Re: AWS contact?

[Michael Crapse]

I would like to know as well who best to reach out to. We are experiencing
ipv6 related issues with AWS, unable to load even amazon.com completely
when any of our customers have ipv6 connectivity

curl -vvv
https://images-na.ssl-images-amazon.com/images/I/11EIQ5IGqaL._RC%7C01ZTHTZObnL.css
*   Trying 2a04:4e42::272...
* TCP_NODELAY set
* Connected to images-na.ssl-images-amazon.com (2a04:4e42::272) port 443
(#0)
* schannel: SSL/TLS connection with images-na.ssl-images-amazon.com port
443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 202 bytes...
* schannel: sent initial handshake data: sent 202 bytes
* schannel: SSL/TLS connection with images-na.ssl-images-amazon.com port
443 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with
images-na.ssl-images-amazon.com port 443
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer
(bytes written: -1)
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed




On Tue, 26 Jan 2021 at 11:00, Josh Baird  wrote:

> Are you sure it's not due to the Verizon outage?  As a non-customer, your
> options for contacting support are limited.
>
> On Tue, Jan 26, 2021 at 12:55 PM Justin Wilson (Lists) 
> wrote:
>
>> What is the best avenue for contacting support for AWS? I have
>> several ISPs experiencing reachability issues with AWS hosted sites.  These
>> are from different backbones, different gear, etc.  The common denominator
>> is AWS.
>>
>> Been googling around and can’t seem to find a contact.
>>
>>
>>
>> Justin Wilson
>> j...@mtin.net
>>
>> —
>> https://j2sw.com - All things jsw (AS209109)
>> https://blog.j2sw.com - Podcast and Blog
>>
>>

Azure Geolocation Contact

[Michael Crapse]

Looking for the contact to update incorrect azure geolocation data. Thanks

Re: How to manage Static IPs to customers

[Michael Crapse]

On our network(which isn't docsis, granted) we use PPPoE for all static IP
addresses, because it allows /32 ip address allocations for all home CPE
routers, upstream, the routers handle routing via ospf to change the path
of where that /32 public IP goes. It allows "zero touch" moving of a
customer from one PoP to another.

On Fri, May 8, 2020 at 8:34 AM  wrote:

> So in most cases I'm aware of, the cable provider did not use RIP directly
> to a customer-managed device.  The cable operator would deploy their own
> managed device, implement RIP and the appropriate keychains between the
> operator-managed premise device and the CMTS.  As for the use cases, RIP
> was
> implemented to address the specific 'recombine' use case where one day (or
> evening) cable customer attachments could be moved from one CMTS to
> another.
> Instrumenting that with DHCP or TR69 usually required other teams'
> involvement and didn't allow portability.
>
> With IPv6 you get PD which helps immensely.
>
> Ed
>
> -Original Message-
> From: NANOG  On Behalf Of Javier Gutierrez Guerra
> Sent: Friday, May 8, 2020 8:57 AM
> To: NANOG list 
> Subject: RE: How to manage Static IPs to customers
>
> That's surprising to me, I have no intentions to do routing with our cable
> subscribers, that seems like a headache for both sides Today we have
> specific ranges within subnets from where we assign IPs to customers, my
> main problem that I'm trying to get around is having to change a customer
> static IP if their node gets splitter and I have to mode them to a
> different
> CMTS
>
> Thanks,
>
> Javier Gutierrez Guerra
>
>
>
> -Original Message-
> From: NANOG  On Behalf Of Bryan Fields
> Sent: Thursday, May 7, 2020 5:57 PM
> To: nanog@nanog.org
> Subject: Re: How to manage Static IPs to customers
>
> CAUTION: This email is from an external source. Do not click links or open
> attachments unless you recognize the sender and know the content is safe.
>
> On 5/7/20 5:54 PM, Brandon Jackson via NANOG wrote:
> > I have seen (Charter) and heard quite a few run RIP or some other
> > routing protocol on the CPE.
>
> Yep, it's RIP.  They don't support IPv6 on this either.  I've been asking
> for
> IPv6 since 2006, it's always next year.
>
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> http://bryanfields.net
>
>

CBS All acess/irdeto

[Michael Crapse]

Our eyeball customers all of a sudden can no longer reach their CBS all
access content. Inspection of the network connections now show a 403 error
when trying to post to https://cbsi.live.ott.irdeto.com/widevine/getlicense

code: 100214
message: "The request originated from ip address 196.53.97.0 which is not
included in the JWT ips claim."

I'm going to assume that they randomly started geolocating differently.
Wonder if it's either CBS, or irdeto that can help us resolve our IP block
196.53.96.0/22 issues.

Re: Disney+ Geolocation issues

[Michael Crapse]

For all those in the current and future thread. We were successful in
reaching to Disney by emailing them with our subnet
netad...@disneystreaming.com

On Wed, 13 Nov 2019 at 08:26, Robert Blayzor  wrote:

> On 11/13/19 9:49 AM, Matthew Huff wrote:
> > It’s not about optimization, it’s about the contract with the content
> providers. The agreement is to restrict content by geographical regions
> mainly for marketing purposes. They block VPN access to keep people from
> bypassing those restrictions. It’s true of all the streaming providers.
>
>
> Build a better mousetrap, because it's clearly not working. We still get
> tons of people calling into first level support asking why ESPN+ doesn't
> work and that ESPN told them to call their ISP's, which can do NOTHING
> to fix the problem.
>
> Guessing Disney stole a page from that book...
>
> --
> inoc.net!rblayzor
> XMPP: rblayzor.AT.inoc.net
> PGP:  https://pgp.inoc.net/rblayzor/
>

Re: Disney+ Geolocation issues

[Michael Crapse]

IPv6 is a lot more granular when it comes to geolocation data. It is also
very very unlikely that the block has been used before, and you never know
what the previous owner did or what geolocation/VPN blacklists it was added
to. Let me put it this way, this is a familiar song and dance for us, and
it never happens on ipv6 for us, always IPv4.

On Tue, Nov 12, 2019, 10:02 PM Randy Bush  wrote:

> > IPv6 support by disney(using AWS) would obviate this issue.
>
> ok.  i give.  exactly how?  i mean technically.
>
> randy
>

Re: Disney+ Geolocation issues

[Michael Crapse]

I sent an email there too, I think that this should be very apparent by
now, but IPv6 support by disney(using AWS) would obviate this issue.
Imagine if a multibillion dollar company can't implement ipv6, what hope do
the smaller ones have? /s


On Tue, 12 Nov 2019 at 20:37, Aden Dragulescu  wrote:

> Try netad...@disneystreaming.com. Was on their whois.
>
> --
> *Aden Dragulescu*
> fiberdrop, LLC
> a...@fiberdrop.net
>
>
> On Tue, Nov 12, 2019 at 10:27 PM Michael Crapse 
> wrote:
>
>> There has been a continued flurry of trouble tickets from our eyeballs. I
>> did find a contact  cl...@disneystreaming.com that i have reached out to
>> in hope that they can hear our pleas.
>>
>> On Tue, 12 Nov 2019 at 16:53, Cassidy B. Larson 
>> wrote:
>>
>>> We're seeing the same thing.  Actually we saw it during pre-signup.
>>> Reached out to Disney+ weeks ago as well, with no response.  Now it's
>>> launched, our support lines are flooded with people unable to give Disney
>>> all their moneys.We finally got through to Disney+ support after 2.5hrs
>>> on hold to supply them the error code, IP address, and zip code.. we'll see
>>> if it's passed to the right folks.
>>>
>>> On Tue, Nov 12, 2019 at 3:30 PM Michael Crapse 
>>> wrote:
>>>
>>>> Myself and a few other ISPs are having our eyeballs complain about
>>>> disney+ saying that they're on a VPN. Does anyone have any idea, or who to
>>>> contact regarding this issue?
>>>> This is most likely improper geolocation databases. Anyone have an idea
>>>> who they use?
>>>>
>>>> Mike
>>>>
>>>

Re: Disney+ Geolocation issues

[Michael Crapse]

There has been a continued flurry of trouble tickets from our eyeballs. I
did find a contact  cl...@disneystreaming.com that i have reached out to in
hope that they can hear our pleas.

On Tue, 12 Nov 2019 at 16:53, Cassidy B. Larson  wrote:

> We're seeing the same thing.  Actually we saw it during pre-signup.
> Reached out to Disney+ weeks ago as well, with no response.  Now it's
> launched, our support lines are flooded with people unable to give Disney
> all their moneys.We finally got through to Disney+ support after 2.5hrs
> on hold to supply them the error code, IP address, and zip code.. we'll see
> if it's passed to the right folks.
>
> On Tue, Nov 12, 2019 at 3:30 PM Michael Crapse 
> wrote:
>
>> Myself and a few other ISPs are having our eyeballs complain about
>> disney+ saying that they're on a VPN. Does anyone have any idea, or who to
>> contact regarding this issue?
>> This is most likely improper geolocation databases. Anyone have an idea
>> who they use?
>>
>> Mike
>>
>

Disney+ Geolocation issues

[Michael Crapse]

Myself and a few other ISPs are having our eyeballs complain about
disney+ saying that they're on a VPN. Does anyone have any idea, or who to
contact regarding this issue?
This is most likely improper geolocation databases. Anyone have an idea who
they use?

Mike

Re: Disney+ Streaming

[Michael Crapse]

They have some improper geolocation for us, would be nice to have them
input to this chain.

On Tue, Nov 12, 2019 at 1:00 PM Brian J. Murrell 
wrote:

> On Tue, 2019-11-12 at 19:49 +, Justin Krejci wrote:
> >
> > As the service grows in popularity, and its breadth of content and
> > manageable price is likely to attract a lot of growth, I'd like to
> > plan for any necessary augmentations to the network.
>
> From the end-user/viewer network capacity perspective is a new
> streaming service likely to (significantly) "add new viewers" or more
> likely to just shift existing viewers away from an existing service
> (i.e Netflix, Amazon, Hulu, etc.) to Disney, resulting in a net-wash
> from the end-user/viewer network capacity perspective?
>
> I guess the question is, will Disney content compel users who are not
> already streaming to start streaming?
>
> Cheers,
> b.
>
>

Re: Uhaul not routing IPs

[Michael Crapse]

 I do not know what this issue is, I am not uhaul. The server does not
respond to pings/requests. It one way routes to their subnet via traceroute
and just drops off after that. 95% of the time it is a firewall setting,
the other 5% of the time it is a bgp issue on their edge routers, not being
able to reply to our packets being sent(one way routing issue).
We have a list of other little services that have the same problem, but
because they are little, we can CGNAT all requests to their IP addresses
from known good addresses. I've just got to assume that there is some
common service that they all use that cause this problem. Assuming they
accept BGP with proper filters and have a semi-sane firewall, there
wouldn't be any issues as we don't do anything special with our BGP.

On Fri, 5 Jul 2019 at 19:06, Neil Hanlon  wrote:

> Phone sent from the wrong email address and the list rejected it... Oops.
> Sorry for the spam.
>
> Server does not respond on Port 80? Or are you not able to route there
> at all.
>
> Seems like you need to get in touch with their team, but still a bit vague
> as to exactly what issue you're having Eg, is it a firewall blocking
> you or is there a route missing somewhere (this seems unlikely).
>
> Hopefully there's someone on list that can help.. Otherwise I think
> wan@uhaul is your best option.
> On Jul 5, 2019, at 20:59, Michael Crapse  wrote:
>>
>> The server does not respond to our clients when they originate from a
>> certain subnet, but they do with a different subnet
>>
>> On Fri, Jul 5, 2019, 6:57 PM Neil Hanlon < n...@neilhanlon.com> wrote:
>>
>>> Hi Michael,
>>>
>>> Wondering if you might be able to clarify a few points... I'm not from
>>> uhaul but am a casual observer and have a couple questions. What does "not
>>> routing ips" mean? Where is traffic stopping?
>>>
>>> Can you clarify "unable to load the page"? Have any example traceroutes?
>>> Error messages?
>>>
>>> I'm also a a bit unsure what geolocolation or routing has to do with
>>> this at all. Your message seems to go back and forth between being
>>> application level and network level, so I think clearing up exactly the
>>> symptoms of your issues would be helpful.
>>>
>>> -Neil
>>> On Jul 5, 2019, at 20:32, Michael Crapse < mich...@wi-fiber.io> wrote:
>>>>
>>>> Our customers are trying to access uhauldealer.com and are unable to
>>>> load the page. Classic case of incorrect geolocation and/or up filtering.
>>>> Our emails to their webmaster/wan team have gone unanswered or bounced
>>>> If anyone knows how to contact them please contact me off list
>>>>
>>>

Re: Uhaul not routing IPs

[Michael Crapse]

Forgot to attach our main subnet, 196.53.96.0/22


On Fri, Jul 5, 2019, 6:59 PM Neil Hanlon  wrote:

> Hi Michael,
>
>
> Wondering if you might be able to clarify a few points... I'm not from
> uhaul but am a casual observer and have a couple questions. What does "not
> routing ips" mean? Where is traffic stopping?
>
>
> Can you clarify "unable to load the page"? Have any example traceroutes?
> Error messages?
>
>
> I'm also a a bit unsure what geolocolation or routing has to do with this
> at all. Your message seems to go back and forth between being application
> level and network level, so I think clearing up exactly the symptoms of
> your issues would be helpful.
>
>
> -Neil
>
>
>
>
> On Jul 5, 2019, at 20:32, Michael Crapse  wrote:
>>
>> Our customers are trying to access uhauldealer.com and are unable to
>> load the page. Classic case of incorrect geolocation and/or up filtering.
>> Our emails to their webmaster/wan team have gone unanswered or bounced
>> If anyone knows how to contact them please contact me off list
>>
>

Re: Uhaul not routing IPs

[Michael Crapse]

The server does not respond to our clients when they originate from a
certain subnet, but they do with a different subnet

On Fri, Jul 5, 2019, 6:57 PM Neil Hanlon  wrote:

> Hi Michael,
>
> Wondering if you might be able to clarify a few points... I'm not from
> uhaul but am a casual observer and have a couple questions. What does "not
> routing ips" mean? Where is traffic stopping?
>
> Can you clarify "unable to load the page"? Have any example traceroutes?
> Error messages?
>
> I'm also a a bit unsure what geolocolation or routing has to do with this
> at all. Your message seems to go back and forth between being application
> level and network level, so I think clearing up exactly the symptoms of
> your issues would be helpful.
>
> -Neil
> On Jul 5, 2019, at 20:32, Michael Crapse  wrote:
>>
>> Our customers are trying to access uhauldealer.com and are unable to
>> load the page. Classic case of incorrect geolocation and/or up filtering.
>> Our emails to their webmaster/wan team have gone unanswered or bounced
>> If anyone knows how to contact them please contact me off list
>>
>

Uhaul not routing IPs

[Michael Crapse]

Our customers are trying to access uhauldealer.com and are unable to load
the page. Classic case of incorrect geolocation and/or up filtering.
Our emails to their webmaster/wan team have gone unanswered or bounced
If anyone knows how to contact them please contact me off list

contact for idrive.com

[Michael Crapse]

Trying to find a NOC contact for idrive.com . Whois of the URL doesn't show
any owner, whois of the IP for the site(not service) just shows centurylink
Customers from a major subnet of ours cannot utilise the service.

Fitbit network contact

[Michael Crapse]

Hoping to see if an network engineer from fitbit is on list. Our customers
are having trouble logging into your app on our network. Perhaps an IP
filtering/routing issue.

Thanks

Re: Youtube Outage

[Michael Crapse]

Tmobile, and syringa no youtube

On Tue, 16 Oct 2018 at 19:42, Kenneth McRae via NANOG 
wrote:

> Is this widespread?
>

Re: Whats going on at Cogent

[Michael Crapse]

Or he's saying that cogent has the biggest network of compromised users.
Usually ipv4 only eyeball networks tend to have the most bots on net.


On Tue, 16 Oct 2018 at 19:22, Niels Bakker  wrote:

> * aar...@gvtc.com (Aaron1) [Wed 17 Oct 2018, 00:17 CEST]:
> >However Cogent seems to be the dirtiest in regards to DDOS...
> >however Telia might be catching up... in times past when I receive
> >volumetric DDOS, Cogent typically ranks with the highest on my
> >providers ... AT and spectrum seem to be a bit cleaner
>
> So you're saying, Cogent and Telia have the best backbones and
> interconnects and thus deliver the most of your traffic to you,
> even at times of peak utilization?
>
>
> -- Niels.
>

Re: Database that netflix/hulu use to determine who is a proxy and who isnt?

[Michael Crapse]

maxmind and the other geolocation databases have the biggest effect. if
updating that doesn't fix your problem. geosupp...@netflix.com can get you
squared away

On Fri, Sep 14, 2018, 9:08 AM Drew Weaver  wrote:

> It seems like recently one of the sources for IP info that Netflix and
> Hulu uses was updated with erroneous information as access to both of the
> services was revoked pretty much at the same time.
>
>
>
> Does anyone know what source they use for that information so I can
> request that they fix some of their information?
>
>
>
> Thanks,
>
> -Drew
>
>

Re: OpenDNS CGNAT Issues

[Michael Crapse]

"Where does that leave the little guy with CGN?
Right here. Screaming into the avoid begging for help. Some special
exception. "
As a group that you'd consider a "little" guy, we've always ran full dual
stack ipv4/ipv6. The issue is being dual stack literally takes twice as
long to configure everything, it causes twice as many potential routing
problems, and you must now monitor twice as many routes, etc.. As a little
guy who has to fight tooth and nail for every customer, we hardly have time
in the day to run it this way, but we do, and guess what, every single day
we get ipv4 issues. Not CGNAT ipv4 issues, we actually have not seen a
single issue with CGNAT for our customer base, our techs ask a simple
question at install, "what do you use the internet for?", "gaming", "Okay,
dedicated public it is". And yet, with all those publics out there, we
still get calls everyday about some site not letting them in. It's all ipv4
issues. So not only do we have to expend the energy to implement dual stack
in our network, it doesn't save us any headaches. Until web hosting
companies, and cloud services offer ipv6 only as the defacto instead of the
premium service, only then will you see ipv4 not be an issue on the web.
The reason you only see the little guys screaming into the void is because
the big guys already have the contacts and already have the pull to get it
resolved in hours. I've posted in another forum the need for us as an
industry to have an association directly in charge of maintaining contacts
at all associations that have a history of aggressive filtering, so issues
like these don't take a little guy like us 2-4 weeks to resolve. If the
little guys were all a part of this association, they would contact their
membership rep for the contact and the membership rep would reach out as a
representative of the group as a whole to resolve any IP filtering issue
that occurs. Anything less than that will continue to have this forum
clogged with requests like these.

Michael


On Tue, 11 Sep 2018 at 07:31, Ca By  wrote:

>
>
> On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes <
> mattli...@rivervalleyinternet.net> wrote:
>
>> That isn’t a solution. He still will need to dual stack and CGNat that.
>>
>
> But the flows that can support ipv6, will go ipv6 and not be subject to
> these abuse triggers.
>
> Look, this list has monthly reports from some small network operator
> hurting their customers with CGN NAT. Meanwhile, the big guys like Comcast
> / Charter / ATT / Cox have moved onto ipv6.
>
> Where does that leave the little guy with CGN?
>
> Right here. Screaming into the avoid begging for help. Some special
> exception.
>
> And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the
> next 10 years of you email this list about your own failure to keep up with
> the times.
>
> We will have this discussion again and again.  Not sure your customers
> will stick around, all they know is your CGN space got black listed from
> yet another service
>
> #realtalk
>
>
>> On Sep 11, 2018, at 08:54, Ca By  wrote:
>>
>>
>>
>> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl 
>> wrote:
>>
>>> Hello,
>>>
>>> I have a ticket open with OpenDNS about filtering happening on some of
>>> our CGNAT IP space where a customer has "claimed" the IP as theirs so other
>>> customers using that same IP and OpenDNS are being filtered and not able to
>>> access sites that fall under their chosen filter.
>>>
>>> I have a ticket open from 6 days ago but it's not going anywhere fast.
>>>
>>> Can someone from OpenDNS contact me or point me to a contact there to
>>> help get this resolved? I believe we need to claim our CGNAT IP space so
>>> residential users can't claim IP's of their own.
>>>
>>> Thank you!
>>>
>>
>> You should provide your users ipv6, opendns supports ipv6 and likely will
>> not have this issue you see
>>
>> https://www.opendns.com/about/innovations/ipv6/
>>
>> I am sure it may cost you time / money / effort. But this old thing we
>> call ipv4 is in a death spiral, and it will just get worse and worse for
>> you without ipv6.
>>
>>
>>
>>>
>>> --
>>> Darin Steffl
>>> Minnesota WiFi
>>> www.mnwifi.com
>>> 507-634-WiFi
>>>  Like us on Facebook
>>> 
>>>
>>

Fubo.tv Another erroneous Geoblock

[Michael Crapse]

anyone know who to contact at fubo.tv? Getting an improper geoblock for our
location

Craigslist

[Michael Crapse]

Cragslist is blocking our largest IP block, if someone from CL could
contact me off list, that would be great.

Re: Confirming source-routed multicast is dead on the public Internet

[Michael Crapse]

What if... Bear with me for a moment here, we don't try to force VoD onto a
multicast setup? Multicast is used extensively by all major ISPs(if they
have the rights) to deliver IPTV. One issue you brought up is people
unwillin to wait 1 or 5 mins for a show, well before the days of youtube
people waited weeks for OTA programming that started with or without delay,
depending on how many relays you were going through. As a use case of
multicast over the internet, a Real time TV rebroadcaster would be a really
good use case. The federal govt already subsidises super expensive energy
hogging TV broadcast towers, who's to say they wouldn't prefer it to just
go over the interwebs? Bit rate's not a problem, a 720i stream takes 1 or 2
mbps, which is a fraction of a home broadband connection(25mbps down 3 up,
last time i checked). I think we all on nanog would agree internet is more
important than TV. Govt money might better be spent on a better internet
than TV radios. Of course that might mean some internet backbone
upgrades(maybe even govt subsidised upgrade), but i would never say that
there isn't a commercial use case for it.


On 1 August 2018 at 10:24, Saku Ytti  wrote:

> Hey Mankamana,
>
> > other than billing problem, is there any other reasons why multicast
> would not be viable for public internet ?
>
> Imagine someone like youtube or netflix would like to use multicast,
> instead of caches. They'd need to start new multicast stream for every
> content with small delay (to get more viewers on given stream), how
> much delay would consumer tolerate before content starts? 1min? 5min?
> So every minute or every 5 minute new stream of movie would be sent,
> except it would need to be sent many times, for each bitrate
> supported.
> Each of these streams is wide (wider than unicast) HW state that needs
> to be stored on every device on path, for unicast we only store 1
> narrow HW state per destination, for multicast we store 1 wide HW
> state per flow/stream, we don't have the hardware to do that, if there
> would be any significant demand for multicast.
> It only works when there is no use-case for it, and even then, it's
> insecure DoS vector.
>
> --
>   ++ytti
>

Blizzard, Battle.net connectivity issues

[Michael Crapse]

Could I get an off list reply from blizzard engineers. Your email system is
blocking our emails as spam, and I'm trying to resolve some geolocation
issues that disallow our mutual customers to access your services. Thank you

Michael Crapse
Wi-Fiber, Inc.

Re: (perhaps off topic, but) Microwave Towers

[Michael Crapse]

Microwave radios are the things that break the mold of the incorrect
assumption that just because it doesn't make sense to put up more wires to
a house you can't have more than one provider. Considering that we've
deployed a few wireless systems with less latency, jitter, and downtime
than the local incumbent DOCSIS provider. In fact the greatest benefit to
wireless microwave systems is the fact that they do not need to follow the
right of way. Where wireline and fiberoptics must go through more hubs to
get from side of town to the other, wireless is a point to point system
with latencies+jitter sub 400 microseconds.

No matter how great the incumbent fiber/dsl/coaxial network becomes, there
will always be new microwave links going up. For their biggest strengths
there's no replacement.
Now, their weaknesses may be many, and may be apparent, their stengths just
outweigh those.

On 16 July 2018 at 10:01, Mike Hammett  wrote:

> No idea where you were at, but lots of big companies have done microwave
> and lots of new companies do microwave.
>
> https://en.wikipedia.org/wiki/MCI_Communications
>
> MCI was founded as Microwave Communications, Inc. on October 3, 1963 with
> John D. Goeken being named the company's first president. The initial
> business plan was for the company to build a series of microwave relay
> stations between Chicago, Illinois and St. Louis, Missouri. The relay
> stations would then be used to interface with limited-range two-way radios
> used by truckers along U.S. Route 66 or by barges on the Illinois Waterway.
>
>
> https://en.wikipedia.org/wiki/Sprint_Corporation
>
> Southern Pacific maintained an extensive microwave communications system
> along its rights-of-way that the railroad used for internal communications.
>
>
> AT had a bunch and I think a couple sites are still active:
> http://long-lines.net/
>
> Western Union had a microwave network as well.
>
>
>
>
> Lots of companies build microwave for internal communications. Rail and
> utility companies are big here.
>
> All of the cell companies do some microwave in their more rural areas.
>
> Lots of independent ISPs use microwave to build their entire network.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> - Original Message -
>
> From: "Miles Fidelman" 
> To: nanog@nanog.org
> Sent: Saturday, July 14, 2018 9:54:25 AM
> Subject: (perhaps off topic, but) Microwave Towers
>
> Hi Folks,
>
> I find myself driving down Route 66. On our way through Arizona, I was
> surprised by what look like a lot of old-style microwave links. They
> pretty much follow the East-West rail line - where I'd expect there's a
> lot of fiber buried.
>
> Struck me as somewhat interesting.
>
> It also struck me that folks here might have some comments.
>
> Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.  Yogi Berra
>
>
>

Re: Impacts of Encryption Everywhere (any solution?)

[Michael Crapse]

I've always said that the fiber middle mile price themselves out of more
money. I want a fiber connection that will service a subdivision(20-50
households) with speeds up to 1gbps, oh that's $2k/mo. The problem is that
we want a fiber connection for 10 or 20 subdivisions, oh, that's 2k per,
but you get 10% discount because of the amount.. Alternatively, we could
get a single 10g connection from an IX/first mile for $2500, and use 10-20
$3k radios to get a gig into every sub division, We've tried to get fiber
providers to allow us to purchase bandwidth based upon 3 criteria: 1) the
cost for them to buildout, they are a business and need to get their money
back. 2) total burstable capacity, 10g circuits cost more than 1g, but 200m
circuits shouldn't cost less than 1g. 3) by the number of subscribers on
each link. We have offered to 1) pay for their fiber install costs, 2) pay
a base tariff and 3) pay up 25% of base revenue per user.  In this case,
fiber company gets paid to put the fiber in, and ~$500/mo for each
connection they're giving to us, in this scenario they will make $10k/mo
profit, plus expand their network. In the other scenario they make only
$2500/mo and come in uncompetetively for businesses in our market(because
they have a new buildout to bake into their price)
Just doesn't make sense to us to pay individually for fiber connections
when we know it's packet switched anyway, and the load on their network is
the same

On 19 June 2018 at 18:25, Mike Hammett  wrote:

> I encourage you to look at operating a network outside of a datacenter or
> corporate campus.
>
>
> The wireless last hop is *NOT* the problem. A modern deployment in a small
> village could put dozens of megabit/s to every house for $10k. The transit
> or transport connections *ARE* the fiscal problem.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> - Original Message -
>
> From: "George Herbert" 
> To: "Lee Howard" 
> Cc: nanog@nanog.org
> Sent: Tuesday, June 19, 2018 10:29:15 AM
> Subject: Re: Impacts of Encryption Everywhere (any solution?)
>
> I’m confused.
>
> People are using last hop (wireless) arguments against HTTPS Everywhere;
> that’s the part that requires full bandwidth either way (as your non-HTTPS
> cache is upstream somewhere). The fiber links that are physically fixed and
> can handle in many cases better lasers, are the ongoing upgradable part.
>
> If you’re complaining your fiber backhaul is too big a deal, you’re
> playing the wrong game to start with.
>
>
> George William Herbert
> Sent from my iPhone
>
> > On Jun 19, 2018, at 7:53 AM, Lee Howard  wrote:
> >
> >
> >
> >> On 06/17/2018 02:53 PM, Brad wrote:
> >> While I agree there are unintended consequences every time advancements
> are made in relation to the security and stability of the Internet- I
> disagree we should be rejecting their implementations. Instead, we should
> innovate further.
> >
> > I look forward to your innovations.
> >> Just because end to end encryption causes bandwidth issues for a very
> small number users - then perhaps they could benefit the most by these
> changes with additional capacity.
> >
> > I encourage you to invest billions of dollars in rural broadband
> capacity worldwide. The rest of us will thank you for your sacrifice.
> >
> > Lee
> >
> >> -Brad
> >>
> >>  Original message From: Michael Hallgren 
> Date: 6/17/18 11:14 (GMT-07:00) To: na...@jack.fr.eu.org Cc: Matthew
> Petach , nanog@nanog.org Subject: Re: Impacts of
> Encryption Everywhere (any solution?)
> >> Le 2018-06-17 12:40, na...@jack.fr.eu.org a écrit :
> >>> Well, yes, there is, you simply have to break the end to end
> encryption
> >> Yes, (or) deny service by Policy (remains to evaluate who's happy with
> >> that).
> >>
> >> Cheers,
> >> mh
> >>
>  On 06/17/2018 03:09 AM, Matthew Petach wrote:
>  Except that if websites are set to HTTPS only, there's no option for
>  disabling encryption on the client side.
> 
>  Matt
> 
> 
> > On Sat, Jun 16, 2018, 14:47  wrote:
> >
> >> On 06/16/2018 10:13 PM, Mike Hammett wrote:
> >> Sadly, it's just falling on deaf ears. Silicon Valley will continue
> >> to
> > think they know better than everyone else and people outside of that
> > bubble
> > will continue to be disadvantaged.
> >
> > What, again ?
> > Encryption is what is best for the most people.
> > The few that will not use it can disable it.
> >
> > No issue then.
> >
> >
> >
>
>

Re: BGP in a containers

[Michael Crapse]

I agree, i hope that this is for testing/testbench purposes only, or only
running iBGP, as no one in the world would like for you to be running a
public BGP through a docker instance.

On 14 June 2018 at 13:00, Brielle Bruns  wrote:

> On 6/14/2018 12:56 PM, james jones wrote:
>
>> I am working on an personal experiment and was wondering what is the best
>> option for running BGP in a docker base container. I have seen a lot blogs
>> and docs referencing Quagga. I just want to make sure I am not over
>> looking
>> any other options before I dive in. Any thoughts or suggestions?
>>
>> -James
>>
>>
> *twitches*
>
> Please don't let this be an actual thing with something as critical as BGP.
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
>

Re: Need /24 (arin) asap

[Michael Crapse]

Never do i suggest to not have ipv6! Simply that no matter what, You still
have to traverse to ipv4 when you exit your ipv6 network onto ipv4 only
services. What IPv4 addresses are you going to use for the NAT64, or
464xlat, or even the business customers that require static IPv4 addresses?
Someone made a statement that getting more ipv6 would solve OP's problem of
finding more clean ipv4 space


On 11 June 2018 at 10:50, Ca By  wrote:

>
>
> On Mon, Jun 11, 2018 at 9:27 AM, Michael Crapse 
> wrote:
>
>> For an eyeball network, you cannot count on an IPv6 only network. Because
>> all of your "customers" will complain because they can't get to hulu, or
>> any other ipv4 only eyeball service. You still need the ipv4s to operate a
>> proper network, and good luck figuring out which services are blacklisting
>> your new /24 because the ipv4 space used to be a VPN provider, and the "in"
>> thing to do for these services is to block VPNs.
>>
>
> There are many IPv6-only eyeball networks.  Definitely many examples in
> wireless (T-Mobile, Sprint, BT ) and wireline (DT with DS-Lite in Germany,
> Orange Poland ...) and even more where IPv4 NAT44 + IPv6 is used.  Just
> saying, having ipv6 hedges a lot of risk associate with blacklisting and
> translation related overhead and potentially scale and cost of IPv4
> addresses.
>
>
>>
>>
>> On 11 June 2018 at 09:21, Ca By  wrote:
>>
>>> On Sun, Jun 10, 2018 at 8:43 AM Stan Ouchakov >> >
>>> wrote:
>>>
>>> > Hi,
>>> >
>>> > Can anyone recommend transfer market brokers for ipv4 addresses? Need
>>> > clean /24 asap. ARIN's waiting list is too long...
>>> >
>>> > Thanks!
>>> >
>>> >
>>> > -Stan
>>> >
>>> > Meanwhile, FB reports that 75% of mobiles in the USA reach them via
>>> ipv6
>>>
>>> https://code.facebook.com/posts/635039943508824/how-ipv6-dep
>>> loyment-is-growing-in-u-s-and-other-countries/
>>>
>>>
>>> And Akaimai reports 80% of mobiles
>>>
>>> https://blogs.akamai.com/2018/06/six-years-since-world-ipv6-
>>> launch-entering-the-majority-phases.html
>>>
>>>
>>> And they both report ipv6 is faster / better.
>>>
>>
>>
>

Re: Need /24 (arin) asap

[Michael Crapse]

For an eyeball network, you cannot count on an IPv6 only network. Because
all of your "customers" will complain because they can't get to hulu, or
any other ipv4 only eyeball service. You still need the ipv4s to operate a
proper network, and good luck figuring out which services are blacklisting
your new /24 because the ipv4 space used to be a VPN provider, and the "in"
thing to do for these services is to block VPNs.

On 11 June 2018 at 09:21, Ca By  wrote:

> On Sun, Jun 10, 2018 at 8:43 AM Stan Ouchakov 
> wrote:
>
> > Hi,
> >
> > Can anyone recommend transfer market brokers for ipv4 addresses? Need
> > clean /24 asap. ARIN's waiting list is too long...
> >
> > Thanks!
> >
> >
> > -Stan
> >
> > Meanwhile, FB reports that 75% of mobiles in the USA reach them via ipv6
>
> https://code.facebook.com/posts/635039943508824/how-
> ipv6-deployment-is-growing-in-u-s-and-other-countries/
>
>
> And Akaimai reports 80% of mobiles
>
> https://blogs.akamai.com/2018/06/six-years-since-world-ipv6-
> launch-entering-the-majority-phases.html
>
>
> And they both report ipv6 is faster / better.
>

Re: IP Reputation

[Michael Crapse]

Not just horse trading, but underhanded businesses practices where a well
known "grey services" or vpn provider will rent out their IPv4s at low low
cost to force new/small ISPs into taking these IPv4s, cleaning them
up(deblacklisting and deVPN block), and releasing them back to the services
to effectively drag back through the mud.

On 25 May 2018 at 13:56, Ben Cannon  wrote:

> With the horse trading of post-ipv4 depletion, we almost need a reg for
> this.
>
> -Ben
>
> > On May 25, 2018, at 9:36 AM, Mike Hammett  wrote:
> >
> > I would like to call on organizations that provide IP reputation
> information to have methods available for network operators to determine if
> they are on their lists, what their reputation is, what it means,
> optionally evidence, and a means of removal of negative information. Near
> real-time notice of changes in your status would be recommended as well. If
> those wants sound ridiculous, nearly that same list of wants is provided by
> e-mail SPAM DNSRBL maintainers so it isn't exactly unprecedented.
> >
> > I recently interacted with an organization that provides IP reputation
> information as a component in a larger security offering. A particular
> eyeball network couldn't get to a number of large web destinations. After
> some prodding of the company providing the security offering, it was
> determined that the prefix in question was because on a scale of 0 to 10
> with 0 being the best and 10 being the worst, that prefix had a score of 1.
> They claimed they could do nothing about it as their client (the web site
> being visited) had that in their control. That's a half-truth. The company
> providing that IP reputation put them on the list (for whatever reason),
> while the web site chose whatever metrics to block.
> >
> >
> > Their proposed solution was to contact every web site there were issues
> with and request that they fix it. Okay, so an eyeball is supposed to reach
> out to dozens of major brands and get someone that understands the
> situation and can resolve it in a reasonable time frame? Most of these
> brands take days to address core things dealing with their core product or
> service, much less getting someone in IT to whitelist a prefix. I'm sorry,
> that's not a realistic solution.
> >
> > If not a proactive alert (like a SPAM feedback loop), they need an easy
> form to fill out and after some automated means of verification (ASN or IP
> whois contact lookup), spill the beans on who, what, where, why, and how to
> get it fixed.
> >
> > I'm not saying there was no valid reason to put them on the list.
> There's no easy way to determine that they're on the list, why, and any
> means of getting removed from the list when the problem is fixed.
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> >
> > Midwest Internet Exchange
> >
> > The Brothers WISP
> >
>

DirecTV Now contact

[Michael Crapse]

Our eyeball network is consistently having some streaming issues(buffering)
with DirecTV now. Our main recourse is to sell them on youtube TV and
netflix. fixes the issue, no more complaints from our customers. Issues
mainly occur during peak times and even on 300+mbps low latency/jitter
customers.
However, if someone from DirecTV could contact me off list and we can debug
this issue so that we don't have to keep pulling people to other services
that would be great.
Alternatively, if anyone could suggest with whom to peer to reduce the
impact of this issue, that would be great.
A solution that would be even better is if someone from Youtube TV would
contact us off list and we can set up something commissioned based for all
the good things we say about your service, and of course give our tech
support people a reason to not be frustrated with the calls we receive for
this issue.

Re: internet - sparkle

[Michael Crapse]

Additionally, whilst not "technically" a tier 1 provider, Hurricane
electric should be high on that list. Especially as one of the best
providers of and proponents for IPv6. We'll see into the future, HE may
have one of the most critical infrastructures, and should be a "part-owner"
of the internet.

On Wed, May 16, 2018, 8:08 AM Eric Dugas  wrote:

> Replace Level3 with CenturyLink as they're basically taking over AS33566.
> Would add Zayo (AS6461) to the list.
>
> I'm not familiar with Sparkle/Seabone to be honest as we're operating an
> eyeball network exclusively in the NA.
> On May 16 2018, at 10:54 am, Aaron Gould  wrote:
> >
> > http://icaruswept.com/2016/06/28/who-owns-the-internet/
> >
> >
> > .written in 12/2015 - do y'all think this is accurate, and, in 2018, is
> it
> > still accurate ? (asking since my next question is related to Sparkle,
> since
> > they are listed in that previous article as a significant Internet
> presence)
> >
> >
> >
> > Also, please tell me your feelings/experiences of Sparkle as an Internet
> > uplink provider. like for 10/100 gig.
> >
> >
> >
> > My coworker just got back from ITW/Chicago and he is considering Sparkle
> as
> > an additional Internet provider for the ISP I work for in San Antonio,
> TX .
> > we would need to uplink to Sparkle in the central Texas area somehow. He
> > mentioned that Sparkle may be in McAllen / Dallas and could possibly, in
> the
> > future be in Austin or San Antonio
> >
> >
> >
> >
> >
> > - Aaron
>

Re: Suggestion for Layer 3, all SFP+ switches

[Michael Crapse]

Well, if the US government spies on everyone using exported cisco hardware,
why wouldn't the PRC do the same?

On 20 April 2018 at 08:59, Aaron Gould  wrote:

> Thanks Colton, Since I live in the US, and work for a boss that’s nervous
> (concerned) about those things, then I comply.  I remember mentioning
> Huawei as an option recently in a meeting and the boss and a few other
> fellow engineers were nervous and resistant to it.  I tend to feel the same.
>
>
>
> I see you started a thread on comparing those 2 (zte and Huawei) … and was
> immediately met with cautionary/warning statements about these some
> things... from Suresh and Curtis.
>
> So I wonder if because of all this, are ZTE and Huawei sales being
> adversely affected in the US?  …it would seem so, but thought I’d ask y’all.
>
> Google - China Showdown Huawei vs ZTE
>
> http://seclists.org/nanog/2018/Apr/293
>
> - Aaron
>
>
>
>

Re: Yet another Quadruple DNS?

[Michael Crapse]

Along these same lines, we have a service that captures all DNS requests
regardless the server(only non-TLS, albeit), that people pay $9.99/mo for,
so they definitely want this.. We just NAT all requests to Open DNS servers
to provide internet filtering as a service. It would be arbitrarily trivial
to run our own DNS service and reply to any unencrypted DNS request to any
DNS server with whatever A or  record we want..

On 29 March 2018 at 09:29, Bill Woodcock  wrote:

> > \On Mar 29, 2018, at 7:27 AM, Brian Kantor  wrote:
> >
> > On Thu, Mar 29, 2018 at 09:08:38AM -0500, Chris Adams wrote:
> >> I've never really understood this - if you don't trust your ISP's DNS,
> >> why would you trust them not to transparently intercept any well-known
> >> third-party DNS?
> >
> > Of course they could.  But it's testable; experiments show that they
> > aren't doing so currently.
>
> Experiments may show that in some tested cases they aren’t, but in the big
> picture, yes, there are ISPs who are internally capturing 8.8.8.8, and who
> try to do the same with 9.9.9.9.  Which is why it’s so important to do
> cryptographic validation of the server and encryption of the transport, as
> well as DNSSEC validation.
>
> -Bill
>
>

Re: Yet another Quadruple DNS?

[Michael Crapse]

Many providers filter out 1.1.1.1 because too many people use it in their
examples/test code. I doubt that it's a usable IP/service.

On 28 March 2018 at 12:14, Payam Poursaied  wrote:

> dig google.com @1.1.1.1
>
>
>
> Cloudflare?
>
> Didn't find any news around it
>
>

Re: cgnat - how do you handle customer issues

[Michael Crapse]

For number 2, I'm a fan of what mike suggests. I believe the technical term
is MAP-T.
For number 1, anyone who wants one, gets one. We provide free public static
IP to any customer who asks for one. Another solution, using above solution
is to ask them which ports they need, and forward those to them using a
port within their assign range. i.e. teach them how to access their home
web server using a different port(say 32424, or similar). This won't solve
all the issues, which is why we use solution 1.

On 27 February 2018 at 09:32, Mike Hammett  wrote:

> I'm a fan of nailing each customer IP to a particular range of ports on a
> given public IP. Real easy to track who did what and to prevent shifting
> IPs.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
> - Original Message -
>
> From: "Aaron Gould" 
> To: Nanog@nanog.org
> Sent: Tuesday, February 27, 2018 10:30:21 AM
> Subject: cgnat - how do you handle customer issues
>
> Couple questions please. When you put thousands of customers behind a cgnat
> boundary, how do you all handle customer complaints about the following.
>
>
>
> 1 - for external connectivity to the customers premise devices, not being
> able to access web servers, web cameras, etc, in their premises?
>
>
>
> 2 - from the premise natted device, when customers go to a university or
> bank web site, how do you handle randomly changing ip addresses/ports that
> may occur due to idle time and session tear-down in nat table such that the
> bank website has issues with seeing your session ip change?
>
>
>
>
>
> -Aaron
>
>
>

Re: Leasing /22

[Michael Crapse]

The funnest part is telling DMCA/RIAA that an IP address means nothing, not
without a port and exact time, someitmes down to a 10 minute mark. CGNAT +
NAT64/464 xlat using the fewest ipv4s as possible(as suggested) also
requires a large database to retain all records of every port and ipv4
address connected with every new connection.

On 23 January 2018 at 09:56, Ryan Gard <ryang...@gmail.com> wrote:

> The biggest problems that start to run with cases of CGN or any other v4
> aggregation method are services that still continue to treat single IP
> addresses as a single entity (a certain event ticket vendor comes to mind).
> Until these organizations either start opening a line of communications
> with ISPs, changing their methodology when handling traffic from v4
> addresses, and/or deploying v6, the song and dance for v4 addressing will
> continue.
>
> On Mon, Jan 22, 2018 at 7:57 PM, Lee Howard <l...@asgard.org> wrote:
>
>>
>>
>> From:  Michael Crapse <mich...@wi-fiber.io>
>> Date:  Monday, January 22, 2018 at 5:27 PM
>> To:  Mark Andrews <ma...@isc.org>
>> Cc:  Lee Howard <l...@asgard.org>, NANOG list <nanog@nanog.org>
>> Subject:  Re: Leasing /22
>>
>> > Customers on ps4s and xboxes will hate you. They will always get
>> "strict" nat,
>> > and it's your fault not mega corporation X's fault for not releasing
>> IPv4s
>>
>> Maybe. You don’t have to configure strict NAT on your translator
>> (DS-Lite’s
>> pretty good at this, and although I’m a few weeks away from testing
>> consoles
>> through 464xlat and MAP, they should work, too). And their NAT workarounds
>> are pretty sophisticated now.
>>
>> There comes a point when winning your customers’ love isn’t profitable. I
>> don’t know if that point is $16/address for you, or $30, or $40, or $90.
>> Maybe it varies, depending on the customer.
>>
>> That’s why I suggested in “TCO of CGN”[1] that everyone figure out for
>> themselves how much money you might lose to unhappy customers via CGN, and
>> compare it to how much addresses cost, and at what price point you might
>> turn around and sell addresses. My findings then, based on assumptions
>> that
>> almost certainly are not true for any particular network, and which may
>> have
>> changed, suggest that buying addresses still makes sense.
>>
>>
>> Lee
>>
>> [1] http://ipv6.nanog.org/meetings/abstract?id=2025
>>
>>
>> >
>> > On 22 January 2018 at 15:23, Mark Andrews <ma...@isc.org> wrote:
>> >> Add to that CGN from RFC 6598 addresses (100.64/10) + IPv6 though that
>> >> reaches its limit at ~4M customers.
>> >>
>> >> Native IPv4 with a GUA to customers is essentially unavailable for new
>> >> ISPs.  It’s a matter of picking which flavour of NAT you and your
>> >> customers are going to use.  The sooner ALL ISP’s provide IPv6 to their
>> >> customers the sooner we restore delivering the Internet to the
>> customers.
>> >>
>> >> Mark
>> >>
>> >>> > On 23 Jan 2018, at 9:05 am, Lee Howard <l...@asgard.org> wrote:
>> >>> >
>> >>> > IPv6 still solves your problem if you add any of NAT64, DS-Lite,
>> 464xlat,
>> >>> > MAP-T, MAP-E.
>> >>> >
>> >>> > Yes, you’re NATing, but only the traffic to places like Hulu, and
>> it will
>> >>> > decrease over time. And while you need addresses for the outside of
>> the
>> >>> > translator, you don’t need as many (or to get more as frequently).
>> >>> >
>> >>> > Lee
>> >>> >
>> >>> > On 1/20/18, 10:20 AM, "NANOG on behalf of Mike Hammett"
>> >>> > <nanog-boun...@nanog.org on behalf of na...@ics-il.net> wrote:
>> >>> >
>> >>>> >> It's not really scraping the bottom of the barrel if your
>> customers are
>> >>>> >> using Hulu and they're complaining because Hulu isn't responsive
>> to
>> >>>> >> fixing their problems (geo-location, v6, etc.).
>> >>>> >>
>> >>>> >>
>> >>>> >>
>> >>>> >>
>> >>>> >> -
>> >>>> >> Mike Hammett
>> >>>> >> Intelligent Computing Solutions
>> >>>> >> http://www.ics-il.com
>> >>>> >>
>> >>>&g

Re: Anyone using Cogent Ethernet

[Michael Crapse]

Tier 1 just means they don't pay for ip transit themselves, only Peering.
Doesn't mean that it's good transit.
Best provider i've ever used is hurricane electric,  actually a tier 2
provider, but bigger/better than many tier 1s.

On 22 January 2018 at 19:07, Martin List-Petersen  wrote:

> On 22/01/18 20:05, Mike Hammett wrote:
>
>> I much prefer using WDM transport as opposed to Ethernet\VPLS transport
>> due to it being significantly harder (I try not to say impossible) to
>> oversubscribe. That said, it isn't always available at a decent rate at a
>> given location.
>>
>> Cogent has a reputation (right or wrong) for running things a little hot.
>>
>> Have any of you used Cogent Ethernet\VPLS services? What are you
>> experiences? Offlist is fine if you don't want it public.
>>
>
> Never use them without a backup alternative. I've seen more outages, that
> one would want to ever see from a provider, that would like to be
> categorised as Tier1.
>
> Especially, when some of these are longer than expected, because there
> were no cold-spares in the country and the cold-spare needed missed the
> flight.
>
> /M
> --
> Airwire Ltd. - Ag Nascadh Pobail an Iarthair
> http://www.airwire.ie
> Phone: 091-395 000
> Registered Office: Moy, Kinvara, Co. Galway, 091-395 000 - Registered in
> Ireland No. 508961
>

Re: Leasing /22

[Michael Crapse]

Customers on ps4s and xboxes will hate you. They will always get "strict"
nat, and it's your fault not mega corporation X's fault for not releasing
IPv4s

On 22 January 2018 at 15:23, Mark Andrews <ma...@isc.org> wrote:

> Add to that CGN from RFC 6598 addresses (100.64/10) + IPv6 though that
> reaches its limit at ~4M customers.
>
> Native IPv4 with a GUA to customers is essentially unavailable for new
> ISPs.  It’s a matter of picking which flavour of NAT you and your
> customers are going to use.  The sooner ALL ISP’s provide IPv6 to their
> customers the sooner we restore delivering the Internet to the customers.
>
> Mark
>
> > On 23 Jan 2018, at 9:05 am, Lee Howard <l...@asgard.org> wrote:
> >
> > IPv6 still solves your problem if you add any of NAT64, DS-Lite, 464xlat,
> > MAP-T, MAP-E.
> >
> > Yes, you’re NATing, but only the traffic to places like Hulu, and it will
> > decrease over time. And while you need addresses for the outside of the
> > translator, you don’t need as many (or to get more as frequently).
> >
> > Lee
> >
> > On 1/20/18, 10:20 AM, "NANOG on behalf of Mike Hammett"
> > <nanog-boun...@nanog.org on behalf of na...@ics-il.net> wrote:
> >
> >> It's not really scraping the bottom of the barrel if your customers are
> >> using Hulu and they're complaining because Hulu isn't responsive to
> >> fixing their problems (geo-location, v6, etc.).
> >>
> >>
> >>
> >>
> >> -
> >> Mike Hammett
> >> Intelligent Computing Solutions
> >> http://www.ics-il.com
> >>
> >> Midwest-IX
> >> http://www.midwest-ix.com
> >>
> >> - Original Message -
> >>
> >> From: "Ca By" <cb.li...@gmail.com>
> >> To: "Michael Crapse" <mich...@wi-fiber.io>
> >> Cc: "NANOG list" <nanog@nanog.org>
> >> Sent: Friday, January 19, 2018 9:54:23 PM
> >> Subject: Re: Leasing /22
> >>
> >> On Fri, Jan 19, 2018 at 5:48 PM Michael Crapse <mich...@wi-fiber.io>
> >> wrote:
> >>
> >>> Has Hulu, or a thousand other content distributors considered IPv6?
> >>> Because
> >>> you can't even tunnel to ipv4 without setting off VPN alarms with HULU.
> >>>
> >>
> >> Hulu? Really scraping the bottom of the barrel of content providers that
> >> dont use ipv6 these days.
> >>
> >> Netflix and Youtube support v6 ... and thousand of others (thousands
> just
> >> on Cloudflare where v6 is default on)
> >>
> >> About 80% of my traffic is native e2e v6, mostly google / youtube / fb /
> >> netflix / apple / amazon — but your mix may vary.
> >>
> >>
> >>
> >>>
> >>>
> >>> On 19 January 2018 at 18:38, Andrew Kirch <trel...@trelane.net> wrote:
> >>>
> >>>> On Fri, Jan 19, 2018 at 4:59 PM Ryan Gard <ryang...@gmail.com> wrote:
> >>>>
> >>>>> We're on the hunt yet again for an additional /22 to lease, and are
> >>>>> wondering what the best options are out there?
> >>>>>
> >>>>> Our usual suspects that we've reached out to in the past seem to be
> >>> plum
> >>>>> out... Any recommendations?
> >>>>>
> >>>>> Thanks!
> >>>>>
> >>>>> --
> >>>>> Ryan Gard
> >>>>>
> >>>> Have you considered IPv6?
> >>>>
> >>>
> >>
> >>
> >
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>
>

Re: Leasing /22

[Michael Crapse]

Has Hulu, or a thousand other content distributors considered IPv6? Because
you can't even tunnel to ipv4 without setting off VPN alarms with HULU.



On 19 January 2018 at 18:38, Andrew Kirch  wrote:

> On Fri, Jan 19, 2018 at 4:59 PM Ryan Gard  wrote:
>
> > We're on the hunt yet again for an additional /22 to lease, and are
> > wondering what the best options are out there?
> >
> > Our usual suspects that we've reached out to in the past seem to be plum
> > out... Any recommendations?
> >
> > Thanks!
> >
> > --
> > Ryan Gard
> >
> Have you considered IPv6?
>

Re: Leasing /22

[Michael Crapse]

We got ours from logicweb, but all the IPs originated from AfriNIC and were
blacklisted in several different places.

On 19 January 2018 at 14:57, Ryan Gard  wrote:

> We're on the hunt yet again for an additional /22 to lease, and are
> wondering what the best options are out there?
>
> Our usual suspects that we've reached out to in the past seem to be plum
> out... Any recommendations?
>
> Thanks!
>
> --
> Ryan Gard
>

Re: MTU to CDN's

[Michael Crapse]

I don't mind letting the client premises routers break down 9000 byte
packets. My ISP controls end to end connectivity. 80% of people even let
our techs change settings on their computer, this would allow me to give
~5% increase in speeds, and less network congestion for end users for a one
time $60 service many people would want. It's also where the internet
should be heading... Not to beat a dead horse(re:ipv6 ) but why hasn't the
entire internet just moved to 9000(or 9600 L2) byte MTU? It was created for
the jump to gigabit... That's 4 orders of magnitude ago. The internet
backbone shouldn't be shuffling around 1500byte packets at 1tbps. That
means if you want to layer 3 that data, you need a router capable of more
than half a billion packets/s forwarding capacity. On the other hand, with
even just a 9000 byte MTU, TCP/IP overhead is reduced 6 fold, and
forwarding capacity needs just 100 or so mpps capacity. Routers that
forward at that rate are found for less than $2k.

On 18 January 2018 at 23:31, Vincent Bernat <ber...@luffy.cx> wrote:

>  ❦ 18 janvier 2018 22:06 -0700, Michael Crapse <mich...@wi-fiber.io> :
>
> > Why though? If i could get the major CDNs all inside my network willing
> to
> > run 9000 byte packets, My routers just got that much cheaper and less
> > loaded. The Routing capacity of x86 is hindered only by forwarding
> > capacity(PPS), not data line rate.
>
> Unless your clients use a 9000-byte MTU, you won't see a difference but
> you'll have to deal with broken PMTUD (or have your routers fragment).
> --
> Many a writer seems to think he is never profound except when he can't
> understand his own meaning.
> -- George D. Prentice
>

Re: Blockchain and Networking

[Michael Crapse]

The definition of an ASIC is that it has only one use. Just because half of
a 100gb switch is not in use doesn't mean that you can mine bitcoin, or run
a blockchain with the asics not in use..

On 9 January 2018 at 08:49, Jean | ddostest.me via NANOG 
wrote:

> BTC miners use asics. Big switches/routers use 100Gb asics. Some
> switches have multiple 100 Gb asics and sometimes only half is use or
> even less.
>
> I guess it could be nice for some smaller telcos to generate some profit
> during off peak period. I don't know how feasible and I fully understand
> that the vendor warranty should be instantly void.
>
> Also, sometimes telcos have off the shelves spare that gather dust for
> years... It could be interesting to also generate few coins.
>
> Jean
>
> On 18-01-09 10:31 AM, Naslund, Steve wrote:
> > Sure but there are lots of blockchains other than bitcoin.  A lot of
> real smart people do not even suspect that bitcoin is a long term survivor
> due to its long transaction times.  Which blockchains do you want to
> support?  150GB may not seem like a lot (although a lot of my gear does not
> have the memory to cache that) but 10 of those is beyond the memory on the
> vast majority of network gear I am aware of.  That sure looks like a
> slippery slope to me.   Now that a lot of network switching and routers can
> support applications, you could just host all of your apps on them just
> like you could do all of your routing in your servers.   The question for
> you is what responsibilities do you want to take on.   That probably
> depends on what business you are in.
> >
> >> There is absolutely no reason that the networking equipment itself
> can't both operate the blockchain and keep a full copy.  It's a pretty good
> bet that your own routers will probably be online;  if not, you have bigger
> problems.
> >>
> >> The storage requirements aren't particularly onerous.  The entire
> Bitcoin blockchain is around 150GB, with several orders of magnitude more
> transactions (read: config changes) than you're likely to see even on a
> very large network.  SSDs are small >enough and reliable enough now that
> the physical space requirements are quite small.
> >
> > Steven Naslund
> > Chicago IL
> >
>

Re: Customer woes and ps3 network

[Michael Crapse]

I will be on site with the customer tomorrow to do packet captures.
It may be a weak wireless signal(he claims).
I also saw such a report, and changed his IP to one of our known good IPs,
and the issue persists.
We are running over PPPoE, so packet size is diminished from 1500 to 1492.
I have DMZed his console, issue persists. I have given his router 3
different public IPs to no avail.
This(ps3) was working yesterday on hughesnet, until we did our installation.

On 7 January 2018 at 16:58, Grant Taylor via NANOG <nanog@nanog.org> wrote:

> On 01/07/2018 04:12 PM, Michael Crapse wrote:
>
>> I have a customer on a ps3, and he can't seem to connect to the psn.
>> Keeps getting the 80710016 error. If there is anyone that can help me
>> troubleshoot this issue, that would be great.
>>
>
> I have yet to see the packets on the wire lie.
>
> Further, the packets on the wire will likely give you a starting point.
>
> After searching for the error, this may not be a problem with the network
> at all.  One report I saw says that the error can come from banned /
> blacklisted IPs.  So you may be looking for a non-existent network problem.
>
>
>
> --
> Grant. . . .
> unix || die
>
>

Customer woes and ps3 network

[Michael Crapse]

I have a customer on a ps3, and he can't seem to connect to the psn. Keeps
getting the 80710016 error. If there is anyone that can help me
troubleshoot this issue, that would be great.

Re: ✘Netflix

[Michael Crapse]

geolocat...@netflix.com

On Sat, Jan 6, 2018, 7:41 AM John Lightfoot  wrote:

> If your IP range includes an ipv6 tunnel, Netflix blocks it thinking it's
> a vpn.  You need to block the ipv6 routes to Netflix and force it to fall
> back to ipv4.
>
> On 1/6/18, 2:19 AM, "NANOG on behalf of Gary E. Miller" <
> nanog-boun...@nanog.org on behalf of g...@rellim.com> wrote:
>
> Yo All!
>
> Sorry to bother, but...
>
> Netflis is blocking my IP range.  1st line support useless.  Months and
> can not reah anyone with a clue.  Anyone got a Netflix contact?
>
> RGDS
> GARY
>
> ---
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> 
> g...@rellim.com  Tel:+1 541 382 8588
>
> Veritas liberabit vos. -- Quid est veritas?
> "If you can’t measure it, you can’t improve it." - Lord Kelvin
>
>
>
>

Re: Any experience with FS hardware out there?

[Michael Crapse]

No telecom power unfortunately


On 5 January 2018 at 11:50, Bryan Holloway  wrote:

> Fiberstore is rolling out some CRAZY cheap 100Gbps switches, and I'm
> curious if anyone in the community has any thoughts or real-life world
> experience with them.
>
> E.g.: https://www.fs.com/products/69340.html
>
> For the price point, it's almost in the "too good to be true" category.
>
> Naturally it claims to support an impressive range of features including
> BGP, IS-IS, OSPF, MPLS, VRFs, blah blah blah.
>
> There was an earlier discussion about packet buffer issues, but, assuming
> for a second that it's not an issue, can anyone say they've used these
> and/or the L2/L3 features that they purportedly support?
>
> Thanks!
> - bryan
>
>

Re: Attacks from poneytelecom.eu

[Michael Crapse]

I've never dealt with a support queue that resolved the issue faster than a
direct contact.

On 4 January 2018 at 09:12,  wrote:

> On Thu, 04 Jan 2018 09:33:51 -0500, William Herrin said:
>
> > Why anyone thinks it's acceptable for the form submission to vanish in to
> > the faceless support queue is more of a quandary. The form submission
> > should provide a case number, the individual to whom it is assigned,
> direct
> > contact information for that individual and a promise that your report
> will
> > receive a response.
>
> The very real problem with direct contact info is that people latch onto
> it.
> Then, if there's another issue the person will bypass your form submission,
> send a direct e-mail - which would then not be dealt with if that
> particular
> person wasn't working, for reasons ranging from vacation to no longer being
> with the provider in an abuse desk role.
>
> Been there, done that.  Been out of the country and offline for 36 hours,
> reconnect and there's a user with a problem that would have been dealt
> with 36 hours earlier if they had sent it to our help desk instead of to me
> directly.
>
>
>

Re: Waste will kill ipv6 too

[Michael Crapse]

And if a medical breakthrough happens within the next 30 years? Nanobots
that process insulin for the diabetic, or take care of cancer, or repair
your cells so you don't age, or whatever, perhaps the inventor things ipv6
is a good idea for such an endeavour. a nanobot is microns wide, and there
will be billions per person, hopefully not all on the same broadcast
domain.In fact, as you saay, we should treat /64s as a /32 and a /64 for
ptp. So each nanobot gets a /64. 10B nanobots per person times 20B people =
oh, crap, we've exhausted the entirety of ipv6 an order of magnitude ago.
Let alone the fact that actual usable ipv6 /64s is 2 orders of magnitude
below that.

On 29 December 2017 at 19:12, Baldur Norddahl 
wrote:

> Nobody needs to worry. I promise to reserve the last /32 out of my /29
> assignment. When the world has run out of addresses, I will start to sell
> from my pool using the same allocation policy that was used for IPv4. I
> would consider a /64 to be equal a /32 IPv4 address. This would make a /56
> assignment equal to a /24 IPv4 minimum assignment.
>
> Historically we spent about 3 decades before running out of IPv4 space. So
> my scheme should be good enough for some additional decades of IPv6.
>
> I just hope nobody else does the same. That would be bad for my business
> case.
>
> Regards
>
> Baldur
>
>
> Den 30. dec. 2017 02.11 skrev "Scott Weeks" :
>
> >
> > --- jlightf...@gmail.com wrote:
> > From: John Lightfoot 
> >
> > Excuse the top post, but this seems to be an
> > argument between people who understand big
> > numbers and those who don't.
> > 
> >
> > No, not exactly.  It's also about those that
> > think in current/past network terms and those
> > who are saying we don't know what the future
> > holds, so we should be careful.
> >
> >
> >
> > -
> > which means 79 octillion people...no one
> > alive will be around
> > -
> >
> > Stop thinking in terms of people.  Think in
> > terms of huge numbers of 'things' in the
> > ocean, in the atmosphere, in space, zillions
> > of 'things' on and around everyone's bodies
> > and homes and myriad other 'things' we can't
> > even imagine right now.
> >
> > scott
> >
>

Re: Waste will kill ipv6 too

[Michael Crapse]

The lightbulb in this scenario has a severe security issue, and thus allows
total control of any windows computer on the network because it's set to a
private/trusted network. Also note, the lightbulb is publicly addressable
and has a 8MHz processor incapable of firewalling itself..

On 28 December 2017 at 20:41, Chuck Church  wrote:

> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ricky Beam
> Sent: Thursday, December 28, 2017 9:55 PM
> To: Owen DeLong 
> Cc: NANOG list 
> Subject: Re: Waste will kill ipv6 too
>
> >Every scenario everyone has come up with is "unlikely". Home networks
> with multiple LANs??? Never going to happen; people don't know how to set
> them up, and there's little technical need for it.
>
> I couldn't agree more.  We're spending so much time with new RFCs to
> handle all these prefix delegation ways in order to accommodate 'power
> users' who are used to chaining one NATing IPv4 router off of another one
> and having it sort of work.  If we'd just put a stake in the ground and say
> residences can have one router and bridge everything below that we'd be
> further ahead.  I just can't see 99.999% of users being interested in
> subnetting their homes and writing firewall rules so their light bulbs
> can't talking to their DVRs.
>
> Chuck
>
>

Re: Waste will kill ipv6 too

[Michael Crapse]

As a small local ISP, our upstream isn't willing to give us more than a
/48, their statement "Here's a /48 that will give you unlimited addresses
that you'll never run out of". Therefore we give businesses /60s and
residentials /64. If only we could do as suggested here and give everyone a
/48, hah. It would be awesome if we could get an AS number but as we're not
multihomed, nor big enough to warrant ARIN paying us attention, we're at
the mercy of our upstream who also unwilling to part with more than a
single ipv4 /24 at a $300/mo surcharge, and forcing us into buying ipv4
subnets that have been randomly blacklisted on sites such as HULU, netflix,
or others.

I agree with the sentiment that we should have only 48 bits in the
networking portion as that does allow a 48bit mac to exist. mac collisions
happen so little, that it would make more sense for DAD to step in if it
does occur. Most hardware addresses are changeable anyway and should
probably be changed if on the same network. I am inexperienced enough to
not understand any necessary usefulness of a /64 network mask over a /80.

On 28 December 2017 at 18:34, Scott Weeks  wrote:

>
> :: Now think about scaling.
>
> Yes
>
>
> :: If the population doubles, we're now down to four spare /3s.
> :: If that doubled population doubles the number of devices,
> :: we're down to two spare /3s.  If the population doubles
> :: again, there will be no civilization left, let alone an
> :: Internet.  Etc.  So realistically, the current address space
> :: allocation policies can handle a doubling of the planet's
> :: population, with each person having a quarter of a million
> :: addressable nodes.  Each node having its own /64 to address
> :: individual endpoints within whatever that 'node' represents.
>
> Space: the final IP frontier
> These are the voyages of the range of IPv6
> Its many-year mission:
> to explore strange new device implementations;
> to seek out new planet-covering nano-device applications and new ad-hoc
> networking technologies;
> to boldly go via DTN where no internet segment has gone before.
> 
>
>
> :: Isn't this the utopia we've been seeking out?
>
> I like that one! :-)
>
> scott
>

Re: Waste will kill ipv6 too

[Michael Crapse]

Yes, let's talk about waste, Lets waste 2^64 addresses for a ptp.
If that was ipv4 you could recreate the entire internet with that many
addresses.

On 28 December 2017 at 10:39, Owen DeLong  wrote:

>
> > On Dec 28, 2017, at 09:23 , Octavio Alvarez 
> wrote:
> >
> > On 12/20/2017 12:23 PM, Mike wrote:
> >> On 12/17/2017 08:31 PM, Eric Kuhnke wrote:
> >> Call this the 'shavings', in IPv4 for example, when you assign a P2P
> >> link with a /30, you are using 2 and wasting 2 addresses. But in IPv6,
> >> due to ping-pong and just so many technical manuals and other advices,
> >> you are told to "just use a /64' for your point to points.
> >
> > Isn't it a /127 nowadays, per RFC 6547 and RFC 6164? I guess the
> > exception would be if a router does not support it.
> >
> > Best regards,
> > Octavio.
>
> Best practice used most places is to assign a /64 and put a /127 on the
> interfaces.
>
> Owen
>
>
>

Re: Geolocation: IPv4 Subnet blocked by HULU, and others

[Michael Crapse]

I was being playful with the whole "law" thing.
I doubt the users would be able to sue me due to title 2 roll backs. "Net
Neutrality" allows ISPs to block any service they deem fit, right? So the
first step wouldn't even get past discovery to get to court. Anyhow, it
would be sufficiently beneficial if we just had a single contact within
hulu. It would be even better if hulu came into the 21st century and
supported IPv6 like any other modern service.
For others who need this resolved for hulu, these are the subnets I
NATed/VPNed to get it working.
8.28.124.0/23
23.0.0.0/8
184.84.0.0/14
199.60.116.0/24
199.127.192.0/22
199.200.48.0/22
208.91.156.0/22
208.98.171.96/27

Michael

On 26 December 2017 at 18:54, Keith Medcalf <kmedc...@dessus.com> wrote:

>
> No, because you have no cause of action known to law.  You are not a
> customer of Hulu and have no right of action.
>
> However, your "users" could sue you for failing to provide proper service
> or perhaps otherwise cause you to suffer damages.
>
> In the former case you could file a defense and cross-claim against Hulu
> claiming that it is their problem, and that not only are they responsible
> for the claims made against you, they are also liable for your costs and so
> on and so forth.
>
> In the latter case where you suffer damages as a result of Hulu's actions
> (or inactions) resulting in damage to you, you could sue them on the basis
> of tortuous interference for their actions.
>
> Of course, Hulu will simply claim that you are negligent and just in case
> file a third party claim against whomever is providing them with false
> information and thus tortuously interfering with their business.
>
> Over the course of the following several years nothing will be done to
> correct the issue, your customers will abandon you and go elsewhere, and in
> the end no one will get anywhere except the lawyers who will now be able to
> afford to buy a few more yachts each.
>
> ---
> The fact that there's a Highway to Hell but only a Stairway to Heaven says
> a lot about anticipated traffic volume.
>
>
> >-Original Message-
> >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Michael
> >Crapse
> >Sent: Tuesday, 26 December, 2017 12:42
> >To: Sam Norris
> >Cc: NANOG list
> >Subject: Re: Geolocation: IPv4 Subnet blocked by HULU, and others
> >
> >I would like to know, Is there any legal recourse we can take against
> >such
> >a company consistently ignoring whitelist requests?
> >Currently, the only way my customers can connect to hulu without
> >getting a
> >vpn error is by using a vpn. On my end, i have just started NATing
> >all
> >requests to HULU through the few good IPs that I have.
> >
> >On 26 December 2017 at 11:12, Sam Norris <s...@sandiegobroadband.com>
> >wrote:
> >
> >> Anyone figure this out?  I need to get our prefixes updated as well
> >as
> >> they are
> >> detecting our customers in the wrong city.
> >>
> >> Sam
> >>
> >>
> >> > -Original Message-
> >> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of
> >> > li...@silverlakeinternet.com
> >> > Sent: Wednesday, December 20, 2017 1:28 PM
> >> > To: Mike Hammett
> >> > Cc: nanog@nanog.org
> >> > Subject: Re: Geolocation: IPv4 Subnet blocked by HULU, and others
> >> >
> >> > I could use a contact for all of these as well.  I have been
> >trying to
> >> > get my subnet unblocked with all of these providers and have
> >reached out
> >> > in many ways to all of them over the past few months, but never
> >get a
> >> > response.
> >> >
> >> > Thank you,
> >> > Brett A Mansfield
> >> >
> >> > On 2017-12-15 19:57, Mike Hammett wrote:
> >> > > Bump for Hulu.
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > -
> >> > > Mike Hammett
> >> > > Intelligent Computing Solutions
> >> > >
> >> > > Midwest Internet Exchange
> >> > >
> >> > > The Brothers WISP
> >> > >
> >> > > - Original Message -
> >> > >
> >> > > From: "Michael Crapse" <mich...@wi-fiber.io>
> >> > > To: nanog@nanog.org
> >> > > Sent: Wednesday, December 6, 2017 3:38:20 PM
> >> > > Subject: Geolocation: IPv4 Subnet blocked by HULU, and others
> >> > >
> >> > > I am a local WISP. And my customers have trouble reaching Hulu,
> >Disney
> >> > > now,
> >> > > and previously netflix and amazon prime(both resolved).
> >> > > I have emailed, mailed, and called both HULU and Disney now to
> >get my
> >> > > 196.53.96.0/22 subnet unblacklisted as a VPN provider(no longer
> >so)
> >> > > from
> >> > > their services. They have replied saying it takes 3-5 days to
> >resolve
> >> > > the
> >> > > issue, that was several weeks ago. Can i get contact from those
> >two
> >> > > services that can help my customers reach their services, thank
> >you.
> >> > >
> >> > >
> >> > > Thank you for the help.
> >> > > -Michael
> >>
> >>
>
>
>
>

Re: Geolocation: IPv4 Subnet blocked by HULU, and others

[Michael Crapse]

I would like to know, Is there any legal recourse we can take against such
a company consistently ignoring whitelist requests?
Currently, the only way my customers can connect to hulu without getting a
vpn error is by using a vpn. On my end, i have just started NATing all
requests to HULU through the few good IPs that I have.

On 26 December 2017 at 11:12, Sam Norris <s...@sandiegobroadband.com> wrote:

> Anyone figure this out?  I need to get our prefixes updated as well as
> they are
> detecting our customers in the wrong city.
>
> Sam
>
>
> > -Original Message-
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of
> > li...@silverlakeinternet.com
> > Sent: Wednesday, December 20, 2017 1:28 PM
> > To: Mike Hammett
> > Cc: nanog@nanog.org
> > Subject: Re: Geolocation: IPv4 Subnet blocked by HULU, and others
> >
> > I could use a contact for all of these as well.  I have been trying to
> > get my subnet unblocked with all of these providers and have reached out
> > in many ways to all of them over the past few months, but never get a
> > response.
> >
> > Thank you,
> > Brett A Mansfield
> >
> > On 2017-12-15 19:57, Mike Hammett wrote:
> > > Bump for Hulu.
> > >
> > >
> > >
> > >
> > > -
> > > Mike Hammett
> > > Intelligent Computing Solutions
> > >
> > > Midwest Internet Exchange
> > >
> > > The Brothers WISP
> > >
> > > - Original Message -
> > >
> > > From: "Michael Crapse" <mich...@wi-fiber.io>
> > > To: nanog@nanog.org
> > > Sent: Wednesday, December 6, 2017 3:38:20 PM
> > > Subject: Geolocation: IPv4 Subnet blocked by HULU, and others
> > >
> > > I am a local WISP. And my customers have trouble reaching Hulu, Disney
> > > now,
> > > and previously netflix and amazon prime(both resolved).
> > > I have emailed, mailed, and called both HULU and Disney now to get my
> > > 196.53.96.0/22 subnet unblacklisted as a VPN provider(no longer so)
> > > from
> > > their services. They have replied saying it takes 3-5 days to resolve
> > > the
> > > issue, that was several weeks ago. Can i get contact from those two
> > > services that can help my customers reach their services, thank you.
> > >
> > >
> > > Thank you for the help.
> > > -Michael
>
>

Re: Companies using public IP space owned by others for internal routing

[Michael Crapse]

+1 for Nat64. dual stack is just keeping ipv4 around longer than it needs
to be

On 19 December 2017 at 18:50, Owen DeLong  wrote:

>
> > On Dec 19, 2017, at 07:39 , Livingood, Jason <
> jason_living...@comcast.com> wrote:
> >
> > On 12/18/17, 2:36 PM, "NANOG on behalf of Harald Koch" <
> nanog-boun...@nanog.org on behalf of c...@pobox.com> wrote:
> >> They could use IPv6. I mean, if the mobile phone companies can figure
> it out, surely an ISP can...
> >
> > Except for cases when it is impossible or impractical to update software
> on a great number of legacy devices…
> >
> > JL
> >
> >
> Yeah, in those cases, they should use IPv6 + NAT64 or similar mechanism.
>
> Owen
>
>

Geolocation: IPv4 Subnet blocked by HULU, and others

[Michael Crapse]

I am a local WISP. And my customers have trouble reaching Hulu, Disney now,
and previously netflix and amazon prime(both resolved).
I have emailed, mailed, and called both HULU and Disney now to get my
196.53.96.0/22 subnet unblacklisted as a VPN provider(no longer so) from
their services. They have replied saying it takes 3-5 days to resolve the
issue, that was several weeks ago. Can i get contact from those two
services that can help my customers reach their services, thank you.


Thank you for the help.
-Michael