Re: List of CDNs?
On Nov 14, 2013, at 17:25 , Carlos Kamtha kam...@ak-labs.net wrote: The goal is to find a solution to optimize the path for DNS queries that traverse via CDNs within certain regions without the luxury of a network layer. For instance, some clients in singapore are getting answers from the UK instead of something more local. Knowing where the CDNs are may allow us to direct them to a more optimal path. Depends on the CDN. Using Akamai as an example (since they are essentially as big as all other CDNs combined, and 'cause I know them best), the location of an Akamai web server is not useful since everything is based on name servers. Also, the location of Akamai's name server and the topological path used to reach it is irrelevant to the web server returned. So getting a list of nodes and somehow modifying your network based on that will likely have minimal to zero impact. Other CDNs use different methods of mapping end users to web servers. Some use anycast, either at the DNS level or even at the HTTP level. In those cases, this information may be of use. If you have a problem with Akamai mapping, you can always email netsupport-...@akamai.com and ask them for help. My guess is other CDNs have something similar. Probably much more useful to go directly to the CDN with the problem than look at a 3rd party list of nodes and try to fix issues yourself with methods that may have no effect. Or not. :) Your network, your decision, I'm just making suggestions. -- TTFN, patrick On Thu, Nov 14, 2013 at 10:11:59PM +, Patrick W. Gilmore wrote: List of CDNs would be difficult, but not impossible. Although they do different things, so a simple list is unlikely to be as useful as it looks. A lost of CDN DC nodes is not possible. Why do you care about such a thing anyway? -- TTFN, patrick Composed on a virtual keyboard, please forgive typos. On Nov 14, 2013, at 22:02, Carlos Kamtha kam...@ak-labs.net wrote: Hi, I was wondering if anyone knows where I could find a compiled list of Content Delivery Networks as well as thier DC nodes? if any.. Please respond offlist. Cheers, Carlos signature.asc Description: Message signed with OpenPGP using GPGMail
Re: List of CDNs?
First, the location of CDN nodes is not relevant to passive DNS monitoring. If Andrew would like a list of domains with CDN hostnames in them, that might be findable. Second, a list of CDN nodes is likely impossible to gather maintain without the help of the CDNs themselves. There are literally thousands of them, most do not serve the entire Internet, and they change frequently. And before you ask, I know at least Akamai will _not_ give you their list, so don't even try to ask them. Sorry this makes your life more difficult. Perhaps if you explained why you were doing address lookups, the collective body could help you come up with a better solution? -- TTFN, patrick On Nov 15, 2013, at 10:06 , Michael Collins, Aleae mcoll...@aleae.com wrote: I'll second that; CDNs are a constant pain for me when I'm doing address lookups. A list of them would make life a lot easier for a bunch of different investigative processes. If there isn't one right now, I think I could get off my tuchas and start maintaining one if anyone's interested in pitching in. On 11/14/13 5:19 PM, Andrew Fried wrote: Actually, a list of CDNs would be very handy. I harvest botnets and fast flux hosts out of passive dns, and some of the heuristics used to identify them are similar to what CDNs look like. Having a decent list of CDN effective top level domains alone would be useful for redacting those hosts. Andy Andrew Fried andrew.fr...@gmail.com On 11/14/13, 5:11 PM, Patrick W. Gilmore wrote: List of CDNs would be difficult, but not impossible. Although they do different things, so a simple list is unlikely to be as useful as it looks. A lost of CDN DC nodes is not possible. Why do you care about such a thing anyway? signature.asc Description: Message signed with OpenPGP using GPGMail
Re: List of CDNs?
On Nov 16, 2013, at 19:30 , Michael Collins mcoll...@aleae.com wrote: It's Yet Another False Positive in anomaly detection and traffic analysis software that I fiddle with. In the case of CDNs, I mostly want to throw them out the window -- whenever I see one, I know that the reverse lookup information is going to be useless and it's time to toss that address out of the bucket and look at the next weird one on the list. Not sure why in-addr on CDN would be any different than .. well, anything. Perhaps I do not understand your use case well enough? -- TTFN, patrick On Nov 16, 2013, at 5:28 PM, Patrick W. Gilmore patr...@ianai.net wrote: First, the location of CDN nodes is not relevant to passive DNS monitoring. If Andrew would like a list of domains with CDN hostnames in them, that might be findable. Second, a list of CDN nodes is likely impossible to gather maintain without the help of the CDNs themselves. There are literally thousands of them, most do not serve the entire Internet, and they change frequently. And before you ask, I know at least Akamai will _not_ give you their list, so don't even try to ask them. Sorry this makes your life more difficult. Perhaps if you explained why you were doing address lookups, the collective body could help you come up with a better solution? -- TTFN, patrick On Nov 15, 2013, at 10:06 , Michael Collins, Aleae mcoll...@aleae.com wrote: I'll second that; CDNs are a constant pain for me when I'm doing address lookups. A list of them would make life a lot easier for a bunch of different investigative processes. If there isn't one right now, I think I could get off my tuchas and start maintaining one if anyone's interested in pitching in. On 11/14/13 5:19 PM, Andrew Fried wrote: Actually, a list of CDNs would be very handy. I harvest botnets and fast flux hosts out of passive dns, and some of the heuristics used to identify them are similar to what CDNs look like. Having a decent list of CDN effective top level domains alone would be useful for redacting those hosts. Andy Andrew Fried andrew.fr...@gmail.com On 11/14/13, 5:11 PM, Patrick W. Gilmore wrote: List of CDNs would be difficult, but not impossible. Although they do different things, so a simple list is unlikely to be as useful as it looks. A lost of CDN DC nodes is not possible. Why do you care about such a thing anyway? signature.asc Description: Message signed with OpenPGP using GPGMail
Re: CDN node locations
On Nov 16, 2013, at 19:36 , Jay Ashworth j...@baylink.com wrote: Second, a list of CDN nodes is likely impossible to gather maintain without the help of the CDNs themselves. There are literally thousands of them, most do not serve the entire Internet, and they change frequently. And before you ask, I know at least Akamai will _not_ give you their list, so don't even try to ask them. I find myself unsurprised. I was led to a very interesting failure case involving CDN's a couple weeks ago, that I thought you might find amusing. I have a Samsung Galaxy S4, with Sprint. On a semi-regular basis, the networking gets flaky around 1-2am ish local time, but 3 weekends ago, the symptom I saw was DNS lookups failed -- and it wasn't clear to me whether it was just some lookups failed, or that Big Sites were cached at the provider, and *all* outgoing 53 traffic to the greater internet wasn't being forwarded by Sprint's customer resolvers. I know that it was their resolvers, though, as I grabbed a copy of Set DNS, and pointed my phone to 8.8.8.8, and 4.2.2.1, and OpenDNS, and like that, and everything worked ok. Except media. (Patrick is starting to nod and chuckle, now :-) Both YouTube and The Daily Show's apps worked ok, but refused to play video clips for me. If I reset the DNS to normal, I went back to not all sites are reachable, but media plays fine. My diagnosis was that those sites were CDNed, and the DNS names to *which* they were CDNs were only visible inside Sprint's event horizon, so when I was on alternate DNS resolution, I couldn't get to them. But that took me over a day to figure out. Don't get old. :-) Patrick? Is that how (at least some) customers do it? #1: I could not possibly comment on customers. But since I've only worked at Markley Group for 3 weeks, I don't know all the customers, so I couldn't tell you even if they were customers at all, more or less how they do things. Besides, Markley Group ain't a CDN. #2: Assuming you are assuming I still work at Akamai (I don't), and are asking me if that's how Akamai does things, I couldn't possibly comment on customers at a previous position. Everything I've said up to now was either public knowledge or something I was more than happy to give out publicly if asked while I was at Akamai. The query above, specifically is XXX how customer YYY does things, is neither of those. But in the more general sense, your hypothesis does not really fit the circumstances completely. DNS is orthogonal to serving bits. If Sprint's DNS is f00bar'ed, then you can't resolve anything, CDN-ififed or not. It is true some CDNs put some name servers inside other networks, but that is still a race condition, because (for instance) Akamai's DNS TTL is 20 seconds. You have to go back 'outside' eventually to get stuff, which means relying on Sprint's recursive NSes. Plus the two sites you list (YouTube DailyShow) are not on the same infrastructure. Google hosts its own videos, DailyShow is not hosted on Google (AFAIK), therefore they must be two different companies using two different pieces of equipment and two different name server algorithms / topologies. It would be weird that Sprint's failure mode worked fine for those two and nothing else. Sorry. -- TTFN, patrick P.S. I wasn't chuckling. :) signature.asc Description: Message signed with OpenPGP using GPGMail
Re: List of CDNs?
List of CDNs would be difficult, but not impossible. Although they do different things, so a simple list is unlikely to be as useful as it looks. A lost of CDN DC nodes is not possible. Why do you care about such a thing anyway? -- TTFN, patrick Composed on a virtual keyboard, please forgive typos. On Nov 14, 2013, at 22:02, Carlos Kamtha kam...@ak-labs.net wrote: Hi, I was wondering if anyone knows where I could find a compiled list of Content Delivery Networks as well as thier DC nodes? if any.. Please respond offlist. Cheers, Carlos
Re: Sudan disconnected from the Internet
It's not a fiber cut. It did come back for a while at least. https://twitter.com/akamai_soti/status/382872513761398785/photo/1 -- TTFN, patrick On Sep 25, 2013, at 21:03 , Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 13-09-25 20:43, Warren Bailey wrote: We make Ku-band backpacks for this type of scenario. I would give it 12-18 hours before you see CNN light up with live feeds.. Why would an entertainment network cover real news ? BBC or AlJazeera are better news sources for stuff that happens more than 2 bocks away from CNN's atlanta offices. BBC: 25 September 2013 Last updated at 17:54 ET Sudan fuel unrest: Many die in Khartoum as riots continue http://www.bbc.co.uk/news/world-africa-24272835 Al Jazeera: Sudan protests over fuel prices turn deadly Security forces use tear gas to disperse demonstrators in Khartoum amid simmering anger over subsidy cuts. Last Modified: 25 Sep 2013 18:08 http://www.aljazeera.com/news/africa/2013/09/sudan-protests-over-fuel-turns-deadly-2013925104639248955.html Neither article mentions internet disconnection. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: iOS 7 update traffic
Composed on a virtual keyboard, please forgive typos. On Sep 19, 2013, at 13:58, Paul Ferguson fergdawgs...@mykolab.com wrote: Can someone please explain to a non-Apple person what the hell happened that started generating so much traffic? Perhaps I missed it in this thread, but I would be curious to know what iOS 7 implemented that caused this... BING for ios adoption rate (one estimate is 29% in 16 hours), multiply by # of iThings, multiply by size of iOS, divide by # of seconds in estimate. As for why so many users upgrade so fast, that's a harder question. It could be iThing users are more willing to believe the fruit company's advertising (hype) . Could be that the device tells them to upgrade so they do. It is also at least partially due to the fact all iThings are upgradable (within a certain age horizon). Hope that gives you something to chew on, even if it doesn't answer the question. -- TTFN, patrick On 9/19/2013 10:23 AM, Nick Olsen wrote: We also saw a huge spike in traffic. Still pretty high today as well. We saw a ~60% above average hit yesterday, And we're at ~20-30% above average today as well. Being an android user, It didn't dawn on me until some of the IOS users in the office started jumping up and down about IOS7 Nick Olsen Network Operations (855) FLSPEED x106 From: Justin M. Streiner strei...@cluebyfour.org Sent: Wednesday, September 18, 2013 6:19 PM To: NANOG nanog@nanog.org Subject: Re: iOS 7 update traffic On Wed, 18 Sep 2013, Tassos Chatzithomaoglou wrote: We also noticed an interesting spike (+ ~40%), mostly in akamai. The same happened on previous iOS too. I see it here, too. At its peak, our traffic levels were roughly double what we would see on a normal weekday. jms Zachary McGibbon wrote on 18/9/2013 20:38: So iOS 7 just came out, here's the spike in our graphs going to our ISP here at McGill, anyone else noticing a big spike? [image: internet-sw1 - Traffic - Te0/7 - To Internet1-srp (IR Canet) - TenGigabitEthernet0/7] Zachary McGibbon -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID -- Connect and Collaborate -- www.internetidentity.com
Re: iOS 7 update traffic
Composed on a virtual keyboard, please forgive typos. On Sep 19, 2013, at 14:11, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: I don't see how operators could tolerate this, honestly. I can't think of a single provider who does not oversubscribe their access platform... Which leads me to this question : Why does apple feel it is okay to send every mobile device an update on a single day? That question makes no sense to me. Turn that around: Why would Apple think that is not OK? Never mind the fact that we are we ones on the last mile responsible for getting it to their customers, 1gb per sub is pretty serious.. Why are they not caching at their head ends, dslams, etc? Most providers are offered a cache for free (there is a minimum traffic volume, but it is not even as large as Netflix's requirements). Every provider, regardless of traffic, is offered peering for free. What was the problem again? -- TTFN, patrick Original message From: Mikael Abrahamsson swm...@swm.pp.se Date: 09/19/2013 11:08 AM (GMT-08:00) To: Paul Ferguson fergdawgs...@mykolab.com Cc: NANOG nanog@nanog.org Subject: Re: iOS 7 update traffic On Thu, 19 Sep 2013, Paul Ferguson wrote: Can someone please explain to a non-Apple person what the hell happened that started generating so much traffic? Perhaps I missed it in this thread, but I would be curious to know what iOS 7 implemented that caused this... The IOS7 upgrade is ~750 megabyte download for the phones/pods, and ~950 megabytes for ipad. There are quite a few devices out there times these amounts to download... -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: common method to count traffic volume on IX
On Sep 17, 2013, at 07:02 , Nick Hilliard n...@foobar.org wrote: On 17/09/2013 11:52, Martin T wrote: Is there a common method to count this traffic on a switch-fabric? Just read all the switch interface packets input counters with an interval to get the aggregated input traffic and read all the switch interfaces packets output counters to get the aggregated output traffic? most IXPs count this as the sum of all ingress packets over a period of 300 seconds. A small number of IXPs do different stuff, e.g. different sampling interval or counting traffic on inter-switch links. I am unaware of any IXP that uses a smaller sampling period (presumably in an attempt to make their IXP look bigger) other than DE-CIX. Is there another one? And yes, DE-CIX is more than well aware everyone thinks this is .. uh .. let's just call it silly for now, although most would use far more disparaging words. Which is probably why no serious IXP does it. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: common method to count traffic volume on IX
On Sep 17, 2013, at 11:04 , Nick Hilliard n...@foobar.org wrote: On 17/09/2013 14:43, Patrick W. Gilmore wrote: And yes, DE-CIX is more than well aware everyone thinks this is .. uh .. let's just call it silly for now, although most would use far more disparaging words. Which is probably why no serious IXP does it. It's not silly We disagree. it's just not what everyone else does I don't think anyone else does 2 minutes, but happy to be educated otherwise. so it's not possible to directly compare stats with other ixps. I'm all in favour of using short (but technically sensible) sampling intervals for internal monitoring, but there are good reasons to use 300s / ingress sum for prettypics intended for public consumption. Your IXP (network, whatever), you decision. Use 2 second timers for all I care. Unfortunately, DE-CIX has done exactly what you said - compared themselves to other IXPs using that apples-to-oranges comparison. There are words for that sort of thing, but they are impolite, and I otherwise like the people at DE-CIX, so I shall let each NANOG-ite decide how to view such, um, tactics. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: common method to count traffic volume on IX
On Sep 17, 2013, at 12:11 , Martin T m4rtn...@gmail.com wrote: Thanks for all the replies! Nick, counting traffic on inter-switch links is kind of cheating, isn't it? I mean if input bytes and output bytes on all the ports facing the IX members are already counted, then counting traffic on links between the switches in fabric will count some of the traffic multiple times. Patrick, how does smaller sampling period help to show more traffic volume on switch fabric? Or do you mean that in case of shorter sampling periods the traffic peaks are not averaged out and thus peak in and peak out traffic levels remain higher? The graph has a bigger peak, and DE-CIX has claimed see, we are bigger using such graphs. Not only did they not caveat the fact they were using a non-standard sampling method, they have refused to change when confronted or even say what their traffic would be with a 300 second timer. -- TTFN, patrick On 9/17/13, Nick Hilliard n...@foobar.org wrote: On 17/09/2013 14:43, Patrick W. Gilmore wrote: And yes, DE-CIX is more than well aware everyone thinks this is .. uh .. let's just call it silly for now, although most would use far more disparaging words. Which is probably why no serious IXP does it. It's not silly - it's just not what everyone else does, so it's not possible to directly compare stats with other ixps. I'm all in favour of using short (but technically sensible) sampling intervals for internal monitoring, but there are good reasons to use 300s / ingress sum for prettypics intended for public consumption. Nick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Akamai Edgekey issues ?
On Sep 03, 2013, at 09:58 , Jay Ashworth j...@baylink.com wrote: From: Matthew Petach mpet...@netflight.com On Mon, Sep 2, 2013 at 7:33 PM, Jorge Amodio jmamo...@gmail.com wrote: Here is another bit of data... www.apple.com not reachable from a machine using Google's NS, reachable from an iPad using TWC NS IP addresses returned by each are different ... could be load balancing, or creative (broken) traffic engineering Far more likely to be simply due to Akamai localizing the IP addresses to be as close to the resolving nameserver as possible; so, when using Google DNS, you end up at an Akamai node close to the Google DNS server; when using the TWC nameservers, you end up pointing to an Akamai node closer to those TWC nameservers. Not a case of broken traffic engineering at all. Sure it is. It's assuming that the geographic location of a customer resolver server has anything whatever to do with the geographic location of the end node, which it's not in fact a valid proxy for. It isn't? How wrong is this assumption? Be specific. How far off is it, for how many users? Perhaps look at the other side. Assumptions must be made. What assumptions would be better in the real world? What percentage of users are closer to anycast nodes? What are the real-world performance differences using this method vs. other methods? Saying not in fact a valid proxy without hard data is not useful. What data do you have to prove your thesis? Akamai seems to perform well for the vast majority of users. Or so I believe, but I fully admit I am biased. :) That said, always happy to be educated. If you have data, let us know. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Akamai Edgekey issues ?
On Sep 03, 2013, at 02:41 , Scott Hulbert sc...@scotthulbert.com wrote: Matthew Petach mpet...@netflight.com wrote: Why not just use the TWC nameservers, if thiings work when you use them instead of the Google nameservers? One reason would be that TWC used to hijack failed DNS requests and show advertisements ( http://netcodger.wordpress.com/2010/09/14/roadrunner-returns-to-dns-hijack-tactics/ ). Without condoning or decrying this practice, I believe TWC allows you to opt-out of that. (Whether they should require you to opt-out, or do it at all, is intentionally not discussed.) Also, Google DNS and OpenDNS helped manually clean up bad records after the NYTimes had their nameservers changed at the TLD registry ( http://blog.cloudflare.com/details-behind-todays-internet-hacks). What makes you think TWC did not do the same? And it was a lot more than the New York Times that had issues, and there was a lot more than a single instance of this. To be clear, Google is Johnny On The Spot when these things happen, and kudos to them for it. But so are lots of other providers (e.g. OpenDNS, who has been doing this a lot longer than Google), they just might not have teh GOOG name to get them in the press blogs. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Trivium
On Aug 19, 2013, at 10:42 , Blake Dunlap iki...@gmail.com wrote: Without Google, how do you know where anything even *is*? Pretending that wasn't a troll, I wonder how much of the traffic these days is things like AppleTV, Roku, OS updates, iThing/Android 'Apps', etc. that do not require a user to type www.bing.com into the Google search box[*] so they can find the web page. -- TTFN, patrick [*] I've actually see someone type www.yahoo.com into the Google search box, then use Yahoo! to search for something. Don't ask On Mon, Aug 19, 2013 at 2:38 AM, Larry Sheldon larryshel...@cox.net wrote: http://news.cnet.com/8301-**1023_3-57598978-93/google-** outage-reportedly-caused-big-**drop-in-global-traffic/http://news.cnet.com/8301-1023_3-57598978-93/google-outage-reportedly-caused-big-drop-in-global-traffic/ How big is the Internet? Depends in whether Google is up or not? -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker) signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How big is the Internet?
On Aug 15, 2013, at 10:05 , Leo Bicknell bickn...@ufp.org wrote: On Aug 14, 2013, at 3:27 PM, Patrick W. Gilmore patr...@ianai.net wrote: Once you define what you mean by how bit is the Internet, I'll be happy to spout off about how big it is. :) Arbitrary definition time: A Internet host is one that can send and receive packets directly with at least one far end device addressed out of RIR managed IPv4 or IPv6 space. That means behind a NAT counts, behind a firewall counts, but a true private network (two PC's into an L2 switch with no other connections) does not, even if they use IP protocols. Note that devices behind a pure L3 proxy do not count, but the L3 proxy itself counts. Now, take those Internet hosts and create a graph where each node has a binary state, forwards packets or does not forward packets the result is a set of edge nodes that do not forward packets. The simple case is an end user PC, the complex case may be something like a server in a data center that while connected to multiple networks does not forward any packets, and is an edge node on all of the networks to which it is attached. To me, all Internet traffic is the sum of all in traffic on all edge nodes. Note if I did my definition carefully out = in - (packet loss + undeliverable), which means on the scale of the global Internet I suspect out == in, when rounded off. I have a feeling you flipped in out in that formula. So please, carry on and spout off as to how big that is, I think an estimate would be very interesting. Spout off time: My laptop at home is an edge node under the definition above, despite being behind a NAT. My home NAS is as well. When I back up my laptop to my NAS over my home network, that traffic would be counted as Internet traffic by your definition. I have a feeling that does not come close to matching the mental model most people have in their head of Internet traffic. But maybe I'm confused. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How big is the Internet?
On Aug 16, 2013, at 00:37 , Sean Donelan s...@donelan.com wrote: On Thu, 15 Aug 2013, Seth Mattinen wrote: We'll also need this data in units of number of Libraries of Congress. The researchers at the Library of Congress are more than happy to explain why you are wrong to attempt to use the Library of Congress as a unit of measure, and why the estimates being used are wrong. http://blogs.loc.gov/digitalpreservation/2011/07/transferring-libraries-of-congress-of-data/ along with several other blog posts over the years. But it doesn't seem to stop people from wanting to 1) know how big the Library of Congress is and 2) using it as a unit of measure. It seems odd that there are relatively good estimates for other communication networks and utilities; i.e. how big is the PSTN, how many television or radio stations, how much freight is carried by railroads, trucks and ships. But asking how big is the Internet, how much data does it carry, ends up with no answer. Even the researchers at the Library of Congress, if you give them enough beer and beg them enough, will eventually give you an estimate about the Library collection size as of the end of the last year. What so special about the Internet that it can't be measured? Complete lack of regulation, and in many cases, even billing. You cannot make a call on the PSTN without someone getting money from someone else and a CDR (http://en.wikipedia.org/wiki/Call_detail_record) being created. Television radio stations are trivially countable and probably literally a a dozen or more orders of magnitude off the number of packets on the Internet. Railroads are similarly tiny in number and bill for freight. Roads are built by taxpayer dollars, so the gov't keeps a good account. Etc., etc. The Internet is the first world-wide thing that doesn't bill based on where you send something, what you are doing, why you do it, and in many cases, even how much you do. Moreover, anyone can set up anything on it without asking the gov't for permission. This has enabled the impossible growth curve seen the last 20 years, but also made it impossible to count, categorize, or control. Which pisses off some people (usually governments), but makes others (e.g. me!) all warm fuzzy inside. -- TTFN, patrick P.S. I know you already knew the answer to the question, but I figured you wanted it answered when you asked, so I did. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How big is the Internet?
On Aug 14, 2013, at 15:00 , Sean Donelan s...@donelan.com wrote: I should have remembered, NANOG prefers to correct things. So here are several estimates about how much IP/Internet traffic is downloaded in a month. Does anyone have better numbers, or better souces of numbers that can be shared? I think you are not defining things precisely enough to be corrected. What does downloaded mean? For instance: 1) If a Google server pulls traffic from another Google server in another datacenter over the Google backbone, is that downloaded? 2) How about if an an Akamai server pulls traffic from another Akamai server in the same building but two different networks? 3) How about if the two servers are on the same switch? 4) What if I am playing X-Box with another user on Comcast on the same head end? 5) Two different head ends in the same city? 6) Different cities? Etc. It is actually even harder than the above illustrates. Most people define Mbps on the Internet as inter-AS bits. But then what about Akamai AANP nodes, Google GGC nodes, Netflix Open Connect nodes, etc.? They are all inside the AS. Given that Akamai claims to be 20% of all broadband traffic, Google is on the same order, and NF claims to be 30% of US peak-evening traffic, it seems like it would be foolish to ignore this traffic. I could go on, but you get the point. Definitions are a bitch. Once you define what you mean by how bit is the Internet, I'll be happy to spout off about how big it is. :) All that said: My back-of-the-envelope math says the Internet is order of 1 exabyte/day, as defined by my own rules on what counts as the Internet[*]. I could easily be wrong, but you asked. -- TTFN, patrick [*] I count Company-to-Company traffic. This is _mostly_ inter-AS traffic, but on-net nodes (e.g. Akamai, Google, NF) - Provider _do_ count. Things like Google - Google over Google backbone do not count. Things like as701 - as702 would count, but not as701 - as701, even if the traffic is between two single-homed customers. It is a weird definition, but that's how I define it. (Although I may be biased, since counting only inter-AS traffic leaves off $SOME_PERCENTAGE of the traffic from my company.) Arbor/Merit/Michigan Internet Observatory: 9,000 PB/month (2009) Minnesota Internet Traffic Studies: 7,500-12,000 PB/month (2009) Cisco Visual Network Index: Total IP: 55,553 PB/month (2013) Fixed IP: 39,295 PB/month (2013) Managed IP: 14,679 PB/month (2013) Mobile Data: 1,578 PB/month (2013) Telegeography via ITU report: 44,000 PB/month (2012) National Security Agency: 55,680 PB/month (2013) Individual providers/countries Australian Bureau of Statistics (AU only) : 184 PB/month (2012) ATT Big Petabyte report (ATT only): 990 PB/month (2013) CTIA mobile traffic (US only): 69 PB/month (2011) London School of Economics (Europe only): 3,600 PB/month (2012) TATA Communications: 1,600 PB/month (2013) Historical: NSFNET: 0.015 PB/month (1994) signature.asc Description: Message signed with OpenPGP using GPGMail
Re: How big is the Internet?
On Aug 15, 2013, at 00:19 , Sean Donelan s...@donelan.com wrote: On Wed, 14 Aug 2013, Patrick W. Gilmore wrote: It is actually even harder than the above illustrates. Most people define Mbps on the Internet as inter-AS bits. But then what about Akamai AANP nodes, Google GGC nodes, Netflix Open Connect nodes, etc.? They are all inside the AS. Given that Akamai claims to be 20% of all broadband traffic, Google is on the same order, and NF claims to be 30% of US peak-evening traffic, it seems like it would be foolish to ignore this traffic. I could go on, but you get the point. Definitions are a bitch. Some of that may help explain why the Internet traffic estimates seem to be too high or too low since about 2007. The primary data sources for the Internet traffic estimates seem to be mostly Internet backbones and Internet exchange points. I hadn't been paying attention until I looked at a bunch of companies' investor filings this week because the size of the Internet was in the news. If you add up the percentages that companies are telling investors and policy makers, you end up with more than 100%. Most of the companies' investor reports don't explain % of what. But the few that do, end up pointing back to the same traffic forecast reports. That doesn't even get to the long tail of small providers that don't report anything. Either there is a lot of traffic missing, or market concentration is much greater than assumed. I am not at all surprised the sum of percentages is 100. User on Joe's-DSL-and-Bait store sends a packet up through Mary's-backbone-and-coffee shop to Bill's-other-transit-and-sandwich cart which finally lands on Comcast. (Didn't see that coming, did you? :) All four networks are going to claim that packet, but a true accounting of petabytes downloaded per day will only count it once. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: ddos attacks
On Aug 02, 2013, at 09:37 , sgr...@airstreamcomm.net wrote: I’m curious to know what other service providers are doing to alleviate/prevent ddos attacks from happening in your network. Are you completely reactive and block as many addresses as possible or null0 traffic to the effected host until it stops or do you block certain ports to prevent them. What’s the best way people are dealing with them? #1: Ensure your network is BCP38 compliant. Hard to complain about others attacking you when you are not clear. And if you do not block source-address spoofing, you are not clean. As for the rest, I'll let others with more recent experience explain what they do. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: nLayer IP transit
On Jul 31, 2013, at 20:00 , Mark Tees markt...@gmail.com wrote: I remember reading a while back that customers of nLayer IP transit services could send in Flowspec rules to nLayer. Anyone know if that is true/current? Not any more. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: ARIN WHOIS for leads
On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote: From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. The fact you take some cold callers up on offers means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 09:32 , Ryan Pavely para...@nac.net wrote: What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed. imho. The days of having public records like whois/rwhois available has passed. The data use to be protected with a simple clue test. Only the clue minded folks knew about the data, and were pretty responsible with it. Now anyone can look it up. We use to use that data to be able to directly communicate with another provider for a serious problem. It was great knowing exactly how to get a hold of someone, and not have to forage your way through tech support... noc.. etc.. Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake. You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Even better, only the clued (and paid) get to vote. So it is exactly what you wanted. -- TTFN, patrick On 7/25/2013 7:02 PM, Justin Vocke wrote: Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 11:05 , David Conrad d...@virtualized.org wrote: On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore patr...@ianai.net wrote: You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Sure it is, the membership is just very .. uh .. selective. :) Stakeholder is just a fancy way of saying member. They vote, things change. Like I said, this is _exactly_ what Ryan wanted. Only the anointed get to decide things. Works out well, doesn't it? -- TTFN, patrick
Re: ARIN WHOIS for leads
What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again? I don't know, but that is part of the reason why you can't ignore these people or buy from them. Ever heard of the one bite at the apple idea? Marketers think they should each be able to ask you just once to buy something from them. Ignoring the fact they ask more than once, in the US alone, there are 23 million small businesses http://www.sba.gov/content/small-business-trends. How many calls / emails do you want to get if even 10% of them decide they get _one_ chance to ask you to buy something? The reason this is not a problem for snail mail is there has to be a serious return to cover the cost of printing, postage, etc. What's the cost of sending 23 million emails? Two cents? Or the days when everything wasn't treated as spam Everything is not. I admit that the other side frequently goes in-frickin'-sane and calls even non-scraped, individually addressed mail to a single person spam. We shouldn't listen to them any more than we should listen to the marketer calling back the four time in a week to sell my father life insurance - after he had passed away. Suggestion: Put tagged addresses and, if possible, phone numbers in your ARIN whois and other public records. When someone emails that address or calls that number, make sure you put them on a never buy from list, and they know it. Write them a physical (form) letter, explaining why, and make it public (web page, blog, whatever. If even a small percentage of people did this, many companies would change their practices. _Especially_ Internet companies. -- TTFN, patrick On Jul 26, 2013, at 11:59 , Otis L. Surratt, Jr. o...@ocosa.com wrote: -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote: From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. The fact you take some cold callers up on offers means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database. But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW) I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe. IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming? The folks that received the porn calls my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 12:54 , Alex Rubenstein a...@corp.nac.net wrote: Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy? I do. Only 'cause you singled out Android, as if Apple, Blackberry, etc. wouldn't do this too. -- TTFN, patrick
Re: Friday Hosing
On Jul 12, 2013, at 19:22 , Nick Khamis sym...@gmail.com wrote: Set up your own email server, host your own web pages, maintain your own cloud, breath your own oxygen FTW. That's simply not realistic for many companies and essentially all people (to a first approximation). -- TTFN, patrick
Re: Friday Hosing
Composed on a virtual keyboard, please forgive typos. On Jul 12, 2013, at 13:25, na...@namor.ca wrote: On Fri, 12 Jul 2013, Alain Hebert wrote: Is it me or the bigger a corporation gets the more vindictive (a b-word intended) they are to customers leaving them? Never attribute to malice that which is adequately explained by stupidity. I prefer Heinlein's version: Never attribute to malice that which can be adequately explained by stupidity, but don't rule out malice. And, of course the corollary that any sufficiently advanced stupidity is indistinguishable from malice. Put another way, whether it was stupid or evil, the results are the same. Turning off a customer in good standing is actionable in court, and should be avoided by legitimate businesses at nearly all costs. Not correcting the error (should it happen) when notified goes from oops to evil, whether intentional or not. And yes, I've probably worked for a corporation that has done this at least once over the years. (I did work for a telco for a while. :-) Doesn't mean I can't think it was evil of us and work to stop it from ever happening again. -- TTFN, patrick
Re: Friday Hosing
On Jul 12, 2013, at 13:44 , Bryan Fields br...@bryanfields.net wrote: On 7/12/13 1:39 PM, Patrick W. Gilmore wrote: Put another way, whether it was stupid or evil, the results are the same. Turning off a customer in good standing is actionable in court, and should be avoided by legitimate businesses at nearly all costs. You can void a contract at any time so long as you're willing to accept the result. Hence the actionable in court phrase. I've seen people have their service cut off and a carrier keep their equipment. Sure they will get it back, but is it worth spending 100k fighting them in court for three years? Every business makes tough decisions. For instance, judging the risk/reward ratio of getting, for instance, loss of use fees, legal fees, etc., out of an opponent in a court case. Either way, I'm interested in hearing when a company does these bad things so I can add that into the decision when considering that company. (To be clear, one person saying they cut me off without warning does not automatically mean I would never do business with a company. There's always another side. But I still like to collect the info when possible.) In this case, the OP didn't mention which company it was, other than monopole. -- TTFN, patrick
Re: /25's prefixes announced into global routing table?
On Jun 22, 2013, at 16:16 , Grzegorz Janoszka grzeg...@janoszka.pl wrote: On 22-06-13 17:30, Owen DeLong wrote: Looking at the number of autonomous systems in the IPv6 routing table and the total number of routes, it looks like it will shake out somewhere in the neighborhood of 3-5 prefixes/ASN. Since there are ~35,000 unique ASNs in the IPv4 table, I figured simple multiplication provided as good an estimate as any at this early time. Deaggregating of IPv4 announcements is done for traffic engineering and to fight ddoses (just the attacked /24 stops being announced to internet). I think some people will just copy their v4 habits into v6 and then we might have explosion of /48's. I wouldn't be so sure about just 3-5 prefixes/ASN. Not that many people are de-aggregating in anticipation of the DDoS. Temporary de-agg during DDoS is not relevant to discussions on global table sizes. -- TTFN, patrick
Re: /25's prefixes announced into global routing table?
On Jun 24, 2013, at 13:29 , Paul Rolland (ポール・ロラン) r...@witbe.net wrote: On Fri, 21 Jun 2013 13:56:02 -0600 Michael McConnell mich...@winkstreaming.com wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? Well, /25 are already in the routing table. I can even find a few /26 !! rtr-01.PAR#sh ip b | i /26 *i193.41.227.128/26 *i193.41.227.192/26 *i194.149.243.64/26 The question was when will we see /25s in the GLOBAL routing table. Despite the very un-well defined definition for global routing table, I'm going to assuming something similar to the DFZ, or the set of prefixes which is seen in all (most of?) the transit-free networks[*]. Given that definition, there are exactly zero /25s in the GRT (DFZ). And unlikely to be for a while. Whether a while is next 12 months or several years is something I am very specifically choosing not to answer. -- TTFN, patrick [*] Don't you hate the term tier one these days? It doesn't mean what it used to mean (i.e. _settlement free_ peering with all other tier one networks). And given that there are non-transit-free networks with more [traffic|revenue|customers|$WHATEVER] than some transit free networks, I prefer to not use the term. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Need help in flushing DNS
On Jun 20, 2013, at 01:30 , Grant Ridder shortdudey...@gmail.com wrote: Yelp is evidently also affected Not from here. If the NS or www points to 204.11.56.0/24 for a production domain/hostname, that's bad. Yelp seems to be resolving normally for me. -- TTFN, patrick On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote: Reaching out to DNS operators around the globe. Linkedin.com has had some issues with DNS and would like DNS operators to flush their DNS. If you see www.linkedin.com resolving NS to ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. Any other info please reach out to me off-list. While you're at it, www.usps.com, www.fidelity.com, and other well known sites have had DNS poisoning problems. When I restarted my cache, they look OK.
Re: Multihop eBGP peering or VPN based eBGP peering
On Jun 17, 2013, at 00:36 , Otis L. Surratt, Jr. o...@ocosa.com wrote: Any idea why more companies don't offer eBGP peering / multi hop peering? Its very common for providers to offer single or double hop peering, so why not 5 or 10 hops? In many cases people find it logical to perform single or double hop peering, why is peering any greater always frowned upon. I understand the logic that you can't control the path beyond a point, however I still see numerous advantages. The norm has always been if you are peering with someone you have router in the location you are peering. Thus, direct connection!!! But I've seen folks do what you are describing but in terms of their own networks thru use of GRE Tunnels. The main point of peering is having better connectivity and dropping traffic directly or closest to its destination. First, inside your own network is not eBGP. iBGP has no hop limitation (well, 255). If you have you seen someone do eBGP inside their own network, they were actually doing it between two separate networks they owned. If you saw someone do eBGP over a GRE tunnel, that is a direct connection, not multi-hop. [Cue discussion from last week about multiple islands in the same ASN.] One obvious advantages one is, imagine you east coast data centre and you had a eBGP peering session with a west coast router, you'd be able to control ingress via the west coast. (aka routing around an region outage that is effecting ingress) For example during the last hurricane around New Jersey, numerous tier 1's were down towards the atlantic and every peer for the atlantic was effected. One could have just made the ingress via the west coast the logical route. I do see this advantage being an obvious workable logical one. However, large providers typically have their own network (layers 1-3) coast to coast if were talking USA. But in the case of the hurricane situation many were without power so you can have a router west coast and announce from that router but how will you get traffic back to east coast if that's your data center? You see you can have routers all over but if your data center (CDN) is without power you are done. I do not see an advantage here. You are on the east coast and you want to re-direct traffic to the west coast, so you announce a prefix to a west coast router and ask it to propagate that prefix to its peers. How do you guarantee that router has a route back to the east coast for that prefix? Remember, a prefix announcement is a promise to deliver traffic to that prefix. You are suggesting asking a router to make a promise when that router has no guarantee of reachability. In your hurricane example, perhaps the west coast router reaches that prefix through one of the down east coast routers? Now you have blackholed that prefix when a router in, say, Chicago or Dallas would have announced it properly and had reachability. If you want to control where a prefix ingresses another network, first you need a transit relationship with that network. Most modern transit networks have community-based signaling, allowing you to do what you suggest and more (e.g. prepend to peer $X or do not announce to peer $Y). -- TTFN, patrick
Re: huawei
On Jun 13, 2013, at 12:18 , Nick Khamis sym...@gmail.com wrote: A local clec here in Canada just teamed up with this company to provide cell service to the north: http://cwta.ca/blog/2012/09/24/ice-wireless-iristel-and-huawei-partner-for-3g-wireless-network-in-northern-canada/ Scary Why? Do you think Huawei has a magic ability to transmit data without you noticing? If you don't want to use Hauwei because they stole code or did other nasty things, I'm right there with you. If you believe a router can somehow magically duplicate info and transport it back to China (ignoring CT/CU's inability to have congestion free links), I think you are confused. -- TTFN, patrick
Re: huawei
On Jun 13, 2013, at 12:28 , Avi Freedman a...@freedman.net wrote: I disagree. There have already been lab demos of sfps that could inject frames and APTs are pretty advanced, sinister, and can be hard to detect now. I'm not suggesting Huawei is or isn't enabling badness globally but I think it would be technically feasible. I am assuming a not-Hauwei-only network. The idea that a router could send things through other routers without someone who is looking for it noticing is ludicrous. Of course, most people aren't paying attention, a few extra frames wouldn't be noticed most likely. But if you are worried about it, you should be looking. Also, I find it difficult to believe Hauwei has the ability to do DPI or something inside their box and still route at reasonable speeds is a bit silly. Perhaps they only duplicate packets based on source/dest IP address or something that is magically messaged from the mother ship, but I am dubious. It should be trivial to prove to yourself the box is, or is not, doing something evil if you actually try. -- TTFN, patrick --Original Message-- From: Patrick W. Gilmore To: NANOG list Subject: Re: huawei Sent: Jun 13, 2013 12:22 PM On Jun 13, 2013, at 12:18 , Nick Khamis sym...@gmail.com wrote: A local clec here in Canada just teamed up with this company to provide cell service to the north: http://cwta.ca/blog/2012/09/24/ice-wireless-iristel-and-huawei-partner-for-3g-wireless-network-in-northern-canada/ Scary Why? Do you think Huawei has a magic ability to transmit data without you noticing? If you don't want to use Hauwei because they stole code or did other nasty things, I'm right there with you. If you believe a router can somehow magically duplicate info and transport it back to China (ignoring CT/CU's inability to have congestion free links), I think you are confused. -- TTFN, patrick
Re: Single AS multiple Dirverse Providers
however, providers a/b at site1 do not send us the two /24s from site b.. This is probably incorrect. The providers are almost certainly sending you the prefixes, but your router is dropping them due to loop detection. To answer your later question, this is the definition of 'standard' as it is written into the RFC. Use the allow-as-in style command posted later in this thread to fix your router. -- TTFN, patrick On Jun 10, 2013, at 12:36 , Dennis Burgess dmburg...@linktechs.net wrote: I have a network that has three peers, two are at one site and the third is geographically diverse, and there is NO connection between the two separate networks. Currently we are announcing several /24s out one network and other /24s out the second network, they do not overlap. To the internet this works fine, however, providers a/b at site1 do not send us the two /24s from site b.. We have requested them to, but have not seen them come in, nor do we have any filters that would prohibit them from coming in. Is this normal? Can we receive those routes even though they are from our own AS? What is the best practice in this case? Dennis Burgess, Mikrotik Certified Trainer Author of Learn RouterOS- Second Edition http://www.wlan1.com/product_p/mikrotik%20book-2.htm Link Technologies, Inc -- Mikrotik WISP Support Services Office: 314-735-0270 tel:314-735-0270 Website: http://www.linktechs.net http://www.linktechs.net/ - Skype: linktechs skype:linktechs?call -- Create Wireless Coverage's with www.towercoverage.com http://www.towercoverage.com/ - 900Mhz - LTE - 3G - 3.65 - TV Whitespace
Re: Single AS multiple Dirverse Providers
On Jun 10, 2013, at 12:54 , Joe Provo nanog-p...@rsuc.gweep.net wrote: On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote: I have a network that has three peers, two are at one site and the third is geographically diverse, and there is NO connection between the two separate networks. So, you have two islands? Technically, that would be separate ASNs as they are separatre routing policies, but the modern world has adapted. Should we change the rules? I know with 64-bit ASNs mean it is tough to run out of ASNs, but not sure we really want each island to be its own AS going forward. Comments from the peanut gallery? -- TTFN, patrick Currently we are announcing several /24s out one network and other /24s out the second network, they do not overlap. To the internet this works fine, however, providers a/b at site1 do not send us the two /24s from site b.. We have requested them to, but have not seen them come in, nor do we have any filters that would prohibit them from coming in. Is this normal? Can we receive those routes even though they are from our own AS? What is the best practice in this case? To prevent loops in the global Internet the BGP specification dictates this behavior, and has in all versions. Depending on your platform and theirs, you will all need to turn several knobs before you are allowed to break these rules. I would recommend that you gain more than passing familiarity with why the protocol is built this way, how it affects your use case, and what concerns you might have WRT your providers before you change the behavior for your case. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NANOG
Re: Single AS multiple Dirverse Providers
On Jun 10, 2013, at 13:36 , Bruce Pinsky b...@whack.org wrote: Patrick W. Gilmore wrote: however, providers a/b at site1 do not send us the two /24s from site b.. This is probably incorrect. The providers are almost certainly sending you the prefixes, but your router is dropping them due to loop detection. To answer your later question, this is the definition of 'standard' as it is written into the RFC. Use the allow-as-in style command posted later in this thread to fix your router. Or maintain standard behavior by running a GRE tunnel between the two discontinuous sites and run iBGP over the tunnel. Standard how? I don't remember any such standard, but always willing to be educated. Also, as someone who helps run 2500 non-connected sites, I can't begin to imagine the mess of GRE that would require. (OK, not all are in the same ASN, but I like hyperbole. :) -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Single AS multiple Dirverse Providers
On Jun 10, 2013, at 14:07 , Bruce Pinsky b...@whack.org wrote: Patrick W. Gilmore wrote: On Jun 10, 2013, at 13:36 , Bruce Pinsky b...@whack.org wrote: Or maintain standard behavior by running a GRE tunnel between the two discontinuous sites and run iBGP over the tunnel. Standard how? I don't remember any such standard, but always willing to be educated. Also, as someone who helps run 2500 non-connected sites, I can't begin to imagine the mess of GRE that would require. (OK, not all are in the same ASN, but I like hyperbole. :) Standard in the sense of continuing to reject duplicate ASN in the AS path and not using a BGP knob to allow unnatural behavior. Natural is a funny word here. The reason you think it is natural is that's the way it has always been done. It's not a law or nature or something ghod has wrought. It is essentially a tribal tradition. cue Topol singing Tradition is useful, but not a reason in-and-of itself, especially in the face of reasons to break tradition. I think having 100s of 1000s of discontiguous locations is a pretty good reason. If the networks he wishes to advertise for those sites are considered in the same ASN, there should be continuity between those sites, either physical or virtual. I disagree. There are times it is simply not realistic to expect continuity. The alternative is to expect networks with 100s or 1000s of locations to burn 100s or 1000s of ASNs. Which I think is a bit silly. Hence my question about possibly changing the rules. NB: I fully admit I am biased in this. But that doesn't mean I'm wrong. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Single AS multiple Dirverse Providers
On Jun 10, 2013, at 14:14 , Joe Provo nanog-p...@rsuc.gweep.net wrote: On Mon, Jun 10, 2013 at 01:18:04PM -0400, Patrick W. Gilmore wrote: On Jun 10, 2013, at 12:54 , Joe Provo nanog-p...@rsuc.gweep.net wrote: On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote: I have a network that has three peers, two are at one site and the third is geographically diverse, and there is NO connection between the two separate networks. So, you have two islands? Technically, that would be separate ASNs as they are separatre routing policies, but the modern world has adapted. Should we change the rules? I know with 64-bit ASNs mean it is tough to run out of ASNs, but not sure we really want each island to be its own AS going forward. Comments from the peanut gallery? I missed your proposal for loop detection to replace the current behavior in the above text. Was it compressed? Was not compressed. Don't want to take out loop detection in general. If you are running an island, it is up to you to ensure that island is specifically configured. This makes it no different than lots of other weird things on the 'Net. (I put weird in quotes because weird implies out of the ordinary, but there are probably more weird things than normal things these days.) I will admit that it is Not Hard for people who know what they're doing to operate well outside default and standard behavior. That's why I merely recommended that the questioner educate themselves as to the whys and wherefore before just turning knobs. I would submit that not knowing loop detection is a default and valuable feature might indicate the person should understand why and how it affects them. I don't have the hubris to believe that I understand his business needs, nor edge conditions/failure modes where a different solution might be needed. All good points. Is it enough to keep the standard? Or should the standard have a specific carve out, e.g. for stub networks only, not allowing islands to provide transit. Just a straw man. Or we can keep it like it is today, non-standard and let people who know what they are doing violate it at their own peril. The problem with the latter is some ISPs point to standards as if there is no other possible way to do things. Which makes it difficult to be someone who knowingly violates a standard. Anyway, just wondering how others felt. -- TTFN, patrick
Re: Single AS multiple Dirverse Providers
On Jun 10, 2013, at 15:23 , Job Snijders job.snijd...@atrato.com wrote: The alternative is to expect networks with 100s or 1000s of locations to burn 100s or 1000s of ASNs. Which I think is a bit silly. Hence my question about possibly changing the rules. I see no issue with that, we have an ASN pool of roughly 4294967280 ASNs. There is no shortage. Also BCP6 section 5 [1] would support the philosophy to just get more ASNs when you need to manage multiple islands. Ever tried to get a single peer set up sessions in 50+ places with 50+ ASNs? Neither have I. Nor do I plan to try any time soon. Anyway, looks like the comments lean towards leave it as it is, and some people will knowingly violate the rules, as has been done since the Internet began. -- TTFN, patrick
whoami.akamai.net
As the whoami.akamai.net hostname came up on the list, I thought I'd mention it here. The hostname 'whoami.akamai.com' is a CNAME for whoami.akamai.net. That CNAME is, frankly, a mistake. It will be removed soon. If you are using the .com name, please move to the .net name. -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Variety, On The Media, don't understand the Internet
On May 14, 2013, at 13:06 , Jay Ashworth j...@baylink.com wrote: Or I don't. Which is not completely impossible. In this piece: http://variety.com/2013/digital/news/netflix-puts-even-more-strain-on-the-internet-1200480561/ they suggest that Akamai and other ISP-side caching is either not affecting these numbers and their pertinence to the backbone at all, or not much. Did they miss something? or did I? I don't see the word backbone in there, other than in the comments. Your DSL line is part of the Internet, and doing more traffic puts more strain (FSVO strain) on that link, even if the server is colocated with the cable head end. So I don't see the problem here. But then, maybe I'm the one who is confused? :) -- TTFN, patrick
Re: Variety, On The Media, don't understand the Internet
On May 14, 2013, at 15:53 , Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 13-05-14 13:06, Jay Ashworth wrote: http://variety.com/2013/digital/news/netflix-puts-even-more-strain-on-the-internet-1200480561/ they suggest that Akamai and other ISP-side caching is either not affecting these numbers and their pertinence to the backbone at all, or not much. This is from a Sandvine press release. Sandvine measures traffic at the last mile, so it doesn't really know whether a Netflix stream is coming from a local caching server within the carrier's LAN, from a caching server that is peering with the carrier, or via the real internet. In the case of a large ISP with a Netflix cache server accessible locally, (either in-house, or via peering at a local carrier hotel), the traffic doesn't really travel on the internet. Since when is peering not part of the Internet? Since when is even on-net caches not part of the Internet? I always thought if I am on the Internet, anything I ping is on the Internet. (I am intentionally ignoring things like split tunnel VPN nodes.) Perhaps you think of the Internet as the tier ones or something? But for smaller ISPs, the traffic will travel on the internet between the nearest cache server and their facilities. I guess you assume smaller ISPs don't peer? Unfortunately, reality disagrees with you, 100s if not 1000s of times. Still confused about this whole notion, though. Perhaps you can clarify? Because of caching, the load on the actual internet won't increase as much as the amoount streamed onto last mile infrastructure. Uh I give up. -- TTFN, patrick
Re: Variety, On The Media, don't understand the Internet
On May 14, 2013, at 21:14 , Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 13-05-14 20:55, Patrick W. Gilmore wrote: Since when is peering not part of the Internet? Yes, one car argue that an device with an IP address routable from the internet is part of the internet. Can argue? How would you define the Internet? But when traffic from a cahe server flows directly into an ISP's intranet to end users, it doesn't really make use of the Internet nor does it cost the ISP transit capacity. Transit capacity != Internet. Plus you said even peering wasn't the Internet. Compare this to a small ISP in a city where there are no cache servers. Reaching netfix involves using paid transit to reach the nearest point where Netflix has a cache server. So traffic truly travels on the internet. Truly? You have interesting definitions. I think you are trying to say small ISPs have to pay to access $CONTENT, big ones do not. This is objectively false-to-fact. If you are trying to say scale makes some things easier, then I'm sure most people would agree. But trying to define the Internet as transit capacity, or saying small ISPs can't peer, or anything of the sort is silly. -- TTFN, patrick
whoami.akamai.net [was: Google Public DNS Problems?]
On May 02, 2013, at 12:12 , Joe Abley jab...@hopcount.ca wrote: On 2013-05-02, at 12:10, Joe Abley jab...@hopcount.ca wrote: On 2013-05-02, at 11:59, Charles Gucker cguc...@onesc.net wrote: That's not entirely true.You can easily do lookup for whoami.akamai.net and it will return the unicast address for the node in question (provided the local resolver is able to do the resolution).This is a frequent lookup that I do when I don't know what actual anycast node I'm using. Using 8.8.8.8 to tell me about whoami.akamai.net tells me what Akamai authoritative server Google last used to answer that query. Oh, now that I poke at it, it seems like whoami.akamai.net is telling me about the address of the resolver I used, rather than the address of the akamai node I hit. Never mind, I understand now :-) For clarity: Looking up the hostname whoami.akamai.net will return the IP address in the source field of the packet (DNS query) which reached the authoritative name server for Akamai.net. We use this to look for forwarding or proxying, which is frequently unknown / invisible to the end user. It has the side-effect that querying against an anycast server (e.g. 208.67.222.222 or 8.8.8.8) will show the unicast address of the anycast node which forwarded to our servers. In case anyone is wondering, we do not do any special logging or watching of this hostname. It is logged for a short time on the local hard drive the same as any other DNS query, but unless someone actually looks, we will not notice if you query for it. So feel free to use it for your own purposes as much as you like. We have a bit of spare DNS capacity. :) -- TTFN, patrick
Re: whoami.akamai.net [was: Google Public DNS Problems?]
On May 02, 2013, at 14:42 , Constantine A. Murenin muren...@gmail.com wrote: On 2 May 2013 11:12, Patrick W. Gilmore patr...@ianai.net wrote: For clarity: Looking up the hostname whoami.akamai.net will return the IP address in the source field of the packet (DNS query) which reached the authoritative name server for Akamai.net. We use this to look for forwarding or proxying, which is frequently unknown / invisible to the end user. It has the side-effect that querying against an anycast server (e.g. 208.67.222.222 or 8.8.8.8) will show the unicast address of the anycast node which forwarded to our servers. In case anyone is wondering, we do not do any special logging or watching of this hostname. It is logged for a short time on the local hard drive the same as any other DNS query, but unless someone actually looks, we will not notice if you query for it. So feel free to use it for your own purposes as much as you like. We have a bit of spare DNS capacity. :) No IPv6 at akamai.net, huh? :p No, sorry. We're working on it. Of course, v6 is available on most other Akamai products. And if someone wants to pay us for v6 on whomai. :) -- TTFN, patrick Cns# host whoami.akamai.net whoami.akamai.net has address 216.66.80.30 Cns# host 216.66.80.30 30.80.66.216.in-addr.arpa domain name pointer tserv1.fra1.he.net. Cns# Does anyone run a DNS whoami that's IPv6-ready? C.
Re: Tier1 blackholing policy?
On Apr 30, 2013, at 11:07 , Chris Boyd cb...@gizmopartners.com wrote: On Tue, 2013-04-30 at 10:59 -0400, ML wrote: 1) Do nothing - They're supposed deliver any and all bits (Disregarding a DoS or similiar situation which impedes said network) 2) Prefix filter - Don't be a party (at least in one direction) to the bad actors traffic. 3 - Deliver all packets unless I've signed up for an enhanced security offering? While I like that plan, there are a LOT more people who will scream about not being protected than those who will bitch they can't get to a phishing site. Since networks are for-profit companies, they'll lower their costs (e.g. support calls), as long as it lowers their cost more than the cost of losing a customer or two (and let's be honest, that is about all they _might_ lose) who are religious about the whole transit means everywhere thing. -- TTFN, patrick
Re: Tier1 blackholing policy?
On Apr 30, 2013, at 11:23 , Thomas Schmid sch...@dfn.de wrote: On 30.04.2013 17:07, Chris Boyd wrote: On Tue, 2013-04-30 at 10:59 -0400, ML wrote: 1) Do nothing - They're supposed deliver any and all bits (Disregarding a DoS or similiar situation which impedes said network) 2) Prefix filter - Don't be a party (at least in one direction) to the bad actors traffic. 3 - Deliver all packets unless I've signed up for an enhanced security offering? right - I see this really as something that should be decided at the edge of the internet (Tier2+) and not in the core. Core? Seriously? Which of these statements are true: A) Is it impossible for an end user or business (i.e. non-ISP) to get a direct connection to a Tier 1 (whatever the hell that means) provider. B) Most traffic on the Internet traverses Tier 1s today. C) A Tier 1 has a different profit motive than a Tier 2 (whatever the hell that means) providers. D) All Tier 1 providers are larger than all Tier 2 providers. We'll just skip over the E) all of the above. -- TTFN, patrick P.S. Hint: If you answered A, B, C, or D, you aren't paying attention.
Re: Tier1 blackholing policy?
Composed on a virtual keyboard, please forgive typos. On Apr 30, 2013, at 12:32, Thomas Schmid sch...@dfn.de wrote: Am 30.04.2013 17:53, schrieb Patrick W. Gilmore: Core? Seriously? Which of these statements are true: A) Is it impossible for an end user or business (i.e. non-ISP) to get a direct connection to a Tier 1 (whatever the hell that means) provider. B) Most traffic on the Internet traverses Tier 1s today. C) A Tier 1 has a different profit motive than a Tier 2 (whatever the hell that means) providers. D) All Tier 1 providers are larger than all Tier 2 providers. We'll just skip over the E) all of the above. agree - I oversimplified, but I think you got the idea ... No, I did not get the point. I am not trolling. I just do not understand what you meant. Probably because there is no core, so your statement did not make sense. -- TTFN, patrick
Re: IPv6 and HTTPS
On Apr 26, 2013, at 00:19 , joel jaeggli joe...@bogus.com wrote: On 4/25/13 6:24 PM, Jay Ashworth wrote: Ok, here's a stupid question[1], which I'd know the answer to if I ran bigger networks: Does anyone know how much IPv4 space is allocated *specifically* to cater to the fact that HTTPS requires a dedicated IP per DNS name? It doesn't, or doesn't if if your clients are not stuck in the past. TLS SNI has existed for a rather long time. Is that a statistically significant percentage of all the IPs in use? Wasn't there something going on to make HTTPS IP muxable? How's that coming? there are stuborn legacy hosts. How fast could it be deployed? you can use it now. Sure, you can. But no one will. No one (especially someone doing SSL content) wants 99% connectivity. And there's a lot more than 1% XP out there. (Hrm, that explanation works to explain why to a couple decimal places 0% of the Internet is on v6 only today.) -- TTFN, patrick
Re: Open Resolver Problems
On Apr 01, 2013, at 11:55 , Milt Aitken m...@net2atlanta.com wrote: Most of our DSL customers have modem/routers that resolve DNS externally. And most of those have no configuration option to stop it. So, we took the unfortunate step of ACL blocking DNS requests to from the DSL network unless the requests are to our DNS servers. Suboptimal, but it stopped the DNS amplification attacks. I was going to suggest exactly this. Don't most broadband networks have a line in their AUP about running servers? Wouldn't a DNS server count as 'a server'? Then wouldn't running one violate the AUP? This gives the provider a hammer to hit the user over the head. Although that is quite unlikely, so the better point is that it also gives the provider cover in case some user complains about the provider filtering. You can always make an exception if the user is extremely loud. -- TTFN, patrick -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Monday, April 01, 2013 11:51 AM To: Chris Boyd Cc: nanog@nanog.org Subject: Re: Open Resolver Problems On Mon, 1 Apr 2013, Chris Boyd wrote: Just back to the office, and started checking my networks. Found one of the resolvers is a Netgear SOHO NAT box. EoL'd, no new firmware available. Anyone have any feeling for what percentage are these types of boxes? If you buy type of box mean small SOHO NAT router which does DNS resolving on the WAN interface then I'd say a lot. Someone does a rollout of new software and configuration and happens to mess up the config file (or the vendor just happens to enable global dns resolving in the new software) and this slips through testing, then you're there. I believe this happens all the time. That's why the publication of these lists are important, in a lot of cases there are a lot of people who are simply not aware of these devices doing this, and they need to be poked to notice. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Open Resolver Problems
On Apr 01, 2013, at 12:09 , Dobbins, Roland rdobb...@arbor.net wrote: On Apr 1, 2013, at 11:03 PM, Patrick W. Gilmore wrote: You can always make an exception if the user is extremely loud. It might be a good idea to make pinholes for the Google and OpenDNS recursors, as they're fairly popular. I agree that this is a good idea, similar to the same sort of network access policy as relates to SMTP. Ahhh, silly of me, I read the post form Milt too quickly. I was going to suggest queries _into_ the broadband user space, not out of. If you only block into, OpenDNS, GoogleDNS, etc. are not an issue. Blocking could be done with DPI. It can also be done by blocking UDP port 53. (Don't need to block TCP53 since that removes the amplification problem.) However, there are some (idiotic) name servers that do 5353. Not sure how to handle those, or more importantly, how many broadband customers legitimately use an off-net _and_ brain-dead name server? And even if they do, will they fall back to TCP? Of course, since users shouldn't be using off-net name servers anyway, this isn't really a problem! :) -- TTFN, patrick
Re: Open Resolver Problems
Composed on a virtual keyboard, please forgive typos. On Mar 26, 2013, at 18:27, Dobbins, Roland rdobb...@arbor.net wrote: On Mar 26, 2013, at 3:13 PM, Nick Hilliard wrote: The whole point of this thread is that dns amplification hurts other people, not the resolver which is being abused. Actually, it often hurts the resolver(s) being abused, as well, leading to availability problems for those who legitimately need the recursive service in question. On more than one occasion, the operator of an open resolver being used to amplify an attack at our network has called / emailed asking us to stop abusing them. It seems the query rate we were sending them was crippling their servers. Sometimes they threaten to filter us. How thoughtful of them! Reminds me of: Yer h4x0ring me on port 80!!1!1!!1 -- TTFN, patrick
Re: Open Resolver Problems
On Mar 26, 2013, at 08:01 , Dobbins, Roland rdobb...@arbor.net wrote: On Mar 26, 2013, at 6:50 PM, Jamie Bowden wrote: let's suppose I just happen to have, or have access to, a botnet comprised of (tens of) millions of random hosts all over the internet, and I feel like destroying your DNS servers via DDoS; DNS reflection/amplification attacks aren't intended as attacks against the DNS, per se; they're intended to crush any/all targeted servers and/or fill transit pipes. To be more clear, the point of DNS reflection attacks is to amplify the amount of bandwidth the botnet can muster (and perhaps hide the true source). If you have 10s of millions of bots, you don't need to amplify. You can crush any single IP address on the 'Net. Same for SNMP and ntp reflection attacks. And far too many other things. :( -- TTFN, patrick
Re: Open Resolver Problems
On Mar 26, 2013, at 10:38 , Jay Ashworth j...@baylink.com wrote: From: Jared Mauch ja...@puck.nether.net b) locking down your recursive servers to networks you control Sure. But OpenDNS, Google, and the other providers of recursive servers for edge cases can't do that anymore? I wish people would stop bring that up. I guarantee I see at least as many reflection attack as anyone out there. I have not _once_ called/emailed Open, Google, Dyn, Ultra, or any other professional DNS provider asking them to stop amplifying attacks to us. If you can run a server as competently as they can, then no one will complain. For the other 99.% of you, LOCK THAT SHIT DOWN. -- TTFN, patrick
Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?
On Mar 05, 2013, at 13:41 , Cameron Byrne cb.li...@gmail.com wrote: In-line Isn't every reply? (Well, every reply worth reading.) On Tue, Mar 5, 2013 at 9:55 AM, Mukom Akong T. mukom.ta...@gmail.com wrote: Dear experts, I've found myself thinking about what ground an engineer needs to cover in order to convince the executives to approve and commit to an IPv6 Deployment project. Why not just have them read their own SEC filings. Nearly every company has something to the effect of this in their 10K: The potential exhaustion of the supply of unallocated IPv4 addresses and the inability of $COMPANY and other Internet users to successfully transition to IPv6 could harm our operations and the functioning of the Internet as a whole. No company would lie to the SEC, would it? -- TTFN, patrick I think such a presentation (15 slides max in 45 minutes) should cover the following aspects: a) Set the strategic context: how your organisation derives value from IP networks and the Internet. b) Overview of the problem: IPv4 exhaustion c) Implications of IPv4 Exhaustion to your organization’s business model. d) Introduction of IPv6 as a solution to IPv4 exhaustion. e) Understanding the risks involved. f) How much will deploying IPv6 will cost. g) Call to action. I've detailed my thinking into each of these items at How to ‘Sell’ IPv6 to Executive Management – Guidance for Engineershttp://techxcellence.net/2013/03/05/v6-business-case-for-engineers/ My question and this is where I'd appreciate some input: a) To all you engineers out there who have convinced managers - what else did you have to address? One of the most important things i see not being stressed enough is that IPv6 is frequently free or a low-cost incremental upgrade. So, when calculating ROI / NPV, the hurdle can be very low such that the cash in-flow / cost savings is not a huge factor since the required investment is close to nil. This is not always the case, some legacy stuff won't work on ipv6 without investment. But, as a plug to all you folks who work at companies that use a CDN, please ask your CDN to turn IPv6 on for your website. This is top-of-mind for me since i just pushed my www folks on this issue Here's some relevant pointers for the CDN folks, in many cases its just a matter of clicking a button in the management portal: Akamai http://www.akamai.com/ipv6 Edgecast http://www.edgecast.com/ipv6/ Cloudflare https://www.cloudflare.com/ipv6 Amazon http://aws.amazon.com/about-aws/whats-new/2011/05/24/elb-ipv6-zoneapex-securitygroups/ Softlayer http://www.softlayer.com/about/network/ipv6 b) To you who are managers, what else do you need your engineers to address in order for you to be convinced? Regards. As always, all opinions expressed are mine and do not necessarily represent the views of my employers, past or present. -- Mukom Akong T. http://about.me/perfexcellence | twitter: @perfexcellent -- “When you work, you are the FLUTE through whose lungs the whispering of the hours turns to MUSIC - Kahlil Gibran --- -- Mukom Akong T. http://about.me/perfexcellence | twitter: @perfexcellent -- “When you work, you are the FLUTE through whose lungs the whispering of the hours turns to MUSIC - Kahlil Gibran ---
Re: Cloudflare is down
On Mar 04, 2013, at 09:51 , Leo Bicknell bickn...@ufp.org wrote: Any competent network admin would have stopped and questioned a 90,000+ byte packet and done more investigation. Competent programmers writing their internal tools would have flagged that data as out of rage. The last couple words are the best thing I've read on NANOG in a very long time. :) -- TTFN, patrick signature.asc Description: Message signed with OpenPGP using GPGMail
Re: The 100 Gbit/s problem in your network
On Feb 12, 2013, at 01:06 , Doug Barton do...@dougbarton.us wrote: On 02/11/2013 03:52 PM, Patrick W. Gilmore wrote: One of us has a different dictionary than everyone else. I'm not sure it's different dictionaries, I think you're talking past each other. No, it's definitely different dictionaries. I am purposely staying out of the whole multicast vs. CDN vs. set-top caching vs. $RANDOM_TECHNOLOGY thing. I was concentrating sole on one point - that the long tail is _by definition_ a tiny fraction of total demand (Stephen's emphasis). The long tail might be a fraction, or it might be a majority of the traffic. Depends on the use case. Important to remember this discussing the pros cons of each protocol / approach. As for the rest, time will tell. But it's fun to watch the discussion, especially by people who have never attempted any of what they are espousing. :) Hey, sometimes that's where the best ideas come up - people who don't know what is impossible are not constrained! -- TTFN, patrick Video on demand and broadcast are 2 totally different animals. For VOD, multicast is not a good fit, clearly. But for broadcast, it has a lot of potential. Most of the issues with people wanting to pause, rewind, etc. are already handled by modern DVRs, even with live programming. What I haven't seen yet in this discussion (and sorry if I've missed it) is the fact that every evening every broadcast network sends out hour after hour of what are essentially live broadcasts, in the sense that they were not available on demand before they were aired on TV that night. In addition to live broadcasts, this nightly programming is ideal for multicast, especially since nowadays most of that programming is viewed off the DVR at another time anyway. So filling up that DVR (or even watching it live) could happen over multicast just as well as it could happen over unicast. But more importantly, what's missing from this conversation is that the broadcast networks, the existing cable/satellite/etc. providers, and everyone else who has a multi-billion dollar vested interest in the way that the business is structured now would fight this tooth and nail. So we can engineer all the awesome solutions we want, they are overwhelmingly unlikely to actually happen. Doug
Re: The 100 Gbit/s problem in your network
On Feb 11, 2013, at 14:11 , Stephen Sprunk step...@sprunk.org wrote: On 11-Feb-13 12:25, Mark Radabaugh wrote: On 2/11/13 9:32 AM, ML wrote: Any eyeball network that wants to support multicast should peer with the content players(s) that support it. Simple! Just another reason to make the transit only networks even more irrelevant. The big issue is that the customers don't want to watch simulcast content. The odds of having two customers in a reasonably sized multicast domain watching the same netflix movie at exactly the same time frame in the movie is slim. Customers want to watch on time frames of their own choosing. I don't see multicast helping at all in dealing with the situation. Multicast _is_ useful for filling the millions of DVRs out there with broadcast programs and for live events (eg. sports). A smart VOD system would have my DVR download the entire program from a local cache--and then play it locally as with anything else I watch. Those caches could be populated by multicast as well, at least for popular content. The long tail would still require some level of unicast distribution, but that is _by definition_ a tiny fraction of total demand. One of us has a different dictionary than everyone else. Assume I have 10 million movies in my library, and 10 million active users. Further assume there are 10 movies being watched by 100K users each, and 9,999,990 movies which are being watched by 1 user each. Which has more total demand, the 10 popular movies or the long tail? This doesn't mean Netflix or Hulu or iTunes or whatever has the aforementioned demand curve. But it does mean my definition yours do not match. Either way, I challenge you to prove the long tail on one of the serious streaming services is a tiny fraction of total demand. -- TTFN, patrick
Re: The 100 Gbit/s problem in your network
On Feb 11, 2013, at 18:52 , Patrick W. Gilmore patr...@ianai.net wrote: On Feb 11, 2013, at 14:11 , Stephen Sprunk step...@sprunk.org wrote: Multicast _is_ useful for filling the millions of DVRs out there with broadcast programs and for live events (eg. sports). A smart VOD system would have my DVR download the entire program from a local cache--and then play it locally as with anything else I watch. Those caches could be populated by multicast as well, at least for popular content. The long tail would still require some level of unicast distribution, but that is _by definition_ a tiny fraction of total demand. One of us has a different dictionary than everyone else. Assume I have 10 million movies in my library, and 10 million active users. Further assume there are 10 movies being watched by 100K users each, and 9,999,990 movies which are being watched by 1 user each. Obvious typo, supposed to be 8,999,990. Or you can say I have 11 million users. Whichever floats your boat. Hopefully the point is still clear, even in a crowd as pedantic as this. -- TTFN, patrick Which has more total demand, the 10 popular movies or the long tail? This doesn't mean Netflix or Hulu or iTunes or whatever has the aforementioned demand curve. But it does mean my definition yours do not match. Either way, I challenge you to prove the long tail on one of the serious streaming services is a tiny fraction of total demand. -- TTFN, patrick
Re: Global caches
On Feb 04, 2013, at 09:03 , Kyle Camilleri kyle.camill...@melitaplc.com wrote: Some CDN providers such as Akamai and Google (often called Global Google Cache) are offering caches to ISPs. It is very convenient for small ISPs to alleviate bandwidth towards the provider, but also the CDN provider benefits by putting source of data closer to the user resulting in far better performance. Does anybody know of any other CDN providers that offer similar caches? Don't know if you would call them a CDN, but https://signup.netflix.com/openconnect. -- TTFN, patrick
Re: Ddos mitigation service
On Feb 01, 2013, at 10:02 , Paul Stewart p...@paulstewart.org wrote: Akamai (CDN) does scrubbing??? http://www.akamai.com/html/solutions/kona-solutions.html I'm sure there are other things Akamai does in the security sector as well. -- TTFN, patrick -Original Message- From: Pierre Lamy [mailto:pie...@userid.org] Sent: February-01-13 9:58 AM To: matt kelly Cc: nanog@nanog.org Subject: Re: Ddos mitigation service The 3 major scrubbing vendors: Prolexic Verisign Akamai
Re: Netflix transit preference?
On Dec 27, 2012, at 13:19 , randal k na...@data102.com wrote: I work at a datacenter in southern Colorado that is the upstream bandwidth provider for several regional ISPs. We have been investigating our ever-growing bandwidth usage and have found that out of transits (Level3,Cogent,HE) that Netflix always seems to come in via Hurricane Electric. (We move ~1.4gbps to Netflix, and are thus not a candidate for peering. And they have no POP close.) Your statement about peering makes no sense. You are trying to engineer where their traffic comes and yet you refuse to have a direct connection which would give you full control? Weird... I tested this by advertising a /24 across all providers, then selectively removed the advertisement to certain carriers to see where the bandwidth goes. In order, it appears that if there is a HE route, Netflix uses it, period. If there isn't, it prefers Level3, and Cogent comes last. Completely unsurprising. Since Netflix is a big hunk of our bandwidth (and obviously makes our customers happy), we are included to buy some more HE. However, if Netflix decides that they want to randomly switch to, say, Cogent, we may be under a year-long bandwidth contract that isn't particularly valuable anymore. With all of that, I am interested in finding out of any knowledge about Netflix transit preferences, be it inside information, anecdotal, or otherwise. I did email peering@ but haven't heard back, thus the public question. Why don't you ask Netflix? And why not ask them for kit to put on-net? https://signup.netflix.com/openconnect -- TTFN, patrick
Re: Netflix transit preference?
On Dec 27, 2012, at 13:46 , randal k na...@data102.com wrote: Thanks for your prompt response. Yes, we are trying to determine where/how we receive it ... not necessarily influence it, as there isn't so much we can do there as Netflix' egress policy is theirs and theirs alone (interestingly, nobody has communities to influence Netflix' AS2906 traffic). We cannot peer directly with Netflix as their openconnect statement requires 2gbps minimum, and mentions elsewhere that the like 5+. We aren't at 2gbps yet, and we are nowhere near one of their POPs -- it is way cheaper to buy 2-3gbps of cheap transit than it is to buy 2-3gbps of transport from Denver to LA. Ah, I misunderstood. Mea Culpa. I thought you were saying since they only had 1.4 Gbps to you, you wouldn't peer with them. Silly of me. The 2 Gbps is only for PNI, but yeah, I can see how paying to get to LA or Denver may be expensive. Although once you did, you could peer with a lot more than just Netflix. On the other hand, how much is it to get to Atlanta? Looks relatively close (miles-wise, don't know fiber routes in Tennessee). Anyway, while their egress decisions are theirs (as is true of everyone), they probably will be happy to discuss with you - once the holidays are over. -- TTFN, patrick As mentioned, my notes to peer...@netflix.com have gone unanswered for the holidays (not unexpected), so I thought I'd ping the hive mind for some info in the meantime. Cheers, Randal On Thu, Dec 27, 2012 at 11:26 AM, Patrick W. Gilmore patr...@ianai.net wrote: On Dec 27, 2012, at 13:19 , randal k na...@data102.com wrote: I work at a datacenter in southern Colorado that is the upstream bandwidth provider for several regional ISPs. We have been investigating our ever-growing bandwidth usage and have found that out of transits (Level3,Cogent,HE) that Netflix always seems to come in via Hurricane Electric. (We move ~1.4gbps to Netflix, and are thus not a candidate for peering. And they have no POP close.) Your statement about peering makes no sense. You are trying to engineer where their traffic comes and yet you refuse to have a direct connection which would give you full control? Weird... I tested this by advertising a /24 across all providers, then selectively removed the advertisement to certain carriers to see where the bandwidth goes. In order, it appears that if there is a HE route, Netflix uses it, period. If there isn't, it prefers Level3, and Cogent comes last. Completely unsurprising. Since Netflix is a big hunk of our bandwidth (and obviously makes our customers happy), we are included to buy some more HE. However, if Netflix decides that they want to randomly switch to, say, Cogent, we may be under a year-long bandwidth contract that isn't particularly valuable anymore. With all of that, I am interested in finding out of any knowledge about Netflix transit preferences, be it inside information, anecdotal, or otherwise. I did email peering@ but haven't heard back, thus the public question. Why don't you ask Netflix? And why not ask them for kit to put on-net? https://signup.netflix.com/openconnect -- TTFN, patrick
Re: Netflix transit preference?
More silliness was pointed out to me. I was looking at Jeff Kell's from: address and looked up UTC.edu to get your location, forgetting you mentioned Colorado in your original post. I'm going to sign off and enjoy the holidays since I clearly am not doing anyone any good here. -- TTFN, patrick On Dec 27, 2012, at 13:54 , Patrick W. Gilmore patr...@ianai.net wrote: On Dec 27, 2012, at 13:46 , randal k na...@data102.com wrote: Thanks for your prompt response. Yes, we are trying to determine where/how we receive it ... not necessarily influence it, as there isn't so much we can do there as Netflix' egress policy is theirs and theirs alone (interestingly, nobody has communities to influence Netflix' AS2906 traffic). We cannot peer directly with Netflix as their openconnect statement requires 2gbps minimum, and mentions elsewhere that the like 5+. We aren't at 2gbps yet, and we are nowhere near one of their POPs -- it is way cheaper to buy 2-3gbps of cheap transit than it is to buy 2-3gbps of transport from Denver to LA. Ah, I misunderstood. Mea Culpa. I thought you were saying since they only had 1.4 Gbps to you, you wouldn't peer with them. Silly of me. The 2 Gbps is only for PNI, but yeah, I can see how paying to get to LA or Denver may be expensive. Although once you did, you could peer with a lot more than just Netflix. On the other hand, how much is it to get to Atlanta? Looks relatively close (miles-wise, don't know fiber routes in Tennessee). Anyway, while their egress decisions are theirs (as is true of everyone), they probably will be happy to discuss with you - once the holidays are over. -- TTFN, patrick As mentioned, my notes to peer...@netflix.com have gone unanswered for the holidays (not unexpected), so I thought I'd ping the hive mind for some info in the meantime. Cheers, Randal On Thu, Dec 27, 2012 at 11:26 AM, Patrick W. Gilmore patr...@ianai.net wrote: On Dec 27, 2012, at 13:19 , randal k na...@data102.com wrote: I work at a datacenter in southern Colorado that is the upstream bandwidth provider for several regional ISPs. We have been investigating our ever-growing bandwidth usage and have found that out of transits (Level3,Cogent,HE) that Netflix always seems to come in via Hurricane Electric. (We move ~1.4gbps to Netflix, and are thus not a candidate for peering. And they have no POP close.) Your statement about peering makes no sense. You are trying to engineer where their traffic comes and yet you refuse to have a direct connection which would give you full control? Weird... I tested this by advertising a /24 across all providers, then selectively removed the advertisement to certain carriers to see where the bandwidth goes. In order, it appears that if there is a HE route, Netflix uses it, period. If there isn't, it prefers Level3, and Cogent comes last. Completely unsurprising. Since Netflix is a big hunk of our bandwidth (and obviously makes our customers happy), we are included to buy some more HE. However, if Netflix decides that they want to randomly switch to, say, Cogent, we may be under a year-long bandwidth contract that isn't particularly valuable anymore. With all of that, I am interested in finding out of any knowledge about Netflix transit preferences, be it inside information, anecdotal, or otherwise. I did email peering@ but haven't heard back, thus the public question. Why don't you ask Netflix? And why not ask them for kit to put on-net? https://signup.netflix.com/openconnect -- TTFN, patrick
Re: Why do some providers require IPv6 /64 PA space to have public whois?
On Dec 08, 2012, at 21:14 , Darius Jahandarie djahanda...@gmail.com wrote: On Sat, Dec 8, 2012 at 7:12 PM, Dan Luedtke m...@danrl.de wrote: Off-topic but somehow important to me: HE has an open-peering policy (AFAIK); which basically means that tunnelbroker.net traffic is free for hetzner.de Is that true? That would be great! Just because companies A and B don't have a customer relationship doesn't mean all their interactions with each other are free. So no, it's not true. Costs come from needing to buy bigger routers, bigger waves or fiber to the exchanges, bigger ports on the exchanges, etc. Peering is a scam. The vast majority of AS-AS boundaries on the Internet are settlement free peering. I guess that makes the Internet a scam. As for the costs involved, free is a relative term. Most people think of peering as free because there is zero marginal cost. Kinda. Obviously if you think of your 10G IX port as a sunk cost, pushing 11 Gbps over it is not 'free' as you have to upgrade. But again, most people understand what is meant. Bigger waves bigger routers are not due to peering, they are due to customer traffic - you know, the thing ISPs sell. Put another way, this is a Good Thing (tm). Or at least it should be. Unless, of course, you are trying to convince us all that selling too many units of your primary product is somehow bad. Peering allows you, in most cases, to lower the Cost Of Goods Sold on that product. Again, usually a Good Thing (tm). Unless you are again trying to convince us all that selling at a higher margin (we'll ignore the lower latency better overall experience) is somehow bad. -- TTFN, patrick
Legal Crap [was: William was raided for running a Tor exit node. Please help if you can.]
On Nov 30, 2012, at 20:25 , Randy Bush ra...@psg.com wrote: Not a lawyer. than stfu with the legal crap It amazes me how people feel free to opine on things like networking without a certification, but if you don't have a law degree, suddenly they believe you are incapable of understanding anything regarding the law. As for the legal crap, most of what is posted is not on-topic here. There are laws legal implications which are operational, though. And even though I am not a lawyer, I need to understand them or I cannot do my job. My lawyer is not going to pick which datacenter to lease, even if he knows a metric-ass-ton more about indemnification than I ever will (at least I hope than I ever will - that shit is BOORING). I appreciate people who have researched and understand the topic giving their insights - just like I do regarding BGP, MPLS, IPv6... okay, no jokes about IPv6. :) And, just like with networking topics, I do not appreciate people taking up 10K+ of their not-so-closest-friends' time with half-baked ideas from people who have not taken the time to understand the subject matter. However, I do not believe the only way to go from the latter group into the former is to pass the bar. (And if so, in what state/country? what specialty? etc., etc.) I guess this is a long-winded way of saying: If all you have to say is STFU, maybe you should take your own advice? -- TTFN, patrick
Re: William was raided for running a Tor exit node. Please help if you can.
On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote: Back in the early days of the public internet we didn't require any id to create an account, just that you found a way to pay us. We had anonymous accts some of whom dropped by personally to pay their bill, some said hello but I usually didn't know their names and that's how they wanted it, I'd answer hello ACCOUNT, whatever their login was if I recognized them. Some mailed in something, a mail order, even currency tho that was rare but it did happen, or had someone else drop by to pay in cash (that is, no idea if they were local.) LEO occasionally served a warrant for information, usually child porn biz (more than just accessing child porn, selling it) tho I don't remember any anonymous accts being involved. Mere conduit defense. (Please do not anyone mention common carrier status or the like, ISPs are _not_ common carriers.) I never expected to be held accountable for anyone's behavior unless I was knowingly involved somehow (just the usual caveat.) LEO never showed any particular interest in the fact that we were ok with anonymous accounts. If I was made aware of illegal activities we'd shut them off, didn't really happen much, maybe some credible hacking complaint on occasion. How do you shut off a Tor account? It's funny, it's all illusion like show business. It's not hard to set up anonymous service, crap, just drop in at any wi-fi hotspot, many just ask you to click that you accept their TCs and you're on. Would they raid them, I was just using one at a major hospital this week that was just like that, if someone used that for child porn etc? But I guess stick your nose out and say you're specifically offering anon accts and watch out I guess. Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store? -- TTFN, patrick
Re: William was raided for running a Tor exit node. Please help if you can.
On Nov 29, 2012, at 12:58 , Barry Shein b...@world.std.com wrote: On November 29, 2012 at 11:45 patr...@ianai.net (Patrick W. Gilmore) wrote: On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote: It's funny, it's all illusion like show business. It's not hard to set up anonymous service, crap, just drop in at any wi-fi hotspot, many just ask you to click that you accept their TCs and you're on. Would they raid them, I was just using one at a major hospital this week that was just like that, if someone used that for child porn etc? But I guess stick your nose out and say you're specifically offering anon accts and watch out I guess. Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store? I dunno, has it ever happened? No idea. However, I would not be the least bit surprised. In fact, I would be surprised if they failed to do so, after having proof that child pr0n was served from one. I mean confiscated the store's equipment, I assume that's what you mean. Is that because no one has ever been involved with child porn etc from a Starbucks? Does that seem likely? I don't know, really. And why would confiscating it from one location address the issue if they offer anonymous hotspots (I don't know if they do but whatever, there are plenty of others) at all locations and they're one company? It would seem like they'd have to confiscate the equipment at every Starbucks in their jurisdiction, which could be every one in the US for example. They didn't confiscate every Tor exit node in the US once they found something nefarious emanating from one. -- TTFN, patrick
Re: William was raided for running a Tor exit node. Please help if you can.
On Nov 29, 2012, at 13:57 , William Herrin b...@herrin.us wrote: On Thu, Nov 29, 2012 at 11:45 AM, Patrick W. Gilmore patr...@ianai.net wrote: Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store? I think if they took the cash registers too the Starbucks lawyer would be in court an hour later with a motion to quash in one hand and an offer of full cooperation in the other. And if the sky were orange Any other non-sequitors? :) -- TTFN, patrick P.S. I can come up with some examples where the cash registers would be fair game, such as when the manager was charging the hosting provider extra to sit in the corner and host the 'bad content'. But it is still a non-sequitor w/r/t this thread.
Re: Big day for IPv6 - 1% native penetration
On Nov 20, 2012, at 08:45 , Owen DeLong o...@delong.com wrote: It is entirely possible that Google's numbers are artificially low for a number of reasons. AMS-IX publishes stats too: https://stats.ams-ix.net/sflow/ This is probably a better view of overall percentage on the Internet than a specific company's content. It shows order of 0.5%. Why do you think Google's numbers are lower than the real total? -- TTFN, patrick On Nov 20, 2012, at 5:31 AM, Aaron Toponce aaron.topo...@gmail.com wrote: On Tue, Nov 20, 2012 at 10:14:18AM +0100, Tomas Podermanski wrote: It seems that today is a big day for IPv6. It is the very first time when native IPv6 on google statistics (http://www.google.com/intl/en/ipv6/statistics.html) reached 1%. Some might say it is tremendous success after 16 years of deploying IPv6 :-) And given the rate on that graph, we'll hit 2% before year-end 2013. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
Re: Big day for IPv6 - 1% native penetration
On Nov 20, 2012, at 11:42 , Mike Jones m...@mikejones.in wrote: On 20 November 2012 16:05, Patrick W. Gilmore patr...@ianai.net wrote: On Nov 20, 2012, at 08:45 , Owen DeLong o...@delong.com wrote: It is entirely possible that Google's numbers are artificially low for a number of reasons. AMS-IX publishes stats too: https://stats.ams-ix.net/sflow/ This is probably a better view of overall percentage on the Internet than a specific company's content. It shows order of 0.5%. Why do you think Google's numbers are lower than the real total? They are also different stats which is why they give such different numbers. In a theoretical world with evenly distributed traffic patterns if 1% of users were IPv6 enabled it would require 100% of content to be IPv6 enabled before your traffic stats would show 1% of traffic going over IPv6. If these figures are representative (google saying 1% of users and AMSIX saying 0.5% of traffic) then it would indicate that dual stacked users can push ~50% of their traffic over IPv6. If this is even close to reality then that would be quite an achievement. There is even more complexity. Remember the 6-to-4 stuff? Suppose a user on Network A used a tunnel broker on HE, and his traffic passed over AMS-IX encapsulated in v4? He would show up as v4 to AMS-IX and v6 to Google. Lies, damned lies, and graphs. :) -- TTFN, patrick
Re: Big day for IPv6 - 1% native penetration
On Nov 20, 2012, at 14:44 , Tony Hain alh-i...@tndh.net wrote: If you assume that Youtube/Facebook/Netflix are 50% of the overall traffic, why wouldn't a dual stacked end point have half of its traffic as IPv6 after June??? If you assume Kinda says it all right there. But more importantly, those three combined are not 50% of overall traffic. It _might_ be true in the US, for some times of the day, but certainly not world-wide overall traffic. If for no better reason than you cannot get NF in all countries. -- TTFN, patrick
Re: Google/Youtube problems
On Nov 19, 2012, at 03:05 , Saku Ytti s...@ytti.fi wrote: On (2012-11-18 23:47 +0100), Daniel Suchy wrote: Is anyone else seeing similar problems with Google/Youtube? My advice is, host the content locally. Sound advice, IMHO. I'm bit curious about market position youtube has. GOOG claims youtube is making profit, but I think this is because network is considered other BUs cost and youtube rides on it for free (remember pre-youtube, how GOOG micro-optimized google front-page to save on network cost, post-youtube they rightly stopped caring and added predictive input etc.) I do not work for Google, nor have I asked anyone in Google how they do their accounting. However, I would be rather surprised to find the vast majority of their capacity is charged to the BU using a tiny fraction of that capacity, while the BU using the lion's share gets a free ride. I can't see how anyone could compete against youtube, I don't believe the service is anywhere near profitable (it's maybe 10% of Internet, and I can't see revenue being 10% of Internet), if it would have to pay for the network itself. Consequently you probably can't compete with them, as you need to cover the costs from the profits. It is just so ubiquitous service, that if it does not work your eyeballs will switch to network where it does, so you will give google free capacity, which you wouldn't probably do for others web streaming shops. First, I believe YouTube is 10% of the Internet. Second, I see no reason why that requires anything close - not even within a couple orders of magnitude - of 10% of the Internet's revenue to be profitable. Why would you assume such a thing? -- TTFN, patrick
Re: Plages d'adresses IP Orange
On Nov 19, 2012, at 12:16 , Jamie Bowden ja...@photon.com wrote: Actually, this is kind of an interesting aside. Last time I checked, Canada counts as North America and large parts of Quebec are inhabited by folks who don't speak much, if any, English. Having said that, I can't recall having seen any Quebecois posting in French here, but I find it hard to believe those folks don't have use for a list like this. The entire population of Quebec (and at least some of them speak English) is barely under 1/4 of Canada, and about 2.5% of the US. Hell, it's lower than many major metro areas in the US. Better to ask why we do not post in Spanish, as Mexico has 112M people, plus of course Central America (whatever that is), the Caribbean, etc. But we never have, and I doubt we will in the future. -- TTFN, patrick -Original Message- From: Pierre-Yves Maunier [mailto:na...@maunier.org] Sent: Monday, November 19, 2012 11:59 AM To: jipe foo Cc: NANOG list Subject: Re: Plages d'adresses IP Orange Hi, I think few people understand French on this list. You should try FRnOG. Pierre-Yves Maunier Le 19 novembre 2012 17:48, jipe foo fooj...@gmail.com a écrit : Bonjour à tous, Quelqu'un d'Orange (ou autre) pourrait-il me donner plus d'info sur les plages d'adresses suivantes: inetnum:81.253.0.0 - 81.253.95.255 netname:ORANGE-FRANCE-HSIAB descr: Orange France / Wanadoo service country:FR admin-c:AR10027-RIPE tech-c: ER1049-RIPE inetnum:90.96.0.0 - 90.96.199.255 netname:ORANGEFRANCE-WFP descr: Orange France - WFP country:FR admin-c:ER1049-RIPE tech-c: ER1049-RIPE S'agit-il de plages d'adresses de mobiles, de livebox ou de connexions WIFI partagées (au moins pour la seconde) ? Merci d'avance, -- J -- Pierre-Yves Maunier
Re: Indonesian ISP Moratel announces Google's prefixes
On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote: What do you mean hijack? Google is peering with Moratel, if Google does not want Moratel to advertise its routes to Moratel's peers/upstreams, then Google should've set the correct BGP attributes in the first place. That doesn't make the slightest bit of sense. If a Moratel customer announced a Google-owned prefix to Moratel, and Moratel did not have the proper filters in place, there is nothing Google could do to stop the hijack from happening. Exactly what attribute do you think would stop this? -- TTFN, patrick On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com wrote: Another case of route hijack - http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about I am curious if big networks have any pre-defined filters for big content providers like Google to avoid these? I am sure internet community would be working in direction to somehow prevent these issues. Curious to know developments so far. Thanks. -- Anurag Bhatia anuragbhatia.com Linkedin http://in.linkedin.com/in/anuragbhatia21 | Twitterhttps://twitter.com/anurag_bhatia| Google+ https://plus.google.com/118280168625121532854
Re: Indonesian ISP Moratel announces Google's prefixes
On Nov 07, 2012, at 00:07 , Jian Gu guxiaoj...@gmail.com wrote: Where did you get the idea that a Moratel customer announced a google-owned prefix to Moratel and Moratel did not have the proper filters in place? according to the blog, all google's 4 authoritative DNS server networks and 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a Moratel customers announce all those prefixes? Ah, right, they just leaked Google's prefix. I thought a customer originated the prefix. Original question still stands. Which attribute do you expect Google to set to stop this? Hint: Don't say No-Advertise, unless you want peers to only talk to the adjacent AS, not their customers or their customers' customers, etc. Looking forward to your answer. -- TTFN, patrick On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore patr...@ianai.netwrote: On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote: What do you mean hijack? Google is peering with Moratel, if Google does not want Moratel to advertise its routes to Moratel's peers/upstreams, then Google should've set the correct BGP attributes in the first place. That doesn't make the slightest bit of sense. If a Moratel customer announced a Google-owned prefix to Moratel, and Moratel did not have the proper filters in place, there is nothing Google could do to stop the hijack from happening. Exactly what attribute do you think would stop this? -- TTFN, patrick On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com wrote: Another case of route hijack - http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about I am curious if big networks have any pre-defined filters for big content providers like Google to avoid these? I am sure internet community would be working in direction to somehow prevent these issues. Curious to know developments so far. Thanks. -- Anurag Bhatia anuragbhatia.com Linkedin http://in.linkedin.com/in/anuragbhatia21 | Twitterhttps://twitter.com/anurag_bhatia| Google+ https://plus.google.com/118280168625121532854
Re: Indonesian ISP Moratel announces Google's prefixes
On Nov 07, 2012, at 00:21 , Jian Gu guxiaoj...@gmail.com wrote: I don't know what Google and Moratel's peering agreement, but leak? educate me, Google is announcing /24 for all of their 4 NS prefix and 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes to Internet? Downthread, someone said what is typical with peering prefixes, i.e. announce to customers, not to peers or upstreams. How do you think peering works? However, I place most of the blame on PCCW for crappy filtering of their customers. And I'm a little surprised to see nLayer in the path. Shame on them! (Does that have any effect any more? :) Oh, and we are still waiting for an answer: Which attribute do you think Google could have used to stop this? -- TTFN, patrick On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore patr...@ianai.netwrote: On Nov 07, 2012, at 00:07 , Jian Gu guxiaoj...@gmail.com wrote: Where did you get the idea that a Moratel customer announced a google-owned prefix to Moratel and Moratel did not have the proper filters in place? according to the blog, all google's 4 authoritative DNS server networks and 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a Moratel customers announce all those prefixes? Ah, right, they just leaked Google's prefix. I thought a customer originated the prefix. Original question still stands. Which attribute do you expect Google to set to stop this? Hint: Don't say No-Advertise, unless you want peers to only talk to the adjacent AS, not their customers or their customers' customers, etc. Looking forward to your answer. -- TTFN, patrick On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore patr...@ianai.net wrote: On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote: What do you mean hijack? Google is peering with Moratel, if Google does not want Moratel to advertise its routes to Moratel's peers/upstreams, then Google should've set the correct BGP attributes in the first place. That doesn't make the slightest bit of sense. If a Moratel customer announced a Google-owned prefix to Moratel, and Moratel did not have the proper filters in place, there is nothing Google could do to stop the hijack from happening. Exactly what attribute do you think would stop this? -- TTFN, patrick On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com wrote: Another case of route hijack - http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about I am curious if big networks have any pre-defined filters for big content providers like Google to avoid these? I am sure internet community would be working in direction to somehow prevent these issues. Curious to know developments so far. Thanks. -- Anurag Bhatia anuragbhatia.com Linkedin http://in.linkedin.com/in/anuragbhatia21 | Twitterhttps://twitter.com/anurag_bhatia| Google+ https://plus.google.com/118280168625121532854
Re: Indonesian ISP Moratel announces Google's prefixes
On Nov 07, 2012, at 00:35 , Jian Gu guxiaoj...@gmail.com wrote: Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated from Google. Everyone who posted in this thread was well aware of that. (Well, except me in my first post. :) Google was still the victim, and it was still not their fault. You are showing wide and clear ignorance on the basics of peering. Which is fine, the vast majority of the planet hasn't a clue what peering is. However, the rest of the people who do not know what they are talking about have managed to avoid commenting on the subject to 10K+ of their not-so-closest friends. To be clear, if you had started with something like: Why is Google originating the route? Doesn't that make it valid?, you would have gotten a lot of help support. But instead you started by claiming it was Google's fault and they could stop this by setting the correct BGP attributes. I note you still haven't told us what those attributes would be despite repeated questions. Perhaps it's time to admit you don't know what attributes, and you need a little more education on peering in general? When you find yourself in a hole, stop digging. -- TTFN, patrick tom@edge01.sfo01 show route 8.8.8.8 inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown, 14 hidden) + = Active Route, - = Last Active, * = Both 8.8.8.0/24 *[BGP/170] 00:27:02, MED 18, localpref 100 AS path: 4436 3491 23947 15169 I to 69.22.153.1 via ge-1/0/9.0 On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher h...@efes.iucc.ac.ilwrote: At 21:21 06/11/2012 -0800, Jian Gu wrote: If Google announces 8.8.8.0/24 to you and you in turn start announcing to the Internet 8.8.8.0/24 as originating from you, then a certain section of the Internet will believe your announcement over Google's.This has happened many times before due to improper filters, but this is the first time I have seen the victim being blamed. Interesting concept. -Hank I don't know what Google and Moratel's peering agreement, but leak? educate me, Google is announcing /24 for all of their 4 NS prefix and 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes to Internet? On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore patr...@ianai.net wrote: On Nov 07, 2012, at 00:07 , Jian Gu guxiaoj...@gmail.com wrote: Where did you get the idea that a Moratel customer announced a google-owned prefix to Moratel and Moratel did not have the proper filters in place? according to the blog, all google's 4 authoritative DNS server networks and 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a Moratel customers announce all those prefixes? Ah, right, they just leaked Google's prefix. I thought a customer originated the prefix. Original question still stands. Which attribute do you expect Google to set to stop this? Hint: Don't say No-Advertise, unless you want peers to only talk to the adjacent AS, not their customers or their customers' customers, etc. Looking forward to your answer. -- TTFN, patrick On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore patr...@ianai.net wrote: On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote: What do you mean hijack? Google is peering with Moratel, if Google does not want Moratel to advertise its routes to Moratel's peers/upstreams, then Google should've set the correct BGP attributes in the first place. That doesn't make the slightest bit of sense. If a Moratel customer announced a Google-owned prefix to Moratel, and Moratel did not have the proper filters in place, there is nothing Google could do to stop the hijack from happening. Exactly what attribute do you think would stop this? -- TTFN, patrick On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com wrote: Another case of route hijack - http://blog.cloudflare.com/**why-google-went-offline-today-** and-a-bit-abouthttp://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about I am curious if big networks have any pre-defined filters for big content providers like Google to avoid these? I am sure internet community would be working in direction to somehow prevent these issues. Curious to know developments so far. Thanks. -- Anurag Bhatia anuragbhatia.com Linkedin http://in.linkedin.com/in/**anuragbhatia21http://in.linkedin.com/in/anuragbhatia21 | Twitterhttps://twitter.com/**anurag_bhatiahttps://twitter.com/anurag_bhatia | Google+ https://plus.google.com/**118280168625121532854https://plus.google.com/118280168625121532854
[NANOG-announce] Elections open tomorrow
Everyone: NANOG elections open tomorrow. Please consider standing for one of the committees, or nominating someone for the committees. Remember, committee members get free registration to every NANOG meeting! The only requirement is a willingness to contribute to the community, and being a NANOG member. To nominate someone, send their name and email address to electi...@nanog.org. Elections will close Tuesday at 1700 CDT (UTC-0500). And thank you for being part of the NANOG community! -- TTFN, patrick ___ NANOG-announce mailing list nanog-annou...@mailman.nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: really nasty attacks
On Sep 27, 2012, at 11:34 , Stephane Bortzmeyer bortzme...@nic.fr wrote: On Thu, Sep 27, 2012 at 08:55:58AM -0600, Miguel Mata mm...@intercom.com.sv wrote a message of 30 lines which said: Guys, No gals on NANOG? Many. Although in fairness, some people use guys in a gender-neutral manner. The attacks comes from various sites from the other side of the pond (46.165.197.xx, 213.152.180.yy). How can you be sure? With UDP, you have zero guarantee on the source IP address. (Checking the TTL can give you a hint if the packets really come from the same point.) Source and destination port? If source port is 53, it may means you're the target of a DNS reflection+amplification attack, a la CloudFlare http://blog.cloudflare.com/65gbps-ddos-no-problem. I do not know of any name servers that reply to queries with UDP packets filled with only the letter X. The DNS Headers alone require more than the letter X. -- TTFN, patrick
Re: [Nanog-futures] Possible word error in section 18.1 Liability
On Sep 20, 2012, at 00:19 , Jack Hamm jackha...@me.com wrote: I'm not a lawyer, but in section 18.1: (a) beach of the director’s or officer’s duty of loyalty to NANOG; I believe that is meant to say (a) breach of the If it were a beach, I may run again =) -- TTFN, patrick ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: Heads-Up: GoDaddy Broke the Interwebs...
On Sep 11, 2012, at 16:04 , Christopher Morrow morrowc.li...@gmail.com wrote: On Tue, Sep 11, 2012 at 3:47 PM, Damian Menscher dam...@google.com wrote: Summary: 30 minutes late on the start time, and off by well over an hour on the stop time. even a broken clock is right 2x/day? nostrodamus was eventually right a few times? 'If you're cold, shoot until you get hot, then keep shooting!' - dick vitale folk like to look for the most complicated/spooky/crazy reason... most often it's just a simple reason for failure :( so far godaddy seems to agree with the 'it was a simple mistake on our part' (paraphrased, they probably won't say 'simple') No large flows reported to the affected NSes, tweets were suspicious at best, other anon-ops denied the attack was them, and GoDaddy admitted internal error. I'm going to take GoDaddy at their word, and give them major kudos for owning up to the mistake - in public. -- TTFN, patrick
Re: Heads-Up: GoDaddy Broke the Interwebs...
On Sep 11, 2012, at 17:04 , ryanL ryan.lan...@gmail.com wrote: when patrick is referring to taking their word for it, he's referring to a post on outages@ by godaddy's network engineering manager that stated bgp, and more details to follow. Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack. I also believe it was related to BGP, and am happy to get more info. But we are discussing Anonymous vs. Self-inflicted wound here. -- TTFN, patrick i tend to align with patrick's thought. i'm also interested to see the details, which they are really under no obligation to provide. On Tue, Sep 11, 2012 at 1:53 PM, Rubens Kuhl rube...@gmail.com wrote: No large flows reported to the affected NSes, tweets were suspicious at best, other anon-ops denied the attack was them, and GoDaddy admitted internal error. I'm going to take GoDaddy at their word, and give them major kudos for owning up to the mistake - in public. That doesn't mean that their description of the internal error fits what happened. Not to say that there were an attack, just that there can be more internal failures, including processes, to be accounted for. Whether they will publish a root-cause analysis/swiss chesse model/insert your preferred methodology or not is up to them, but to tech-savvy stakeholders I think they are still in debt. Rubens
Re: Sprint Outage - Chicago
On Aug 27, 2012, at 12:58, virendra rode virendra.r...@gmail.com wrote: On 08/25/2012 11:36 AM, Jason Baugher wrote: On 8/24/2012 11:39 PM, Randy Bush wrote: You mean outages@... chris, this is not productive. outages are a very apt subject for nanog. I'm actually not certain posting outages to NANOG-l is a good idea. There are a LOT of outages, and I worry the list will be drowned. But I don't run the list. Plus this discussion is probably better suited for NANOG-futures@. The stuff below, however, may belong on NANOG. Did anyone ever give any details of the issue? We're a Chicago Sprint customer, and never saw a problem. No mention of any issues in Compass either. Jason - I hear there was a memory leak issue to their core IP backbone router. Don't have specifics as to what region(s) within chicago that was impacted. I wonder if the Sprint Telia outages were for the same reason / bug. Anyone from those networks want to comment? Or at least compare notes? If you and /or anyone else have any specifics, please post in the comments section of, http://tracker.outages.org/reports/view/25 Interesting! Is there a way to say this may be related to ticket $FOO? -- TTFN, patrick
Re: Comcast 1, Verizon 0 [was: Comcast vs. Verizon for repair methodologies]
Just as a follow up, leaving my driveway this morning, the tech was installing a new pedestal. Said everything should be fixed today. Comcast++ -- TTFN, patrick On Aug 20, 2012, at 17:22 , Patrick W. Gilmore patr...@ianai.net wrote: Comcast has already contacted me to fix this up. -- TTFN, patrick On Aug 20, 2012, at 16:12 , Patrick W. Gilmore patr...@ianai.net wrote: Given the recent VZ thread, I thought I'd show why my new house has crap Internet. The story: A piece of underground cable went bad. The techs didn't pull new underground cable. They decided it was better to do it arial (if you can call 2 feet arial). They took apart the two pedestals on either side of the break and ran a new strand of RG6 (yes, the same stuff you use inside your home, not the outside-plant rated stuff) tied to trees with rope. http://ianai.smugmug.com/BostonPix/2012/Comcast-Atherton-Street These pedestals have looked like this for months apparently. I called the 800 # and complained, they rolled a truck. The guy didn't even come in my house, just gave me his supervisor's number and said that he's a home tech, the outside plant guys are the problem and he can't fix it. A second guy rolled up while we were chatting and told me he had a call around the block for the same thing. They've been taking complaints about this for months and are as tired of it as we are. I assured them I was more tired of it, given he was getting paid while I was paying, but I understood their situation. Of course, since the other broadband option at my house is 1 Mbps Verizon DSL, I don't have much leverage. :( -- TTFN, patrick P.S. Worst part is ATT sux there too, so I have a picocell - which runs over the Comcast cable mode
Return two locations or low TTL [was: DNS caches that support partitioning ?]
While I hesitate to argue DNS with Mark, I feel this needs a response. On Aug 19, 2012, at 17:37 , Mark Andrews ma...@isc.org wrote: In message ddf607b5-415b-41e8-9222-eb549d3db...@semihuman.com, Chris Woodfield writes: What Patrick said. For large sites that offer services in multiple data = centers on multiple IPs that can individually fail at any time, 300 = seconds is actually a bit on the long end. Which is why the DNS supports multiple address records. Clients don't have to wait a minutes to fallover to a second address. One doesn't have to point all the addresses returned to the closest data center. One can get sub-second fail over in clients as HE code shows. I'm afraid I am not familiar with HE code, so perhaps I am being silly here. But I do not think returning multiple A records for multiple datacenters is as useful as lowering the TTL. Just a few reasons off the top of my head: * How do you guarantee the user goes to the closer location if you respond with multiple addresses? Forcing users to go to farther away datacenters half the time is likely a poor trade-off for the occasional TTL problem when a DC goes down. * How many applications are even aware multiple addresses were returned? * How do you guarantee sub-second failover when most apps will wait longer than one second to see if an address responds? Etc. And that doesn't begin to touch thing such as cache efficiency that affect companies like Google, CDNs, etc. As for the original problem. LRU replacement will keep hot items in the cache unless it is seriously undersized. This was covered well by others. -- TTFN, patrick
Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]
On Aug 20, 2012, at 06:49 , Dobbins, Roland rdobb...@arbor.net wrote: On Aug 20, 2012, at 5:24 PM, Patrick W. Gilmore wrote: But I do not think returning multiple A records for multiple datacenters is as useful as lowering the TTL. Some folks do this via various GSLB mechanisms which selectively respond with different records based on the assumed relative topological distance between the querying resolver and various server/service instantiations in different locations. Some folks == more than half of all traffic on broadband modems these days. However, I think you missed a post or two in this thread. The original point was you need a low TTL to respond with a single A record or multiple A records which all point to the same datacenter in case that node / DC goes down. Mark replied saying you can respond with multiple A records pointing at multiple DCs, thereby allowing a much longer TTL. My question above is asking Mark how you guarantee the user/application selects the A record closest to them and only use the other A record when the closer one is unavailable. -- TTFN, patrick
Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]
On Aug 20, 2012, at 08:25 , Tony Finch d...@dotat.at wrote: Patrick W. Gilmore patr...@ianai.net wrote: On Aug 19, 2012, at 17:37 , Mark Andrews ma...@isc.org wrote: Which is why the DNS supports multiple address records. Clients don't have to wait a minutes to fallover to a second address. One doesn't have to point all the addresses returned to the closest data center. One can get sub-second fail over in clients as HE code shows. I'm afraid I am not familiar with HE code, so perhaps I am being silly here. Mark is referring to happy eyeballs: http://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp Oh. Yep, I was being silly, thinking only of v4. (I'm sleep deprived of late - yes, more than usual.) Unfortunately, whether we like it or not, 99+% of traffic on the 'Net is still v4, as were the examples given. Even with HE, though, there is no (not yet a?) way in DNS to signal use this A record first, then that one if the first doesn't work / is slow / whatever. Any chance of getting MX-style weights for A records? :) Even then, it would not solve the original problem of low TTLs. Just as a simple example, when traffic ramps quickly, a provider may want to move some users off a node to balance traffic. With a long TTL, that's not really possible baring really bad hacks like DoS'ing some users to hope they use the next A record, which would lead to massive complaints. We could go on, but hopefully the point is clear that low TTLs are useful in many instances despite the ability to return multiple A records. -- TTFN, patrick
Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]
On Aug 20, 2012, at 08:47 , Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Patrick W. Gilmore patr...@ianai.net said: * How many applications are even aware multiple addresses were returned? Most anything that supports IPv6 should handle this correctly, since getaddrinfo() will return a list of addresses to try. Ah, the amazing new call which destroys any possibility of randomness or round robin or other ways of load balancing between A / records. Yes, all of us returning more than one A / record are hoping that gets widely deployed instantly. Or not. -- TTFN, patrick
Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]
On Aug 20, 2012, at 10:07 , Dobbins, Roland rdobb...@arbor.net wrote: On Aug 20, 2012, at 5:56 PM, Patrick W. Gilmore wrote: My question above is asking Mark how you guarantee the user/application selects the A record closest to them and only use the other A record when the closer one is unavailable. I understand - my point was that folks using a GSLB-type solution would generally include availability probing in the GSLB stack, so that a given instance won't be included in answers if it's locally unavailable How does that allow for a long TTL? If you set a 3600 second TTL when the DC is up, and the DC goes down 2 seconds later, what do you do? (obviously, the GSLB can't know about all path elements between the querying resolver and the desired server/service). Says who? :) -- TTFN, patrick
Comcast vs. Verizon for repair methodologies
Given the recent VZ thread, I thought I'd show why my new house has crap Internet. The story: A piece of underground cable went bad. The techs didn't pull new underground cable. They decided it was better to do it arial (if you can call 2 feet arial). They took apart the two pedestals on either side of the break and ran a new strand of RG6 (yes, the same stuff you use inside your home, not the outside-plant rated stuff) tied to trees with rope. http://ianai.smugmug.com/BostonPix/2012/Comcast-Atherton-Street These pedestals have looked like this for months apparently. I called the 800 # and complained, they rolled a truck. The guy didn't even come in my house, just gave me his supervisor's number and said that he's a home tech, the outside plant guys are the problem and he can't fix it. A second guy rolled up while we were chatting and told me he had a call around the block for the same thing. They've been taking complaints about this for months and are as tired of it as we are. I assured them I was more tired of it, given he was getting paid while I was paying, but I understood their situation. Of course, since the other broadband option at my house is 1 Mbps Verizon DSL, I don't have much leverage. :( -- TTFN, patrick P.S. Worst part is ATT sux there too, so I have a picocell - which runs over the Comcast cable mode
Re: Comcast vs. Verizon for repair methodologies
On Aug 20, 2012, at 16:25 , Leo Bicknell bickn...@ufp.org wrote: In a message written on Mon, Aug 20, 2012 at 04:12:22PM -0400, Patrick W. Gilmore wrote: The story: A piece of underground cable went bad. The techs didn't pull new underground cable. They decided it was better to do it arial (if you can call 2 feet arial). They took apart the two pedestals on either side of the break and ran a new strand of RG6 (yes, the same stuff you use inside your home, not the outside-plant rated stuff) tied to trees with rope. Why is that cable still in place? That's a hint, not really a question. :) Because VZ LTE, while nice in general, is not good enough for Jezzibell to use all day for a week. :) -- TTFN, patrick
Comcast 1, Verizon 0 [was: Comcast vs. Verizon for repair methodologies]
Comcast has already contacted me to fix this up. -- TTFN, patrick On Aug 20, 2012, at 16:12 , Patrick W. Gilmore patr...@ianai.net wrote: Given the recent VZ thread, I thought I'd show why my new house has crap Internet. The story: A piece of underground cable went bad. The techs didn't pull new underground cable. They decided it was better to do it arial (if you can call 2 feet arial). They took apart the two pedestals on either side of the break and ran a new strand of RG6 (yes, the same stuff you use inside your home, not the outside-plant rated stuff) tied to trees with rope. http://ianai.smugmug.com/BostonPix/2012/Comcast-Atherton-Street These pedestals have looked like this for months apparently. I called the 800 # and complained, they rolled a truck. The guy didn't even come in my house, just gave me his supervisor's number and said that he's a home tech, the outside plant guys are the problem and he can't fix it. A second guy rolled up while we were chatting and told me he had a call around the block for the same thing. They've been taking complaints about this for months and are as tired of it as we are. I assured them I was more tired of it, given he was getting paid while I was paying, but I understood their situation. Of course, since the other broadband option at my house is 1 Mbps Verizon DSL, I don't have much leverage. :( -- TTFN, patrick P.S. Worst part is ATT sux there too, so I have a picocell - which runs over the Comcast cable mode
Re: DNS caches that support partitioning ?
On Aug 18, 2012, at 5:35, Raymond Dijkxhoorn raym...@prolocation.net wrote: Reverse DNS isnt the only issue here. There are many sites that give each user a subdomain. And if i look at my top talkers on some busy resolvers i do see that thats doing about 25-30% of the lookups currently. akamai.net, amazonaws.com and so on. All make nice use of DNS for this. Those have litterly millions of entry's in DNS also. And thats what currently is doing the load on resolvers... Akamai has no users. So not really sure what you mean by that. There are a /lot/ of hostnames on *.akamai.net. That may have something to do with the 1000s of companies that use Akamai to deliver approximately 20% of all the traffic going down broadband modems. Which fits nicely in your DNS lookup percentage. -- TTFN, patrick
US House to ITU: Hands off the Internet
[Feels operational to me.] http://www.pcworld.com/businesscenter/article/260299/us_house_to_itu_hands_off_the_internet.html The U.S. House of Representatives voted late Thursday to send a message to the United Nations' International Telecommunication Union that the Internet doesn't need new international regulations. The vote was unanimous: 414-0 Unanimous? I didn't think this congress could agree the earth is round unanimously. -- TTFN, patrick
Re: Update from the NANOG Communications Committee regarding recent off-topic posts
I'm sorry Panashe is upset by this rule. Interestingly, Your search - Panashe Flack nanog - did not match any documents. So my guess is that a post from that account has not happened before, meaning the post was moderated yet still made it through. Has anyone done a data mining experiment to see how many posts a month are from new members? My guess is it is a trivial percentage. -- TTFN, patrick On Jul 30, 2012, at 13:35 , valdis.kletni...@vt.edu wrote: On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said: list for continued activity. And just for reference - have you guys SEEN the Linux Kernel Mailing List? - it gets frequent spam posts and yet is perfectly able to ignore the spam/irrelevant posts and continue on its remit. For those who don't drink from the Linux-Kernel firehose, it averages 1 or 2 spams per day - and anywhere from 500 to 700 postings a day. As Linus Torvalds said, back when it was averaging 200 a day: Note that nobody reads every post in linux-kernel. In fact, nobody who expects to have time left over to actually do any real kernel work will read even half. Except Alan Cox, but he's actually not human, but about a thousand gnomes working in under-ground caves in Swansea. None of the individual gnomes read all the postings either, they just work together really well. The list managers do an incredible job of stopping spam - but even if 50 or 75 a day got through, they'd just be lost in the noise. You're skipping several hundred messages a day, skipping a few more isn't any different.
Re: Update from the NANOG Communications Committee regarding recent off-topic posts
On Jul 30, 2012, at 16:35 , Jay Ashworth j...@baylink.com wrote: thanks MLC or whatever it calls itself this week C'mon, Randy; It's been called that since it kicked me off 7 years ago. :-) Except, of course, it has been called the Communications Committee for a while now. (The change was made because the committee took responsibility for more than just the mailing list.) But 1 change in 7 years made years ago does not, IMHO, merit a whatever it calls itself this week snark. -- TTFN, patrick
Re: Weekly Routing Table Report
On Jul 20, 2012, at 16:10 , Darius Jahandarie wrote: On Fri, Jul 20, 2012 at 4:04 PM, valdis.kletni...@vt.edu wrote: So, whatever happened to that whole the internet will catch fire when we get to 280K routing table entries or whatever it was? :) But what will happen when we have 4294967295 entries? Nothing. But when we hit 4294967296 =) -- TTFN, patrick
Communications Committee volunteers [was: The Cidr Report]
On Jul 13, 2012, at 14:20 , JC Dill wrote: On 13/07/12 10:46 AM, Grant Ridder wrote: if the admins are not going to moderate this list... give me the admin password to the list serve and i will set it up right... gees +1 Most excellent! Just so you know, the admins are the Communications Committee, and they are always looking for new volunteers. I assume you both will be volunteering forthwith? -- TTFN, patrick