Re: AWS Blacklisting?

[Josh Baird]

Your prefix(es) may have been added to an AWS-managed WAF rule-set for
whatever reason.

These rule-sets are used by the AWS WAF service which many AWS customers
use.

On Tue, Oct 18, 2022 at 8:39 PM Justin H.  wrote:

> Is it possible this is a geolocation issue?  I'm not sure I've heard of
> that causing a 403 Forbidden, but I'm also not too familiar with AWS.
>
> Justin H.
>
> William Herrin wrote:
> > Sounds like "AWS Shield" but I couldn't begin to tell you who to contact.
> >
> > On Tue, Oct 18, 2022 at 4:51 PM Justin H.  wrote:
> >> I have a customer who's suddenly been getting 403's today on AWS hosted
> >> sites.  My google-fu seems to be failing me because I can't seem to find
> >> any information on who manages that on their side or how to fix the
> issue.
> >>
> >> I've sent an email to amzn-noc-cont...@amazon.com based on ARIN
> >> contacts, but it doesn't seem to be a responsive address.
> >>
> >> Has anyone had to navigate this particular maze before?
> >>
> >> Thank you,
> >> Justin H.
> >
> >
>
>

Re: What do you think about the "cloudification" of mobile?

[Josh Baird]

I think Netflix's usage of AWS is being understated here.

On Fri, Jan 28, 2022 at 6:29 AM Mike Hammett  wrote:

> There's a big difference between a website (admittedly a complex one) and
> a mobile core.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
> 
> --
> *From: *"Michael Thomas" 
> *To: *nanog@nanog.org
> *Sent: *Thursday, January 27, 2022 3:54:57 PM
> *Subject: *Re: What do you think about the "cloudification" of mobile?
>
>
> On 1/26/22 11:11 PM, Mark Tinka wrote:
> >
> >
> > On 1/26/22 17:10, Tom Beecher wrote:
> >
> >>
> >> Those folks also tend to learn hard lessons about what happens when
> >> the Magic Cloud provider fails in a way that isn't possible to
> >> anticipate because it's all black box.
> >>
> >> Saving 12 months of opex $ sounds great, except when you lose 18
> >> months of opex $ in 2 days completely outside of your ability to
> >> control.
> >
> > I don't disagree.
> >
> > What this does, though, is democratize access into the industry. For a
> > simple business model that is serving a small community with a handful
> > of eyeballs, not trying to grow forever but put food on the table,
> > it's somewhere to start.
> >
> Didn't Netflix for the longest time run on AWS? I imagine if I were
> talking to a VC these days and said the first thing I was going to do is
> rack up a bunch of servers, I'd get laughed at. Cloud makes sense until
> it doesn't make sense. Just like everything else.
>
> Mike
>
>
>

Re: AWS contact?

[Josh Baird]

Are you sure it's not due to the Verizon outage?  As a non-customer, your
options for contacting support are limited.

On Tue, Jan 26, 2021 at 12:55 PM Justin Wilson (Lists) 
wrote:

> What is the best avenue for contacting support for AWS? I have
> several ISPs experiencing reachability issues with AWS hosted sites.  These
> are from different backbones, different gear, etc.  The common denominator
> is AWS.
>
> Been googling around and can’t seem to find a contact.
>
>
>
> Justin Wilson
> j...@mtin.net
>
> —
> https://j2sw.com - All things jsw (AS209109)
> https://blog.j2sw.com - Podcast and Blog
>
>

Re: Nashville

[Josh Baird]

I think the outage is a bit more widespread than "Nashville and surrounding
areas."  Most (all?) of Kentucky is without AT cellular service right
now.

I can't say for sure of how many of AT's residential internet customers
are affected, but reports on Twitter indicate it's a pretty significant
chunk.  I have AT ASE/metro services here in Kentucky that do not appear
to be affected at this time.

On Fri, Dec 25, 2020 at 2:33 PM Sean Donelan  wrote:

>
> AT statement regarding the intentional explosion in Nashville TN
>
> "Service for some customers in Nashville and the surrounding areas may be
> affected by damage to our facilities from the explosion this morning. We
> are in contact with law enforcement and working as quickly and safely as
> possible to restore service."
>
>
> From local news reporting:
>
> A widespread internet outage was reported in Nashville hours after a
> massive explosion downtown. AT internet and phone service was disrupted
> in the area about 12 p.m. Friday.
>
> A handful of local police departments reported the outage was disrupting
> 911 access, including some non-emergency lines, in their jurisdictions.
>
>
>

Re: Switch for SFP+

[Josh Baird]

LACP+tagged VLANs is not a problem for me on RouterOS.   I'm not wasting my
time on SwOS.

In general, Mikrotik's L2 switching implementation is very frustrating, but
I think it's gotten a bit better on the CRS3XX series of switches.

On Mon, May 18, 2020 at 5:53 PM Randy Carpenter 
wrote:

>
> I could never get LACP + tagged VLANs to work on SwOS.
>
> Then again, it doesn't work reliably on RouterOS either, so I gave up.
> Spending more on hardware that is well supported is worth it versus my time
> and sanity.
>
> I think Ubiquiti pretty much has the "cheap hardware that works well, but
> commercial support lacking" market cornered.
>
> thanks,
> -Randy
>
> - On May 18, 2020, at 5:43 PM, nanog  wrote:
>
> Yep, run SwichOS, prevents you from running things in software. 
>
>
>
>
>
> *[image: LTI-Full_175px]*
>
>
> *Dennis Burgess, Mikrotik Certified Trainer MTCNA, MTCRE, MTCWE, MTCTCE,
> MTCINE, MTCSE, HE IPv6 Sage, Cambium ePMP Certified *
>
> Author of "Learn RouterOS- Second Edition”
>
> *Link Technologies, Inc* -- Mikrotik & WISP Support Services
>
> *Office*: 314-735-0270  Website: http://www.linktechs.net
>
> Create Wireless Coverage’s with www.towercoverage.com
>
>
>
> *From:* NANOG  *On Behalf Of *Mike Hammett
> *Sent:* Monday, May 18, 2020 4:37 PM
> *To:* Mauro Gasparini 
> *Cc:* nanog@nanog.org
> *Subject:* Re: Switch for SFP+
>
>
>
> That's a downfall of Mikrotik, they give you ultimate power. You can do
> some pretty atypical things on there.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
> 
> --
>
> *From: *"Mauro Gasparini" 
> *To: *nanog@nanog.org
> *Sent: *Monday, May 18, 2020 1:45:59 PM
> *Subject: *Re: Switch for SFP+
>
> It's clear then that I must use "bridge vlan" to achieve the goal I am
> looking for.
> Now it's time for me to study, research and test on my side.
> If I have any specific questions, I will draw on your experience.
> Thanks a lot.
>
> El 15/5/20 a las 22:11, Travis Garrison escribió:
>
> On the CRS 3xx line, use vlan filtering instead. This guarantees hardware
> offloading.
>
>
>
> PS. Do not use this method on the 1xx or 2xx lines.
>
>
>
> /interface bonding
> add mode=802.3ad name=bond-inet slaves=ether9,ether10,ether8
> transmit-hash-policy=layer-2-and-3
>
>
>
> /interface bridge
>
> add name=bridge vlan-filtering=yes
>
>
>
> /interface bridge port
>
> add bridge=bridge interface=bond-inet
>
> add bridge=bridge interface=sfp1
>
>
>
> /interface bridge vlan
>
> add bridge=bridge tagged=bond-inet,sfp1 vlan-ids=201
>
>
>
> Thanks
>
> Travis
>
>
>
> *From:* NANOG   *On
> Behalf Of *Mauro Gasparini
> *Sent:* Friday, May 15, 2020 10:55 AM
> *To:* nanog@nanog.org
> *Subject:* Re: Switch for SFP+
>
>
>
> This works well on my CRSs:
>
> /interface bonding
> add mode=802.3ad name=bond-inet slaves=ether9,ether10,ether8
> transmit-hash-policy=layer-2-and-3
>
> /interface bridge port
> add bridge=br-cabase interface=bond-inet
> add bridge=br-cabase interface=sfp1
>
> But if I want to bridge vlans behind some bonding Instead of bridging phy
> interfaces, cpu explodes:
>
> /interface vlan
> add name=vl201-mmen vlan-id=201 interface=sfp1
> add name=vl201-mment vlan-id=201 interface=bond-inet
>
> /interface bridge port
> add bridge=br-mment interface=vl201-mmen
> add bridge=br-mment interface=vl201-mment
>
> El 15/5/20 a las 12:06, Mike Hammett escribió:
>
> https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#Bonding
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 

Re: WIKI documentation Software?

[Josh Baird]

Confluence.

On Sat, Mar 14, 2020 at 8:09 AM Craig  wrote:

> Wanted to ask what WIKI software teams are using to save documentation to
> / how to's for staff, etc.
>
> pro's
> con's
>
> We have an older wiki bare-metal wiki server, that I want to get replaced
> before it kicks the bucket and was looking into various ones.
>
> thanks;
>
> CPV
>
>
>

Re: Getting an ASN in ARIN

[Josh Baird]

Have you looked here [1]?

They even produced a short video telling you how to request ASN resources.

[1] https://www.arin.net/resources/guide/asn/


On Mon, Jan 6, 2020 at 12:43 PM thomas brenac via NANOG 
wrote:

> Hi,
>
> Happy new year everyone.
>
> I know ARIN is very strict with IP transfers at least from ARIN to ARIN.
> I know they require very detailed information. Curious if someone in the
> list know if they are equally strict when issuing an ASN and/or have a
> recent experience on the matter ?
>
> Thanks you
>
> --
> Thomas BRENAC
> https://www.brenac.eu
> +33686263575
>
> Certified IPv4 Broker by RIPE NCC, APNIC and LACNIC
>
>
> The content of this email is confidential and intended for the recipient
> specified in message only. It is strictly forbidden to share any part of
> this message with any third party, without a written consent of the sender.
> If you received this message by mistake, please reply to this message and
> follow with its deletion, so that we can ensure such a mistake does not
> occur in the future.
> This message has been sent as a part of discussion between BRENAC EURL and
> the addressee whose name is specified above. Should you receive this
> message by mistake, we would be most grateful if you informed us that the
> message has been sent to you. In this case, we also ask that you delete
> this message from your mailbox, and do not forward it or any part of it to
> anyone else. Thank you for your cooperation and understanding.
> We puts the security of the client at a high priority. Therefore, we have
> put efforts into ensuring that the message is error and virus-free.
> Unfortunately, full security of the email cannot be ensured as, despite our
> efforts, the data included in emails could be infected, intercepted, or
> corrupted. Therefore, the recipient should check the email for threats with
> proper software, as the sender does not accept liability for any damage
> inflicted by viewing the content of this email.
> The views and opinions included in this email belong to their author and
> do not necessarily mirror the views and opinions of the company. Our
> employees are obliged not to make any defamatory clauses, infringe, or
> authorize infringement of any legal right. Therefore, the company will not
> take any liability for such statements included in emails. In case of any
> damages or other liabilities arising, employees are fully responsible for
> the content of their emails.
>

Re: Juniper BGP Convergence Time

[Josh Baird]

The MX104 has a notoriously slow PPC-based RE unfortunately.

Josh

On Tue, May 15, 2018 at 10:10 AM, Adam Kajtar 
wrote:

> Hello:
>
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowing correctly. The router has the correct route in the
> routing table, but it doesn't install it in the forwarding table for the
> full two mins.
>
> I have a few questions if anyone could answer them.
>
>- What would a usual convergence time be for this setup?
>- Is there anything I could do speed this process up? (I tried
> Multipath)
>- Any tips and tricks would be much appreciated
>
> Thanks in Advance
> --
> Adam Kajtar
> Systems Administrator
> City of Wadsworth
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
>
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 
>

Re: Software for tracking network related projects and activities

[Josh Baird]

JIRA works great for us.

On Fri, Sep 2, 2016 at 1:07 AM, Manuel Marín  wrote:

> Dear Nanog community
>
> We are currently using RT for tracking tasks related to network operations
> like BGP configuration change requests, circuit/ports activation, support
> tickets, etc, but when trying to track multiple activities that involve
> multiple departments, the RT (Request Tracker) system does not provide all
> the tools as a project/tasks management system. I was wondering if you can
> share what you use for tracking network related projects and activities.
>
> Thank you in advance
>
> Regards
>

Re: Juniper vMX evaluation - how?

[Josh Baird]

It was a struggle to get anywhere with vMX when we last tried ~8months
ago.  Nobody at Juniper seemed to know anything about it or who to talk
to.  In any event, you may be able to get more information by asking over
at juniper-nsp@.

Josh

On Wed, Apr 13, 2016 at 4:58 PM, Jeremy Austin  wrote:

> On Wed, Apr 13, 2016 at 12:54 PM, Bruce Simpson  wrote:
>
> >
> > Is some special magic required to acquire an evaluation copy? The 60 day
> > trial license is directly downloadable from the above link, but the
> tarball
> > is not. $CLIENT was just referred to it by $RESELLER.
>
>
> I'd be interested as well — I submitted a form, nothing but crickets.
>
>
> --
> Jeremy Austin
>
> (907) 895-2311
> (907) 803-5422
> jhaus...@gmail.com
>
> Heritage NetWorks
> Whitestone Power & Communications
> Vertical Broadband, LLC
>
> Schedule a meeting: http://doodle.com/jermudgeon
>

Re: -48DC electrical supply

[Josh Baird]

For DC 'stuff' in general (wires, fuses, distribution, etc), I use
alliedelectronics.com.

On Thu, Feb 18, 2016 at 2:15 PM, Daniel Corbe 
wrote:

> Where do you guys get your supplies (wire, connectors, tools) for -48VDC
> stuff?
>
>

Re: Low Cost 10G Router

[Josh Baird]

The BGP daemon on the CCR routers is not multi-threaded; it only will use
one core.

Josh

On Tue, May 19, 2015 at 10:06 PM, Colton Conor colton.co...@gmail.com
wrote:

  So this new $1295 Mikrotik CCR1036-8G-2S+EM  has a 36 core Tilera CPU with
 16GB of ram. Each core is running at 1.2Ghz? I assume that Mikrotik is
 multicore in software, so why does this box not outperform these intel
 boxes that everyone is recommending? Is it just a limitation of ports?



 On Tue, May 19, 2015 at 6:03 PM, Faisal Imtiaz fai...@snappytelecom.net
 wrote:

 
 
 
   I've seen serious, unusual performance bottlenecks in Mikrotik CCR, in
  some
   cases not even achieving a gigabit speeds on 10G interfaces.
 Performance
   drops more rapidly then Cisco with smaller packet sizes.
  
-mel beckman
 
 
  Folks often forget that Mikrotik ROS can also run on x86 machines.
 
  Size your favorite hardware (server) or network appliance with
 appropriate
  ports, add MT ROS on a CF card, and you are good to go.
 
  We use i7 based network appliance with dual 10g cards (you can use a quad
  10g card, such as those made by hotlav).
 
  with a 2gig of ram, you can easily do multiple (4-5 or more full bgp
  peers), and i7 are good for approx 1.2mill pps.
 
 
  Best of luck.
 
 
  Faisal Imtiaz
  Snappy Internet  Telecom
 

Re: Multi-gigabit edge devices as CPE

[Josh Baird]

You could possibly look at rolling vMX (if it's even available yet) on x86
hardware.  It's licensed by throughput and feature set.  If you are doing
L3VPN, I think you would need the advanced license.  This may fit within
your budget.

On Thu, Apr 9, 2015 at 10:50 AM, Tim Raphael raphael.timo...@gmail.com
wrote:

 You’ll be looking at a Juniper MX or a Cisco ASK9K I think.

 The MXs are targeted as being full-features edge routers. An MX5 will take
 a full feed just fine and do all the *VPN you want.
 If you’re talking about multiple full feeds then you’ll need a MX240 with
 one of the higher-power REs for a decent reconvergence time.


  On 9 Apr 2015, at 10:42 pm, Daniel Rohan dro...@gmail.com wrote:
 
 
  On Thu, Apr 9, 2015 at 7:25 AM, Tim Raphael raphael.timo...@gmail.com
 mailto:raphael.timo...@gmail.com wrote:
  L3VPN hand off is the only thing I can think of from the top of my head.
 But then, there would be no need to have a full table unless you had
 customers requesting a full table.
 
 
  I have one customer who needs an L3VPN for some shared private routes
 along with a full table in inet.0. There are ways of accomplishing this
 creatively but I'm looking for devices that can handle these types of
 requests that permit us some level of sanity.

Anyone from 10796 (TWC)?

[Josh Baird]

Hi,

Could someone from 10796 please contact me off-list?  I'm looking for some
assistance with problems between 7018 and 10796 that is affecting customers
on my network.

Thanks,

Josh

Re: Starting a greenfield(ish) small (10k subs?) multihomed (two ASN) , dual stacked, wireless ISP - i can haz advice?

[Josh Baird]

FCC licensing?  No licenses as long as you operate in unlicensed bands (ie,
900mhz/2.4ghz/5).


On Thu, Jul 24, 2014 at 5:10 AM, hayden paul.ba...@gmail.com wrote:

 Sorry, no feedback from me.. I have couple of questions though, how much
 licensing do you need to go through, to actually start a WISP?
 Also, Kansas.. Are you concerned that you’ll have to compete with Google
 Fiber at some point?

 On 23 Jul 2014, at 20:58, char...@thefnf.org wrote:

  Hey everybody,
 
  So all this talk about monopolies, small ISPs vs the big bad netflix  ,
 muni fiber etc etc has been interesting. Lots and lots of talk, lots of
 interesting links etc.
 
  I'm an action/results oriented individual, and have been working on
 actually building out a grassroots ISP, instead of just talking about it. :)
 
  Over the past year or so, I've been involved with an effort to launch a
 community ISP in the Kansas City MO area. It's got several towers up now
 and a decent amount of users. It's been funded by the community that it
 serves. Feel free to ask any questions you have about the details. It's an
 open network in all aspects (design, business model etc). It is
 intentionally designed/operated in such a way that all aspects can be
 disclosed.
 
  We are now ready to take the next step and obtain an ASN and v6 space
 (also looks like we can get a /24 of v4 space as well).
 
  What are the things that we should do before we get those resources?
 What should we do immediately after? What books/rfc/bcp should we be most
 familiar with?
 
  As is typical of many small outfits, we have an incredibly high degree
 of software skill, and a limited budget which goes entirely to hardware.
 
  This is a greenfield network. We've got Ubiquiti gear for the backbone.
 Running a mix of QMP routers with BMX6 as the IGP linked over AirOS l2
 bridge pseudowires. We'll be homed to two AS upstreams. Using pfSense as
 the WAN edge routers.
 
  From all my reading of the list, it seems like key things to do in this
 scenario:
 
  1) Have full flow telemetry at all points to help with (D)DOS mitigation.
  2) Do CGN in pools (so perhaps ~500 to 1k users behind each IP)?
  3) Provision a /56 of v6 space to each end user. I was thinking of
 having the CPE with CeroWRT and be multi SSID with a /64 per. I'm
 interested in folks thoughts on this?
  4) Upsell a public v4 address if someone requires it
  5) Of course implement bcp38
 
  I'm mostly interested in technical feedback. Business model etc type
 feedback is welcome as well, but not the primary purpose of this message. :)
 
  Thanks!
 
  Charles Wyble
  CTO Free Network Foundation

Re: ZyXEL Gear

[Josh Baird]

I don't, but you may want to take a look at Planet:

http://www.planet.com.tw/

Thanks,

Josh


On Tue, Nov 26, 2013 at 10:47 PM, Eric C. Miller e...@ericheather.comwrote:

 I'm looking at some non-Cisco price options to deliver more than 4 SFP
 slots into a structure and was wondering if anyone had any experience with
 ZyXEL's offerings in the service provider market. Specifically MGS-3712F or
 GS-4012F

 Thank you for your comments!

 Eric Miller, CCNP
 Network Engineering Consultant
 (407) 257-5115

Re: recommended outdoor enclosures

[Josh Baird]

http://www.ddbunlimited.com/

Be prepared to drop some coin.

Josh


On Mon, Jun 17, 2013 at 3:36 PM, Chuck Anderson c...@wpi.edu wrote:

 I'm in need of my first free-standing, pad-mounted outdoor enclosure,
 19 rack rails, 12-18 rack units, with about 400W of heat load inside,
 for use in the Massachusetts climate.  What do people recommend as far
 as contruction, cooling/heating options, NEMA ratings, security
 options, etc. for this use?

 I was hoping to keep the inside temperature between 50 and 85 degrees
 Fahrenheit, although my worst-case components are rated for 41 to 104
 F (4 - 40 C).  If a full mechanical A/C system can be avoided, even
 better.  A thermo-electric cooler would be nice.

 Thanks.

Re: internet in the box

[Josh Baird]

Or find a wireless ISP in the area to backhaul you some bandwidth for a
week.

Then just get a box to do NAT, DHCP, etc.

Josh

On Fri, Mar 8, 2013 at 2:30 PM, Philip Lavine source_ro...@yahoo.comwrote:

 Has anybody set up a Cellular front end (LTE or 3G) access to the Internet
 and a WiFi backend supporting 150 devices.
 I need to provide temporary Internet access (7 days) to a convention
 center room that is about 2000 square feet.
 Stooopid Aria wants to charge $50/user/wk and who knows what the BW is.

Re: Visio-fu

[Josh Baird]

Check SmartDraw.

On Mon, Feb 25, 2013 at 5:04 PM, George Herbert george.herb...@gmail.comwrote:

 On Mon, Feb 25, 2013 at 12:58 PM, George Herbert
 george.herb...@gmail.com wrote:
  [...]
  My company has a Visio whiz, who I'm going to ping for his opinion on
  that, but I am guessing it's a no.

 Our Visio guy's opinion concurred with mine; it's custom drawing, not
 off-the-shelf capability, and would most likely have been in a
 graphics program (though he thinks it might have been possible with
 Visio, it would have been much easier in for example Illustrator).


 --
 -george william herbert
 george.herb...@gmail.com

Re: Anyone w/ clue @netsol?

[Josh Baird]

I'm thinking crappy monitoring tools.

Josh

On Mon, Oct 15, 2012 at 2:59 PM, chris tknch...@gmail.com wrote:

 On Mon, Oct 15, 2012 at 2:22 PM, Mike A mi...@mikea.ath.cx wrote:
  On Mon, Oct 15, 2012 at 02:08:10PM -0400, chris wrote:
  I am having a issue delivering mail to a specific domain hosted
  @netsol for a significant amount of time now (several days) only and
  getting a vague error from the remote side:
 
  inbound.xxx.com.netsolmail.net [206.188.198.64]: 451 4.3.2 Please try
  again later
 
  I have tried the support channels referenced on the netsol website
  called support phone num and emailed emailh...@networksolutions.com
  and still cant seem to find anyone with a clue or get this escalated
  past level 1 call center staff.
 
  I have an existing open ticket for some time now
 
  If you are @netsol or have any good technical contacts please contact
  me offlist thanks
 
  I'm not @netsol, but am seeing the same thing. We have time-critical (and
  paid-for) oversize/overweight load permits stacking up for people at two
  different domains which point to mailhosts in netsol.
 
  --
  Mike Andrews, W5EGO
  mi...@mikea.ath.cx
  Tired old sysadmin
 

 I am periodically not even able to connect to port 25 on that ip, I'm
 thinking overloaded box or cluster member fail?

 chris

Re: Big Temporary Networks

[Josh Baird]

We have been using Unifi (a Ubiquiti WIFI product) for local conventions
and festivals.  The product is fairly cheap, robust, and their access
points have very good range.  We have deployed it at several commercial
businesses as well with great success.  The deployment is very easy.  We
run the controller on a VM at our NOC, but you can also run it locally at
the event as well.

Besides this, we have a fairly beefy box that handles DNS and DHCP and
basic firewalling.

Josh

On Thu, Sep 13, 2012 at 3:55 PM, Donald Eastlake d3e...@gmail.com wrote:

 The 2015 WorldCon site selection is contested. There is a group
 seeking selection for the Disney Coronado Spring Resort in Florida but
 also competing groups seeking Spokane, Washington, and Helsinki,
 Finland.

 Thanks,
 Donald
 =
  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
  155 Beaver Street, Milford, MA 01757 USA
  d3e...@gmail.com


 On Thu, Sep 13, 2012 at 10:29 AM, Jay Ashworth j...@baylink.com wrote:
  My best friend just got back from Chicon 7 last week, this year's World
  Science Fiction Convention.  He tells me that the networking at the con
 hotel,
  the Chicago Hyatt, was miserable, whether wired or wireless... and that
 Sprint
  4G wasn't much better.
 
  I'm talking to the people who will probably be, in 2015, running the
 first
  Worldcon I can practically drive to, in Orlando, at -- I think -- the
 Disney
  World Resort.  I've told them how critical the issue is for this market;
 they,
  predictably, replied We look forward to your patch.  :-}
 
  I know without a doubt that this is a problem NANOG PCs deal with 3
 times a
  year; is there any collected wisdom on the web already about how this has
  been dealt with, that I can pore over?  Pointers to good archive threads?
 
  If not, do any of the people who've already done have 5 minutes to chime
 in
  on what they did and what they learned?
 
  Cheers,
  -- jra
  --
  Jay R. Ashworth  Baylink
 j...@baylink.com
  Designer The Things I Think
 RFC 2100
  Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
  St Petersburg FL USA   #natog  +1 727
 647 1274
 

Re: Big Temporary Networks

[Josh Baird]

Yes, we backhaul our own bandwidth to it; either using Cambium or Ubiquiti
unlicensed 5Ghz backhauls.  Depending on the distance and type of backhaul,
we can get 50-150mbps to the event.

Josh

On Thu, Sep 13, 2012 at 5:13 PM, Jay Ashworth j...@baylink.com wrote:

 - Original Message -
  From: Josh Baird joshba...@gmail.com

  We have been using Unifi (a Ubiquiti WIFI product) for local conventions
  and festivals. The product is fairly cheap, robust, and their access
  points have very good range. We have deployed it at several commercial
  businesses as well with great success. The deployment is very easy. We
  run the controller on a VM at our NOC, but you can also run it locally
  at the event as well.
 
  Besides this, we have a fairly beefy box that handles DNS and DHCP and
  basic firewalling.

 Have you had to/been able to haul in your own bandwidth to feed it?  What
 class?  (Real DS3/OC1/OC3, FiOS/HFC, something else?)

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA   #natog  +1 727 647
 1274

Re: Commerical Backup Solutions

[Josh Baird]

We have used Symantec's BackupExec (Veritas) in several locations but
have standardized on IBM's Tivoli Storage Manager (TSM).  Not a fan of
IBM, but it works, and it works well.  Be prepared to drop some
serious coin, though.  We currently use it to do tape backups for over
800+ servers (Linux, AIX, Windows).

Josh

On Thu, May 17, 2012 at 7:08 PM, Thomas York strate...@fuhell.com wrote:
 We use Barracuda Yosemite backup with about 10 locations all over the
 world, using disk to disk (single disks via esata and to SANs) and disk to
 tape (both libraries and single drives). Very rarely do we have issues.
 Barracuda support isn't as good as Yosemite's (Barracuda bought them) but
 still not bad. Also, the site wide license is a steal! Get a demo, it might
 fit the bill.

 --Thomas York
 On May 17, 2012 6:59 PM, Mike Lyon mike.l...@gmail.com wrote:

 We used Acronis and it was a nightmare as was their off-shored support
 model. Never again... Wouldn't touch them with a 10 foot pole.

 Switched to Iron Mountain LiveVault which backs everything up over the
 wire. It has basic reporting functions but not extremely granular.
 http://ironmountain.com/services/democenter/livevault/player.html

 Barracuda also seems to have a nice product. Though, i've never used it:
 http://www.barracudanetworks.com/ns/products/backup_overview.php

 -Mike

 On Thu, May 17, 2012 at 3:53 PM, Paul Stewart p...@paulstewart.org
 wrote:

  Hey folks.
 
 
 
  I'm hoping for some input from operational folks on backup solutions for
  servers.  We are looking for a commercial backup solution with a nice
  reporting dashboard etc.
 
 
 
  It must support full/incremental backups on Windows and various flavors
 of
  Linux.  We would also be looking for bare metal image/recovery abilities.
 
 
 
  To date, we've been fond of Acronis until we got the quote for it ..
  Initially we would be looking at 50-80 servers and growing it up from
 there
  to probably 150-200 boxes.  Some of these servers are geographically
  dispersed.
 
 
 
  At the moment we have been using Bacula but it lacks bare metal options
 and
  doesn't have any nice reporting options (Executive Dashboard etc)
 
 
 
  Thanks for any input,
 
 
 
  Paul
 
 
 
 
 
 
 
 


 --
 Mike Lyon
 408-621-4826
 mike.l...@gmail.com

 http://www.linkedin.com/in/mlyon

Re: airFiber

[Josh Baird]

I was told to expect 0.1ms by UBNT.  Haven't seen this published, though.

Josh

On Mon, Apr 2, 2012 at 9:38 AM, Dylan Bouterse dy...@corp.power1.com wrote:
 What published specs have you seen on the airFiber latency? I asked one of 
 the UBNT guys and they said it's microsecond. On any network I've managed, 
 anything sub 1ms is acceptable.

 Dylan

 -Original Message-
 From: John van Oppen [mailto:jvanop...@spectrumnet.us]
 Sent: Saturday, March 31, 2012 2:22 PM
 To: 'Andrew McConachie'; Marshall Eubanks
 Cc: NANOG list
 Subject: RE: airFiber

 We actually have a lot of the old gigabeam radios in service, they are faster 
 than the published specs of the airfiber links (1G full duplex vs 750 
 mbit/sec fd) and lower latency due to their very simplistic design.     To be 
 honest, from a network engineering standpoint, the gigabeams were conveninet 
 as path issues would show up as ethernet errors that can be used to trigger 
 reroutes or other events.    That being said, we did not have a large variety 
 of switches as the microwave side of our house is made up entirely of just a 
 couple of cisco models.    The gigabeams also have a pure OOB management 
 setup.


 John

Re: airFiber

[Josh Baird]

They are taking pre-orders now for a (hopefully) June delivery.  I'm
at a conference now and got the rundown yesterday from Ubiquiti.  This
product was designed completely from the ground up by the former
Motorola Canopy 100 team.  It -should- deliver ~700mbit in both
directions @ full duplex.  Note that 24ghz is very susceptible to
rain fade and should be used in caution in certain climates,
especially at longer distances approaching 10+km.  Anyhow, check the
video out on ubnt.com for an introduction and technical overview -
it's worth watching.

Josh

On Thu, Mar 29, 2012 at 1:30 PM, Phil Regnauld regna...@nsrc.org wrote:
 Drew Weaver (drew.weaver) writes:
 I've read that it requires perfect line of sight, which makes it sometimes 
 tricky.

 Thanks,
 -Drew

        Define perfect line of sight ? How is this different from any other 
 wireless
        link and the associated Fresnel zone ?

        http://en.wikipedia.org/wiki/Fresnel_zone

        Even 100 Mbit/s wireless equipment (which ubqt also happens to make 
 great
        gear for, at 800 USD / link) will need unobstructed view of the remote
        point - and it's not all or nothing, the performance will degrade.

        Cheers,
        Phil

Re: IP Management Software

[Josh Baird]

We use Men  Mice, but it is a commercial product.  Solarwinds
andInfoblox also have commercial offerings that are worth looking at.
Ifyou looking at an IPAM platform with emphasis on IPv6, check
outwww.6connect.com.  They offer a free product that is
prettycomprehensive.

Josh
On Fri, Jan 13, 2012 at 4:24 PM, Shahab Vahabzadeh
sh.vahabza...@gmail.com wrote:
 Hi,
 Would you please tell me what is the advantages of noc-project?
 It takes hours to install it and it looks like a software with lots of bugs?
 I have it now but many problems in their scripts, Isn't it?
 Thanks

 On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com wrote:

 Try noc project


 On Friday, December 16, 2011, Shahab Vahabzadeh sh.vahabza...@gmail.com
 wrote:
  Hi everybody,
  Can anybody share his/her experience with IP Management software's?
 Which I
  can use it managing near 100K IP Address?
  IPPlan is not good enough, I think its
 




 --
 Regards,
 Shahab Vahabzadeh, Network Engineer and System Administrator

 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90

Re: IP Management Software

[Josh Baird]

In that case, there aren't too many options.  I have used IPPLAN in
the past, and I have found it difficult to use and manage.  Most of
the other open source IPAM packages are now vaporware.

Josh

On Fri, Jan 13, 2012 at 4:51 PM, Shahab Vahabzadeh
sh.vahabza...@gmail.com wrote:
 I am looking for an open source one, nocproject.org is good but it need lots
 of patches to be normal, I think they are not developing it too much because
 its internal project for them.


 On Sat, Jan 14, 2012 at 1:20 AM, Josh Baird joshba...@gmail.com wrote:

 We use Men  Mice, but it is a commercial product.  Solarwinds
 andInfoblox also have commercial offerings that are worth looking at.
 Ifyou looking at an IPAM platform with emphasis on IPv6, check
 outwww.6connect.com.  They offer a free product that is
 prettycomprehensive.

 Josh
 On Fri, Jan 13, 2012 at 4:24 PM, Shahab Vahabzadeh
 sh.vahabza...@gmail.com wrote:
  Hi,
  Would you please tell me what is the advantages of noc-project?
  It takes hours to install it and it looks like a software with lots of
  bugs?
  I have it now but many problems in their scripts, Isn't it?
  Thanks
 
  On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com
  wrote:
 
  Try noc project
 
 
  On Friday, December 16, 2011, Shahab Vahabzadeh
  sh.vahabza...@gmail.com
  wrote:
   Hi everybody,
   Can anybody share his/her experience with IP Management software's?
  Which I
   can use it managing near 100K IP Address?
   IPPlan is not good enough, I think its
  
 
 
 
 
  --
  Regards,
  Shahab Vahabzadeh, Network Engineer and System Administrator
 
  PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90




 --
 Regards,
 Shahab Vahabzadeh, Network Engineer and System Administrator

 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90

Re: SSL Certificates

[Josh Baird]

We typically stick with Network Solutions, and DigiCert for
SANcertificates.  VeriSign's prices are just insane.
On Fri, Jan 6, 2012 at 9:15 AM, Michael Carey mca...@kinber.org wrote:
 Looking for a recommendation on who to buy affordable and reputable SSL
 certificates from?  Symantec, Thawte, and Comodo are the names that come to
 mind, just wondering if there are others folks use.

 Thanks,

 --
 Michael D. Carey
 KINBER Network Engineer
 mca...@kinber.org
 M: 814.777.5027
 GV: (814) 205-6773 https://www.google.com/voice#phones
 Skype: KINBER.Mike.Carey

 KINBER - Keystone Initiative for Network Based Education and Research -
 www.kinber.org
 PennREN - Pennsylvania's Research and Education Network

Problems with 100.42.32.0/20

[Josh Baird]

Hi,

We just received 100.42.32.0/20 from ARIN.  According to ARIN, this
block was received from IANA in November 2010 and was issued to us in
November 2011.  Since we started using it, we have seen many problems
with different Geo-IP providers incorrectly classifying the block -
both location and provider wise (lots of them think this is Verizon
space for some reason in both Canada and Kansas).  I have followed
http://nanog.cluepon.net/index.php/GeoIP and contacted most of these
providers already.  Not one has returned my email/inquiry.

The main problem that I am seeing is that Verizon/UUNET is filtering
access to some of their networks from 100.42.32.0/20.  We are
currently unable to reach any of UUNET.net's authoritative DNS servers
(198.6.1.83, 198.6.1.161, etc) and appear to be filtered by some
Verizon Business/UUNET routers.

$ traceroute 198.6.1.83
traceroute to 198.6.1.83 (198.6.1.83), 30 hops max, 40 byte packets
1  209.65.192.129 (209.65.192.129)  1.491 ms  1.716 ms  1.942 ms
2  vl41-irtr1.dan100.net.kywimax.com (209.65.192.45)  0.551 ms  0.582
ms  0.587 ms
3  rrcs-173-197-155-189.west.biz.rr.com (173.197.155.189)  0.474 ms
0.519 ms  0.505 ms
4  ae8.chcgill3-rtr1.kc.rr.com (65.28.199.197)  20.349 ms  20.340 ms  20.409 ms
5  ae-5-1.cr0.chi30.tbone.rr.com (66.109.6.112)  20.243 ms  20.235 ms  20.223 ms
6  107.14.17.147 (107.14.17.147)  27.982 ms  27.567 ms  27.540 ms
7  216.156.72.165.ptr.us.xo.net (216.156.72.165)  20.945 ms
te1-2-0d0.cir1.chicago2-il.us.xo.net (216.156.72.5)  20.920 ms
216.156.72.157.ptr.us.xo.net (216.156.72.157)  20.912 ms
8   (204.255.168.97)  20.868 ms  20.826 ms  20.910 ms
9   (152.63.66.77)  36.133 ms  36.243 ms  36.233 ms
10   (152.63.43.109)  45.859 ms  45.853 ms  45.843 ms
11   (152.63.38.9)  45.177 ms  45.175 ms  45.168 ms
12  * * *
13  * * *
14  *  (207.18.173.162)  46.105 ms !X *

(pos5-0.soesr1.ash.ops.us.uu.net)

I have contacted VZW Business' IP-NOC and was not really given a
contact that could help me with this situation.  I have also emailed
filt...@lists.verizonbusiness.com and I'm awaiting a response
(hopefully).

Would anyone happen to have an idea of why I am seeing so many
problems with this block, and who I may be able to reach out to at VZB
to hopefully get this issue resolved?

Thanks.

Re: Problems with 100.42.32.0/20

[Josh Baird]

Verizon just contacted me off-list.  The problem was identified as an
outdated bogon filter on their end.

Verizon - thanks for the quick response!

Thanks,

Josh

On Tue, Jan 3, 2012 at 12:42 PM, Josh Baird joshba...@gmail.com wrote:
 Hi,

 We just received 100.42.32.0/20 from ARIN.  According to ARIN, this
 block was received from IANA in November 2010 and was issued to us in
 November 2011.  Since we started using it, we have seen many problems
 with different Geo-IP providers incorrectly classifying the block -
 both location and provider wise (lots of them think this is Verizon
 space for some reason in both Canada and Kansas).  I have followed
 http://nanog.cluepon.net/index.php/GeoIP and contacted most of these
 providers already.  Not one has returned my email/inquiry.

 The main problem that I am seeing is that Verizon/UUNET is filtering
 access to some of their networks from 100.42.32.0/20.  We are
 currently unable to reach any of UUNET.net's authoritative DNS servers
 (198.6.1.83, 198.6.1.161, etc) and appear to be filtered by some
 Verizon Business/UUNET routers.

 $ traceroute 198.6.1.83
 traceroute to 198.6.1.83 (198.6.1.83), 30 hops max, 40 byte packets
 1  209.65.192.129 (209.65.192.129)  1.491 ms  1.716 ms  1.942 ms
 2  vl41-irtr1.dan100.net.kywimax.com (209.65.192.45)  0.551 ms  0.582
 ms  0.587 ms
 3  rrcs-173-197-155-189.west.biz.rr.com (173.197.155.189)  0.474 ms
 0.519 ms  0.505 ms
 4  ae8.chcgill3-rtr1.kc.rr.com (65.28.199.197)  20.349 ms  20.340 ms  20.409 
 ms
 5  ae-5-1.cr0.chi30.tbone.rr.com (66.109.6.112)  20.243 ms  20.235 ms  20.223 
 ms
 6  107.14.17.147 (107.14.17.147)  27.982 ms  27.567 ms  27.540 ms
 7  216.156.72.165.ptr.us.xo.net (216.156.72.165)  20.945 ms
 te1-2-0d0.cir1.chicago2-il.us.xo.net (216.156.72.5)  20.920 ms
 216.156.72.157.ptr.us.xo.net (216.156.72.157)  20.912 ms
 8   (204.255.168.97)  20.868 ms  20.826 ms  20.910 ms
 9   (152.63.66.77)  36.133 ms  36.243 ms  36.233 ms
 10   (152.63.43.109)  45.859 ms  45.853 ms  45.843 ms
 11   (152.63.38.9)  45.177 ms  45.175 ms  45.168 ms
 12  * * *
 13  * * *
 14  *  (207.18.173.162)  46.105 ms !X *

 (pos5-0.soesr1.ash.ops.us.uu.net)

 I have contacted VZW Business' IP-NOC and was not really given a
 contact that could help me with this situation.  I have also emailed
 filt...@lists.verizonbusiness.com and I'm awaiting a response
 (hopefully).

 Would anyone happen to have an idea of why I am seeing so many
 problems with this block, and who I may be able to reach out to at VZB
 to hopefully get this issue resolved?

 Thanks.