Looking for input -- OSS tooling
I know that a number of people on this list use, and/or contribute to, open source software tools (e.g., *RTG). As I outlined in my lightning talk at the NANOG meeting last June, I’m collecting information about what operators find useful/off-putting in the use, contribution to, and support of open source software tools. My plan, and why I hope this project will be interesting to you, is to share the results of the data collection publicly so that supporters of OSS projects will be able to better tune them to what works for you. People who fund open source are asking for answers, so your thoughts would be appreciated! If you have 8 - 10 minutes to spare and would be willing to contribute your thoughts, you can get to the questionnaires here: https://possie.techark.org/operators-and-open-source-software-survey/ Thing 1 — “Questionnaires” because there’s one for individual contributors, and one for decision makers. You’re welcome to fill out both, if applicable. Thing 2 — the questionnaire does not require you to provide your name or contact info — that’s optional, if you’d like to do some follow up. Thanks for considering contributing your thoughts! Leslie. -- --- Leslie Daigle Principal, ThinkingCat Enterprises ldai...@thinkingcat.com ---
Re: NANOG67 - Tipping point of community and sponsor bashing?
On Wed, Jun 15, 2016 at 8:41 PM, Martin Hannigan <hanni...@gmail.com> wrote: > > SFMIX is great. But poorly distributed. We should support their efforts, but > how many IXPs do we need in the Bay area? AMS-IX Bay Area is creating a > market along with SFMIX. > SFMIX is in 5 physical locations( https://www.sfmix.org/connect/locations ) and is always open to talking to other providers about extending into their datacenter. So I'd say we're in a variety of locations! We've also just celebrated our 10 year anniversary :) Leslie
Fw: new message
Hey! New message, please read <http://austincounseling.com/heard.php?0nmn> Leslie
Fw: new message
Hey! New message, please read <http://brazilsail.com/leaving.php?2d> Leslie
Re: Call For Presentations RIPE 70, submission deadline 1 March 2015
Just a reminder that this deadline is coming up! We can't wait to see your submissions :) Leslie On Tue, Jan 13, 2015 at 5:57 AM, Benno Overeinder be...@nlnetlabs.nl wrote: Dear colleagues, Please find the CFP for RIPE 70 below. The deadline for submissions is 1 March 2015. Please also note that speakers do not receive any extra reduction or funding towards the meeting fee at the RIPE Meetings. Kind regards, Benno Overeinder for the RIPE Programme Committee http://www.ripe.net/ripe/meetings/ripe-meetings/pc Call for Presentations A RIPE Meeting is an open event where Internet Service Providers, network operators and other interested parties get together. Although the meeting is mostly technical, it is also a chance for people to meet and network with others in their field. RIPE 70 will take place from 11-15 May 2015 in Amsterdam, The Netherlands. The RIPE Programme Committee (PC) is now seeking content proposals from the RIPE community for the plenary session presentations, BoFs (Birds of a Feather sessions), panels, workshops, tutorials and lightning talks at RIPE 70. The PC is looking for presentations covering topics of network engineering and operations, including but not limited to: - IPv6 deployment - Managing IPv4 scarcity in operations - Commercial transactions of IPv4 addresses - Data centre technologies - Network and DNS operations - Internet governance and regulatory practices - Network and routing security - Content delivery - Internet peering and mobile data exchange Submissions RIPE Meeting attendees are quite sensitive to keeping presentations non-commercial, and product marketing talks are strongly discouraged. Repeated audience feedback shows that the most successful talks focus on operational experience, research results, or case studies. For example, presenters wishing to describe a commercial solution should focus on the underlying technology and not attempt a product demonstration. The RIPE PC accepts proposals for different presentation formats, including plenary session presentations, tutorials, workshops, BoFs (Birds of a Feather sessions) and lightning talks. See the full descriptions of these formats at https://ripe70.ripe.net/submit-topic/presentation-formats/ Presenters who are proposing a panel or BoF are encouraged to include speakers from several (perhaps even competing) companies and/or a neutral facilitator. In addition to presentations selected in advance for the plenary, the RIPE PC also offers several time slots for lightning talks, which are selected immediately before or during the conference. The following general requirements apply: - Proposals for plenary session presentations, BoFs, panels, workshops and tutorials must be submitted for full consideration no later than 1 March 2015, using the meeting submission system at https://ripe70.ripe.net/submit-topic/submission-form/. Proposals submitted after this date will be considered on a space-available basis. Important Dates regarding RIPE 70 can be found at: https://ripe70.ripe.net/programme/important-dates/ - Lightning talks should also be submitted using the meeting submission system (https://ripe70.ripe.net/submit-topic/submission-form/) and can be submitted just days before the RIPE Meeting starts or even during the meeting week. The allocation of lightning talk slots will be announced in short notice – in some cases on the same day but often one day prior to the relevant session. - Presenters should indicate how much time they will require. See more information on time slot allocations per presentation format at https://ripe70.ripe.net/submit-topic/presentation-formats/. - Proposals for talks will only be considered by the PC if they contain at least draft presentation slides (slides may be updated later on). For panels, proposals must contain a clear description, as well as the names of invited panellists, presenters and moderators. - Due to potential technical issues, it is expected that most, if not all, presenters/panellists will be physically present at the RIPE Meeting. If you have any questions or requests concerning content submissions, please email pc [at] ripe [dot] net. -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/
Re: oss netflow collector/trending/analysis
pmacct (http://www.pmacct.net/) is another pretty awesome open source tool. Leslie On Fri, May 2, 2014 at 8:00 AM, Avi Freedman freed...@freedman.net wrote: There's also SiLK from CMU. It's powerful but has a learning curve. I also see pmacct being used both by some end networks and by some vendors as part of systems. Avi Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt
FW: Updated ARIN allocation information
ARIN would like to share two items of information that may be of interest to the community. First, ARIN has recently begun to issue address space from its last contiguous /8, 104.0.0.0 /8. The minimum allocation size for this /8 will be a /24. You may wish to adjust any filters you have in place accordingly. More information on the IP address space administered by ARIN can be found on our web site at: https://www.arin.net/knowledge/ip_blocks.html Additionally, ARIN has placed 23.128.0.0/10 in its reserves in accordance with the policy Dedicated IPv4 block to facilitate IPv6 Deployment (NRPM 4.10). There have been no allocations made from this block as of yet, however, once we do begin issuing from this block, the minimum allocation size for this /10 will be a /28 and the maximum allocation size will be a /24. You may wish to adjust any filters you have in place accordingly. More information on this policy can be found on our website here: https://www.arin.net/policy/nrpm.html#four10 Regards, Leslie Nobile Director, Registration Services American Registry for Internet Numbers (ARIN)
Need help contact Smart (AS 10139) in the Philippines
Hi everyone - I always hate doing this, but I need some help getting a hold of a technical person at Smart in the Philippines, since at least one /24 of their smartbro internet service is returning 504's on users attempts to reach wikipedia for about the last week(but not if they go to the mobile site or a domain run by wikimedia but not wikipedia itself). We believe that they must be running some sort of transparent proxy which is malfunctioning. It is possible they have some connection to AS9299 since that seems to be their only transit provider. In case anyone is curious the methods we've tried to get in contact with them it includes : filling out the form for their tech support listed on the webpage, calling their tech support, having customers call their tech support repeatedly (sadly these two just result in support staff reading scripts and refusing to escalate), email noc@, emailing all of the addresses listed on their APNIC info, calling all of the phone numbers listed on their APNIC info, and using twitter to their customer support. I believe a volunteer is even trying to search for technical folks via facebook. If anyone has any technical contacts within this organization, it would be greatly appreciated, Leslie
Re: huawei (ZTE too)
On Thu, Jun 13, 2013 at 2:28 PM, david peahi davidpe...@gmail.com wrote: Last I heard NANOG stands for North American Network Operators Group. Anti-American comments are not welcome here.. As a matter of fact, North America includes 23 unique countries, not just the United States - http://en.wikipedia.org/wiki/North_america And, if you look at the NewNOG bylaws - http://www.nanog.org/governance/documents/NANOG-Bylaws-October2011.pdf - nothing is mentioned about disparaging any specific country. In fact the mission statement seems to be The purpose of NANOG is to provide forums in the North American region for education and the sharing of knowledge for the Internet operations community. Leslie David On Thu, Jun 13, 2013 at 1:36 PM, Jeroen Massar jer...@massar.ch wrote: On 2013-06-13 13:01, david peahi wrote: Apologies for making what could be construed as an off topic, political comment, but doesn't everyone in the USA know by now that the PRC represents a dagger aimed at the economic and national security of America? A military invasion in slow motion as it were? Please realize that one can make that statement from every side of the fence. It all just depends on which side of the fence you are born, if you consider one thing good or evil and as recent events show, you should be looking a bit closer at the home base... And now after this whole flood of messages about this... lets please go back to operations, thanks! Greets, Jeroen
Re: Problem reaching Wikipedia (AS43821) via Tele2
I should really look at NANOG more ;) All of our whois information is up to date, our peeringdb information is up to date, and the usual generic email of n...@wikimedia.org also works. We also have a few irc channels, bugzilla, and a technical problem wiki page! If anyone has issues reaching AS43821 or AS14907 , please contact us directly if you want it fixed sooner than once a week :) Leslie (Wikimedia Foundation - you can also contact me at lc...@wikimedia.org for any official business). P.S. If anyone's curious, Tele2 was fine - there was an issue between two other as's on a different return path. Hence the * * * after hopping into our network post-border router. On Fri, May 3, 2013 at 2:30 AM, Israel G. Lugo israel.l...@lugosys.com wrote: Indeed, although I wouldn't know why. The problem lasted the whole day yesterday, but it seems to be gone now. I was given the tech contact for Wikimedia off-list; if anything rises up again I'll get in touch with them. Thank you for the reply, and also to everyone who replied off-list. Regards, Israel G. Lugo On 05/02/2013 07:08 PM, Grant Ridder wrote: Looks like ge-2-5.br1-knams.wikimedia.org (130.244.6.250) is filtering you somehow. Grant Sent from my iPhone On May 2, 2013, at 9:01 AM, Israel G. Lugo israel.l...@lugosys.com wrote: Hello, Anyone else having problems reaching Wikipedia? I can't reach AS43821 (Wikimedia RIPE) from within the Portuguese NREN (AS1930), via Cogent (AS174) - Tele2 (AS1257): traceroute to en.wikipedia.org (91.198.174.225), 30 hops max, 60 byte packets 1 Router3.10GE.Lisboa.fccn.pt (193.136.1.89) [AS1930] 0.953 ms 2 ROUTER10.10GE.Lisboa.fccn.pt (193.137.0.8) [AS1930] 0.939 ms 3 ROUTER4.10GE.Lisboa.fccn.pt (193.137.0.20) [AS1930] 1.000 ms 4 fccn.mx2.lis.pt.geant.net (62.40.124.97) [AS20965] 1.000 ms 5 xe-2-3-0.rt1.mad.es.geant.net (62.40.98.107) [AS20965] 13.926 ms 6 as2.rt1.gen.ch.geant2.net (62.40.112.25) [AS20965] 37.882 ms 7 ae3.mx1.gen.ch.geant.net (62.40.112.14) [AS20965] 37.874 ms 8 ae1.mx1.fra.de.geant.net (62.40.98.109) [AS20965] 44.154 ms 9 ae4.rt1.fra.de.geant.net (62.40.98.135) [AS20965] 43.935 ms 10 te0-4-0-2.mag21.fra03.atlas.cogentco.com (149.6.42.73) [AS174] 44.842 ms 11 fra36-peer-1.xe-1-2-0-unit0.tele2.net (130.244.200.41) [AS1257] 44.368 ms 12 fra36-core-1.bundle-ether2.tele2.net (130.244.64.186) [AS1257] 44.977 ms 13 * 14 ams13-peer-1.ae0-unit0.tele2.net (130.244.53.123) [AS1257] 50.299 ms 15 * 16 * 17 * 18 * 19 * 20 * Tele2's traceroute server (http://services.tele2net.at/traceroute.html) reaches the same IP without problems: 1 213.90.34.4 (213.90.34.4) 0.268 ms 0.124 ms 0.151 ms 2 213.90.1.20 (213.90.1.20) 0.430 ms 0.382 ms 0.303 ms 3 wat1-15-93.net.uta.at (62.218.15.93) 0.497 ms 0.368 ms 0.387 ms 4 c76wmode1-tengigE4-1.net.uta.at (212.152.192.206) 0.644 ms 0.572 ms 0.599 ms 5 wen1-core-2.tengige0-0-1-1.tele2.net (130.244.205.57) 0.836 ms 0.874 ms 0.737 ms 6 fra36-core-1.bundle-ether7.tele2.net (130.244.206.28) 13.683 ms 13.472 ms 13.817 ms 7 ams-core-2.bundle-ether4.tele2.net (130.244.64.201) 20.421 ms 20.482 ms 20.762 ms 8 ams13-peer-1.ae0-unit0.tele2.net (130.244.53.123) 19.972 ms 19.936 ms 19.962 ms 9 ge-2-5.br1-knams.wikimedia.org (130.244.6.250) 20.727 ms 20.641 ms 20.660 ms 10 wikipedia-lb.esams.wikimedia.org (91.198.174.225) 20.610 ms 20.539 ms 20.615 ms Trying from $HOME_ISP, via AS6453 (Globe) - AS1299 (Telia) works fine. Regards, Israel G. Lugo
Re: HTTPS-everywhere vs. proxy caching
On Fri, May 3, 2013 at 12:06 PM, Jay Ashworth j...@baylink.com wrote: It occurs to me that I don't believe I've seen any discussion of the Unexpected Consequence of pervasive HTTPS replacing HTTP for unauthenticated sessions, like non-logged-in users browsing sites like Wikipedia. That traffic's not cacheable, is it? Proxy caches on services like mobile 3/4G, or smaller ISPs, or larger corporations can't cache it, I wouldn't think, which means both that they will see traffic increases, and that the end sites will as well. Has this been discussed and I missed it? Do I improperly understand transparent caching? Or is this just a bomb waiting to go off? I assume that Wikipedia themselves are on top of the idea that their in-house reverse-proxies won't be carrying that traffic (though I don't actually know what their architecture looks like anymore), but.. If anyone's curious about Wikipedia (we're open with our architecture) - we aren't really effected by using https instead of http for non logged in sessions. I'm assuming all of the other major sites use similar methods. The path goes user -- LVS load balancer -- nginx ssl termination -- varnish (caching layer) -- (if cache miss) application layer The only extra hop for https is the ssl termination, and while if all of a sudden 100% of our traffic switched from http to https, we'd be underprovisioned and have to scramble, the incremental effect of a single user (or all the https everywhere users!) using https is incredibly tiny. It's not as cpu-intensive as many people think. Unless a corporation is breaking ssl ( like in this case - http://superuser.com/questions/115349/firefox-this-connection-is-untrusted-behind-corporate-firewall ) their proxies would be unable to cache SSL content. If you're curious about wikimedia's architecture, you can check it out on our wiki -- https://wikitech.wikimedia.org/wiki/Main_Page Leslie Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
ARIN receives 2 new /8 blocks
Hello- ARIN received the IPv4 address blocks 23.0.0.0/8 and 100.0.0.0/8 from the IANA on November 30, 2010. We will begin making allocations of /22 and shorter prefixes from these blocks in the near future in accordance with ARIN’s minimum allocation policy. Network operators may wish to adjust any filters in place accordingly. For informational purposes, a list of ARIN's currently administered IP address blocks can be found at: https://www.arin.net/knowledge/ip_blocks.html Regards, Leslie Nobile Director, Registration Services American Registry for Internet Numbers (ARIN)
Re: [Nanog-futures] New Membership-WG Draft
You can have student pricing and members without needing a separate class of membership. Education is useful even for existing network engineers. Leslie On 10/27/10 12:02 PM, Daniel Golding wrote: I suspect the board will set some kind of a discount for students. Personally, I would support a very large discount for full time students. That being said, I'm also a bit disappointed that the specific student membership didn't survive. I think the educational mission is extremely important from both an altruistic and a business point of view (business == our real businesses, not NANOG). - Dan On Wed, Oct 27, 2010 at 1:36 PM, Chris Malayter ch...@terahertz.net mailto:ch...@terahertz.net wrote: Kris, Could you outline the changes for those who might not have seen the original bylaws yet. Two issues I have, 1) The ED has to be a member in good standing? So he has to pay to be a member to keep his job? :) 2) I'm not sure how happy I am to see student memberships gone. I like the idea that a student could pay a reduced fee to be a member, yes I do realize that the student can still attend the meeting without membership. It's not really a deal closer for me. For what it's worth. -Chris ___ Nanog-futures mailing list Nanog-futures@nanog.org mailto:Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: US hunters shoot down Google fibre
Hunters, backhoes, and ship anchors are all fiber's natural enemies - I'm surprised Discovery Channel hasn't done a special on it! On 9/21/10 6:19 AM, Christopher Morrow wrote: this was presented at the nanog in ... SF I think as well: http://www.nanog.org/meetings/nanog49/abstracts.php?pt=MTU5NSZuYW5vZzQ5nm=nanog49 not really news... On Tue, Sep 21, 2010 at 6:04 AM, Eugen Leitleu...@leitl.org wrote: http://www.itnews.com.au/News/232831,us-hunters-shoot-down-google-fibre.aspx Repairers forced to ski in to Oregon back woods. Google has revealed that aerial fibre links to its data centre in Oregon were regularly shot down by hunters, forcing the company to put its cables underground. The search and advertising giant's network engineering manager Vijay Gill told the AusNOG conference in Sydney last week that people were trying to hit insulators on electricity distribution poles. The poles also hosted aerially-deployed fibre connected to Google's $US600 million ($A635 million) data centre in the Dalles, a small city on the Columbia River in the US state of Oregon. What people do for sport or because they're bored, they try to shoot at the insulators, Gill said. I have yet to see them actually hit the insulator, but they regularly shoot down the fibre. Every November when hunting season starts invariably we know that the fibre will be shot down, so much so that we are now building an underground path [for it]. Gill said that on one occasion, a snowstorm and avalanche prevented Google from transporting repairers and gear into the area of the cut. It usually used a helicopter or a Caterpillar D9 tractor for transport. It improvised by sending three technicians on skis to repair the fibre that got shot down. These guys had to cross country ski for three days, Gill said. [One guy] is carrying what is known as a fusion splicing kit on his backpack. He joked: These guys had to go in and fix the fibre while facing gunshots So [the] internet... [it's] more dangerous than you realise.
Re: US hunters shoot down Google fibre
I don't want to start an off-topic subthread but I have to call bullshit on this so-called news story. So it is my intent that this be my first, last, and only post on this topic. Was it addressed at NANOG (in SF?) that many rifles and amateur shooters both, are capable of sub-MOA accuracy at short distances? By short, I mean ~50 yards or less. Or that a hunter with even modest self-training, who was aiming at an insulator with a properly sighted-in rifle at short range, has a significantly greater probability of hitting the insulator being aimed at than of hitting the supported wire? That wasn't addressed in the buttwipe propaganda from down under. Need I remind anyone of the Dunblane and Port Arthur incidents and the subsequent gun control crackdowns in each of those countries. I wouldn't expect any crown- influenced news agency to give issues involving our Second Amendment a fair shake. Just like I don't expect logic or sanity from the Brady Campaign on the 2A issue. Nor should anyone else. The story smacks of deliberately painting hunters as irresponsible ruffians and worse. What sort of repair rates do the power or other companies running wire across that expanse contend with? Given the remoteness, the identity of the affected client (Google) and the apparent absence of additional information, corporate sabotage seems just-as or even-more probable than random irresponsible hunters. To be fair, some shooters are irresponsible, but deliberate sabotage cannot be ruled out with only the information currently available. In my experience, there's really two types of shootings (which really depend on the region) -- Number one is using shotguns, not rifles, and bird hunting - for example when goose hunting season happens, you'll see fiber shot out over lakes/rivers more often - I think this is both bad aim and not really caring. (Occasionally the shot will even be stuck in the lines or insulation so you can tell it was a shotgun) The second is drunk idiots shooting at the lines - this is more universal and happens closer to civilization. Power companies will also have repair issues with either of these, but fiber, phone, and cable lines are more likely as they are lower to the ground due to regulations that state they have to be at least X feet away from the power lines. I don't think anyone is claiming all hunters/gun owners are irresponsible, but, as with any segment of the population, when you have a large group there will be a percentage of complete idiots out there who take stupid actions. As for the 2nd amendment stuff - I'm not touching that one with a 10 foot fiber ;) Leslie
Re: yahoo crawlers hammering us
That speed doesn't seem too bad to me - robots.txt is our friend when one had bandwidth limitations. Leslie On 9/7/10 1:19 PM, Ken Chase wrote: So i guess im new at internets as my colleagues told me because I havent gone around to 30-40 systems I control (minus customer self-managed gear) and installed a restrictive robots.txt everywhere to make the web less useful to everyone. Does that really mean that a big outfit like yahoo should be expected to download stuff at high speed off my customers servers? For varying values of 'high speed', ~500K/s (4Mbps+) for a 3 gig file is kinda... a bit harsh. Especially for an exe a user left exposed in a webdir, thats possibly (C) software and shouldnt have been there (now removed by customer, some kinda OS boot cd/toolset thingy). This makes it look like Yahoo is actually trafficking in pirated software, but that's kinda too funny to expect to be true, unless some yahoo tech decided to use that IP/server @yahoo for his nefarious activity, but there are better sites than my customer's box to get his 'juarez'. At any rate: From Address To AddressProtoBytesCPS == 67.196.xx.xx..80 67.195.112.151..44507 tcp14872000 523000 $ host 67.195.112.151 8.8.8.8 151.112.195.67.in-addr.arpa domain name pointer b3091122.crawl.yahoo.net. CIDR: 67.195.0.0/16 NetName:A-YAHOO-US8 so that's yahoo, or really well spoofed. Is this expected/my own fault or what? A number of years ago, there were 1000s of videos on a customer site (training for elderly care, extremely exciting stuff for someone into -1-day movies to post on torrent sites). Customer called me to say his bw was gone, and I checked and found 12 yahoo crawlers hitting the site at 300K/s each (~30Mbps +) downloading all the videos. This was all the more injurious as it was only 2004 and bandwidth was more than $1/mbps back then. I did the really crass thing and nullrouted the whole /20 or whatever they were on per ARIN. It was the new-at-the-time video.yahoo.com search engine coming to index the whole site. I suppose they cant be too slow about it, or they'll never index a whole webfull of videos this century, but still, 12x 300K/s in 2004? (At the time Rasmus though it was kinda funny. I do too, now.) /kc
Re: Lightly used IP addresses
I've tried to deal with that a few times - mainly by writing up the first upstream AS. Usually they don't care (and every time I have noticed someone blatantly stealing space, it's been spammers). Good filtering at the transit provider border IMNSHO is the best way to solve this problem. Leslie On 8/13/10 10:59 AM, Greg Whynott wrote: how does ARIN or whomever deal with similar situations where someone is advertising un-allocated, un-assigned by ARIN IP space in NA? do they have a deal/agreement with the 'backbone' providers? -g 6. ARIN receives a fraud/abuse complaint that A's space is being used by B. 7. ARIN discovers that A is no longer using the space in accordance with their RSA 8. ARIN reclaims the space and A and B are left to figure out who owes what to whom.
Two /8s allocated to APNIC from IANA (49/8 and 101/8)]
Forwarding on behalf of APNIC. _ Two /8s allocated to APNIC from IANA (49/8 and 101/8) _ Dear colleagues The information in this announcement is to enable the Internet community to update network configurations, such as routing filters, where required. APNIC received the following IPv4 address blocks from IANA in August 2010 and will be making allocations from these ranges in the near future: 49/8 101/8 Reachability and routability testing of the new prefixes will commence soon. The daily report will be published at the usual URL: http://www.ris.ripe.net/debogon For more information on the resources administered by APNIC, please see: http://www.apnic.net/db/ranges.html For information on the minimum allocation sizes within address ranges administered by APNIC, please see: http://www.apnic.net/db/min-alloc.html Please be aware, there are now just 14 /8s remaining in IANA's unallocated IPv4 address pool. Kind regards, Sunny ATT1..c Description: ATT1..c
NANOG50 conference info ?
Does anyone have the location of NANOG50 ? I am trying to coordinate my travel due to another conference in Atlanta right before NANOG. Thanks! Leslie
lt2p/pptp vpn concentrators
Hey - We're currently looking for a small lt2p/pptp concentrator, mainly so people can connect via their iphones/androids with some vpn client to get email on the go. Does anyone have any boxes that they love/hate? Thanks for the advice Leslie
Re: lt2p/pptp vpn concentrators
I didn't realize that os x server can run this - and pretty much anyone can set up os x in 5 seconds -- anyone have any horror stories? Bryan Irvine wrote: On Wed, Mar 3, 2010 at 11:52 AM, Leslie les...@craigslist.org wrote: Hey - We're currently looking for a small lt2p/pptp concentrator, mainly so people can connect via their iphones/androids with some vpn client to get email on the go. Does anyone have any boxes that they love/hate? Soekris with a copy of pfsense on it. -B
Re: Datacenter for DR in northwestern NJ/NY
Hello NANOG! Does anyone know of some strong datacenters in northwestern NJ, or north of Westchester NY without getting too far away from NYC? I'm looking for a DR colo solution for a site that is in NYC; this needs to be at least 50m away from NYC, but I'm trying to keep it not too much further than that for convenience. I'm also trying to keep this to top level providers as there may be compliance requirements. Thanks in advance for any responses. Washington DC is just an Acela train ride away if you are willing to go a bit further. It has a lot of fiber connectivity and a good selection of datacenters - plus the Acela train is really comfortable. Leslie
Re: Optical fiber question
Jared Mauch wrote: On Dec 10, 2009, at 1:24 PM, Deric Kwok wrote: Hi My provider said they can provide single / mulit mode Optical fiber Apart from the length and cost different, what is the Adv/Disadv between them for our connection? The advantages are always in the distance capabilities of the single mode fiber. You can reach much further on this, but the optics tend to be more expensive. If you are going a short distance (eg: 2km or less) multi-mode is the way. If you're going to go any further, or want to ever go any further, take the extra cost and know you can swap optics in the future to do gig, 10G and possibly more (in the future) with less pain. I'm assuming you're talking about someone actually giving you a strand of fiber you'd be lighting yourself. If it's a short intrabuilding handoff, then it doesn't really matter - I'd just go with what's cheapest. Plus, while I'm sure someone in a lab has done it, you really don't run DWDM over multimode fiber - I'd second the opinion of it's cheap enough, go for the single mode and get the most flexibility in your options possible. One minor consideration is usually SM optics are stronger, so don't forget attenuation if it's a short distance or you might burn out your pricey new optics! Leslie
Re: dealing with bogon spam ?
Just in case anyone's curious - The prefix still hasn't been updated in ARIN and I am still seeing tons of spam (grrr spammers and grr transit providers who don't filter advertisements of smaller customers) I made a script which looks at our log files for ips that are unknown, double checks them against live database, and then reports the number of hits to me - that way I can at least take manual action against offenders. On the good side, the only offender I currently see is 40430, but I am still trying to remain vigilent for future spammers Leslie Leslie wrote: Just FYI the colo4jax guys got back to me and it is a stale ARIN db entry - I guess they don't update it as quickly as I thought. So this is now just a normal case of spam. Leslie Leslie wrote: Yes, unallocated (at least according to ARIN's whois db) but not unannounced - obviously our network can get to the space or else I wouldn't be having a spam problem with them! I'm actually seeing this /20 as advertised through Savvis from AS40430 It seems to me like the best solution might be a semi-hacky solution of asking arin (and other IRR's) if i can copy its DB and creating an internal peer which null routes unallocated blocks (updated nightly?) Has anyone seen an IRR's DB's not being updated for more than 30 days after allocations? I always assumed that they are quickly updated. Thanks again, Leslie Jon Lewis wrote: Unallocated doesn't mean non-routed. All a spammer needs is a willing/non-filtering provider doing BGP with them, and they can announce any space they like, send out some spam, and then pull the announcement. Next morning, when you see the spam and try to figure out who to send complaints to, you're either going to complain to the wrong people or find that whois is of no help. On Tue, 27 Oct 2009, Church, Charles wrote: This is puzzling me. If it's from non-announced space, at some point some router should report no route to it. How is the TCP handshake performed to allow a sync to turn into spam? Chuck Chuck Church Network Planning Engineer, CCIE #8776 Harris Information Technology Services DOD Programs 1210 N. Parker Rd. | Greenville, SC 29609 Office: 864-335-9473 | Cell: 864-266-3978 -- Sent using BlackBerry
Re: dealing with bogon spam ?
Yes, unallocated (at least according to ARIN's whois db) but not unannounced - obviously our network can get to the space or else I wouldn't be having a spam problem with them! I'm actually seeing this /20 as advertised through Savvis from AS40430 It seems to me like the best solution might be a semi-hacky solution of asking arin (and other IRR's) if i can copy its DB and creating an internal peer which null routes unallocated blocks (updated nightly?) Has anyone seen an IRR's DB's not being updated for more than 30 days after allocations? I always assumed that they are quickly updated. Thanks again, Leslie Jon Lewis wrote: Unallocated doesn't mean non-routed. All a spammer needs is a willing/non-filtering provider doing BGP with them, and they can announce any space they like, send out some spam, and then pull the announcement. Next morning, when you see the spam and try to figure out who to send complaints to, you're either going to complain to the wrong people or find that whois is of no help. On Tue, 27 Oct 2009, Church, Charles wrote: This is puzzling me. If it's from non-announced space, at some point some router should report no route to it. How is the TCP handshake performed to allow a sync to turn into spam? Chuck Chuck Church Network Planning Engineer, CCIE #8776 Harris Information Technology Services DOD Programs 1210 N. Parker Rd. | Greenville, SC 29609 Office: 864-335-9473 | Cell: 864-266-3978 -- Sent using BlackBerry
Re: dealing with bogon spam ?
Just FYI the colo4jax guys got back to me and it is a stale ARIN db entry - I guess they don't update it as quickly as I thought. So this is now just a normal case of spam. Leslie Leslie wrote: Yes, unallocated (at least according to ARIN's whois db) but not unannounced - obviously our network can get to the space or else I wouldn't be having a spam problem with them! I'm actually seeing this /20 as advertised through Savvis from AS40430 It seems to me like the best solution might be a semi-hacky solution of asking arin (and other IRR's) if i can copy its DB and creating an internal peer which null routes unallocated blocks (updated nightly?) Has anyone seen an IRR's DB's not being updated for more than 30 days after allocations? I always assumed that they are quickly updated. Thanks again, Leslie Jon Lewis wrote: Unallocated doesn't mean non-routed. All a spammer needs is a willing/non-filtering provider doing BGP with them, and they can announce any space they like, send out some spam, and then pull the announcement. Next morning, when you see the spam and try to figure out who to send complaints to, you're either going to complain to the wrong people or find that whois is of no help. On Tue, 27 Oct 2009, Church, Charles wrote: This is puzzling me. If it's from non-announced space, at some point some router should report no route to it. How is the TCP handshake performed to allow a sync to turn into spam? Chuck Chuck Church Network Planning Engineer, CCIE #8776 Harris Information Technology Services DOD Programs 1210 N. Parker Rd. | Greenville, SC 29609 Office: 864-335-9473 | Cell: 864-266-3978 -- Sent using BlackBerry
dealing with bogon spam ?
First off, I'm not certain if unallocated space in blocks less than a /8 is properly called bogon, so pardon my terminology if I'm incorrect. We're seeing a decent chunk of spam coming from an unallocated block of address space. We use CYMRU's great list of /8 bogon space to prevent completely off the wall abuse, but the granularity stops at /8's. Obviously, I've written the originating AS and its single upstream provider (sadly without any response). I'm not looking for a one time solution for this issue however -- I'd like to permanently block (and kick) anyone who's using unallocated space illegitimately. How have you dealt with this issue? Does anyone publish a more granular listing of unallocated space? Does arin have this information somewhere other than just probing any given ip via whois? Thanks! Leslie Craigslist Spam Hater
Re: dealing with bogon spam ?
I failed to mention we're seeing this from an unallocated /20 whose parent /8 is allocated to ARIN (and is partially in use) Leslie Leslie wrote: First off, I'm not certain if unallocated space in blocks less than a /8 is properly called bogon, so pardon my terminology if I'm incorrect. We're seeing a decent chunk of spam coming from an unallocated block of address space. We use CYMRU's great list of /8 bogon space to prevent completely off the wall abuse, but the granularity stops at /8's. Obviously, I've written the originating AS and its single upstream provider (sadly without any response). I'm not looking for a one time solution for this issue however -- I'd like to permanently block (and kick) anyone who's using unallocated space illegitimately. How have you dealt with this issue? Does anyone publish a more granular listing of unallocated space? Does arin have this information somewhere other than just probing any given ip via whois? Thanks! Leslie Craigslist Spam Hater
Re: Google Pagerank and Class-C Addresses
Sebastian Wiesinger wrote: Hello Nanog, I'm looking into a weird request which more and more customers have. They want different Class C addresses, by which they mean IPs in different /24 subnets. The apparent reason for this is that Google will rank links from different /24 higher then links from the same /24. So it's a SEO thingy. I've found that a lot of spammers enjoy having diverse ip's from which to mail/proxy requests. This may just be a case of ignorance/rumors on your customers part, but I might suspect some of them of being spammers... Leslie
Myspace NOC contact me please
I have already tried calling +1-310-215-1001 which is not in service as well as emailing peer...@myspace.com and n...@myspace.com and checking peeringdb.com for any other contact info. Thanks Leslie Carr Craigslist also at 415/566-6394 x140
Re: e300 vs mx240 for border router ?
Thanks to everyone who wrote back privately -- I also didn't know that force10 now has dual-cam linecards which raises the amount of routes it can handle Leslie wrote: Hey nanog-izens So for routers that are touching our transit and (hopefully soon) future peering, we're looking at both the force10 e300's and juniper mx240's. The e300's are cheap but I have heard some rumors/talk of falling over when it has to deal with large numbers of prefixes and routes? The mx240's are nice but the cost difference is enormous. Does anyone have experience with e300's running into issues with large routing tables? Are there any tricks/tips that work around any issues (if they exist?) Thanks in advance Leslie
Advice/resources for setting up TACACS server
Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie
Re: Advice/resources for setting up TACACS server
The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie
Re: Advice/resources for setting up TACACS server
Do you have any suggestions for a free tacacs server which will run on linux ? I have so far been unable to find any and the tacacs+ source code hasn't been updated since around 2000 Leslie On Nov 7, 2008, at 2:43 PM, Eddy Martinez wrote: I second the TACACS+ Thats what you want. Same effort for the most part, to implement. Eddy On Nov 7, 2008, at 2:39 PM, Steven King wrote: I disagree with the RADIUS suggestion. TACACS+ is a much more secure protocol. It encrypts the packet contents and has a more secure handshake procedure. Leslie wrote: The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
APNIC receives 112 /8 and 113 /8
Forwarding this email on behalf of APNIC... New IPv4 allocation for APNIC (112/8 and 113/8) Dear colleagues The information in this announcement is to enable the Internet community to update network configurations, such as routing filters, where required. APNIC received the following IPv4 address blocks from IANA in May 2008 and will be making allocations from these ranges in the near future: 112/8 113/8 Reachability and routability testing of the new prefixes will commence soon. The daily report will be published at the usual URL: http://www.ris.ripe.net/debogon For more information on the resources administered by APNIC, please see: http://www.apnic.net/db/ranges.html For information on the minimum allocation sizes within address ranges administered by APNIC, please see: http://www.apnic.net/db/min-alloc.html Kind regards, APNIC Secretariat Asia Pacific Network Information Centre (APNIC) Tel: +61-7-3858-3100 PO Box 2131 Milton, QLD 4064 Australia Fax: +61-7-3858-3199 Level 1, 33 Park Road, Milton, QLD http://www.apnic.net