five hours all 
the broken test IPs we had started working again and then other destinations 
started failing.All was well when we turned down gblx. As of now though 
we are seeing the issue as fixed and turned up GBLX again.

Thanks,
John
-Original Message-
From: Heath Jones [mailto:hj1...@gmail.com] 
Sent: Thursday, October 07, 2010 9:22 AM
To: John van Oppen
Cc: Thomas Schmid; nanog@nanog.org
Subject: Re: reachability problems Europe-US?

... random traffic (into) their network via our transit link gets black-holed.
So for the same source  destination, sometimes it works, sometimes it doesn't?

RE: Scam telemarketers spoofing our NOC phone number for callerid

[John van Oppen]

We get people calling our noc numbers pretty often trying to report abuse for 
other people's networks...  that is always fun

John van Oppen  / AS11404

-Original Message-
From: Randy Bush [mailto:ra...@psg.com] 
Sent: Wednesday, October 06, 2010 3:16 PM
To: Matthew Huff
Cc: ' (nanog@nanog.org)'
Subject: Re: Scam telemarketers spoofing our NOC phone number for callerid

not directly related, but i get occasional harrassing calls from
mental/emotional children who are using whois.  it's amusing but
basically pathetic.

randy

RE: Facebook down!! Alert!

[John van Oppen]

The only way in which I can see facebook as required for operations is when one 
is hosting apps that must interact with the facbook API.   Facebook is a site 
we keep an eye on from our NOC simply because it is important to a lot  our 
larger transit customers due to them having apps that require facebook API 
access.   We tend to also get calls from the .edu sites we service when it has 
outages.

That being said, facebook outages are not really an internal problem for us and 
it would seem odd to trust bussness proccesses  to free social network site.

John / AS11404

-Original Message-
From: Dan White [mailto:dwh...@olp.net] 
Sent: Wednesday, October 06, 2010 2:24 PM
To: david raistrick
Cc: nanog@nanog.org
Subject: Re: Facebook down!! Alert!

On 06/10/10 17:05 -0400, david raistrick wrote:
my point is that facebook has moved beyond being a pure content 
provider, and (much like, say, google) provide both content AND 
service.   I have dependancies on facebook's (as do many many others 
who perhaps dont yet hire folks who even know what nanog is but 
someday will) services. without them, my teams can't work and my 
employeer loses signiicant figures of revenue per day.

Why can't your teams work? Do they have email? I'm trying to imagine what
operational scenarios are involved between the technical staff in a company
that depend on Facebook being up, unless you're working for Facebook.

Even if I were not email inclined, I'd set up a local XMPP server do to my
communication.

so facebook is very much operationally relevant for my network, and 
that these mixed content/service providers will be more and more 
relevant as time goes on and we as a community should figure out how 
to deal with their transition from pure content to perhaps some day 
pure service.

How we deal with it is to create a viable distributed version of it.

-- 
Dan White

RE: IPv6 enabled carriers?

[John van Oppen]

We have a dual-stack 10G link to XO here in Seattle so they are doing it
as well...   Savvis is not doing v6 yet either so far as I know, we are
going to make that an issue at our next renewal.I am told that
level3 is working on a full dual-stack roll-out currently and that it
should be available soon and will replace the current tunneled options
they have.


Thanks,

John van Oppen
Spectrum Networks (AS11404)


-Original Message-
From: Jared Mauch [mailto:ja...@puck.nether.net] 
Sent: Wednesday, March 10, 2010 11:19 AM
To: Charles Mills
Cc: NANOG list
Subject: Re: IPv6 enabled carriers?


On Mar 10, 2010, at 2:00 PM, Charles Mills wrote:

 Does anyone have a list of carriers who are IPv6 capable today?
 
 I would assume this would be rolled out in larger cities first but
 anything outside of testbed environments and trials as in
 Comcast's recent announcement seems to be all that is available.
 
 I'm being tasked with coming up with an IPv6 migration plan for a data
center.
 
 Mostly interested in if ATT, Level3, GLBX, Saavis, Verizon Business
 and Qwest are capable as those are the typical ones I deal with.


I believe most of the ones you've listed have service offerings in
various stages of availability.

You should be able to pop over here:

telnet route-views.equinix.routeviews.org

and take a look at the table easily enough to determine what providers
have it enabled.  Some have been operating with a different ASN for a
number of years, including ATT and Sprint.

If you're not feeding route-views, and are IPv6 enabled, please do.  It
helps those interested in routing research and is a valuable community
asset.

- Jared

RE: dark fiber and sfp distance limitations

[John van Oppen]

The best OTDR data I have ever gotten prior to signing an agreement for strands 
is the readings from another pair on the same route.That being said most 
dark fiber agreements have some sort of minimum performance specifications in 
them.

John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: William Herrin [mailto:herrin-na...@dirtside.com] 
Sent: Friday, January 01, 2010 5:11 PM
To: ML
Cc: nanog@nanog.org
Subject: Re: dark fiber and sfp distance limitations

On Fri, Jan 1, 2010 at 7:24 PM, ML m...@kenweb.org wrote:
 Pardon my ignorance in this area but is too much to ask for OTDR data before
 signing contracts?  In addition to data on the make of the fiber if you
 wanted to do xWDM in the future.

Yes, it's too much to ask. They won't splice your path until you sign
the contracts and you can't get useful OTDR and loss readings until
the fiber is spliced.

You can probably put an escape clause in the contract that lets you
exit with little or no cost if the readings aren't good enough after
the fact. If you're not time-constrained, you can probably request a
pre-check for a modest fee after main splicing but before trenching to
your endpoints.

Regards,
Bill Herrin

-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

RE: DMCA takedowns of networks

[John van Oppen]

I think that is a pretty standard procedure.   We generally give our
users 12 hours to remove the content before we null-route the IP...
The only time this does not apply is with active spam sources, simple
and quite effective.


Thanks,


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Joe Greco [mailto:jgr...@ns.sol.net] 
Sent: Monday, October 26, 2009 7:45 AM
To: Brian Johnson
Cc: North American Network Operators Group
Subject: Re: DMCA takedowns of networks

   So why are we having this discussion?
  
  Because it appears that HE took down non-infringing sites?
  
  Excuse me for stating the obvious.  :-)
  
  ... JG
  --
  Joe Greco - sol.net Network Services - Milwaukee, WI -
 
 On the technical side of this question...
 
 Let's say that a customer is doing virtual hosting. So they have a
bunch
 of sites (Let's say hundreds) on a single IP address. Given that one
of
 the sites is misbehaving (use your own definition), how would a
provider
 block the one site, without blocking others that share the same IP
 address, without looking at every port 80 request and parsing for the
 header for the URL?
 
 Is there a better solution that doesn't require intrusive parsing?

Sure.  Tell the hoster they've got to shut it down, or else lose their
connectivity.

Sometimes it can be both simple *and* obvious.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI -
http://www.sol.net
We call it the 'one bite at the apple' rule. Give me one chance [and]
then I
won't contact you again. - Direct Marketing Ass'n position on e-mail
spam(CNN)
With 24 million small businesses in the US alone, that's way too many
apples.

RE: as702 looking glass?

[John van Oppen]

No BGP looking glass but there is a traceroute gateway in AS702:

http://zelfservice.nl.uu.net/netwerk/pops/trace.uunet


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: R. Scott Evans [mailto:na...@rsle.net] 
Sent: Friday, September 04, 2009 12:21 PM
To: nanog@nanog.org
Subject: Re: as702 looking glass?

On Fri, 4 Sep 2009 13:38:56 +0400 (MSD), Serg Shubenkov wrote
 Folks,
 
 Does anyone know if Verizon (AS702) has a publicly accessable looking
 glass?
 
 -- 
 Serg Shubenkov

it's been 2 years since I last inquired, but the answer then was:

Date: Fri, 17 Aug 2007 17:37:09 + (GMT)
From: hel...@verizonbusiness.com
Subject: (2007081704481) BGP routes

Hi there,
I am afraid we do not have a public looking glass...

RE: XO - a Tier 1 or not?

[John van Oppen]

XO has been offering a product lately that is all routes except level3
and sprint which leads me to believe that they pay both of those
peers...


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Justin M. Streiner [mailto:strei...@cluebyfour.org] 
Sent: Tuesday, July 28, 2009 8:31 AM
To: nanog@nanog.org
Subject: Re: XO - a Tier 1 or not?

On Tue, 28 Jul 2009, Charles Mills wrote:

 Trying to sort through the marketecture and salesman speak and get a
 definitive answer.

 I figure the NANOGers would be able to give me some input.

 Is XO Communications a Tier 1 ISP?

Do the best of my knowledge, no.  The definition of 'Tier 1' is
something 
of a moving target based on who you ask, but the most commonly stated 
criteria I've seen over the years are:
1. The provider does not buy IP transit from anyone - all traffic is
moved
   on settlement-free public or private interconnects.  That's not to
say
   that the provider doesn't buy non-IP services (IRUs, lambdas,
easements,
   etc) from other providers on occasion.
2. The provider lives in the default-free zone, which is pretty much a
   re-statement of point 1.

I'll leave discussions about geographical coverage out of it for now.

That said, I don't think XO meets the criteria above.  I'm not 100% 
certain, but I don't think they're totally settlement-free.  Other 
providers like Cogent would fall into this bucket as well.

However, I also wouldn't get too hung up on tiers.  Many very reliable, 
competent, and responsive providers providers but transit to handle at 
least some portion of their traffic.  It also depends on what sort of 
service you need.  For example, if you need a big MPLS pipe to another 
country, there are a limited number of providers who can do that, so
they 
would tend to be the big guys.  However, if you just need general IP 
transit, your options open up quite a bit.

jms

RE: Wireless bridge

[John van Oppen]

To come up with an accurate recommendation one really needs to know your
budget, on that distance speeds up to 1 gbit/sec are possible if you
spend enough on the radios...Do you have some cost and desired
throughput parameters to guide everyone's recommendations?


-Original Message-
From: Tim Huffman [mailto:t...@bobbroadband.com] 
Sent: Thursday, June 18, 2009 9:27 AM
To: nanog@nanog.org
Subject: RE: Wireless bridge

 The line of sight is all clear, no trees. Only one building along the
way
 has a rooftop of similar height, but the antennas are extended far
above
 the
 roofline. We have used a rifle scope to confirm line of sight is all
clear
 at all angles.
 

Unfortunately, you can't necessarily rely on visual line of sight. At
800meters, the Fresnel Zone on your radio is about 14ft in diameter at
the midpoint. You need to make sure that this is free of obstructions.

 Oh I know. Luckily it's located in an industrial area just on the
 outskirts
 of the city. There isn't a lot of other WiFi (in my opinion); 3-5
total
 SSIDs spread across 2 of the 3 physical channels (1,6,11) depending on
 which
 rooftop you measure from.
 

Make sure you're using the channel that doesn't have an AP on it!

 
 Bandwidth requirements aren't too picky. If it can handle minimum 9
Mbps
 full-duplex everyone will be happy. Of course, the faster the better.
 I don't know if it makes a difference or not but this is all taking
place
 in
 Canada. I don't know of any regulations drastically different from the
 U.S's
 regarding frequency use here. The biggest problem I've ever had though
has
 just been payment/shipping depending on the supplier (some don't ship
to
 Canada or are very specific about payment methods!).

Canadian and US regulations are very similar in the unlicensed bands.
I'd still pick 5.2GHz if you were replacing the radio. 

 
 
 Just to answer a few more questions I've been getting, the access
points
 are
 located inside, connected to a small UPS. The antenna wire is a very
thick
 coax up to the roof, BNC connectors to the access point and I'm fairly
 certain BNC connectors on the antenna end as well. I'll double check
 grounding on the poles but I'm somewhat afraid to turn it into a
lightning
 rod. I'm fairly certain that the ground in the antenna wire is clean
but
 again, something to double check.

How long is your cable run, and what kind of cable is it? It's probably
LMR-400 (the most common) loses about 6.6dB of your signal for every 100
feet. Also, you should check the waterproofing on the connector at the
antenna. We normally use a 'courtesy wrap' of electrical tape, followed
by a thick layer of Mastic tape, followed by another layer of electrical
tape. Also, check your cable for nicks or kinks.

 
 Rain/moisture doesn't seem to cause problems. In fact the connection
is
 more
 reliable through the winter. The last 2 months here have been
cold/warm,
 dry/wet and there's been no pattern to the stability issues. The only
 correlation between weather and stability that they have noticed there
is
 lightning related.

Moisture in the cables doesn't necessarily show up during rain! That
moisture can seep throughout the cable, and cause attenuation when it
gets cool and the moisture condenses, for example.

You haven't said what kind of antennas you are using, but if they are
yagi's, they probably have very poor back-to-front ratios, which means
that you could be picking up interference from behind you, or on the
sides, especially if the antennas are up above the tree cover. You might
try horizontal polarization on the antennas (just rotate them 90
degrees, but make sure you do it on BOTH sides!) to see if that helps.
Cross-polarization is usually good for about 20dB of noise rejection.

The fact that there doesn't seem to be any pattern to your loss means
that it's probably either interference (somebody changing channels),
hardware failure, or software failure.

Hope this helps.

--
Tim Huffman
Director of Engineering
Business Only Broadband, LLC
O (630) 590-6012
C (630) 340-1925
t...@bobbroadband.com
www.bobbroadband.com

RE: Cogent input

[John van Oppen]

NTT (2914) and GBLX (3549) both do native v6...  most everyone else on
the tier1 list does tunnels.  :(

There are some nice tier2 networks who do native v6, tiscali and he.net
come to mind.


-John

-Original Message-
From: Paul Timmins [mailto:p...@telcodata.us] 
Sent: Thursday, June 11, 2009 4:00 PM
To: Justin Shore
Cc: NANOG
Subject: Re: Cogent input



 I hope at least some SPs make this commitment back in the states.  I 
 can't find any tier-1s that can provide us with native v6.  Our tier-1

 upstream has a best effort test program in place that uses ipv6ip 
 tunnels.  The other upstream says that they aren't making any public 
 IPv6 plans yet.  It's hard to push the migration to v6 along when 
 native v6 providers aren't readily available.

GlobalCrossing told me today I can order native IPv6 anywhere on their 
network. Don't know if they count as Tier 1 on your list, though. VZB 
has given me tunnels for a while, hopefully they'll get their pMTU issue

fixed so we can do more interesting things with it.

-Paul

RE: Fiber cut - response in seconds?

[John van Oppen]

Ok, while this is off-topic, let's just point people to Wikipedia:

Other satellites (which are NOT in the same position at all times from
the prospective of a spot on earth):

http://en.wikipedia.org/wiki/Geosynchronous_orbit 


TV, and other fixed positioned (relative to the earth are
geostationary):

http://en.wikipedia.org/wiki/Geostationary_orbit 



perhaps further comments can go to the discussion pages on Wikipedia
since I would wager a very small number of us push any serious number of
bits via satellite.


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Chris Adams [mailto:cmad...@hiwaay.net] 
Sent: Tuesday, June 02, 2009 3:36 PM
To: Deepak Jain
Cc: nanog@nanog.org
Subject: Re: Fiber cut - response in seconds?

Once upon a time, Deepak Jain dee...@ai.net said:
 I promise you that that is not the case for all applications.
 Geosynchronous satellites can be anywhere. For the applications you
 are considering (communications mostly), equatorial orbit is the most
 advantageous. 

Geosynchronous are only over a particular longitude.  They move up and
down in latitude, so it isn't over a given point except twice per day
(or only once at the extremes).

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

RE: glue record

[John van Oppen]

Because it gave you the IP of ns1  ns2.push.mobi in the additional section?   
Looks like a pretty normal answer for a TLD server.

John van Oppen
Spectrum Networks LLC
206.973.8302 (Direct)
206.973.8300 (main office)


-Original Message-
From: Anton Zimm [mailto:anton.z...@gmail.com] 
Sent: Thursday, May 28, 2009 11:07 PM
To: nanog@nanog.org
Subject: glue record

Hi,
I'm looking for glue record for ns1.push.mobi so I ask one of the root
name server.
It gives me the list of dot mobi authorized name servers.

I'm expecting it to be answered by one of the mobi tld authorized name
servers, but it's telling me that it delegates the answer to
ns1.push.mobi instead. It does not make sense for me because how can I
ask ns1.push.mobi if I don't know its ip address yet...
Clue please..?

-
a...@hollywood:~$ dig @B2.MOBI.AFILIAS-NST.ORG. ns1.push.mobi


;; QUESTION SECTION:
;ns1.push.mobi. IN  A

;; AUTHORITY SECTION:
push.mobi.  86400   IN  NS  ns1.push.mobi.
push.mobi.  86400   IN  NS  ns2.push.mobi.

;; ADDITIONAL SECTION:
ns1.push.mobi.  86400   IN  A   117.102.248.2
ns2.push.mobi.  86400   IN  A   117.102.248.3
-

best,
Anton.

RE: UCEProtect Level 3

[John van Oppen]

We had complaints about our entire ASN being listed too, due to a bunch of 
infected hosts in a sub-allocated /23 (out of our nearly /16 of space).  The 
best part is they don't bother to report the abuse, they just block the entire 
ASN, not terribly productive.


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Skywing [mailto:skyw...@valhallalegends.com] 
Sent: Thursday, May 07, 2009 10:31 PM
To: Suresh Ramasubramanian; Raleigh Apple
Cc: nanog@nanog.org
Subject: RE: UCEProtect Level 3

I seem to recall that Mailstreet/MXlogic firewalls off (not rejects at SMTP 
level) any AS listed in UCEProtect, at least of about a year or so ago.

- S

-Original Message-
From: Suresh Ramasubramanian ops.li...@gmail.com
Sent: Thursday, May 07, 2009 22:25
To: Raleigh Apple rap...@rapidlink.com
Cc: nanog@nanog.org nanog@nanog.org
Subject: Re: UCEProtect Level 3


On Fri, May 8, 2009 at 12:04 AM, Raleigh Apple rap...@rapidlink.com wrote:
 Is anyone else out there aware that the UCEProtect Level 3 email blacklist
 blocks entire AS?


Is there anyone out there aware of any significant (or larger than
'man and his dog on a DSL') mail provider using UCEPROTECT?

--
Suresh Ramasubramanian (ops.li...@gmail.com)

RE: massive snowshoe operations may be a cause for concern (was: Re:UCEProtect Level 3)

[John van Oppen]

I agree, spamhaus has always been great.  

We were on a few feedback loops and senderbase.org did not show much for that 
subnet...   anyway solved now.Got the ex-customer's other ISP to block the 
announcement since we killed it a while ago, also removed the SWIP.  ;)

John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] 
Sent: Friday, May 08, 2009 4:35 PM
To: John van Oppen
Cc: Steven Champeon; Skywing; Raleigh Apple; nanog@nanog.org
Subject: Re: massive snowshoe operations may be a cause for concern (was: 
Re:UCEProtect Level 3)

You wont find me holding up uceprotect or apews as fine examples of
properly or even competently run lists, I'd point you to spamhaus for
that.

But, in this day and age, and with the volumes of spam around, I'd
counsel you NOT to wait for or expect manual complaints to your abuse
desk, almost nobody does that these days.

Feel free to signup for AOL etc feedback loops and you'd probably get
a much higher volume of complaints - enough that you'd have to
dedicate an email address to it, and use the scriptability of the ARF
format these feedback loops are sent in, so you can get / generate
stats.

Periodic rDNS scans of your network, and either making rDNS requests
manual, or at least running periodic rDNS scans of your network to
spot that kind of customer would make sense too.  You must admit that
the kind of rDNS Steve Champeon posted in in that very long list
upthread sticks out like a sore thumb.

--srs

On Sat, May 9, 2009 at 4:20 AM, John van Oppen j...@vanoppen.com wrote:
 My favorite part of uceprotect was that there was basically no way to get 
 them to send us actual reports or even IPs
 (without us paying for them). We canned this customer a month or two ago for 
 abuse but gave them time to migrate
 out of our IP space (they were announcing it with their ASN to their other 
 provider even after we cut transit) and
 swore up and down they were using it for virtual hosting (as did their ARIN 
 justification forms). I just requested
 directly to their other provider that announcements be filtered and removed 
 the SWIP. That /20 had only ever
 had about 15 reports for it to our abuse desk and we are actually responsive 
 hence the kicking of the customer

RE: Can you see these AS links:)

[John van Oppen]

This should be a pretty normal thing, not everyone just has transit
links...  route views only sees about 35 or 40 of our nearly 200
adjacencies and they are pretty comprehensive.   There is an argument
that you might be better off just emailing the ARIN or peering db
contacts of the ASNs you are interested in.

Thanks,


John van Oppen
Spectrum Networks LLC (AS11404)
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Kai Chen [mailto:kch...@eecs.northwestern.edu] 
Sent: Tuesday, March 31, 2009 7:56 PM
To: na...@merit.edu
Subject: Can you see these AS links:)

Hello folks,
As part of a research project here at Northwestern, we have found quite
a
few unexpected AS-level links that do not appear in public available BGP
tables. We really need your help in validating them; for anyone who
knows
links associated with any AS, if you can assist us with this please
contact
us off list.

Thanks!
- Kai

RE: Comcast - No complaints! [was: Re: Craptastic Service! (was: Re:comcast price check)]

[John van Oppen]

Back on the original topic of Comcast fiber. It is sold by region,
shoot me an off-list email and I can put you in touch with someone at
national who can at least point you in the correct direction.I must
say that it appears their metroE services take a back seat to the coax
services and thus I never purchased that service when looking into it.

On the peering/transit side, the guys at national (AS7922) are really
professional (albeit a bit overworked).   Our peering link to them is
awesome for getting rid of Comcast user complaints.  :)

John van Oppen
Spectrum Networks LLC
206.973.8302 (Direct)
206.973.8300 (main office)


-Original Message-
From: Paul M. Moriarty [mailto:p...@igtc.com] 
Sent: Sunday, February 22, 2009 10:03 AM
To: Ryan A. Krenzischek
Cc: NANOG list
Subject: Comcast - No complaints! [was: Re: Craptastic Service! (was:
Re:comcast price check)]

I've been using their biz offering for the past 18 months and have had  
a very good experience, including same day fixes all three times I  
reported problems (no truck dispatch required).  For $105/month I get  
excellent speed and routable IP's.  A good deal from my perspective.

Oh, and you might want to read those SLA's you get from ATT or any  
other carrier.  Typically, all they give you for not meeting the SLA  
is credits and you typically have to ask for them, in writing within  
30 days to actually get them.

- Paul -

On Feb 20, 2009, at 9:46 PM, Ryan A. Krenzischek wrote:


 Yes, they do.  You can find more information here:

 http://business.comcast.com/ethernet/dedicated-internet.aspx

 Although, I'm sufficiently disappointed with Comcast's Business  
 Cable service.  I have had them since 6-NOV-2008 and they took 4  
 months and 1 week to fix a cabling problem at the head-end for my  
 business Internet. Apparently the head-end was wired wrong in  
 regards to how power was supplied to it.  I had nothing but dropped  
 packets and latency (400-500 MS, sometimes 1200 MS) problems.  I  
 lost so much business.  I tried multiple times to speak with a  
 manager but they would only pick up their phone after I sat for 30  
 minutes with the phone, pressing the redial key and placed 60 calls  
 to them.  I had to call their corporate office and file a  
 complaint.  I am still having dropped packet issues.

 Comcast support also had the nerve to say it was my equipment and  
 that I should immediately disconnect everything.  Remind me again  
 how is it my problem with *MY* equipment when the modem takes 25  
 minutes to sync/lock on the upstream channel?

 I would *highly* recommend a T1 or partial T3.  While they are more  
 expensive and highly reliable, ATT or other major telcos will fix  
 the problem within a reasonable SLA.  Comcast does NOT have a SLA.   
 It took 4 months to fix my problems on a business account.

 A Very Unhappy Comcast Customer,

 Ryan Krenzischek

 On Fri, 20 Feb 2009, Steven King wrote:

 Date: Fri, 20 Feb 2009 23:45:48 -0500
 From: Steven King sk...@kingrst.com
 To: John Martinez jmarti...@zero11.com
 Cc: NANOG list nanog@nanog.org
 Subject: Re: comcast price check
 Comcast has an Ethernet service?

 John Martinez wrote:
 Does any one here use comcast's ethernet services?
 If so, what is their price range?


 Thanks in advance.

RE: anyone else seeing very long AS paths?

[John van Oppen]

I just see it from 47868 and I just filtered it so it would stop blowing
up BGP sessions to customers.   In our case we are only seeing the
prefix from level3 which prompted me to create a route map to block it:


ip as-path access-list 500 permit _47868_

route-map as3356-in deny 1
 match as-path 500




John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Matt Liotta [mailto:mlio...@r337.com] 
Sent: Monday, February 16, 2009 8:55 AM
To: nanog@nanog.org
Subject: anyone else seeing very long AS paths?

I am seeing them from 39625 and 47868.

-Matt

RE: anyone else seeing very long AS paths?

[John van Oppen]

Yep we saw the same, every customer with old IOS had their sessions die
to us at the same time...   That always makes for an interesting time
when watching the NMS system...

We are seeing a much more sane path now:

agg2-sea-Ashow ip bgp 94.125.216.0/21
BGP routing table entry for 94.125.216.0/21, version 25944571
Paths: (1 available, best #1)
Multipath: eBGP
  Advertised to update-groups:
 2  3  5  6  7  8  9

  3561 3356 29113 47868
208.76.153.96 (metric 5102) from 208.76.153.96 (208.76.153.96)
  Origin IGP, metric 0, localpref 50, valid, internal, best
  Community: 11404:1000 11404:1040
agg2-sea-A





John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Andy Davidson [mailto:a...@nosignal.org] 
Sent: Monday, February 16, 2009 9:10 AM
To: John van Oppen
Cc: Matt Liotta; nanog@nanog.org
Subject: Re: anyone else seeing very long AS paths?


Hi,

Yep, we see them too.  Nasty because there are lots of networks  
flapping as the long as-paths are tickling old bug CSCdr54230, so even  
networks not affected by the bug will be getting lots of extra updates.

Anyone with contacts at 47868 ?  Any upstreams onlist that want to bin  
them ?

Andy

RE: Peer Filtering

[John van Oppen]

Yep agreed...We balance that by keeping the max-prefix no more than
about 40% over the current prefix limit on each peer.   For us it is a
trade-off, accept the routes or don't send the traffic to peering.   The
couple of times I have seen route leaks that involved one or two routes
they were paths that worked, they were just wrong and we ended up just
throwing a prefix-list on that peer. 

The thing is, one basically has to trust one's transit providers which
don't always filter well.  Given this trusting one's peers at least
some-what does not seem too out there.


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Martin Barry [mailto:ma...@supine.com] 
Sent: Monday, February 02, 2009 7:22 PM
To: nanog@nanog.org
Subject: Re: Peer Filtering

$quoted_author = John van Oppen ;
 
 Here in the US we don't bother, max-prefix covers it...   It seems
that
 US originated prefixes are rather sporadically entered into the
routing
 DBs.
 
...and you are not worried about someone leaking a subset of routes?

I understand that most failure cases would trigger a max-prefix but a
typo
could allow just enough leakage to not hit max-prefix and yet still make
something important unreachable.

cheers
marty

-- 
with usenet gone, we just don't teach our kids entertainment-level
hyperbole
any more. --Paul Vixie

http://www.merit.edu/mail.archives/nanog/2006-01/msg00593.html

RE: Cogent Haiku v2.0

[John van Oppen]

The main problem I see is peering wars and a lack of diversity, we have
seen a couple incidents where they have dropped all or part of their
connectivity to our market (seattle), during the latter they had major
packet-loss which was frankly more annoying than them being down...
Issues also tend to be a tad more frequent than other providers but on
the whole, really not that bad.

We basically use cogent as private peering to reach their customers.
Operationally the incredibly annoying part is their helpdesk-style
attitude towards prefix-lists, if you have a few prefixes this is no big
deal but if you are like us and have 30+ downstream ASNs it can get
annoying to repetadily explain to techs who don't get it why you need to
have them add more routes, do le 24 matching (to limit the number of
times we call) or to increase their max-prefix limit.   If they were not
so cheap I would cancel them just due to the lack of RADB support but at
least they have no uRPF filters so I have taken to just doing batch
prefix-list updates with them every few months as my sanity-saving
solution.


John van Oppen
Spectrum Networks LLC
Direct: 206.973.8302
Main: 206.973.8300
Website: http://spectrumnetworks.us


-Original Message-
From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net] 
Sent: Monday, January 12, 2009 10:02 AM
To: Mike Bartz
Cc: nanog@nanog.org
Subject: Re: Cogent Haiku v2.0

Mike,

Aside from the occasional peering wars i've never had or witnessed any
serious issues with Cogent. If you want some redundancy you might also
try some other similarly priced providers like WBS Connect, HE, or
BtN.

Best regards, Jeff

On Mon, Jan 12, 2009 at 12:54 PM, Mike Bartz m...@bartzfamily.net
wrote:
 I like the haiku!  On a serious note, we are considering getting a
 connection from Cogent.  We currently have connections to att, Level
 3 and TW Telecom.  The low cost and high number of peer AS number's
 seems appealing to us.  Every carrier has its issues, so I don't know
 what to make of the apparent negativity that I am seeing in these
 haiku threads.  I am looking for some first hand experiences to help
 me make this decision.

 Thanks for any assistance!

 Mike


 On Sun, Jan 11, 2009 at 9:59 PM, neal rauhauser nrauhau...@gmail.com
wrote:
 Cogent makes a mess
 My phone rings and rings
 Unfornicate this!




 --
 Mike Bartz
 m...@bartzfamily.net





-- 
Jeffrey Lyon, Leadership Team
jeffrey.l...@blacklotus.net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th
at Booth #401.

cogent bgp filtering policies?

[John van Oppen]

Now that I am on my third round of an email argument with cogent's
support department about adding prefixes to our filters (and them not
understanding why I want le 24 matches on the blocks from which we
allocate subnets to multi-homed customers) I figure it would be a good
idea to ask if anyone has ever gotten cogent to setup any IRR based
filtering on a customer connection.   

 

We are a small-ish regional transit provider in the northwest announcing
 100 prefixes and just spent the last few days writing emails and
calling trying to get cogent to accept more than 30% of the routes we
were announcing.We have IRR (radb to be specific) filters set up
with our other four providers which really lowered my tolerance for
having to go round and round to get prefixes added.   Heck, at this
point I would settle for a direct email address for their engineering
department just to avoid the arguments with the support monkeys.

 

 

I should note that this is actually the second time I have had this
issue (the last time was with one of our customers and their cogent
connection) even though we only turned up our service recently.

 

John van Oppen

AS11404

 

RE: cogent bgp filtering policies?

[John van Oppen]

That software might be a good solution for sending them updates, heck a
script sending it out every time it detects an update might also cause
them to get more excited about automating updates.   ;)   We also had
issues with them wanting a paper (or faxed) LOA which seemed a bit
onerous given the number of prefixes we announce.

The le 24 matches should have been easy since the reason we wanted them
were because we have customers using their own ASNs to announce
sub-allocations of our space, a quick look on their part the first time
we made the request would have shown that the sub allocations were all
originated from downstream ASNs from our network.   

If anyone has an engineering contact at cogent (ie not the support
contact) I would love to talk to them as it seems support department
front-end is the problem and not necessarily cogent's actual policies.

Thanks,

John van Oppen
Spectrum Networks LLC
206.973.8302 (Direct)
206.973.8300 (main office)

-Original Message-
From: Paul Wall [mailto:[EMAIL PROTECTED] 
Sent: Sunday, July 27, 2008 4:30 PM
To: John van Oppen
Cc: [EMAIL PROTECTED]
Subject: Re: cogent bgp filtering policies?

Cogent does not support IRR.  Since you're using IRR yourself, Richard
Steenbergen's IRRPT (irrpt.sf.net) has a script called 'irrpt_nag'
which is good for sending automated requests for prefix-list updates
with providers that continue to process them manually.

You can (and should) ask that Cogent's Engineering department okay
you for support for de-aggregation down to the /24 level or more
specific.  They will with proper justification or a general feeling
that you've got good reason and aren't just looking to gratuitously
de-aggregate prefixes for no reason.

Drive Slow,
Paul

On Sun, Jul 27, 2008 at 5:59 AM, John van Oppen [EMAIL PROTECTED]
wrote:
 Now that I am on my third round of an email argument with cogent's
 support department about adding prefixes to our filters (and them not
 understanding why I want le 24 matches on the blocks from which we
 allocate subnets to multi-homed customers) I figure it would be a good
 idea to ask if anyone has ever gotten cogent to setup any IRR based
 filtering on a customer connection.



 We are a small-ish regional transit provider in the northwest
announcing
 100 prefixes and just spent the last few days writing emails and
 calling trying to get cogent to accept more than 30% of the routes we
 were announcing.We have IRR (radb to be specific) filters set up
 with our other four providers which really lowered my tolerance for
 having to go round and round to get prefixes added.   Heck, at this
 point I would settle for a direct email address for their engineering
 department just to avoid the arguments with the support monkeys.





 I should note that this is actually the second time I have had this
 issue (the last time was with one of our customers and their cogent
 connection) even though we only turned up our service recently.



 John van Oppen

 AS11404

Re: [Nanog] Cogent Router dropping packets

[John van Oppen (list account)]

I know I have experienced the engineering department there as well, the
best one was when they wanted paper documentation for every route I
asked to have in our filters...  (and they were incapable of using
RADB).   It was especially odd since we have  80 of our own peers and
three other transit providers to who we were announcing over 100 routes
while they still wanted paper docs.

But, filters seem to be an annoyance for most big providers...   I have
been trying to get level3 to fix our radb-based filtering for a while
now (it just stopped pulling new updates for some reason).  :)

John


-Original Message-
From: manolo [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 22, 2008 7:23 AM
To: Joe Greco
Cc: [EMAIL PROTECTED]
Subject: Re: [Nanog] Cogent Router dropping packets

Well it also was the total arrogance on the part of Cogent engineering 
and management taking zero responsibility and pushing it back everytime 
valid issue or not. You had to be there.  But everyone has a different 
opinion, my opinion is set regardless of what cogent tries to sell me
now.



Manolo

Joe Greco wrote:
 Well it had sounded like I was in the minority and should keep my
mouth 
 shut. But here goes. On several occasions the peer that would
advertise 
 our routes would drop and with that the peer with the full bgp tables

 would drop as well. This happened for months on end. They tried
blaming 
 our 6500, our fiber provider, our IOS version, no conclusive findings

 where ever found that it was our problem. After some testing at the 
 local Cogent office by both Cogent and myself, Cogent decided that
they 
 could make a product that would allow us too one have only one peer

 and two to connect directly to the GSR and not through a small
catalyst. 
 Low and behold things worked well for some time after that.

   This all happened while we had 3 other providers on the same router

 with no issues at all. We moved gbics, ports etc around to make sure
it 
 was not some odd ASIC or throughput issue with the 6500.
 

 Perhaps you haven't considered this, but did it ever occur to you that
 Cogent probably had the same situation?  They had a router with a
bunch
 of other customers on it, no reported problems, and you were the
oddball
 reporting significant issues?

 Quite frankly, your own description does not support this as being a
 problem inherent to the peerA/peerB setup.

 You indicate that the peer advertising your routes would drop.  The
peer
 with the full BGP tables would then drop as well.  Well, quite
frankly,
 that makes complete sense.  The peer advertising your routes also
 advertises to you the route to get to the multihop peer, which you
need
 in order to be able to talk to that.  Therefore, if the directly
connected
 BGP goes away for any reason, the multihop is likely to go away too.

 However, given the exact same hardware minus the multihop, your direct
 BGP was still dropping.  So had they been able to send you a full
table
 from the aggregation router, the same thing probably would have
happened.

 This sounds more like flaky hardware, dirty optics, or a bad cable (or
 several of the above).

 Given that, it actually seems quite reasonable to me to guess that it
 could have been your 6500, your fiber provider, or your IOS version
that
 was introducing some problem.  Anyone who has done any reasonable
amount
 of work in this business will have seen all three, and many of the
people
 here will say that the 6500 is a bit flaky and touchy when pushed into
 service as a real router (while simultaneously using them in their 
 networks as such, heh, since nothing else really touches the price per
 port), so Cogent's suggestion that it was a problem on your side may
have
 been based on bad experiences with other customer 6500's.

 However, it is also likely that it was some other mundane problem, or
a 
 problem with the same items on Cogent's side.  I would consider it a 
 shame that Cogent didn't work more closely with you to track down the 
 specific issue, because most of the time, these things can be isolated

 and eliminated, rather than being potentially left around to mess up 
 someone in the future (think: bad port).

 ... JG
   


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: [Nanog] Cogent Router dropping packets

[John van Oppen (list account)]

Not sure what you are talking about, cogent is all AS174...Other
than a few odd routers doing DS3 aggregation I don't think there is any
old PSInet network online (other than the AS number and IP addresses).
Cogent integrated acquisitions quite quickly (I was an aleron customer
and it only took two months from the purchase close for us to move from
AS4200 to 174).

As for the two BGP peer question, they do it anywhere where they have
Ethernet distribution, at least as far I can tell.   That being said, we
don't use them anymore since we could not get them to play-ball on
pricing at larger commits either (I won't buy cogent if they don't at
least match the terms of our cheapest large-network transit provider).
:)


John van Oppen
Spectrum Networks LLC
206.973.8302 (Direct)
206.973.8300 (main office)

-Original Message-
From: manolo [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 21, 2008 1:03 PM
To: Joe Greco
Cc: [EMAIL PROTECTED]
Subject: Re: [Nanog] Cogent Router dropping packets

I do have to say that the PSI net side of cogent is very good. We use 
them in Europe without many issues. I stay far away from the legacy 
cogent network in US.


Manolo

Joe Greco wrote:
 Joe Greco wrote:
 
 For those unfamiliar, Cogent has a system where you set up an EBGP
peering
 with the Cogent router you're connected to, for the purposes of
announcing
 your routes into Cogent.  However, these are typically smaller,
aggregation
 class routers, and do not handle full tables - so you don't get your
routes
 from that router.  To get a full table FROM Cogent, you need to set
up an
 EBGP multihop session with them, to their nearest full-table router.
I 
 believe they actually do all their BGP connections in that manner.
   
 Depends on the service you purchase. Fast Ethernet seems to be
delivered 
 as eBGP-multihop (the first hop is just a L3 switch), however DS-3 is

 handled as a single BGP session. I'm not sure if GigE or SONET
services 
 are handled as multihop or not.
 

 GigE is, though perhaps not in all cases (we had a client buying
x00Mbps
 delivered over gigE, which was definitely multihop).

   
 Probably all depends what hardware they have at each POP
 

 In part, I'm sure.  There is also a certain benefit to having
consistency
 throughout your network, and it sometimes struck me that many of the
folks
 working for Cogent had a bit more than average difficulty dealing with
the
 unusual situation.  This is not meant harshly, btw.  Generally I like
the 
 Cogent folks, but they (and their products) have their faults, just as
any
 of the competition does.

 It may also help to remember that there's legacy Cogent and then
there's 
 PSI/etc.  Perhaps there are some differences as a result.

 The more things you can do using the same template, the less difficult
it
 is to support.  On the flip side, the less flexible you are ...

 ... JG
   


___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog