Re: List of CDNs?

[Patrick W. Gilmore]

On Nov 14, 2013, at 17:25 , Carlos Kamtha kam...@ak-labs.net wrote:

 The goal is to find a solution to optimize the path for DNS queries that 
 traverse via CDNs within certain regions 
 without the luxury of a network layer. 
 
 For instance, some clients in singapore are getting answers from the UK 
 instead of something more local. 
 
 Knowing where the CDNs are may allow us to direct them to a more optimal 
 path. 

Depends on the CDN. Using Akamai as an example (since they are essentially as 
big as all other CDNs combined, and 'cause I know them best), the location of 
an Akamai web server is not useful since everything is based on name servers. 
Also, the location of Akamai's name server and the topological path used to 
reach it is irrelevant to the web server returned. So getting a list of nodes 
and somehow modifying your network based on that will likely have minimal to 
zero impact.

Other CDNs use different methods of mapping end users to web servers. Some use 
anycast, either at the DNS level or even at the HTTP level. In those cases, 
this information may be of use.

If you have a problem with Akamai mapping, you can always email 
netsupport-...@akamai.com and ask them for help. My guess is other CDNs have 
something similar. Probably much more useful to go directly to the CDN with the 
problem than look at a 3rd party list of nodes and try to fix issues yourself 
with methods that may have no effect.

Or not. :) Your network, your decision, I'm just making suggestions.

-- 
TTFN,
patrick


 On Thu, Nov 14, 2013 at 10:11:59PM +, Patrick W. Gilmore wrote:
 List of CDNs would be difficult, but not impossible. Although they do 
 different things, so a simple list is unlikely to be as useful as it looks. 
 
 A lost of CDN DC nodes is not possible. Why do you care about such a thing 
 anyway?
 
 -- 
 TTFN,
 patrick
 
 Composed on a virtual keyboard, please forgive typos. 
 
 
 On Nov 14, 2013, at 22:02, Carlos Kamtha kam...@ak-labs.net wrote:
 
 Hi,
 
 I was wondering if anyone knows where I could find a compiled list of 
 Content Delivery Networks as well
 as thier DC nodes? if any..
 
 Please respond offlist.
 
 Cheers,
 Carlos
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: List of CDNs?

[Patrick W. Gilmore]

First, the location of CDN nodes is not relevant to passive DNS monitoring. If 
Andrew would like a list of domains with CDN hostnames in them, that might be 
findable.

Second, a list of CDN nodes is likely impossible to gather  maintain without 
the help of the CDNs themselves. There are literally thousands of them, most do 
not serve the entire Internet, and they change frequently. And before you ask, 
I know at least Akamai will _not_ give you their list, so don't even try to ask 
them.

Sorry this makes your life more difficult. Perhaps if you explained why you 
were doing address lookups, the collective body could help you come up with a 
better solution?

-- 
TTFN,
patrick


On Nov 15, 2013, at 10:06 , Michael Collins, Aleae mcoll...@aleae.com wrote:

 I'll second that; CDNs are a constant pain for me when I'm doing address
 lookups.  A list of them would make life a lot easier for a bunch of
 different investigative processes. 
 
 If there isn't one right now, I think I could get off my tuchas and
 start maintaining one if anyone's interested in pitching in.
 
 
 On 11/14/13 5:19 PM, Andrew Fried wrote:
 Actually, a list of CDNs would be very handy.  I harvest botnets and
 fast flux hosts out of passive dns, and some of the heuristics used to
 identify them are similar to what CDNs look like.
 
 Having a decent list of CDN effective top level domains alone would be
 useful for redacting those hosts.
 
 Andy
 
 
 Andrew Fried
 andrew.fr...@gmail.com
 
 On 11/14/13, 5:11 PM, Patrick W. Gilmore wrote:
 List of CDNs would be difficult, but not impossible. Although they do 
 different things, so a simple list is unlikely to be as useful as it looks. 
 
 A lost of CDN DC nodes is not possible. Why do you care about such a 
 thing anyway?
 
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: List of CDNs?

[Patrick W. Gilmore]

On Nov 16, 2013, at 19:30 , Michael Collins mcoll...@aleae.com wrote:

 It's Yet Another False Positive in anomaly detection and traffic analysis 
 software that I fiddle with.  In the case of CDNs, I mostly want to throw 
 them out the window -- whenever I see one, I know that the reverse lookup 
 information is going to be useless and it's time to toss that address out of 
 the bucket and look at the next weird one on the list. 

Not sure why in-addr on CDN would be any different than .. well, anything.

Perhaps I do not understand your use case well enough?

-- 
TTFN,
patrick


 On Nov 16, 2013, at 5:28 PM, Patrick W. Gilmore patr...@ianai.net wrote:
 
 First, the location of CDN nodes is not relevant to passive DNS monitoring. 
 If Andrew would like a list of domains with CDN hostnames in them, that 
 might be findable.
 
 Second, a list of CDN nodes is likely impossible to gather  maintain 
 without the help of the CDNs themselves. There are literally thousands of 
 them, most do not serve the entire Internet, and they change frequently. And 
 before you ask, I know at least Akamai will _not_ give you their list, so 
 don't even try to ask them.
 
 Sorry this makes your life more difficult. Perhaps if you explained why you 
 were doing address lookups, the collective body could help you come up with 
 a better solution?
 
 -- 
 TTFN,
 patrick
 
 
 On Nov 15, 2013, at 10:06 , Michael Collins, Aleae mcoll...@aleae.com 
 wrote:
 
 I'll second that; CDNs are a constant pain for me when I'm doing address
 lookups.  A list of them would make life a lot easier for a bunch of
 different investigative processes. 
 
 If there isn't one right now, I think I could get off my tuchas and
 start maintaining one if anyone's interested in pitching in.
 
 
 On 11/14/13 5:19 PM, Andrew Fried wrote:
 Actually, a list of CDNs would be very handy.  I harvest botnets and
 fast flux hosts out of passive dns, and some of the heuristics used to
 identify them are similar to what CDNs look like.
 
 Having a decent list of CDN effective top level domains alone would be
 useful for redacting those hosts.
 
 Andy
 
 
 Andrew Fried
 andrew.fr...@gmail.com
 
 On 11/14/13, 5:11 PM, Patrick W. Gilmore wrote:
 List of CDNs would be difficult, but not impossible. Although they do 
 different things, so a simple list is unlikely to be as useful as it 
 looks. 
 
 A lost of CDN DC nodes is not possible. Why do you care about such a 
 thing anyway?
 
 
 
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: CDN node locations

[Patrick W. Gilmore]

On Nov 16, 2013, at 19:36 , Jay Ashworth j...@baylink.com wrote:

 Second, a list of CDN nodes is likely impossible to gather  maintain
 without the help of the CDNs themselves. There are literally thousands
 of them, most do not serve the entire Internet, and they change
 frequently. And before you ask, I know at least Akamai will _not_ give
 you their list, so don't even try to ask them.
 
 I find myself unsurprised.
 
 I was led to a very interesting failure case involving CDN's a couple weeks
 ago, that I thought you might find amusing.
 
 I have a Samsung Galaxy S4, with Sprint.  On a semi-regular basis, the 
 networking gets flaky around 1-2am ish local time, but 3 weekends ago, 
 the symptom I saw was DNS lookups failed -- and it wasn't clear to me
 whether it was just some lookups failed, or that Big Sites were cached 
 at the provider, and *all* outgoing 53 traffic to the greater internet
 wasn't being forwarded by Sprint's customer resolvers.
 
 I know that it was their resolvers, though, as I grabbed a copy of Set DNS, 
 and pointed my phone to 8.8.8.8, and 4.2.2.1, and OpenDNS, and like that, 
 and everything worked ok.
 
 Except media.
 
 (Patrick is starting to nod and chuckle, now :-)
 
 Both YouTube and The Daily Show's apps worked ok, but refused to play
 video clips for me.  If I reset the DNS to normal, I went back to not
 all sites are reachable, but media plays fine.
 
 My diagnosis was that those sites were CDNed, and the DNS names to *which*
 they were CDNs were only visible inside Sprint's event horizon, so when I 
 was on alternate DNS resolution, I couldn't get to them.
 
 But that took me over a day to figure out.  Don't get old.  :-)
 
 Patrick?  Is that how (at least some) customers do it? 

#1: I could not possibly comment on customers. But since I've only worked at 
Markley Group for 3 weeks, I don't know all the customers, so I couldn't tell 
you even if they were customers at all, more or less how they do things. 
Besides, Markley Group ain't a CDN.

#2: Assuming you are assuming I still work at Akamai (I don't), and are asking 
me if that's how Akamai does things, I couldn't possibly comment on customers 
at a previous position. Everything I've said up to now was either public 
knowledge or something I was more than happy to give out publicly if asked 
while I was at Akamai. The query above, specifically is XXX how customer YYY 
does things, is neither of those.

But in the more general sense, your hypothesis does not really fit the 
circumstances completely. DNS is orthogonal to serving bits. If Sprint's DNS is 
f00bar'ed, then you can't resolve anything, CDN-ififed or not. It is true some 
CDNs put some name servers inside other networks, but that is still a race 
condition, because (for instance) Akamai's DNS TTL is 20 seconds. You have to 
go back 'outside' eventually to get stuff, which means relying on Sprint's 
recursive NSes.

Plus the two sites you list (YouTube  DailyShow) are not on the same 
infrastructure. Google hosts its own videos, DailyShow is not hosted on Google 
(AFAIK), therefore they must be two different companies using two different 
pieces of equipment and two different name server algorithms / topologies. It 
would be weird that Sprint's failure mode worked fine for those two and nothing 
else.

Sorry.

-- 
TTFN,
patrick

P.S. I wasn't chuckling. :)



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: List of CDNs?

[Patrick W. Gilmore]

List of CDNs would be difficult, but not impossible. Although they do different 
things, so a simple list is unlikely to be as useful as it looks. 

A lost of CDN DC nodes is not possible. Why do you care about such a thing 
anyway?

-- 
TTFN,
patrick

Composed on a virtual keyboard, please forgive typos. 


 On Nov 14, 2013, at 22:02, Carlos Kamtha kam...@ak-labs.net wrote:
 
 Hi,
 
 I was wondering if anyone knows where I could find a compiled list of Content 
 Delivery Networks as well
 as thier DC nodes? if any..
 
 Please respond offlist.
 
 Cheers,
 Carlos
 

Re: Sudan disconnected from the Internet

[Patrick W. Gilmore]

It's not a fiber cut. It did come back for a while at least.

https://twitter.com/akamai_soti/status/382872513761398785/photo/1

-- 
TTFN,
patrick


On Sep 25, 2013, at 21:03 , Jean-Francois Mezei jfmezei_na...@vaxination.ca 
wrote:

 On 13-09-25 20:43, Warren Bailey wrote:
 We make Ku-band backpacks for this type of scenario. I would give it 12-18
 hours before you see CNN light up with live feeds.. 
 
 Why would an entertainment network cover real news ?
 
 BBC or AlJazeera are better news sources for stuff that happens more
 than 2 bocks away from CNN's atlanta offices.
 
 BBC:
 25 September 2013 Last updated at 17:54 ET
 
 Sudan fuel unrest: Many die in Khartoum as riots continue
 http://www.bbc.co.uk/news/world-africa-24272835
 
 
 Al Jazeera:
 Sudan protests over fuel prices turn deadly
 Security forces use tear gas to disperse demonstrators in Khartoum amid
 simmering anger over subsidy cuts.
 Last Modified: 25 Sep 2013 18:08
 
 http://www.aljazeera.com/news/africa/2013/09/sudan-protests-over-fuel-turns-deadly-2013925104639248955.html
 
 Neither article mentions internet disconnection.
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: iOS 7 update traffic

[Patrick W. Gilmore]

Composed on a virtual keyboard, please forgive typos. 

On Sep 19, 2013, at 13:58, Paul Ferguson fergdawgs...@mykolab.com wrote:

 Can someone please explain to a non-Apple person what the hell happened
 that started generating so much traffic? Perhaps I missed it in this
 thread, but I would be curious to know what iOS 7 implemented that
 caused this...

BING for ios adoption rate (one estimate is 29% in 16 hours), multiply by # 
of iThings, multiply by size of iOS, divide by # of seconds in estimate. 

As for why so many users upgrade so fast, that's a harder question. It could be 
iThing users are more willing to believe the fruit company's advertising (hype) 
. Could be that the device tells them to upgrade so they do. It is also at 
least partially due to the fact all iThings are upgradable (within a certain 
age horizon).

Hope that gives you something to chew on, even if it doesn't answer the 
question. 

-- 
TTFN,
patrick 

 On 9/19/2013 10:23 AM, Nick Olsen wrote:
 
 We also saw a huge spike in traffic. Still pretty high today as well.
 We saw a ~60% above average hit yesterday, And we're at ~20-30% above
 average today as well.
 Being an android user, It didn't dawn on me until some of the IOS users in
 the office started jumping up and down about IOS7
 Nick Olsen
 Network Operations (855) FLSPEED  x106
 
 
 From: Justin M. Streiner strei...@cluebyfour.org
 Sent: Wednesday, September 18, 2013 6:19 PM
 To: NANOG nanog@nanog.org
 Subject: Re: iOS 7 update traffic
 
 On Wed, 18 Sep 2013, Tassos Chatzithomaoglou wrote:
 
 We also noticed an interesting spike (+ ~40%), mostly in akamai.
 The same happened on previous iOS too.
 
 I see it here, too.  At its peak, our traffic levels were roughly double
 what we would see on a normal weekday.
 
 jms
 
 Zachary McGibbon wrote on 18/9/2013 20:38:
 So iOS 7 just came out, here's the spike in our graphs going to our ISP
 here at McGill, anyone else noticing a big spike?
 
 [image: internet-sw1 - Traffic - Te0/7 - To Internet1-srp (IR Canet) -
 TenGigabitEthernet0/7]
 
 Zachary McGibbon
 
 
 -- 
 Paul Ferguson
 Vice President, Threat Intelligence
 Internet Identity, Tacoma, Washington  USA
 IID -- Connect and Collaborate -- www.internetidentity.com
 
 

Re: iOS 7 update traffic

[Patrick W. Gilmore]

Composed on a virtual keyboard, please forgive typos. 

On Sep 19, 2013, at 14:11, Warren Bailey 
wbai...@satelliteintelligencegroup.com wrote:

 I don't see how operators could tolerate this, honestly. I can't think of a 
 single provider who does not oversubscribe their access platform... Which 
 leads me to this question :
 
 Why does apple feel it is okay to send every mobile device an update on a 
 single day?

That question makes no sense to me. Turn that around: Why would Apple think 
that is not OK?


 Never mind the fact that we are we ones on the last mile responsible for 
 getting it to their customers, 1gb per sub is pretty serious.. Why are they 
 not caching at their head ends, dslams, etc?

Most providers are offered a cache for free (there is a minimum traffic volume, 
but it is not even as large as Netflix's requirements). Every provider, 
regardless of traffic, is offered peering for free. 

What was the problem again?

-- 
TTFN,
patrick


  Original message 
 From: Mikael Abrahamsson swm...@swm.pp.se
 Date: 09/19/2013 11:08 AM (GMT-08:00)
 To: Paul Ferguson fergdawgs...@mykolab.com
 Cc: NANOG nanog@nanog.org
 Subject: Re: iOS 7 update traffic
 
 
 On Thu, 19 Sep 2013, Paul Ferguson wrote:
 
 
 Can someone please explain to a non-Apple person what the hell happened
 that started generating so much traffic? Perhaps I missed it in this
 thread, but I would be curious to know what iOS 7 implemented that
 caused this...
 
 The IOS7 upgrade is ~750 megabyte download for the phones/pods, and ~950
 megabytes for ipad. There are quite a few devices out there times these
 amounts to download...
 
 --
 Mikael Abrahamssonemail: swm...@swm.pp.se
 

Re: common method to count traffic volume on IX

[Patrick W. Gilmore]

On Sep 17, 2013, at 07:02 , Nick Hilliard n...@foobar.org wrote:
 On 17/09/2013 11:52, Martin T wrote:

 Is there a common method to count this traffic on a switch-fabric?
 Just read all the switch interface packets input counters with an
 interval to get the aggregated input traffic and read all the switch
 interfaces packets output counters to get the aggregated output
 traffic?
 
 most IXPs count this as the sum of all ingress packets over a period of 300
 seconds.  A small number of IXPs do different stuff, e.g. different
 sampling interval or counting traffic on inter-switch links.

I am unaware of any IXP that uses a smaller sampling period (presumably in an 
attempt to make their IXP look bigger) other than DE-CIX.

Is there another one?

And yes, DE-CIX is more than well aware everyone thinks this is .. uh .. let's 
just call it silly for now, although most would use far more disparaging 
words. Which is probably why no serious IXP does it.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: common method to count traffic volume on IX

[Patrick W. Gilmore]

On Sep 17, 2013, at 11:04 , Nick Hilliard n...@foobar.org wrote:
 On 17/09/2013 14:43, Patrick W. Gilmore wrote:

 And yes, DE-CIX is more than well aware everyone thinks this is .. uh ..
 let's just call it silly for now, although most would use far more
 disparaging words. Which is probably why no serious IXP does it.
 
 It's not silly

We disagree.


 it's just not what everyone else does

I don't think anyone else does 2 minutes, but happy to be educated otherwise.


 so it's not
 possible to directly compare stats with other ixps.  I'm all in favour of
 using short (but technically sensible) sampling intervals for internal
 monitoring, but there are good reasons to use 300s / ingress sum for
 prettypics intended for public consumption.

Your IXP (network, whatever), you decision. Use 2 second timers for all I care.

Unfortunately, DE-CIX has done exactly what you said - compared themselves to 
other IXPs using that apples-to-oranges comparison. There are words for that 
sort of thing, but they are impolite, and I otherwise like the people at 
DE-CIX, so I shall let each NANOG-ite decide how to view such, um, tactics.

-- 
TTFN,
patrick




signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: common method to count traffic volume on IX

[Patrick W. Gilmore]

On Sep 17, 2013, at 12:11 , Martin T m4rtn...@gmail.com wrote:

 Thanks for all the replies!
 
 
 Nick,
 
 counting traffic on inter-switch links is kind of cheating, isn't it?
 I mean if input bytes and output bytes on all the ports facing the
 IX members are already counted, then counting traffic on links between
 the switches in fabric will count some of the traffic multiple times.
 
 
 
 Patrick,
 
 how does smaller sampling period help to show more traffic volume on
 switch fabric? Or do you mean that in case of shorter sampling periods
 the traffic peaks are not averaged out and thus peak in and peak out
 traffic levels remain higher?

The graph has a bigger peak, and DE-CIX has claimed see, we are bigger using 
such graphs. Not only did they not caveat the fact they were using a 
non-standard sampling method, they have refused to change when confronted or 
even say what their traffic would be with a 300 second timer.

-- 
TTFN,
patrick


 On 9/17/13, Nick Hilliard n...@foobar.org wrote:
 On 17/09/2013 14:43, Patrick W. Gilmore wrote:
 And yes, DE-CIX is more than well aware everyone thinks this is .. uh ..
 let's just call it silly for now, although most would use far more
 disparaging words. Which is probably why no serious IXP does it.
 
 It's not silly - it's just not what everyone else does, so it's not
 possible to directly compare stats with other ixps.  I'm all in favour of
 using short (but technically sensible) sampling intervals for internal
 monitoring, but there are good reasons to use 300s / ingress sum for
 prettypics intended for public consumption.
 
 Nick
 
 
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Akamai Edgekey issues ?

[Patrick W. Gilmore]

On Sep 03, 2013, at 09:58 , Jay Ashworth j...@baylink.com wrote:
 From: Matthew Petach mpet...@netflight.com
 On Mon, Sep 2, 2013 at 7:33 PM, Jorge Amodio jmamo...@gmail.com wrote:
 
 Here is another bit of data... www.apple.com not reachable from a
 machine
 using Google's NS, reachable from an iPad using TWC NS
 
 IP addresses returned by each are different ... could be load
 balancing, or
 creative (broken) traffic engineering
 
 Far more likely to be simply due to Akamai
 localizing the IP addresses to be as close
 to the resolving nameserver as possible;
 so, when using Google DNS, you end up
 at an Akamai node close to the Google
 DNS server; when using the TWC nameservers,
 you end up pointing to an Akamai node closer
 to those TWC nameservers.
 
 Not a case of broken traffic engineering at all.
 
 Sure it is. 
 
 It's assuming that the geographic location of a customer resolver server
 has anything whatever to do with the geographic location of the end node,
 which it's not in fact a valid proxy for.

It isn't? How wrong is this assumption? Be specific. How far off is it, for how 
many users?

Perhaps look at the other side. Assumptions must be made. What assumptions 
would be better in the real world? What percentage of users are closer to 
anycast nodes? What are the real-world performance differences using this 
method vs. other methods?

Saying not in fact a valid proxy without hard data is not useful. What data 
do you have to prove your thesis?

Akamai seems to perform well for the vast majority of users. Or so I believe, 
but I fully admit I am biased. :)

That said, always happy to be educated. If you have data, let us know.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Akamai Edgekey issues ?

[Patrick W. Gilmore]

On Sep 03, 2013, at 02:41 , Scott Hulbert sc...@scotthulbert.com wrote:
 Matthew Petach mpet...@netflight.com wrote:

 Why not just use the TWC nameservers,
 if thiings work when you use them instead
 of the Google nameservers?
 
 
 One reason would be that TWC used to hijack failed DNS requests and show
 advertisements (
 http://netcodger.wordpress.com/2010/09/14/roadrunner-returns-to-dns-hijack-tactics/
 ).

Without condoning or decrying this practice, I believe TWC allows you to 
opt-out of that. (Whether they should require you to opt-out, or do it at 
all, is intentionally not discussed.)


 Also, Google DNS and OpenDNS helped manually clean up bad records after the
 NYTimes had their nameservers changed at the TLD registry (
 http://blog.cloudflare.com/details-behind-todays-internet-hacks).

What makes you think TWC did not do the same?

And it was a lot more than the New York Times that had issues, and there was a 
lot more than a single instance of this.

To be clear, Google is Johnny On The Spot when these things happen, and kudos 
to them for it. But so are lots of other providers (e.g. OpenDNS, who has been 
doing this a lot longer than Google), they just might not have teh GOOG name 
to get them in the press  blogs.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Trivium

[Patrick W. Gilmore]

On Aug 19, 2013, at 10:42 , Blake Dunlap iki...@gmail.com wrote:

 Without Google, how do you know where anything even *is*?

Pretending that wasn't a troll, I wonder how much of the traffic these days is 
things like AppleTV, Roku, OS updates, iThing/Android 'Apps', etc. that do not 
require a user to type www.bing.com into the Google search box[*] so they can 
find the web page.

-- 
TTFN,
patrick

[*] I've actually see someone type www.yahoo.com into the Google search box, 
then use Yahoo! to search for something. Don't ask


 On Mon, Aug 19, 2013 at 2:38 AM, Larry Sheldon larryshel...@cox.net wrote:
 
 http://news.cnet.com/8301-**1023_3-57598978-93/google-**
 outage-reportedly-caused-big-**drop-in-global-traffic/http://news.cnet.com/8301-1023_3-57598978-93/google-outage-reportedly-caused-big-drop-in-global-traffic/
 
 
 How big is the Internet?
 
 Depends in whether Google is up or not?
 
 --
 Requiescas in pace o email   Two identifying characteristics
of System Administrators:
 Ex turpi causa non oritur actio  Infallibility, and the ability to
learn from their mistakes.
  (Adapted from Stephen Pinker)
 
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: How big is the Internet?

[Patrick W. Gilmore]

On Aug 15, 2013, at 10:05 , Leo Bicknell bickn...@ufp.org wrote:
 On Aug 14, 2013, at 3:27 PM, Patrick W. Gilmore patr...@ianai.net wrote:

 Once you define what you mean by how bit is the Internet, I'll be happy to 
 spout off about how big it is. :)
 
 Arbitrary definition time: A Internet host is one that can send and receive 
 packets directly with at least one far end device addressed out of RIR 
 managed IPv4 or IPv6 space.
 
 That means behind a NAT counts, behind a firewall counts, but a true private 
 network (two PC's into an L2 switch with no other connections) does not, even 
 if they use IP protocols.  Note that devices behind a pure L3 proxy do not 
 count, but the L3 proxy itself counts.
 
 Now, take those Internet hosts and create a graph where each node has a 
 binary state, forwards packets or does not forward packets the result is a 
 set of edge nodes that do not forward packets.  The simple case is an end 
 user PC, the complex case may be something like a server in a data center 
 that while connected to multiple networks does not forward any packets, and 
 is an edge node on all of the networks to which it is attached.
 
 To me, all Internet traffic is the sum of all in traffic on all edge 
 nodes.  Note if I did my definition carefully out = in - (packet loss + 
 undeliverable), which means on the scale of the global Internet I suspect out 
 == in, when rounded off.

I have a feeling you flipped in  out in that formula.


 So please, carry on and spout off as to how big that is, I think an estimate 
 would be very interesting.

Spout off time:

My laptop at home is an edge node under the definition above, despite being 
behind a NAT. My home NAS is as well. When I back up my laptop to my NAS over 
my home network, that traffic would be counted as Internet traffic by your 
definition.

I have a feeling that does not come close to matching the mental model most 
people have in their head of Internet traffic. But maybe I'm confused.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: How big is the Internet?

[Patrick W. Gilmore]

On Aug 16, 2013, at 00:37 , Sean Donelan s...@donelan.com wrote:
 On Thu, 15 Aug 2013, Seth Mattinen wrote:

 We'll also need this data in units of number of Libraries of Congress.
 
 The researchers at the Library of Congress are more than happy to explain why 
 you are wrong to attempt to use the Library of Congress as a unit of measure, 
 and why the estimates being used are wrong.
 
 http://blogs.loc.gov/digitalpreservation/2011/07/transferring-libraries-of-congress-of-data/
 
 along with several other blog posts over the years.
 
 But it doesn't seem to stop people from wanting to 1) know how big the 
 Library of Congress is and 2) using it as a unit of measure.
 
 It seems odd that there are relatively good estimates for other communication 
 networks and utilities; i.e. how big is the PSTN, how many television or 
 radio stations, how much freight is carried by railroads, trucks and ships.  
 But asking how big is the Internet, how much data does it carry, ends up with 
 no answer.
 
 Even the researchers at the Library of Congress, if you give them enough beer 
 and beg them enough, will eventually give you an estimate
 about the Library collection size as of the end of the last year.
 
 What so special about the Internet that it can't be measured?

Complete lack of regulation, and in many cases, even billing.

You cannot make a call on the PSTN without someone getting money from someone 
else and a CDR (http://en.wikipedia.org/wiki/Call_detail_record) being 
created. Television  radio stations are trivially countable and probably 
literally a a dozen or more orders of magnitude off the number of packets on 
the Internet. Railroads are similarly tiny in number and bill for freight. 
Roads are built by taxpayer dollars, so the gov't keeps a good account. Etc., 
etc.

The Internet is the first world-wide thing that doesn't bill based on where 
you send something, what you are doing, why you do it, and in many cases, even 
how much you do. Moreover, anyone can set up anything on it without asking the 
gov't for permission.

This has enabled the impossible growth curve seen the last 20 years, but also 
made it impossible to count, categorize, or control. Which pisses off some 
people (usually governments), but makes others (e.g. me!) all warm  fuzzy 
inside.

-- 
TTFN,
patrick

P.S. I know you already knew the answer to the question, but I figured you 
wanted it answered when you asked, so I did.



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: How big is the Internet?

[Patrick W. Gilmore]

On Aug 14, 2013, at 15:00 , Sean Donelan s...@donelan.com wrote:

 I should have remembered, NANOG prefers to correct things.  So here are
 several estimates about how much IP/Internet traffic is downloaded
 in a month.  Does anyone have better numbers, or better souces of
 numbers that can be shared?

I think you are not defining things precisely enough to be corrected. What does 
downloaded mean? For instance:

1) If a Google server pulls traffic from another Google server in another 
datacenter over the Google backbone, is that downloaded?
2) How about if an an Akamai server pulls traffic from another Akamai server in 
the same building but two different networks?
3) How about if the two servers are on the same switch?
4) What if I am playing X-Box with another user on Comcast on the same head end?
5) Two different head ends in the same city?
6) Different cities?

Etc.

It is actually even harder than the above illustrates. Most people define Mbps 
on the Internet as inter-AS bits. But then what about Akamai AANP nodes, 
Google GGC nodes, Netflix Open Connect nodes, etc.? They are all inside the AS. 
Given that Akamai claims to be 20% of all broadband traffic, Google is on the 
same order, and NF claims to be 30% of US peak-evening traffic, it seems like 
it would be foolish to ignore this traffic.

I could go on, but you get the point. Definitions are a bitch.

Once you define what you mean by how bit is the Internet, I'll be happy to 
spout off about how big it is. :)

All that said: My back-of-the-envelope math says the Internet is order of 1 
exabyte/day, as defined by my own rules on what counts as the Internet[*].  I 
could easily be wrong, but you asked.

-- 
TTFN,
patrick

[*] I count Company-to-Company traffic. This is _mostly_ inter-AS traffic, but 
on-net nodes (e.g. Akamai, Google, NF) - Provider _do_ count. Things like 
Google - Google over Google backbone do not count. Things like as701 - as702 
would count, but not as701 - as701, even if the traffic is between two 
single-homed customers. It is a weird definition, but that's how I define it. 
(Although I may be biased, since counting only inter-AS traffic leaves off 
$SOME_PERCENTAGE of the traffic from my company.)


 Arbor/Merit/Michigan Internet Observatory: 9,000 PB/month (2009)
 Minnesota Internet Traffic Studies: 7,500-12,000 PB/month (2009)
 
 Cisco Visual Network Index:
   Total IP: 55,553 PB/month (2013)
   Fixed IP: 39,295 PB/month (2013)
   Managed IP: 14,679 PB/month (2013)
   Mobile Data: 1,578 PB/month (2013)
 Telegeography via ITU report: 44,000 PB/month (2012)
 National Security Agency: 55,680 PB/month (2013)
 
 
 Individual providers/countries
 Australian Bureau of Statistics (AU only) : 184 PB/month (2012)
 ATT Big Petabyte report (ATT only): 990 PB/month (2013)
 CTIA mobile traffic (US only): 69 PB/month (2011)
 London School of Economics (Europe only): 3,600 PB/month (2012)
 TATA Communications: 1,600 PB/month (2013)
 
 Historical:
 NSFNET: 0.015 PB/month (1994)
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: How big is the Internet?

[Patrick W. Gilmore]

On Aug 15, 2013, at 00:19 , Sean Donelan s...@donelan.com wrote:
 On Wed, 14 Aug 2013, Patrick W. Gilmore wrote:

 It is actually even harder than the above illustrates. Most people define 
 Mbps on the Internet as inter-AS bits. But then what about Akamai AANP 
 nodes, Google GGC nodes, Netflix Open Connect nodes, etc.? They are all 
 inside the AS. Given that Akamai claims to be 20% of all broadband traffic, 
 Google is on the same order, and NF claims to be 30% of US peak-evening 
 traffic, it seems like it would be foolish to ignore this traffic.
 
 I could go on, but you get the point. Definitions are a bitch.
 
 Some of that may help explain why the Internet traffic estimates seem to be 
 too high or too low since about 2007. The primary data sources for
 the Internet traffic estimates seem to be mostly Internet backbones and 
 Internet exchange points.
 
 I hadn't been paying attention until I looked at a bunch of companies' 
 investor filings this week because the size of the Internet was in the news.  
 If you add up the percentages that companies are telling investors and policy 
 makers, you end up with more than 100%. Most of the companies' investor 
 reports don't explain % of what.  But the few that
 do, end up pointing back to the same traffic forecast reports.  That doesn't 
 even get to the long tail of small providers that don't report anything.
 
 Either there is a lot of traffic missing, or market concentration is much 
 greater than assumed.

I am not at all surprised the sum of percentages is  100.

User on Joe's-DSL-and-Bait store sends a packet up through 
Mary's-backbone-and-coffee shop to Bill's-other-transit-and-sandwich cart which 
finally lands on Comcast. (Didn't see that coming, did you? :)

All four networks are going to claim that packet, but a true accounting of 
petabytes downloaded per day will only count it once.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: ddos attacks

[Patrick W. Gilmore]

On Aug 02, 2013, at 09:37 , sgr...@airstreamcomm.net wrote:

 I’m curious to know what other service providers are doing to 
 alleviate/prevent ddos attacks from happening in your network.  Are you 
 completely reactive and block as many addresses as possible or null0 traffic 
 to the effected host until it stops or do you block certain ports to prevent 
 them.  What’s the best way people are dealing with them?

#1: Ensure your network is BCP38 compliant.

Hard to complain about others attacking you when you are not clear. And if you 
do not block source-address spoofing, you are not clean.

As for the rest, I'll let others with more recent experience explain what they 
do.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: nLayer IP transit

[Patrick W. Gilmore]

On Jul 31, 2013, at 20:00 , Mark Tees markt...@gmail.com wrote:

 I remember reading a while back that customers of nLayer IP transit
 services could send in Flowspec rules to nLayer. Anyone know if that is
 true/current?

Not any more.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: ARIN WHOIS for leads

[Patrick W. Gilmore]

On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote:
 From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] 

 Wouldn't that defeat the purpose of maintaining the whois?
 
 Yep!
 
 We registered a few domains and get the same thing, I think it's
 something that people are going to have to live with. :/
 
 I agree. We just politely tell them we are not interested and move on
 about our day. Some cold callers we have taken up on offers. It just
 depends who calls and whether or not we are looking for new service.
 WHOIS Privacy is nice for the domains and we use for some of our domains
 but not all. We just hate when customers get those scam notices and call
 us or open tickets about it.

The fact you take some cold callers up on offers means they will continue to 
call.

Please do not reward people who scrape whois or the NANOG-l archive. If it is 
not profitable to call people, they will stop.

Put another way: You are making life worse for all of us.

-- 
TTFN,
patrick

Re: ARIN WHOIS for leads

[Patrick W. Gilmore]

On Jul 26, 2013, at 09:32 , Ryan Pavely para...@nac.net wrote:

 What about the 2am phone calls from the guy, who did a nslookup on a website, 
 and then whois on the ip, who is calling to say his porn site is partially 
 not working and he's pissed.
 
 imho.  The days of having public records like whois/rwhois available has 
 passed.  The data use to be protected with a simple clue test.  Only the clue 
 minded folks knew about the data, and were pretty responsible with it.  Now 
 anyone can look it up.  We use to use that data to be able to directly 
 communicate with another provider for a serious problem.  It was great 
 knowing exactly how to get a hold of someone, and not have to forage your way 
 through tech support... noc.. etc..
 
 Even the anti-spam army out there seem to ignore 'This is the abuse contact', 
 and end up spamming all whois org contacts. What's the point in that?
 
 Why can't we implement a method where you have to be a registered, and 
 paying, user/member with an AS number to be able to get IP whois 'contact' 
 info?  Sure list my name and company.  But keep my email and phone number 
 private.  In fact show me a web log of all registered users that looked me up.
 
 I doubt that will ever happen.  So it's time for me to update my arin contact 
 as this past weekend I got exactly that 2am porn call and it was quite 
 disturbing which website was being referenced. In all my years I knew there 
 was some crazy stuff out there, but this took the cake.

You can change anything you want. ARIN  ICANN are both member organizations. 
Propose a change, get the votes, and POOF!, things are changed.

Even better, only the clued (and paid) get to vote. So it is exactly what you 
wanted.

-- 
TTFN,
patrick


 On 7/25/2013 7:02 PM, Justin Vocke wrote:
 Sent this little e-mail to ARIN:
 
 I'm not sure that you guys can do anything about this, but it's worth
 looking into. I registered AS626XX a week ago, and since it's registration,
 I've been getting calls from wholesale carriers trying to get me to
 purchase IP transit from them. Someone is obviously using your database of
 contact information to generate sales leads.
 
 512-377-6827 was one of the numbers trying to get more information about my
 network and how they could help me.
 
 My guess is someone is using your mass whois database, looking at the most
 recently issued/created AS numbers, and cold calling.
 
 Just thought I'd pass this along.
 -
 
 Due to the amount of calls I've received, I'm guessing its probably a good
 idea to remove my contact info from the registration and setup role's
 instead.
 
 Does this sorta thing happen frequently with new registrations or did I
 just draw the short straw?
 
 Best,
 Justin
 
 

Re: ARIN WHOIS for leads

[Patrick W. Gilmore]

On Jul 26, 2013, at 11:05 , David Conrad d...@virtualized.org wrote:
 On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore patr...@ianai.net wrote:

 You can change anything you want. ARIN  ICANN are both member 
 organizations. Propose a change, get the votes, and POOF!, things are 
 changed.
 
 Err. ICANN isn't a membership organization. It is possible to change things 
 at ICANN, but the mechanisms are ... different and much slower (since it 
 involves getting consensus in a multi-stakeholder environment).

Sure it is, the membership is just very .. uh .. selective. :)

Stakeholder is just a fancy way of saying member. They vote, things change.

Like I said, this is _exactly_ what Ryan wanted. Only the anointed get to 
decide things. Works out well, doesn't it?

-- 
TTFN,
patrick

Re: ARIN WHOIS for leads

[Patrick W. Gilmore]

 What happen to the days when you could simply tell someone not
 interested, don't call again and you wouldn't hear from them ever
 again?

I don't know, but that is part of the reason why you can't ignore these people 
or buy from them.

Ever heard of the one bite at the apple idea? Marketers think they should 
each be able to ask you just once to buy something from them. Ignoring the fact 
they ask more than once, in the US alone, there are 23 million small businesses 
http://www.sba.gov/content/small-business-trends.

How many calls / emails do you want to get if even 10% of them decide they get 
_one_ chance to ask you to buy something?

The reason this is not a problem for snail mail is there has to be a serious 
return to cover the cost of printing, postage, etc. What's the cost of sending 
23 million emails? Two cents?


 Or the days when everything wasn't treated as spam

Everything is not.

I admit that the other side frequently goes in-frickin'-sane and calls even 
non-scraped, individually addressed mail to a single person spam. We 
shouldn't listen to them any more than we should listen to the marketer calling 
back the four time in a week to sell my father life insurance - after he had 
passed away.


Suggestion: Put tagged addresses and, if possible, phone numbers in your ARIN 
whois and other public records. When someone emails that address or calls that 
number, make sure you put them on a never buy from list, and they know it. 
Write them a physical (form) letter, explaining why, and make it public (web 
page, blog, whatever. If even a small percentage of people did this, many 
companies would change their practices. _Especially_ Internet companies.

-- 
TTFN,
patrick




On Jul 26, 2013, at 11:59 , Otis L. Surratt, Jr. o...@ocosa.com wrote:

 -Original Message-
 From: Patrick W. Gilmore [mailto:patr...@ianai.net] 
 Sent: Friday, July 26, 2013 9:47 AM
 To: NANOG list
 Subject: Re: ARIN WHOIS for leads
 
 On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com
 wrote:
 From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
 
 Wouldn't that defeat the purpose of maintaining the whois?
 
 Yep!
 
 We registered a few domains and get the same thing, I think it's
 something that people are going to have to live with. :/
 
 I agree. We just politely tell them we are not interested and move on 
 about our day. Some cold callers we have taken up on offers. It just 
 depends who calls and whether or not we are looking for new service.
 WHOIS Privacy is nice for the domains and we use for some of our 
 domains but not all. We just hate when customers get those scam 
 notices and call us or open tickets about it.
 
 The fact you take some cold callers up on offers means they will
 continue to call.
 
 Please do not reward people who scrape whois or the NANOG-l archive.
 If it is not profitable to call people, they will stop.
 
 Put another way: You are making life worse for all of us.
 
 --
 TTFN,
 patrick
 
 I'm not sure how they receive their data or if they mined from other
 sources. But one can draw some conclusions that they get information
 from some list/database and if you are a new provider or a new recipient
 of number resources then yes; that's probably how ARIN WHOIS database.
 
 But why don't we take off our hat for one moment that would call this
 spam and simply look at it for what it is. I'm sure others would agree.
 Sales teams typically would compile a list of names and phone numbers in
 a local community and cold call to see if there is any interest. Waiting
 on folks to call you could be weeks, months and years thus adversely
 affecting your business. I'm sure every company has done some cold
 calling before. If you have not then you must have a customer base of
 that is making you the profit you desire and/or you are already a
 billionaire. Thus you the resources for advertisements on
 local/regional/national TV. (Not the only form of advertising BTW)
 
 I can name several tier 1 and 2 providers who have reached out to us for
 IP transit based on cold calling/ARIN WHOIS. 
 We've been an ARIN paying member since 2005 and have not had any contact
 with any sales folks until last 4 to 5 years maybe.
 
 IMHO, you guys should get off this spam kick and simply tell folks you
 are not interested and move on about your day. Life is way too short.
 I'm not sure how cold calling is spamming? 
 
 The folks that received the porn calls my response is SMH and I am
 very disgusted. But I definitely can understand your feelings for cold
 calling. Again, life is too short to get all worked up about it. Like I
 said before simply tell them not interested and don't call again. We do
 and we very seldom find a stubborn sales person that continue with
 repeated calls. For the ones we do we have our phone system immediately
 hang up their call based on number. If they someone how gain my or
 others mobile numbers we simply add as contact and send to voicemail

Re: ARIN WHOIS for leads

[Patrick W. Gilmore]

On Jul 26, 2013, at 12:54 , Alex Rubenstein a...@corp.nac.net wrote:

 Case in point.. And I'm going to name drop, but do not consider this a shame.
 I have been looking at various filtering technologies, and was looking at
 Barracudas site. I went on with my day, but noticed that filtering vendors
 start showing up on random websites. Fast forward 24 hours later..
 
 You know what I am waiting for?
 
 The LED billboards on the side of the road displaying targeted 
 advertisements, based on your proximity to them, because your android phone 
 is telling the sign where you are.
 
 Who thinks I am crazy?

I do. Only 'cause you singled out Android, as if Apple, Blackberry, etc. 
wouldn't do this too.

-- 
TTFN,
patrick

Re: Friday Hosing

[Patrick W. Gilmore]

On Jul 12, 2013, at 19:22 , Nick Khamis sym...@gmail.com wrote:

 Set up your own email server, host your own web pages, maintain your own
 cloud, breath your own oxygen FTW.

That's simply not realistic for many companies and essentially all people (to a 
first approximation).

-- 
TTFN,
patrick

Re: Friday Hosing

[Patrick W. Gilmore]

Composed on a virtual keyboard, please forgive typos. 

On Jul 12, 2013, at 13:25, na...@namor.ca wrote:

 On Fri, 12 Jul 2013, Alain Hebert wrote:
 
 Is it me or the bigger a corporation gets the more vindictive (a b-word
 intended) they are to customers leaving them?
 
 Never attribute to malice that which is adequately explained by stupidity.

I prefer Heinlein's version: Never attribute to malice that which can be 
adequately explained by stupidity, but don't rule out malice.

And, of course the corollary that any sufficiently advanced stupidity is 
indistinguishable from malice. 

Put another way, whether it was stupid or evil, the results are the same. 
Turning off a customer in good standing is actionable in court, and should be 
avoided by legitimate businesses at nearly all costs.

Not correcting the error (should it happen) when notified goes from oops to 
evil, whether intentional or not.

And yes, I've probably worked for a corporation that has done this at least 
once over the years. (I did work for a telco for a while. :-) Doesn't mean I 
can't think it was evil of us and work to stop it from ever happening again.

-- 
TTFN,
patrick

Re: Friday Hosing

[Patrick W. Gilmore]

On Jul 12, 2013, at 13:44 , Bryan Fields br...@bryanfields.net wrote:
 On 7/12/13 1:39 PM, Patrick W. Gilmore wrote:

 Put another way, whether it was stupid or evil, the results are the same. 
 Turning off a customer in good standing is actionable in court, and should 
 be avoided by legitimate businesses at nearly all costs.
 You can void a contract at any time so long as you're willing to accept the
 result.

Hence the actionable in court phrase.


 I've seen people have their service cut off and a carrier keep their
 equipment.  Sure they will get it back, but is it worth spending 100k fighting
 them in court for three years? 

Every business makes tough decisions. For instance, judging the risk/reward 
ratio of getting, for instance, loss of use fees, legal fees, etc., out of an 
opponent in a court case.

Either way, I'm interested in hearing when a company does these bad things so I 
can add that into the decision when considering that company. (To be clear, one 
person saying they cut me off without warning does not automatically mean I 
would never do business with a company. There's always another side. But I 
still like to collect the info when possible.)

In this case, the OP didn't mention which company it was, other than monopole.

-- 
TTFN,
patrick

Re: /25's prefixes announced into global routing table?

[Patrick W. Gilmore]

On Jun 22, 2013, at 16:16 , Grzegorz Janoszka grzeg...@janoszka.pl wrote:
 On 22-06-13 17:30, Owen DeLong wrote:

 Looking at the number of autonomous systems in the IPv6 routing table and 
 the total number of routes, it looks like it will shake out somewhere in the 
 neighborhood of 3-5 prefixes/ASN. Since there are ~35,000 unique ASNs in the 
 IPv4 table, I figured simple multiplication provided as good an estimate as 
 any at this early time.
 
 Deaggregating of IPv4 announcements is done for traffic engineering and
 to fight ddoses (just the attacked /24 stops being announced to
 internet). I think some people will just copy their v4 habits into v6
 and then we might have explosion of /48's.
 I wouldn't be so sure about just 3-5 prefixes/ASN.

Not that many people are de-aggregating in anticipation of the DDoS.

Temporary de-agg during DDoS is not relevant to discussions on global table 
sizes.

-- 
TTFN,
patrick

Re: /25's prefixes announced into global routing table?

[Patrick W. Gilmore]

On Jun 24, 2013, at 13:29 , Paul Rolland (ポール・ロラン) r...@witbe.net wrote:
 On Fri, 21 Jun 2013 13:56:02 -0600 Michael McConnell 
 mich...@winkstreaming.com wrote:

 As the IPv4 space get smaller and smaller, does anyone think we'll see a
 time when /25's will be accepted for global BGP prefix announcement. The
 current smallest size is a /24 and generally ok for most people, but the
 crunch gets tighter, routers continue to have more and more ram will it
 always be /24 the smallest size?
 
 Well, /25 are already in the routing table. I can even find a few /26 !!
 
 rtr-01.PAR#sh ip b | i /26
 *i193.41.227.128/26
 *i193.41.227.192/26
 *i194.149.243.64/26

The question was when will we see /25s in the GLOBAL routing table. Despite the 
very un-well defined definition for global routing table, I'm going to 
assuming something similar to the DFZ, or the set of prefixes which is seen in 
all (most of?) the transit-free networks[*].

Given that definition, there are exactly zero /25s in the GRT (DFZ). And 
unlikely to be for a while. Whether a while is next 12 months or several 
years is something I am very specifically choosing not to answer.

-- 
TTFN,
patrick

[*] Don't you hate the term tier one these days? It doesn't mean what it used 
to mean (i.e. _settlement free_ peering with all other tier one networks). And 
given that there are non-transit-free networks with more 
[traffic|revenue|customers|$WHATEVER] than some transit free networks, I prefer 
to not use the term.



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Need help in flushing DNS

[Patrick W. Gilmore]

On Jun 20, 2013, at 01:30 , Grant Ridder shortdudey...@gmail.com wrote:

 Yelp is evidently also affected

Not from here.

If the NS or www points to 204.11.56.0/24 for a production domain/hostname, 
that's bad. Yelp seems to be resolving normally for me.

-- 
TTFN,
patrick


 On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote:
 
 Reaching out to DNS operators around the globe. Linkedin.com has had some
 issues with DNS
 and would like DNS operators to flush their DNS. If you see
 www.linkedin.com resolving NS to
 ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.
 
 Any other info please reach out to me off-list.
 
 While you're at it, www.usps.com, www.fidelity.com, and other well
 known sites have had DNS poisoning problems.  When I restarted my
 cache, they look OK.
 
 
 
 

Re: Multihop eBGP peering or VPN based eBGP peering

[Patrick W. Gilmore]

On Jun 17, 2013, at 00:36 , Otis L. Surratt, Jr. o...@ocosa.com wrote:

 Any idea why more companies don't offer eBGP peering / multi hop
 peering? Its very common for providers to offer single or double hop
 peering, so why not 5 or 10 hops? In many cases people find it logical
 to perform single or double hop peering, why is peering any greater
 always frowned upon. I understand the logic that you can't control the
 path beyond a point, however I still see numerous advantages.
 
 The norm has always been if you are peering with someone you have router
 in the location you are peering. Thus, direct connection!!! 
 But I've seen folks do what you are describing but in terms of their own
 networks thru use of GRE Tunnels. The main point of peering is having
 better connectivity and dropping traffic directly or closest to its
 destination.

First, inside your own network is not eBGP. iBGP has no hop limitation (well, 
255). If you have you seen someone do eBGP inside their own network, they 
were actually doing it between two separate networks they owned.

If you saw someone do eBGP over a GRE tunnel, that is a direct connection, not 
multi-hop. [Cue discussion from last week about multiple islands in the same 
ASN.]


 One obvious advantages one is, imagine you east coast data centre and
 you had a eBGP peering session with a west coast router, you'd be able
 to control ingress via the west coast. (aka routing around an region
 outage that is effecting ingress) For example during the last hurricane
 around New Jersey, numerous tier 1's were down towards the atlantic and
 every peer for the atlantic was effected. One could have just made the
 ingress via the west coast the logical route. 
 
 I do see this advantage being an obvious workable logical one. However,
 large providers typically have their own network (layers 1-3) coast to
 coast if were talking USA. But in the case of the hurricane situation
 many were without power so you can have a router west coast and announce
 from that router but how will you get traffic back to east coast if
 that's your data center? 
 
 You see you can have routers all over but if your data center (CDN) is
 without power you are done.

I do not see an advantage here.

You are on the east coast and you want to re-direct traffic to the west coast, 
so you announce a prefix to a west coast router and ask it to propagate that 
prefix to its peers. How do you guarantee that router has a route back to the 
east coast for that prefix?

Remember, a prefix announcement is a promise to deliver traffic to that prefix. 
You are suggesting asking a router to make a promise when that router has no 
guarantee of reachability. In your hurricane example, perhaps the west coast 
router reaches that prefix through one of the down east coast routers? Now you 
have blackholed that prefix when a router in, say, Chicago or Dallas would have 
announced it properly and had reachability.

If you want to control where a prefix ingresses another network, first you need 
a transit relationship with that network. Most modern transit networks have 
community-based signaling, allowing you to do what you suggest and more (e.g. 
prepend to peer $X or do not announce to peer $Y).

-- 
TTFN,
patrick

Re: huawei

[Patrick W. Gilmore]

On Jun 13, 2013, at 12:18 , Nick Khamis sym...@gmail.com wrote:

 A local clec here in Canada just teamed up with this company to
 provide cell service to the north:
 
 http://cwta.ca/blog/2012/09/24/ice-wireless-iristel-and-huawei-partner-for-3g-wireless-network-in-northern-canada/
 
 Scary

Why?

Do you think Huawei has a magic ability to transmit data without you noticing?

If you don't want to use Hauwei because they stole code or did other nasty 
things, I'm right there with you. If you believe a router can somehow magically 
duplicate info and transport it back to China (ignoring CT/CU's inability to 
have congestion free links), I think you are confused.

-- 
TTFN,
patrick

Re: huawei

[Patrick W. Gilmore]

On Jun 13, 2013, at 12:28 , Avi Freedman a...@freedman.net wrote:

 I disagree.
 
 There have already been lab demos of sfps that could inject frames and APTs 
 are pretty advanced, sinister, and can be hard to detect now.
 
 I'm not suggesting Huawei is or isn't enabling badness globally but I think 
 it would be technically feasible.

I am assuming a not-Hauwei-only network.

The idea that a router could send things through other routers without someone 
who is looking for it noticing is ludicrous.

Of course, most people aren't paying attention, a few extra frames wouldn't be 
noticed most likely. But if you are worried about it, you should be looking.

Also, I find it difficult to believe Hauwei has the ability to do DPI or 
something inside their box and still route at reasonable speeds is a bit silly. 
Perhaps they only duplicate packets based on source/dest IP address or 
something that is magically messaged from the mother ship, but I am dubious.

It should be trivial to prove to yourself the box is, or is not, doing 
something evil if you actually try.

-- 
TTFN,
patrick


 --Original Message--
 From: Patrick W. Gilmore
 To: NANOG list
 Subject: Re: huawei
 Sent: Jun 13, 2013 12:22 PM
 
 On Jun 13, 2013, at 12:18 , Nick Khamis sym...@gmail.com wrote:
 
 A local clec here in Canada just teamed up with this company to
 provide cell service to the north:
 
 http://cwta.ca/blog/2012/09/24/ice-wireless-iristel-and-huawei-partner-for-3g-wireless-network-in-northern-canada/
 
 Scary
 
 Why?
 
 Do you think Huawei has a magic ability to transmit data without you noticing?
 
 If you don't want to use Hauwei because they stole code or did other nasty 
 things, I'm right there with you. If you believe a router can somehow 
 magically duplicate info and transport it back to China (ignoring CT/CU's 
 inability to have congestion free links), I think you are confused.
 
 -- 
 TTFN,
 patrick
 
 
 

Re: Single AS multiple Dirverse Providers

[Patrick W. Gilmore]

 however, providers a/b at site1 do not send us the two /24s from
 site b..

This is probably incorrect.

The providers are almost certainly sending you the prefixes, but your router is 
dropping them due to loop detection. To answer your later question, this is the 
definition of 'standard' as it is written into the RFC.

Use the allow-as-in style command posted later in this thread to fix your 
router.

-- 
TTFN,
patrick


On Jun 10, 2013, at 12:36 , Dennis Burgess dmburg...@linktechs.net wrote:

 I have a network that has three peers, two are at one site and the third
 is geographically diverse, and there is NO connection between the two
 separate networks.
 
 
 
 Currently we are announcing several /24s out one network and other /24s
 out the second network, they do not overlap.  To the internet this works
 fine, however, providers a/b at site1 do not send us the two /24s from
 site b..   We have requested them to, but have not seen them come in,
 nor do we have any filters that would prohibit them from coming in. 
 
 
 
 Is this normal?  Can we receive those routes even though they are from
 our own AS?  What is the best practice in this case?  
 
 
 
 Dennis Burgess, Mikrotik Certified Trainer Author of Learn RouterOS-
 Second Edition http://www.wlan1.com/product_p/mikrotik%20book-2.htm 
 
 Link Technologies, Inc -- Mikrotik  WISP Support Services
 
 Office: 314-735-0270 tel:314-735-0270  Website:
 http://www.linktechs.net http://www.linktechs.net/  - Skype: linktechs
 skype:linktechs?call
 
 -- Create Wireless Coverage's with www.towercoverage.com
 http://www.towercoverage.com/  - 900Mhz - LTE - 3G - 3.65 - TV
 Whitespace  
 
 
 

Re: Single AS multiple Dirverse Providers

[Patrick W. Gilmore]

On Jun 10, 2013, at 12:54 , Joe Provo nanog-p...@rsuc.gweep.net wrote:
 On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote:

 I have a network that has three peers, two are at one site and the third
 is geographically diverse, and there is NO connection between the two
 separate networks.
 
 So, you have two islands? Technically, that would be separate 
 ASNs as they are separatre routing policies, but the modern 
 world has adapted. 

Should we change the rules? I know with 64-bit ASNs mean it is tough to run out 
of ASNs, but not sure we really want each island to be its own AS going forward.

Comments from the peanut gallery?

-- 
TTFN,
patrick


 Currently we are announcing several /24s out one network and other /24s
 out the second network, they do not overlap.  To the internet this works
 fine, however, providers a/b at site1 do not send us the two /24s from
 site b..   We have requested them to, but have not seen them come in,
 nor do we have any filters that would prohibit them from coming in. 
 
 Is this normal?  Can we receive those routes even though they are from
 our own AS?  What is the best practice in this case?  
 
 To prevent loops in the global Internet the BGP specification
 dictates this behavior, and has in all versions. Depending on 
 your platform and theirs, you will all need to turn several 
 knobs before you are allowed to break these rules. I would 
 recommend that you gain more than passing familiarity with 
 why the protocol is built this way, how it affects your use
 case, and what concerns you might have WRT your providers
 before you change the behavior for your case.
 
 Cheers,
 
 Joe
 
 -- 
 RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NANOG
 

Re: Single AS multiple Dirverse Providers

[Patrick W. Gilmore]

On Jun 10, 2013, at 13:36 , Bruce Pinsky b...@whack.org wrote:
 Patrick W. Gilmore wrote:

  however, providers a/b at site1 do not send us the two /24s from
  site b..
  
  This is probably incorrect.
  
  The providers are almost certainly sending you the prefixes, but your 
  router is dropping them due to loop detection. To answer your later 
  question, this is the definition of 'standard' as it is written into the 
  RFC.
  
  Use the allow-as-in style command posted later in this thread to fix your 
  router.

 Or maintain standard behavior by running a GRE tunnel between the two
 discontinuous sites and run iBGP over the tunnel.

Standard how? I don't remember any such standard, but always willing to be 
educated.

Also, as someone who helps run 2500 non-connected sites, I can't begin to 
imagine the mess of GRE that would require. (OK, not all are in the same ASN, 
but I like hyperbole. :)

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Single AS multiple Dirverse Providers

[Patrick W. Gilmore]

On Jun 10, 2013, at 14:07 , Bruce Pinsky b...@whack.org wrote:
 Patrick W. Gilmore wrote:
  On Jun 10, 2013, at 13:36 , Bruce Pinsky b...@whack.org wrote:

  Or maintain standard behavior by running a GRE tunnel between the two
  discontinuous sites and run iBGP over the tunnel.
  
  Standard how? I don't remember any such standard, but always willing to be 
  educated.
  
  Also, as someone who helps run 2500 non-connected sites, I can't begin to 
  imagine
  the mess of GRE that would require. (OK, not all are in the same ASN, but I 
  like
  hyperbole. :)
 
 Standard in the sense of continuing to reject duplicate ASN in the AS
 path and not using a BGP knob to allow unnatural behavior.

Natural is a funny word here.

The reason you think it is natural is that's the way it has always been done. 
It's not a law or nature or something ghod has wrought. It is essentially a 
tribal tradition. cue Topol singing

Tradition is useful, but not a reason in-and-of itself, especially in the face 
of reasons to break tradition. I think having 100s of 1000s of discontiguous 
locations is a pretty good reason.


 If the networks he wishes to advertise for those sites are considered in
 the same ASN, there should be continuity between those sites, either
 physical or virtual.

I disagree. There are times it is simply not realistic to expect continuity.

The alternative is to expect networks with 100s or 1000s of locations to burn 
100s or 1000s of ASNs. Which I think is a bit silly. Hence my question about 
possibly changing the rules.

NB: I fully admit I am biased in this. But that doesn't mean I'm wrong.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Single AS multiple Dirverse Providers

[Patrick W. Gilmore]

On Jun 10, 2013, at 14:14 , Joe Provo nanog-p...@rsuc.gweep.net wrote:
 On Mon, Jun 10, 2013 at 01:18:04PM -0400, Patrick W. Gilmore wrote:
 On Jun 10, 2013, at 12:54 , Joe Provo nanog-p...@rsuc.gweep.net wrote:
 On Mon, Jun 10, 2013 at 11:36:44AM -0500, Dennis Burgess wrote:

 I have a network that has three peers, two are at one site and the third
 is geographically diverse, and there is NO connection between the two
 separate networks.
 
 So, you have two islands? Technically, that would be separate 
 ASNs as they are separatre routing policies, but the modern 
 world has adapted. 
 
 Should we change the rules? I know with 64-bit ASNs mean it is
 tough to run out of ASNs, but not sure we really want each island
 to be its own AS going forward.
 
 Comments from the peanut gallery?
 
 I missed your proposal for loop detection to replace the current 
 behavior in the above text. Was it compressed?

Was not compressed. Don't want to take out loop detection in general. If you 
are running an island, it is up to you to ensure that island is specifically 
configured.

This makes it no different than lots of other weird things on the 'Net.  (I 
put weird in quotes because weird implies out of the ordinary, but there are 
probably more weird things than normal things these days.)


 I will admit that it is Not Hard for people who know what 
 they're doing to operate well outside default and standard 
 behavior. That's why I merely recommended that the questioner 
 educate themselves as to the whys and wherefore before just 
 turning knobs. I would submit that not knowing loop detection 
 is a default and valuable feature might indicate the person 
 should understand why and how it affects them. I don't have 
 the hubris to believe that I understand his business needs, 
 nor edge conditions/failure modes where a different solution 
 might be needed.

All good points.

Is it enough to keep the standard? Or should the standard have a specific carve 
out, e.g. for stub networks only, not allowing islands to provide transit. Just 
a straw man.

Or we can keep it like it is today, non-standard and let people who know what 
they are doing violate it at their own peril.

The problem with the latter is some ISPs point to standards as if there is no 
other possible way to do things. Which makes it difficult to be someone who 
knowingly violates a standard.

Anyway, just wondering how others felt.

-- 
TTFN,
patrick

Re: Single AS multiple Dirverse Providers

[Patrick W. Gilmore]

On Jun 10, 2013, at 15:23 , Job Snijders job.snijd...@atrato.com wrote:

 The alternative is to expect networks with 100s or 1000s of locations to 
 burn 100s or 1000s of ASNs. Which I think is a bit silly. Hence my question 
 about possibly changing the rules.
 
 I see no issue with that, we have an ASN pool of roughly 4294967280 ASNs. 
 There is no shortage. Also BCP6 section 5 [1] would support the philosophy to 
 just get more ASNs when you need to manage multiple islands. 

Ever tried to get a single peer set up sessions in 50+ places with 50+ ASNs?

Neither have I. Nor do I plan to try any time soon.

Anyway, looks like the comments lean towards leave it as it is, and some 
people will knowingly violate the rules, as has been done since the Internet 
began.

-- 
TTFN,
patrick

whoami.akamai.net

[Patrick W. Gilmore]

As the whoami.akamai.net hostname came up on the list, I thought I'd mention it 
here.

The hostname 'whoami.akamai.com' is a CNAME for whoami.akamai.net. That CNAME 
is, frankly, a mistake. It will be removed soon. If you are using the .com 
name, please move to the .net name.

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Variety, On The Media, don't understand the Internet

[Patrick W. Gilmore]

On May 14, 2013, at 13:06 , Jay Ashworth j...@baylink.com wrote:

 Or I don't.  Which is not completely impossible.
 
 In this piece:
 
  
 http://variety.com/2013/digital/news/netflix-puts-even-more-strain-on-the-internet-1200480561/
 
 they suggest that Akamai and other ISP-side caching is either not
 affecting these numbers and their pertinence to the backbone at all,
 or not much.
 
 Did they miss something?  or did I?

I don't see the word backbone in there, other than in the comments.

Your DSL line is part of the Internet, and doing more traffic puts more 
strain (FSVO strain) on that link, even if the server is colocated with the 
cable head end.

So I don't see the problem here. But then, maybe I'm the one who is confused? :)

-- 
TTFN,
patrick

Re: Variety, On The Media, don't understand the Internet

[Patrick W. Gilmore]

On May 14, 2013, at 15:53 , Jean-Francois Mezei jfmezei_na...@vaxination.ca 
wrote:
 On 13-05-14 13:06, Jay Ashworth wrote:
 
  
 http://variety.com/2013/digital/news/netflix-puts-even-more-strain-on-the-internet-1200480561/
 
 they suggest that Akamai and other ISP-side caching is either not
 affecting these numbers and their pertinence to the backbone at all,
 or not much.
 
 
 This is from a Sandvine press release. Sandvine measures traffic at the
 last mile, so it doesn't really know whether a Netflix stream is coming
 from a local caching server within the carrier's LAN, from a caching
 server that is peering with the carrier, or via the real internet.
 
 In the case of a large ISP with a Netflix cache server accessible
 locally, (either in-house, or via peering at a local carrier hotel), the
 traffic doesn't really travel on the internet.

Since when is peering not part of the Internet? Since when is even on-net 
caches not part of the Internet?

I always thought if I am on the Internet, anything I ping is on the Internet. 
(I am intentionally ignoring things like split tunnel VPN nodes.)

Perhaps you think of the Internet as the tier ones or something?


 But for smaller ISPs, the traffic will travel on the internet between
 the nearest cache server and their facilities.

I guess you assume smaller ISPs don't peer? Unfortunately, reality disagrees 
with you, 100s if not 1000s of times.

Still confused about this whole notion, though. Perhaps you can clarify?


 Because of caching, the load on the actual internet won't increase as
 much as the amoount streamed onto last mile infrastructure.

Uh

I give up.

-- 
TTFN,
patrick

Re: Variety, On The Media, don't understand the Internet

[Patrick W. Gilmore]

On May 14, 2013, at 21:14 , Jean-Francois Mezei jfmezei_na...@vaxination.ca 
wrote:
 On 13-05-14 20:55, Patrick W. Gilmore wrote:

 Since when is peering not part of the Internet? 
 
 Yes, one car argue that an device with an IP address routable from the
 internet is part of the internet.

Can argue? How would you define the Internet?


 But when traffic from a cahe server flows directly into an ISP's
 intranet to end users, it doesn't really make use of the Internet nor
 does it cost the ISP transit capacity.

Transit capacity != Internet.

Plus you said even peering wasn't the Internet.


 Compare this to a small ISP in a city where there are no cache servers.
 Reaching netfix involves using paid transit to reach the nearest point
 where Netflix has a cache server. So traffic truly travels on the internet.

Truly? You have interesting definitions.

I think you are trying to say small ISPs have to pay to access $CONTENT, big 
ones do not. This is objectively false-to-fact.

If you are trying to say scale makes some things easier, then I'm sure most 
people would agree. But trying to define the Internet as transit capacity, or 
saying small ISPs can't peer, or anything of the sort is silly.

-- 
TTFN,
patrick

whoami.akamai.net [was: Google Public DNS Problems?]

[Patrick W. Gilmore]

On May 02, 2013, at 12:12 , Joe Abley jab...@hopcount.ca wrote:
 On 2013-05-02, at 12:10, Joe Abley jab...@hopcount.ca wrote:
 On 2013-05-02, at 11:59, Charles Gucker cguc...@onesc.net wrote:

   That's not entirely true.You can easily do lookup for
 whoami.akamai.net and it will return the unicast address for the node
 in question (provided the local resolver is able to do the
 resolution).This is a frequent lookup that I do when I don't know
 what actual anycast node I'm using.
 
 Using 8.8.8.8 to tell me about whoami.akamai.net tells me what Akamai 
 authoritative server Google last used to answer that query.
 
 Oh, now that I poke at it, it seems like whoami.akamai.net is telling me 
 about the address of the resolver I used, rather than the address of the 
 akamai node I hit.
 
 Never mind, I understand now :-)

For clarity: Looking up the hostname whoami.akamai.net will return the IP 
address in the source field of the packet (DNS query) which reached the 
authoritative name server for Akamai.net.

We use this to look for forwarding or proxying, which is frequently unknown / 
invisible to the end user.

It has the side-effect that querying against an anycast server (e.g. 
208.67.222.222 or 8.8.8.8) will show the unicast address of the anycast node 
which forwarded to our servers.

In case anyone is wondering, we do not do any special logging or watching of 
this hostname. It is logged for a short time on the local hard drive the same 
as any other DNS query, but unless someone actually looks, we will not notice 
if you query for it. So feel free to use it for your own purposes as much as 
you like. We have a bit of spare DNS capacity. :)

-- 
TTFN,
patrick

Re: whoami.akamai.net [was: Google Public DNS Problems?]

[Patrick W. Gilmore]

On May 02, 2013, at 14:42 , Constantine A. Murenin muren...@gmail.com wrote:
 On 2 May 2013 11:12, Patrick W. Gilmore patr...@ianai.net wrote:

 For clarity: Looking up the hostname whoami.akamai.net will return the IP 
 address in the source field of the packet (DNS query) which reached the 
 authoritative name server for Akamai.net.
 
 We use this to look for forwarding or proxying, which is frequently unknown 
 / invisible to the end user.
 
 It has the side-effect that querying against an anycast server (e.g. 
 208.67.222.222 or 8.8.8.8) will show the unicast address of the anycast node 
 which forwarded to our servers.
 
 In case anyone is wondering, we do not do any special logging or watching of 
 this hostname. It is logged for a short time on the local hard drive the 
 same as any other DNS query, but unless someone actually looks, we will not 
 notice if you query for it. So feel free to use it for your own purposes as 
 much as you like. We have a bit of spare DNS capacity. :)
 
 No IPv6 at akamai.net, huh? :p

No, sorry. We're working on it.

Of course, v6 is available on most other Akamai products.

And if someone wants to pay us for v6 on whomai. :)

-- 
TTFN,
patrick


 Cns# host whoami.akamai.net
 whoami.akamai.net has address 216.66.80.30
 Cns# host 216.66.80.30
 30.80.66.216.in-addr.arpa domain name pointer tserv1.fra1.he.net.
 Cns#
 
 Does anyone run a DNS whoami that's IPv6-ready?
 
 C.
 

Re: Tier1 blackholing policy?

[Patrick W. Gilmore]

On Apr 30, 2013, at 11:07 , Chris Boyd cb...@gizmopartners.com wrote:
 On Tue, 2013-04-30 at 10:59 -0400, ML wrote:

 1) Do nothing - They're supposed deliver any and all bits
 (Disregarding
 a DoS or similiar situation which impedes said network)
 2) Prefix filter - Don't be a party (at least in one direction) to the
 bad actors traffic. 
 
 3 - Deliver all packets unless I've signed up for an enhanced security
 offering?

While I like that plan, there are a LOT more people who will scream about not 
being protected than those who will bitch they can't get to a phishing site.

Since networks are for-profit companies, they'll lower their costs (e.g. 
support calls), as long as it lowers their cost more than the cost of losing 
a customer or two (and let's be honest, that is about all they _might_ lose) 
who are religious about the whole transit means everywhere thing.

-- 
TTFN,
patrick

Re: Tier1 blackholing policy?

[Patrick W. Gilmore]

On Apr 30, 2013, at 11:23 , Thomas Schmid sch...@dfn.de wrote:
 On 30.04.2013 17:07, Chris Boyd wrote:
 On Tue, 2013-04-30 at 10:59 -0400, ML wrote:

 1) Do nothing - They're supposed deliver any and all bits
 (Disregarding
 a DoS or similiar situation which impedes said network)
 2) Prefix filter - Don't be a party (at least in one direction) to the
 bad actors traffic.
 
 3 - Deliver all packets unless I've signed up for an enhanced security
 offering?
 
 right - I see this really as something that should be decided at the edge
 of the internet (Tier2+) and not in the core.

Core? Seriously?

Which of these statements are true:

A) Is it impossible for an end user or business (i.e. non-ISP) to get a direct 
connection to a Tier 1 (whatever the hell that means) provider.
B) Most traffic on the Internet traverses Tier 1s today.
C) A Tier 1 has a different profit motive than a Tier 2 (whatever the hell that 
means) providers.
D) All Tier 1 providers are larger than all Tier 2 providers.

We'll just skip over the E) all of the above.

-- 
TTFN,
patrick

P.S. Hint: If you answered A, B, C, or D, you aren't paying attention.

Re: Tier1 blackholing policy?

[Patrick W. Gilmore]

Composed on a virtual keyboard, please forgive typos. 

On Apr 30, 2013, at 12:32, Thomas Schmid sch...@dfn.de wrote:
 Am 30.04.2013 17:53, schrieb Patrick W. Gilmore:

 Core? Seriously? Which of these statements are true: A) Is it impossible 
 for an end user or business (i.e. non-ISP) to get a direct connection to a 
 Tier 1 (whatever the hell that means) provider. B) Most traffic on the 
 Internet traverses Tier 1s today. C) A Tier 1 has a different profit motive 
 than a Tier 2 (whatever the hell that means) providers. D) All Tier 1 
 providers are larger than all Tier 2 providers. We'll just skip over the E) 
 all of the above.
 
 agree - I oversimplified, but I think you got the idea ...

No, I did not get the point. 

I am not trolling. I just do not understand what you meant. Probably because 
there is no core, so your statement did not make sense.

-- 
TTFN,
patrick

Re: IPv6 and HTTPS

[Patrick W. Gilmore]

On Apr 26, 2013, at 00:19 , joel jaeggli joe...@bogus.com wrote:
 On 4/25/13 6:24 PM, Jay Ashworth wrote:

 Ok, here's a stupid question[1], which I'd know the answer to if I ran bigger
 networks:
 
 Does anyone know how much IPv4 space is allocated *specifically* to cater
 to the fact that HTTPS requires a dedicated IP per DNS name?
 It doesn't, or doesn't if if your clients are not stuck in the past.
 
 TLS SNI has existed for a rather long time.
 Is that a statistically significant percentage of all the IPs in use?
 
 Wasn't there something going on to make HTTPS IP muxable?  How's that coming?
 there are stuborn legacy hosts.
 How fast could it be deployed?
 you can use it now.

Sure, you can.

But no one will. No one (especially someone doing SSL content) wants 99% 
connectivity. And there's a lot more than 1% XP out there. (Hrm, that 
explanation works to explain why to a couple decimal places 0% of the Internet 
is on v6 only today.)

-- 
TTFN,
patrick

Re: Open Resolver Problems

[Patrick W. Gilmore]

On Apr 01, 2013, at 11:55 , Milt Aitken m...@net2atlanta.com wrote:

 Most of our DSL customers have modem/routers that resolve DNS
 externally.
 And most of those have no configuration option to stop it.
 So, we took the unfortunate step of ACL blocking DNS requests to  from
 the DSL network unless the requests are to our DNS servers.
 
 Suboptimal, but it stopped the DNS amplification attacks.

I was going to suggest exactly this.

Don't most broadband networks have a line in their AUP about running servers? 
Wouldn't a DNS server count as 'a server'? Then wouldn't running one violate 
the AUP?

This gives the provider a hammer to hit the user over the head. Although that 
is quite unlikely, so the better point is that it also gives the provider cover 
in case some user complains about the provider filtering.

You can always make an exception if the user is extremely loud.

-- 
TTFN,
patrick


 -Original Message-
 From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] 
 Sent: Monday, April 01, 2013 11:51 AM
 To: Chris Boyd
 Cc: nanog@nanog.org
 Subject: Re: Open Resolver Problems
 
 On Mon, 1 Apr 2013, Chris Boyd wrote:
 
 Just back to the office, and started checking my networks.  Found one
 of 
 the resolvers is a Netgear SOHO NAT box.  EoL'd, no new firmware 
 available.  Anyone have any feeling for what percentage are these
 types 
 of boxes?
 
 If you buy type of box mean small SOHO NAT router which does DNS 
 resolving on the WAN interface then I'd say a lot. Someone does a 
 rollout of new software and configuration and happens to mess up the 
 config file (or the vendor just happens to enable global dns resolving
 in 
 the new software) and this slips through testing, then you're there. I 
 believe this happens all the time.
 
 That's why the publication of these lists are important, in a lot of
 cases 
 there are a lot of people who are simply not aware of these devices
 doing 
 this, and they need to be poked to notice.
 
 -- 
 Mikael Abrahamssonemail: swm...@swm.pp.se
 
 

Re: Open Resolver Problems

[Patrick W. Gilmore]

On Apr 01, 2013, at 12:09 , Dobbins, Roland rdobb...@arbor.net wrote:
 On Apr 1, 2013, at 11:03 PM, Patrick W. Gilmore wrote:
 
 You can always make an exception if the user is extremely loud.
 
 It might be a good idea to make pinholes for the Google and OpenDNS 
 recursors, as they're fairly popular.
 
 I agree that this is a good idea, similar to the same sort of network access 
 policy as relates to SMTP.  

Ahhh, silly of me, I read the post form Milt too quickly.

I was going to suggest queries _into_ the broadband user space, not out of. If 
you only block into, OpenDNS, GoogleDNS, etc. are not an issue.

Blocking could be done with DPI. It can also be done by blocking UDP port 53. 
(Don't need to block TCP53 since that removes the amplification problem.) 
However, there are some (idiotic) name servers that do 5353. Not sure how to 
handle those, or more importantly, how many broadband customers legitimately 
use an off-net _and_ brain-dead name server? And even if they do, will they 
fall back to TCP?

Of course, since users shouldn't be using off-net name servers anyway, this 
isn't really a problem! :)

-- 
TTFN,
patrick

Re: Open Resolver Problems

[Patrick W. Gilmore]

Composed on a virtual keyboard, please forgive typos. 

On Mar 26, 2013, at 18:27, Dobbins, Roland rdobb...@arbor.net wrote:
 On Mar 26, 2013, at 3:13 PM, Nick Hilliard wrote:
 
 The whole point of this thread is that dns amplification hurts other people, 
 not the resolver which is being abused.
 
 Actually, it often hurts the resolver(s) being abused, as well, leading to 
 availability problems for those who legitimately need the recursive service 
 in question.

On more than one occasion, the operator of an open resolver being used to 
amplify an attack at our network has called / emailed asking us to stop abusing 
them. It seems the query rate we were sending them was crippling their 
servers. 

Sometimes they threaten to filter us. How thoughtful of them!

Reminds me of: Yer h4x0ring me on port 80!!1!1!!1

-- 
TTFN,
patrick

Re: Open Resolver Problems

[Patrick W. Gilmore]

On Mar 26, 2013, at 08:01 , Dobbins, Roland rdobb...@arbor.net wrote:
 On Mar 26, 2013, at 6:50 PM, Jamie Bowden wrote:
 
 let's suppose I just happen to have, or have access to, a botnet comprised 
 of (tens of) millions of random hosts all over the internet, and I feel like 
 destroying your DNS servers via DDoS;
 
 DNS reflection/amplification attacks aren't intended as attacks against the 
 DNS, per se; they're intended to crush any/all targeted servers and/or fill 
 transit pipes.

To be more clear, the point of DNS reflection attacks is to amplify the amount 
of bandwidth the botnet can muster (and perhaps hide the true source).

If you have 10s of millions of bots, you don't need to amplify. You can crush 
any single IP address on the 'Net.


 Same for SNMP and ntp reflection attacks.

And far too many other things. :(

-- 
TTFN,
patrick

Re: Open Resolver Problems

[Patrick W. Gilmore]

On Mar 26, 2013, at 10:38 , Jay Ashworth j...@baylink.com wrote:
 From: Jared Mauch ja...@puck.nether.net
 
 b) locking down your recursive servers to networks you control
 
 Sure.  But OpenDNS, Google, and the other providers of recursive servers
 for edge cases can't do that anymore?

I wish people would stop bring that up.

I guarantee I see at least as many reflection attack as anyone out there. I 
have not _once_ called/emailed Open, Google, Dyn, Ultra, or any other 
professional DNS provider asking them to stop amplifying attacks to us.

If you can run a server as competently as they can, then no one will complain.

For the other 99.% of you, LOCK THAT SHIT DOWN.

-- 
TTFN,
patrick

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

[Patrick W. Gilmore]

On Mar 05, 2013, at 13:41 , Cameron Byrne cb.li...@gmail.com wrote:

 In-line

Isn't every reply? (Well, every reply worth reading.)


 On Tue, Mar 5, 2013 at 9:55 AM, Mukom Akong T. mukom.ta...@gmail.com wrote:
 Dear experts,
 
 I've found myself thinking about what ground an engineer needs to cover in
 order to convince the executives to approve and commit to an IPv6
 Deployment project.

Why not just have them read their own SEC filings. Nearly every company has 
something to the effect of this in their 10K:
The potential exhaustion of the supply of unallocated IPv4 addresses
and the inability of $COMPANY and other Internet users to successfully 
transition to IPv6 could harm our operations and the functioning of 
the Internet as a whole.

No company would lie to the SEC, would it?

-- 
TTFN,
patrick


 I think such a presentation (15 slides max in 45 minutes) should cover the
 following aspects:
 
 a) Set the strategic context: how your organisation derives value from IP
 networks and the Internet.
 
 b) Overview of the problem: IPv4 exhaustion
 
 c) Implications of IPv4 Exhaustion to your organization’s business model.
 
 d) Introduction of IPv6 as a solution to IPv4 exhaustion.
 
 e) Understanding the risks involved.
 
 f) How much will deploying IPv6 will cost.
 
 g) Call to action.
 
 I've detailed my thinking into each of these items at How to ‘Sell’ IPv6
 to Executive Management – Guidance for
 Engineershttp://techxcellence.net/2013/03/05/v6-business-case-for-engineers/
 
 
 My question and this is where I'd appreciate some input:
 
 a) To all you engineers out there who have convinced managers - what else
 did you have to address?
 
 
 One of the most important things i see not being stressed enough is
 that IPv6 is frequently free or a low-cost incremental upgrade.
 
 So, when calculating ROI / NPV, the hurdle can be very low such that
 the cash in-flow / cost savings is not a huge factor since the
 required investment is close to nil.
 
 This is not always the case, some legacy stuff won't work on ipv6
 without investment.  But, as a plug to all you folks who work at
 companies that use a CDN, please ask your CDN to turn IPv6 on for your
 website.  This is top-of-mind for me since i just pushed my www folks
 on this issue
 
 
 Here's some relevant pointers for the CDN folks, in many cases its
 just a matter of clicking a button in the management portal:
 
 Akamai http://www.akamai.com/ipv6
 
 Edgecast http://www.edgecast.com/ipv6/
 
 Cloudflare https://www.cloudflare.com/ipv6
 
 Amazon 
 http://aws.amazon.com/about-aws/whats-new/2011/05/24/elb-ipv6-zoneapex-securitygroups/
 
 Softlayer http://www.softlayer.com/about/network/ipv6
 
 
 b) To you who are managers, what else do you need your engineers to address
 in order for you to be convinced?
 
 Regards.
 
 As always, all opinions expressed are mine and do not necessarily represent
 the views of my employers, past or present.
 
 --
 
 Mukom Akong T.
 
 http://about.me/perfexcellence |  twitter: @perfexcellent
 --
 “When you work, you are the FLUTE through whose lungs the whispering of the
 hours turns to MUSIC - Kahlil Gibran
 ---
 --
 
 Mukom Akong T.
 
 http://about.me/perfexcellence |  twitter: @perfexcellent
 --
 “When you work, you are the FLUTE through whose lungs the whispering of the
 hours turns to MUSIC - Kahlil Gibran
 ---
 

Re: Cloudflare is down

[Patrick W. Gilmore]

On Mar 04, 2013, at 09:51 , Leo Bicknell bickn...@ufp.org wrote:

 Any competent network admin would have stopped and questioned a
 90,000+ byte packet and done more investigation.  Competent programmers
 writing their internal tools would have flagged that data as out
 of rage.

The last couple words are the best thing I've read on NANOG in a very long 
time. :)

-- 
TTFN,
patrick



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: The 100 Gbit/s problem in your network

[Patrick W. Gilmore]

On Feb 12, 2013, at 01:06 , Doug Barton do...@dougbarton.us wrote:
 On 02/11/2013 03:52 PM, Patrick W. Gilmore wrote:

 One of us has a different dictionary than everyone else.
 
 I'm not sure it's different dictionaries, I think you're talking past each 
 other.

No, it's definitely different dictionaries.

I am purposely staying out of the whole multicast vs. CDN vs. set-top caching 
vs. $RANDOM_TECHNOLOGY thing.  I was concentrating sole on one point - that the 
long tail is _by definition_ a tiny fraction of total demand (Stephen's 
emphasis).

The long tail might be a fraction, or it might be a majority of the traffic.  
Depends on the use case.  Important to remember this discussing the pros  cons 
of each protocol / approach.

As for the rest, time will tell.  But it's fun to watch the discussion, 
especially by people who have never attempted any of what they are espousing. 
:)  Hey, sometimes that's where the best ideas come up - people who don't know 
what is impossible are not constrained!

-- 
TTFN,
patrick


 Video on demand and broadcast are 2 totally different animals. For VOD, 
 multicast is not a good fit, clearly. But for broadcast, it has a lot of 
 potential. Most of the issues with people wanting to pause, rewind, etc. are 
 already handled by modern DVRs, even with live programming.
 
 What I haven't seen yet in this discussion (and sorry if I've missed it) is 
 the fact that every evening every broadcast network sends out hour after hour 
 of what are essentially live broadcasts, in the sense that they were not 
 available on demand before they were aired on TV that night. In addition 
 to live broadcasts, this nightly programming is ideal for multicast, 
 especially since nowadays most of that programming is viewed off the DVR at 
 another time anyway. So filling up that DVR (or even watching it live) could 
 happen over multicast just as well as it could happen over unicast.
 
 But more importantly, what's missing from this conversation is that the 
 broadcast networks, the existing cable/satellite/etc. providers, and everyone 
 else who has a multi-billion dollar vested interest in the way that the 
 business is structured now would fight this tooth and nail. So we can 
 engineer all the awesome solutions we want, they are overwhelmingly unlikely 
 to actually happen.
 
 Doug
 
 

Re: The 100 Gbit/s problem in your network

[Patrick W. Gilmore]

On Feb 11, 2013, at 14:11 , Stephen Sprunk step...@sprunk.org wrote:
 On 11-Feb-13 12:25, Mark Radabaugh wrote:
 On 2/11/13 9:32 AM, ML wrote:
 Any eyeball network that wants to support multicast should peer with
 the content players(s) that support it. Simple!
 
 Just another reason to make the transit only networks even more
 irrelevant.
 
 The big issue is that the customers don't want to watch simulcast
 content.  The odds of having two customers in a reasonably sized
 multicast domain watching the same netflix movie at exactly the same
 time frame in the movie is slim.  Customers want to watch on time
 frames of their own choosing.   I don't see multicast helping at all
 in dealing with the situation.
 
 Multicast _is_ useful for filling the millions of DVRs out there with
 broadcast programs and for live events (eg. sports).  A smart VOD system
 would have my DVR download the entire program from a local cache--and
 then play it locally as with anything else I watch.  Those caches could
 be populated by multicast as well, at least for popular content.  The
 long tail would still require some level of unicast distribution, but
 that is _by definition_ a tiny fraction of total demand.

One of us has a different dictionary than everyone else.

Assume I have 10 million movies in my library, and 10 million active users.  
Further assume there are 10 movies being watched by 100K users each, and 
9,999,990 movies which are being watched by 1 user each.

Which has more total demand, the 10 popular movies or the long tail?

This doesn't mean Netflix or Hulu or iTunes or whatever has the aforementioned 
demand curve.  But it does mean my definition  yours do not match.

Either way, I challenge you to prove the long tail on one of the serious 
streaming services is a tiny fraction of total demand.

-- 
TTFN,
patrick

Re: The 100 Gbit/s problem in your network

[Patrick W. Gilmore]

On Feb 11, 2013, at 18:52 , Patrick W. Gilmore patr...@ianai.net wrote:
 On Feb 11, 2013, at 14:11 , Stephen Sprunk step...@sprunk.org wrote:

 Multicast _is_ useful for filling the millions of DVRs out there with
 broadcast programs and for live events (eg. sports).  A smart VOD system
 would have my DVR download the entire program from a local cache--and
 then play it locally as with anything else I watch.  Those caches could
 be populated by multicast as well, at least for popular content.  The
 long tail would still require some level of unicast distribution, but
 that is _by definition_ a tiny fraction of total demand.
 
 One of us has a different dictionary than everyone else.
 
 Assume I have 10 million movies in my library, and 10 million active users.  
 Further assume there are 10 movies being watched by 100K users each, and 
 9,999,990 movies which are being watched by 1 user each.

Obvious typo, supposed to be 8,999,990.  Or you can say I have 11 million 
users.  Whichever floats your boat.

Hopefully the point is still clear, even in a crowd as pedantic as this.

-- 
TTFN,
patrick


 Which has more total demand, the 10 popular movies or the long tail?
 
 This doesn't mean Netflix or Hulu or iTunes or whatever has the 
 aforementioned demand curve.  But it does mean my definition  yours do not 
 match.
 
 Either way, I challenge you to prove the long tail on one of the serious 
 streaming services is a tiny fraction of total demand.
 
 -- 
 TTFN,
 patrick
 

Re: Global caches

[Patrick W. Gilmore]

On Feb 04, 2013, at 09:03 , Kyle Camilleri kyle.camill...@melitaplc.com wrote:

 Some CDN providers such as Akamai and Google (often called Global Google 
 Cache) are offering caches to ISPs. It is very convenient for small ISPs to 
 alleviate bandwidth towards the provider, but also the CDN provider benefits 
 by putting source of data closer to the user resulting in far better 
 performance.
 
 Does anybody know of any other CDN providers that offer similar caches?

Don't know if you would call them a CDN, but 
https://signup.netflix.com/openconnect.

-- 
TTFN,
patrick

Re: Ddos mitigation service

[Patrick W. Gilmore]

On Feb 01, 2013, at 10:02 , Paul Stewart p...@paulstewart.org wrote:

 Akamai (CDN) does scrubbing???

http://www.akamai.com/html/solutions/kona-solutions.html

I'm sure there are other things Akamai does in the security sector as well.

-- 
TTFN,
patrick


 -Original Message-
 From: Pierre Lamy [mailto:pie...@userid.org] 
 Sent: February-01-13 9:58 AM
 To: matt kelly
 Cc: nanog@nanog.org
 Subject: Re: Ddos mitigation service
 
 The 3 major scrubbing vendors:
 
 Prolexic
 Verisign
 Akamai
 
 
 
 
 

Re: Netflix transit preference?

[Patrick W. Gilmore]

On Dec 27, 2012, at 13:19 , randal k na...@data102.com wrote:

 I work at a datacenter in southern Colorado that is the upstream bandwidth
 provider for several regional ISPs. We have been investigating our
 ever-growing bandwidth usage and have found that out of transits
 (Level3,Cogent,HE) that Netflix always seems to come in via Hurricane
 Electric. (We move ~1.4gbps to Netflix, and are thus not a candidate for
 peering. And they have no POP close.)

Your statement about peering makes no sense.  You are trying to engineer where 
their traffic comes and yet you refuse to have a direct connection which would 
give you full control?  Weird...


 I tested this by advertising a /24 across all providers, then selectively
 removed the advertisement to certain carriers to see where the bandwidth
 goes. In order, it appears that if there is a HE route, Netflix uses it,
 period. If there isn't, it prefers Level3, and Cogent comes last.

Completely unsurprising.


 Since Netflix is a big hunk of our bandwidth (and obviously makes our
 customers happy), we are included to buy some more HE. However, if Netflix
 decides that they want to randomly switch to, say, Cogent, we may be under
 a year-long bandwidth contract that isn't particularly valuable anymore.
 
 With all of that, I am interested in finding out of any knowledge about
 Netflix transit preferences, be it inside information, anecdotal, or
 otherwise. I did email peering@ but haven't heard back, thus the public
 question.

Why don't you ask Netflix?

And why not ask them for kit to put on-net?  
https://signup.netflix.com/openconnect

-- 
TTFN,
patrick

Re: Netflix transit preference?

[Patrick W. Gilmore]

On Dec 27, 2012, at 13:46 , randal k na...@data102.com wrote:

 Thanks for your prompt response. Yes, we are trying to determine where/how we 
 receive it ... not necessarily influence it, as there isn't so much we can do 
 there as Netflix' egress policy is theirs and theirs alone (interestingly, 
 nobody has communities to influence Netflix' AS2906 traffic). We cannot peer 
 directly with Netflix as their openconnect statement requires 2gbps minimum, 
 and mentions elsewhere that the like 5+. We aren't at 2gbps yet, and we are 
 nowhere near one of their POPs -- it is way cheaper to buy 2-3gbps of cheap 
 transit than it is to buy 2-3gbps of transport from Denver to LA.

Ah, I misunderstood.  Mea Culpa.  I thought you were saying since they only had 
1.4 Gbps to you, you wouldn't peer with them.  Silly of me.

The 2 Gbps is only for PNI, but yeah, I can see how paying to get to LA or 
Denver may be expensive.  Although once you did, you could peer with a lot more 
than just Netflix.  On the other hand, how much is it to get to Atlanta?  Looks 
relatively close (miles-wise, don't know fiber routes in Tennessee).

Anyway, while their egress decisions are theirs (as is true of everyone), they 
probably will be happy to discuss with you - once the holidays are over.

-- 
TTFN,
patrick


 As mentioned, my notes to peer...@netflix.com have gone unanswered for the 
 holidays (not unexpected), so I thought I'd ping the hive mind for some info 
 in the meantime.
 
 Cheers,
 Randal
 
 
 On Thu, Dec 27, 2012 at 11:26 AM, Patrick W. Gilmore patr...@ianai.net 
 wrote:
 On Dec 27, 2012, at 13:19 , randal k na...@data102.com wrote:
 
  I work at a datacenter in southern Colorado that is the upstream bandwidth
  provider for several regional ISPs. We have been investigating our
  ever-growing bandwidth usage and have found that out of transits
  (Level3,Cogent,HE) that Netflix always seems to come in via Hurricane
  Electric. (We move ~1.4gbps to Netflix, and are thus not a candidate for
  peering. And they have no POP close.)
 
 Your statement about peering makes no sense.  You are trying to engineer 
 where their traffic comes and yet you refuse to have a direct connection 
 which would give you full control?  Weird...
 
 
  I tested this by advertising a /24 across all providers, then selectively
  removed the advertisement to certain carriers to see where the bandwidth
  goes. In order, it appears that if there is a HE route, Netflix uses it,
  period. If there isn't, it prefers Level3, and Cogent comes last.
 
 Completely unsurprising.
 
 
  Since Netflix is a big hunk of our bandwidth (and obviously makes our
  customers happy), we are included to buy some more HE. However, if Netflix
  decides that they want to randomly switch to, say, Cogent, we may be under
  a year-long bandwidth contract that isn't particularly valuable anymore.
 
  With all of that, I am interested in finding out of any knowledge about
  Netflix transit preferences, be it inside information, anecdotal, or
  otherwise. I did email peering@ but haven't heard back, thus the public
  question.
 
 Why don't you ask Netflix?
 
 And why not ask them for kit to put on-net?  
 https://signup.netflix.com/openconnect
 
 --
 TTFN,
 patrick
 
 
 

Re: Netflix transit preference?

[Patrick W. Gilmore]

More silliness was pointed out to me.  I was looking at Jeff Kell's from: 
address and looked up UTC.edu to get your location, forgetting you mentioned 
Colorado in your original post.

I'm going to sign off and enjoy the holidays since I clearly am not doing 
anyone any good here.

-- 
TTFN,
patrick


On Dec 27, 2012, at 13:54 , Patrick W. Gilmore patr...@ianai.net wrote:
 On Dec 27, 2012, at 13:46 , randal k na...@data102.com wrote:
 
 Thanks for your prompt response. Yes, we are trying to determine where/how 
 we receive it ... not necessarily influence it, as there isn't so much we 
 can do there as Netflix' egress policy is theirs and theirs alone 
 (interestingly, nobody has communities to influence Netflix' AS2906 
 traffic). We cannot peer directly with Netflix as their openconnect 
 statement requires 2gbps minimum, and mentions elsewhere that the like 5+. 
 We aren't at 2gbps yet, and we are nowhere near one of their POPs -- it is 
 way cheaper to buy 2-3gbps of cheap transit than it is to buy 2-3gbps of 
 transport from Denver to LA.
 
 Ah, I misunderstood.  Mea Culpa.  I thought you were saying since they only 
 had 1.4 Gbps to you, you wouldn't peer with them.  Silly of me.
 
 The 2 Gbps is only for PNI, but yeah, I can see how paying to get to LA or 
 Denver may be expensive.  Although once you did, you could peer with a lot 
 more than just Netflix.  On the other hand, how much is it to get to Atlanta? 
  Looks relatively close (miles-wise, don't know fiber routes in Tennessee).
 
 Anyway, while their egress decisions are theirs (as is true of everyone), 
 they probably will be happy to discuss with you - once the holidays are over.
 
 -- 
 TTFN,
 patrick
 
 
 As mentioned, my notes to peer...@netflix.com have gone unanswered for the 
 holidays (not unexpected), so I thought I'd ping the hive mind for some info 
 in the meantime.
 
 Cheers,
 Randal
 
 
 On Thu, Dec 27, 2012 at 11:26 AM, Patrick W. Gilmore patr...@ianai.net 
 wrote:
 On Dec 27, 2012, at 13:19 , randal k na...@data102.com wrote:
 
 I work at a datacenter in southern Colorado that is the upstream bandwidth
 provider for several regional ISPs. We have been investigating our
 ever-growing bandwidth usage and have found that out of transits
 (Level3,Cogent,HE) that Netflix always seems to come in via Hurricane
 Electric. (We move ~1.4gbps to Netflix, and are thus not a candidate for
 peering. And they have no POP close.)
 
 Your statement about peering makes no sense.  You are trying to engineer 
 where their traffic comes and yet you refuse to have a direct connection 
 which would give you full control?  Weird...
 
 
 I tested this by advertising a /24 across all providers, then selectively
 removed the advertisement to certain carriers to see where the bandwidth
 goes. In order, it appears that if there is a HE route, Netflix uses it,
 period. If there isn't, it prefers Level3, and Cogent comes last.
 
 Completely unsurprising.
 
 
 Since Netflix is a big hunk of our bandwidth (and obviously makes our
 customers happy), we are included to buy some more HE. However, if Netflix
 decides that they want to randomly switch to, say, Cogent, we may be under
 a year-long bandwidth contract that isn't particularly valuable anymore.
 
 With all of that, I am interested in finding out of any knowledge about
 Netflix transit preferences, be it inside information, anecdotal, or
 otherwise. I did email peering@ but haven't heard back, thus the public
 question.
 
 Why don't you ask Netflix?
 
 And why not ask them for kit to put on-net?  
 https://signup.netflix.com/openconnect
 
 --
 TTFN,
 patrick
 
 
 
 

Re: Why do some providers require IPv6 /64 PA space to have public whois?

[Patrick W. Gilmore]

On Dec 08, 2012, at 21:14 , Darius Jahandarie djahanda...@gmail.com wrote:
 On Sat, Dec 8, 2012 at 7:12 PM, Dan Luedtke m...@danrl.de wrote:
 Off-topic but somehow important to me:
 HE has an open-peering policy (AFAIK);
 which basically means that tunnelbroker.net traffic is free for
 hetzner.de
 
 Is that true?
 That would be great!
 
 Just because companies A and B don't have a customer relationship
 doesn't mean all their interactions with each other are free.
 
 So no, it's not true. Costs come from needing to buy bigger routers,
 bigger waves or fiber to the exchanges, bigger ports on the exchanges,
 etc.
 
 Peering is a scam.

The vast majority of AS-AS boundaries on the Internet are settlement free 
peering.  I guess that makes the Internet a scam.

As for the costs involved, free is a relative term.  Most people think of 
peering as free because there is zero marginal cost.  Kinda.  Obviously if 
you think of your 10G IX port as a sunk cost, pushing 11 Gbps over it is not 
'free' as you have to upgrade.  But again, most people understand what is meant.

Bigger waves  bigger routers are not due to peering, they are due to customer 
traffic - you know, the thing ISPs sell.  Put another way, this is a Good Thing 
(tm).  Or at least it should be.  Unless, of course, you are trying to convince 
us all that selling too many units of your primary product is somehow bad.

Peering allows you, in most cases, to lower the Cost Of Goods Sold on that 
product.  Again, usually a Good Thing (tm).  Unless you are again trying to 
convince us all that selling at a higher margin (we'll ignore the lower latency 
 better overall experience) is somehow bad.

-- 
TTFN,
patrick

Legal Crap [was: William was raided for running a Tor exit node. Please help if you can.]

[Patrick W. Gilmore]

On Nov 30, 2012, at 20:25 , Randy Bush ra...@psg.com wrote:

 Not a lawyer.
 
 than stfu with the legal crap

It amazes me how people feel free to opine on things like networking without a 
certification, but if you don't have a law degree, suddenly they believe you 
are incapable of understanding anything regarding the law.

As for the legal crap, most of what is posted is not on-topic here.  There 
are laws  legal implications which are operational, though.  And even though I 
am not a lawyer, I need to understand them or I cannot do my job.  My lawyer is 
not going to pick which datacenter to lease, even if he knows a metric-ass-ton 
more about indemnification than I ever will (at least I hope than I ever will - 
that shit is BOORING).

I appreciate people who have researched and understand the topic giving their 
insights - just like I do regarding BGP, MPLS, IPv6... okay, no jokes about 
IPv6. :)  And, just like with networking topics, I do not appreciate people 
taking up 10K+ of their not-so-closest-friends' time with half-baked ideas from 
people who have not taken the time to understand the subject matter.  However, 
I do not believe the only way to go from the latter group into the former is to 
pass the bar.  (And if so, in what state/country? what specialty? etc., etc.)

I guess this is a long-winded way of saying: If all you have to say is STFU, 
maybe you should take your own advice?

-- 
TTFN,
patrick

Re: William was raided for running a Tor exit node. Please help if you can.

[Patrick W. Gilmore]

On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote:

 Back in the early days of the public internet we didn't require any id
 to create an account, just that you found a way to pay us. We had
 anonymous accts some of whom dropped by personally to pay their bill,
 some said hello but I usually didn't know their names and that's how
 they wanted it, I'd answer hello ACCOUNT, whatever their login was
 if I recognized them. Some mailed in something, a mail order, even
 currency tho that was rare but it did happen, or had someone else drop
 by to pay in cash (that is, no idea if they were local.)
 
 LEO occasionally served a warrant for information, usually child porn
 biz (more than just accessing child porn, selling it) tho I don't
 remember any anonymous accts being involved.

Mere conduit defense.  (Please do not anyone mention common carrier status 
or the like, ISPs are _not_ common carriers.)


 I never expected to be held accountable for anyone's behavior unless I
 was knowingly involved somehow (just the usual caveat.) LEO never
 showed any particular interest in the fact that we were ok with
 anonymous accounts. If I was made aware of illegal activities we'd
 shut them off, didn't really happen much, maybe some credible
 hacking complaint on occasion.

How do you shut off a Tor account?


 It's funny, it's all illusion like show business. It's not hard to set
 up anonymous service, crap, just drop in at any wi-fi hotspot, many
 just ask you to click that you accept their TCs and you're on. Would
 they raid them, I was just using one at a major hospital this week
 that was just like that, if someone used that for child porn etc? But
 I guess stick your nose out and say you're specifically offering anon
 accts and watch out I guess.

Do you think if the police found out child pr0n was being served from a starbux 
they wouldn't confiscate the equipment from that store?

-- 
TTFN,
patrick

Re: William was raided for running a Tor exit node. Please help if you can.

[Patrick W. Gilmore]

On Nov 29, 2012, at 12:58 , Barry Shein b...@world.std.com wrote:
 On November 29, 2012 at 11:45 patr...@ianai.net (Patrick W. Gilmore) wrote:
 On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote:
 
 It's funny, it's all illusion like show business. It's not hard to set
 up anonymous service, crap, just drop in at any wi-fi hotspot, many
 just ask you to click that you accept their TCs and you're on. Would
 they raid them, I was just using one at a major hospital this week
 that was just like that, if someone used that for child porn etc? But
 I guess stick your nose out and say you're specifically offering anon
 accts and watch out I guess.
 
 Do you think if the police found out child pr0n was being served from a 
 starbux they wouldn't confiscate the equipment from that store?
 
 I dunno, has it ever happened?

No idea.  However, I would not be the least bit surprised.  In fact, I would be 
surprised if they failed to do so, after having proof that child pr0n was 
served from one.


 I mean confiscated the store's
 equipment, I assume that's what you mean. Is that because no one has
 ever been involved with child porn etc from a Starbucks? Does that
 seem likely? I don't know, really.
 
 And why would confiscating it from one location address the issue if
 they offer anonymous hotspots (I don't know if they do but whatever,
 there are plenty of others) at all locations and they're one company?
 
 It would seem like they'd have to confiscate the equipment at every
 Starbucks in their jurisdiction, which could be every one in the US
 for example.

They didn't confiscate every Tor exit node in the US once they found something 
nefarious emanating from one.

-- 
TTFN,
patrick

Re: William was raided for running a Tor exit node. Please help if you can.

[Patrick W. Gilmore]

On Nov 29, 2012, at 13:57 , William Herrin b...@herrin.us wrote:
 On Thu, Nov 29, 2012 at 11:45 AM, Patrick W. Gilmore patr...@ianai.net 
 wrote:
 Do you think if the police found out child pr0n was
 being served from a starbux they wouldn't
 confiscate the equipment from that store?
 
 I think if they took the cash registers too the Starbucks lawyer would
 be in court an hour later with a motion to quash in one hand and an
 offer of full cooperation in the other.

And if the sky were orange

Any other non-sequitors? :)

-- 
TTFN,
patrick

P.S. I can come up with some examples where the cash registers would be fair 
game, such as when the manager was charging the hosting provider extra to sit 
in the corner and host the 'bad content'.  But it is still a non-sequitor w/r/t 
this thread.

Re: Big day for IPv6 - 1% native penetration

[Patrick W. Gilmore]

On Nov 20, 2012, at 08:45 , Owen DeLong o...@delong.com wrote:

 It is entirely possible that Google's numbers are artificially low for a 
 number
 of reasons.

AMS-IX publishes stats too:
https://stats.ams-ix.net/sflow/

This is probably a better view of overall percentage on the Internet than a 
specific company's content.  It shows order of 0.5%.

Why do you think Google's numbers are lower than the real total?

-- 
TTFN,
patrick


 On Nov 20, 2012, at 5:31 AM, Aaron Toponce aaron.topo...@gmail.com wrote:
 On Tue, Nov 20, 2012 at 10:14:18AM +0100, Tomas Podermanski wrote:
 It seems that today is a big day for IPv6. It is the very first
 time when native IPv6 on google statistics
 (http://www.google.com/intl/en/ipv6/statistics.html) reached 1%. Some
 might say it is tremendous success after 16 years of deploying IPv6 :-)
 
 And given the rate on that graph, we'll hit 2% before year-end 2013.
 
 -- 
 . o .   o . o   . . o   o . .   . o .
 . . o   . o o   o . o   . o o   . . o
 o o o   . o .   . o o   o o .   o o o
 
 

Re: Big day for IPv6 - 1% native penetration

[Patrick W. Gilmore]

On Nov 20, 2012, at 11:42 , Mike Jones m...@mikejones.in wrote:
 On 20 November 2012 16:05, Patrick W. Gilmore patr...@ianai.net wrote:
 On Nov 20, 2012, at 08:45 , Owen DeLong o...@delong.com wrote:
 
 It is entirely possible that Google's numbers are artificially low for a 
 number
 of reasons.
 
 AMS-IX publishes stats too:
https://stats.ams-ix.net/sflow/
 
 This is probably a better view of overall percentage on the Internet than a 
 specific company's content.  It shows order of 0.5%.
 
 Why do you think Google's numbers are lower than the real total?
 
 
 They are also different stats which is why they give such different numbers.
 
 In a theoretical world with evenly distributed traffic patterns if 1%
 of users were IPv6 enabled it would require 100% of content to be IPv6
 enabled before your traffic stats would show 1% of traffic going over
 IPv6.
 
 If these figures are representative (google saying 1% of users and
 AMSIX saying 0.5% of traffic) then it would indicate that dual stacked
 users can push ~50% of their traffic over IPv6. If this is even close
 to reality then that would be quite an achievement.

There is even more complexity.  Remember the 6-to-4 stuff?  Suppose a user on 
Network A used a tunnel broker on HE, and his traffic passed over AMS-IX 
encapsulated in v4?  He would show up as v4 to AMS-IX and v6 to Google.

Lies, damned lies, and graphs. :)

-- 
TTFN,
patrick

Re: Big day for IPv6 - 1% native penetration

[Patrick W. Gilmore]

On Nov 20, 2012, at 14:44 , Tony Hain alh-i...@tndh.net wrote:

 If you assume that Youtube/Facebook/Netflix are 50% of the overall traffic, 
 why wouldn't a dual stacked end point have half of its traffic as IPv6 after 
 June???

If you assume  Kinda says it all right there.

But more importantly, those three combined are not 50% of overall traffic.  It 
_might_ be true in the US, for some times of the day, but certainly not 
world-wide overall traffic.  If for no better reason than you cannot get NF in 
all countries.

-- 
TTFN,
patrick

Re: Google/Youtube problems

[Patrick W . Gilmore]

On Nov 19, 2012, at 03:05 , Saku Ytti s...@ytti.fi wrote:
 On (2012-11-18 23:47 +0100), Daniel Suchy wrote:
 
 Is anyone else seeing similar problems with Google/Youtube?
 
 My advice is, host the content locally.

Sound advice, IMHO.


 I'm bit curious about market position youtube has. GOOG claims youtube is
 making profit, but I think this is because network is considered other BUs
 cost and youtube rides on it for free (remember pre-youtube, how GOOG
 micro-optimized google front-page to save on network cost, post-youtube
 they rightly stopped caring and added predictive input etc.)

I do not work for Google, nor have I asked anyone in Google how they do their 
accounting.  However, I would be rather surprised to find the vast majority of 
their capacity is charged to the BU using a tiny fraction of that capacity, 
while the BU using the lion's share gets a free ride.


 I can't see how anyone could compete against youtube, I don't believe the
 service is anywhere near profitable (it's maybe 10% of Internet, and I
 can't see revenue being 10% of Internet), if it would have to pay for the
 network itself. Consequently you probably can't compete with them, as you
 need to cover the costs from the profits. It is just so ubiquitous service,
 that if it does not work your eyeballs will switch to network where it
 does, so you will give google free capacity, which you wouldn't probably do
 for others web streaming shops.

First, I believe YouTube is  10% of the Internet.

Second, I see no reason why that requires anything close - not even within a 
couple orders of magnitude - of 10% of the Internet's revenue to be profitable. 
 Why would you assume such a thing?

-- 
TTFN,
patrick

Re: Plages d'adresses IP Orange

[Patrick W. Gilmore]

On Nov 19, 2012, at 12:16 , Jamie Bowden ja...@photon.com wrote:

 Actually, this is kind of an interesting aside.  Last time I checked, Canada 
 counts as North America and large parts of Quebec are inhabited by folks who 
 don't speak much, if any, English.  Having said that, I can't recall having 
 seen any Quebecois posting in French here, but I find it hard to believe 
 those folks don't have use for a list like this.

The entire population of Quebec (and at least some of them speak English) is 
barely under 1/4 of Canada, and about 2.5% of the US.  Hell, it's lower than 
many major metro areas in the US.

Better to ask why we do not post in Spanish, as Mexico has 112M people, plus of 
course Central America (whatever that is), the Caribbean, etc.  But we never 
have, and I doubt we will in the future.

-- 
TTFN,
patrick


 -Original Message-
 From: Pierre-Yves Maunier [mailto:na...@maunier.org]
 Sent: Monday, November 19, 2012 11:59 AM
 To: jipe foo
 Cc: NANOG list
 Subject: Re: Plages d'adresses IP Orange
 
 Hi,
 
 I think few people understand French on this list. You should try
 FRnOG.
 
 Pierre-Yves Maunier
 
 
 Le 19 novembre 2012 17:48, jipe foo fooj...@gmail.com a écrit :
 
 Bonjour à tous,
 
 Quelqu'un d'Orange (ou autre) pourrait-il me donner plus d'info sur
 les
 plages d'adresses suivantes:
 
 inetnum:81.253.0.0 - 81.253.95.255
 netname:ORANGE-FRANCE-HSIAB
 descr:  Orange France / Wanadoo service
 country:FR
 admin-c:AR10027-RIPE
 tech-c: ER1049-RIPE
 
 inetnum:90.96.0.0 - 90.96.199.255
 netname:ORANGEFRANCE-WFP
 descr:  Orange France - WFP
 country:FR
 admin-c:ER1049-RIPE
 tech-c: ER1049-RIPE
 
 S'agit-il de plages d'adresses de mobiles, de livebox ou de
 connexions WIFI
 partagées (au moins pour la seconde) ?
 
 Merci d'avance,
 
 --
 J
 
 
 
 
 --
 Pierre-Yves Maunier
 

Re: Indonesian ISP Moratel announces Google's prefixes

[Patrick W. Gilmore]

On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote:

 What do you mean hijack? Google is peering with Moratel, if Google does not
 want Moratel to advertise its routes to Moratel's peers/upstreams, then
 Google should've set the correct BGP attributes in the first place.

That doesn't make the slightest bit of sense.

If a Moratel customer announced a Google-owned prefix to Moratel, and Moratel 
did not have the proper filters in place, there is nothing Google could do to 
stop the hijack from happening.

Exactly what attribute do you think would stop this?

-- 
TTFN,
patrick


 On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com wrote:
 
 Another case of route hijack -
 http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
 
 
 
 I am curious if big networks have any pre-defined filters for big content
 providers like Google to avoid these? I am sure internet community would be
 working in direction to somehow prevent these issues. Curious to know
 developments so far.
 
 
 
 
 Thanks.
 
 
 --
 
 Anurag Bhatia
 anuragbhatia.com
 
 Linkedin http://in.linkedin.com/in/anuragbhatia21 |
 Twitterhttps://twitter.com/anurag_bhatia|
 Google+ https://plus.google.com/118280168625121532854
 
 

Re: Indonesian ISP Moratel announces Google's prefixes

[Patrick W. Gilmore]

On Nov 07, 2012, at 00:07 , Jian Gu guxiaoj...@gmail.com wrote:

 Where did you get the idea that a Moratel customer announced a google-owned
 prefix to Moratel and Moratel did not have the proper filters in place?
 according to the blog, all google's 4 authoritative DNS server networks and
 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a
 Moratel customers announce all those prefixes?

Ah, right, they just leaked Google's prefix.  I thought a customer originated 
the prefix.

Original question still stands.  Which attribute do you expect Google to set to 
stop this?

Hint: Don't say No-Advertise, unless you want peers to only talk to the 
adjacent AS, not their customers or their customers' customers, etc.

Looking forward to your answer.

-- 
TTFN,
patrick


 On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore patr...@ianai.netwrote:
 
 On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote:
 
 What do you mean hijack? Google is peering with Moratel, if Google does
 not
 want Moratel to advertise its routes to Moratel's peers/upstreams, then
 Google should've set the correct BGP attributes in the first place.
 
 That doesn't make the slightest bit of sense.
 
 If a Moratel customer announced a Google-owned prefix to Moratel, and
 Moratel did not have the proper filters in place, there is nothing Google
 could do to stop the hijack from happening.
 
 Exactly what attribute do you think would stop this?
 
 --
 TTFN,
 patrick
 
 
 On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com
 wrote:
 
 Another case of route hijack -
 
 http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
 
 
 
 I am curious if big networks have any pre-defined filters for big
 content
 providers like Google to avoid these? I am sure internet community
 would be
 working in direction to somehow prevent these issues. Curious to know
 developments so far.
 
 
 
 
 Thanks.
 
 
 --
 
 Anurag Bhatia
 anuragbhatia.com
 
 Linkedin http://in.linkedin.com/in/anuragbhatia21 |
 Twitterhttps://twitter.com/anurag_bhatia|
 Google+ https://plus.google.com/118280168625121532854
 
 
 
 
 

Re: Indonesian ISP Moratel announces Google's prefixes

[Patrick W. Gilmore]

On Nov 07, 2012, at 00:21 , Jian Gu guxiaoj...@gmail.com wrote:

 I don't know what Google and Moratel's peering agreement, but leak?
 educate me, Google is announcing /24 for all of their 4 NS prefix and
 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
 to Internet?

Downthread, someone said what is typical with peering prefixes, i.e. announce 
to customers, not to peers or upstreams.  How do you think peering works?

However, I place most of the blame on PCCW for crappy filtering of their 
customers.  And I'm a little surprised to see nLayer in the path.  Shame on 
them!  (Does that have any effect any more? :)

Oh, and we are still waiting for an answer: Which attribute do you think Google 
could have used to stop this?

-- 
TTFN,
patrick


 On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore patr...@ianai.netwrote:
 
 On Nov 07, 2012, at 00:07 , Jian Gu guxiaoj...@gmail.com wrote:
 
 Where did you get the idea that a Moratel customer announced a
 google-owned
 prefix to Moratel and Moratel did not have the proper filters in place?
 according to the blog, all google's 4 authoritative DNS server networks
 and
 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for a
 Moratel customers announce all those prefixes?
 
 Ah, right, they just leaked Google's prefix.  I thought a customer
 originated the prefix.
 
 Original question still stands.  Which attribute do you expect Google to
 set to stop this?
 
 Hint: Don't say No-Advertise, unless you want peers to only talk to the
 adjacent AS, not their customers or their customers' customers, etc.
 
 Looking forward to your answer.
 
 --
 TTFN,
 patrick
 
 
 On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore patr...@ianai.net
 wrote:
 
 On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote:
 
 What do you mean hijack? Google is peering with Moratel, if Google does
 not
 want Moratel to advertise its routes to Moratel's peers/upstreams, then
 Google should've set the correct BGP attributes in the first place.
 
 That doesn't make the slightest bit of sense.
 
 If a Moratel customer announced a Google-owned prefix to Moratel, and
 Moratel did not have the proper filters in place, there is nothing
 Google
 could do to stop the hijack from happening.
 
 Exactly what attribute do you think would stop this?
 
 --
 TTFN,
 patrick
 
 
 On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com
 wrote:
 
 Another case of route hijack -
 
 
 http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
 
 
 
 I am curious if big networks have any pre-defined filters for big
 content
 providers like Google to avoid these? I am sure internet community
 would be
 working in direction to somehow prevent these issues. Curious to know
 developments so far.
 
 
 
 
 Thanks.
 
 
 --
 
 Anurag Bhatia
 anuragbhatia.com
 
 Linkedin http://in.linkedin.com/in/anuragbhatia21 |
 Twitterhttps://twitter.com/anurag_bhatia|
 Google+ https://plus.google.com/118280168625121532854
 
 
 
 
 
 
 
 

Re: Indonesian ISP Moratel announces Google's prefixes

[Patrick W. Gilmore]

On Nov 07, 2012, at 00:35 , Jian Gu guxiaoj...@gmail.com wrote:

 Hmm, look at this screen shot from the blog, 8.8.8.0/24 was orignated from
 Google.

Everyone who posted in this thread was well aware of that.  (Well, except me in 
my first post. :)  Google was still the victim, and it was still not their 
fault.

You are showing wide and clear ignorance on the basics of peering.  Which is 
fine, the vast majority of the planet hasn't a clue what peering is.  However, 
the rest of the people who do not know what they are talking about have managed 
to avoid commenting on the subject to 10K+ of their not-so-closest friends.

To be clear, if you had started with something like: Why is Google originating 
the route?  Doesn't that make it valid?, you would have gotten a lot of help  
support.  But instead you started by claiming it was Google's fault and they 
could stop this by setting the correct BGP attributes.  I note you still 
haven't told us what those attributes would be despite repeated questions.

Perhaps it's time to admit you don't know what attributes, and you need a 
little more education on peering in general?

When you find yourself in a hole, stop digging.

-- 
TTFN,
patrick


 tom@edge01.sfo01 show route 8.8.8.8
 
 inet.0: 422196 destinations, 422196 routes (422182 active, 0 holddown,
 14 hidden)
 + = Active Route, - = Last Active, * = Both
 8.8.8.0/24 *[BGP/170] 00:27:02, MED 18, localpref 100
  AS path: 4436 3491 23947 15169 I
 to 69.22.153.1 via ge-1/0/9.0
 
 
 
 On Tue, Nov 6, 2012 at 9:33 PM, Hank Nussbacher h...@efes.iucc.ac.ilwrote:
 
 At 21:21 06/11/2012 -0800, Jian Gu wrote:
 
 If Google announces 8.8.8.0/24 to you and you in turn start announcing to
 the Internet 8.8.8.0/24 as originating from you, then a certain section
 of the Internet will believe your announcement over Google's.This has
 happened many times before due to improper filters, but this is the first
 time I have seen the victim being blamed.  Interesting concept.
 
 -Hank
 
 I don't know what Google and Moratel's peering agreement, but leak?
 educate me, Google is announcing /24 for all of their 4 NS prefix and
 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes
 to Internet?
 
 On Tue, Nov 6, 2012 at 9:13 PM, Patrick W. Gilmore patr...@ianai.net
 wrote:
 
 
 On Nov 07, 2012, at 00:07 , Jian Gu guxiaoj...@gmail.com wrote:
 
 Where did you get the idea that a Moratel customer announced a
 google-owned
 prefix to Moratel and Moratel did not have the proper filters in
 place?
 according to the blog, all google's 4 authoritative DNS server
 networks
 and
 8.8.8.0/24 were wrongly routed to Moratel, what's the possiblity for
 a
 Moratel customers announce all those prefixes?
 
 Ah, right, they just leaked Google's prefix.  I thought a customer
 originated the prefix.
 
 Original question still stands.  Which attribute do you expect Google to
 set to stop this?
 
 Hint: Don't say No-Advertise, unless you want peers to only talk to the
 adjacent AS, not their customers or their customers' customers, etc.
 
 Looking forward to your answer.
 
 --
 TTFN,
 patrick
 
 
 On Tue, Nov 6, 2012 at 9:02 PM, Patrick W. Gilmore patr...@ianai.net
 wrote:
 
 On Nov 06, 2012, at 23:48 , Jian Gu guxiaoj...@gmail.com wrote:
 
 What do you mean hijack? Google is peering with Moratel, if Google
 does
 not
 want Moratel to advertise its routes to Moratel's peers/upstreams,
 then
 Google should've set the correct BGP attributes in the first place.
 
 That doesn't make the slightest bit of sense.
 
 If a Moratel customer announced a Google-owned prefix to Moratel, and
 Moratel did not have the proper filters in place, there is nothing
 Google
 could do to stop the hijack from happening.
 
 Exactly what attribute do you think would stop this?
 
 --
 TTFN,
 patrick
 
 
 On Tue, Nov 6, 2012 at 3:35 AM, Anurag Bhatia m...@anuragbhatia.com
 wrote:
 
 Another case of route hijack -
 
 
 http://blog.cloudflare.com/**why-google-went-offline-today-**
 and-a-bit-abouthttp://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about
 
 
 
 I am curious if big networks have any pre-defined filters for big
 content
 providers like Google to avoid these? I am sure internet community
 would be
 working in direction to somehow prevent these issues. Curious to
 know
 developments so far.
 
 
 
 
 Thanks.
 
 
 --
 
 Anurag Bhatia
 anuragbhatia.com
 
 Linkedin 
 http://in.linkedin.com/in/**anuragbhatia21http://in.linkedin.com/in/anuragbhatia21
 |
 Twitterhttps://twitter.com/**anurag_bhatiahttps://twitter.com/anurag_bhatia
 |
 Google+ 
 https://plus.google.com/**118280168625121532854https://plus.google.com/118280168625121532854
 
 
 
 
 
 
 
 
 
 
 
 

[NANOG-announce] Elections open tomorrow

[Patrick W. Gilmore]

Everyone:

NANOG elections open tomorrow.

Please consider standing for one of the committees, or nominating someone for 
the committees.  Remember, committee members get free registration to every 
NANOG meeting!  The only requirement is a willingness to contribute to the 
community, and being a NANOG member.

To nominate someone, send their name and email address to electi...@nanog.org.

Elections will close Tuesday at 1700 CDT (UTC-0500).

And thank you for being part of the NANOG community!

-- 
TTFN,
patrick


___
NANOG-announce mailing list
nanog-annou...@mailman.nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: really nasty attacks

[Patrick W. Gilmore]

On Sep 27, 2012, at 11:34 , Stephane Bortzmeyer bortzme...@nic.fr wrote:
 On Thu, Sep 27, 2012 at 08:55:58AM -0600, Miguel Mata mm...@intercom.com.sv 
 wrote 
 a message of 30 lines which said:
 
 Guys,
 
 No gals on NANOG?

Many.  Although in fairness, some people use guys in a gender-neutral manner.


 The attacks comes from various sites from the other side of the pond
 (46.165.197.xx, 213.152.180.yy).
 
 How can you be sure? With UDP, you have zero guarantee on the source
 IP address. (Checking the TTL can give you a hint if the packets
 really come from the same point.)
 
 Source and destination port? If source port is 53, it may means you're
 the target of a DNS reflection+amplification attack, a la CloudFlare
 http://blog.cloudflare.com/65gbps-ddos-no-problem.

I do not know of any name servers that reply to queries with UDP packets filled 
with only the letter X.  The DNS Headers alone require more than the letter X.

-- 
TTFN,
patrick

Re: [Nanog-futures] Possible word error in section 18.1 Liability

[Patrick W. Gilmore]

On Sep 20, 2012, at 00:19 , Jack Hamm jackha...@me.com wrote:

 I'm not a lawyer, but in section 18.1:
 
 (a) beach of the director’s or officer’s duty of loyalty to NANOG;
 
 I believe that is meant to say (a) breach of the

If it were a beach, I may run again

=)

-- 
TTFN,
patrick


___
Nanog-futures mailing list
Nanog-futures@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-futures

Re: Heads-Up: GoDaddy Broke the Interwebs...

[Patrick W. Gilmore]

On Sep 11, 2012, at 16:04 , Christopher Morrow morrowc.li...@gmail.com wrote:
 On Tue, Sep 11, 2012 at 3:47 PM, Damian Menscher dam...@google.com wrote:
 
 Summary: 30 minutes late on the start time, and off by well over an hour on
 the stop time.
 
 even a broken clock is right 2x/day?
 nostrodamus was eventually right a few times?
 'If you're cold, shoot until you get hot, then keep shooting!' - dick vitale
 
 folk like to look for the most complicated/spooky/crazy reason... most
 often it's just a simple reason for failure :(
 so far godaddy seems to agree with the 'it was a simple mistake on our
 part' (paraphrased, they probably won't say 'simple')

No large flows reported to the affected NSes, tweets were suspicious at best, 
other anon-ops denied the attack was them, and GoDaddy admitted internal error.

I'm going to take GoDaddy at their word, and give them major kudos for owning 
up to the mistake - in public.

-- 
TTFN,
patrick

Re: Heads-Up: GoDaddy Broke the Interwebs...

[Patrick W. Gilmore]

On Sep 11, 2012, at 17:04 , ryanL ryan.lan...@gmail.com wrote:

 when patrick is referring to taking their word for it, he's referring to a 
 post on outages@ by godaddy's network engineering manager that stated bgp, 
 and more details to follow.

Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.

I also believe it was related to BGP, and am happy to get more info.  But we 
are discussing Anonymous vs. Self-inflicted wound here.

-- 
TTFN,
patrick


 i tend to align with patrick's thought. i'm also interested to see the 
 details, which they are really under no obligation to provide.
 
 On Tue, Sep 11, 2012 at 1:53 PM, Rubens Kuhl rube...@gmail.com wrote:
  No large flows reported to the affected NSes, tweets were suspicious at 
  best, other anon-ops denied the attack was them, and GoDaddy admitted 
  internal error.
 
  I'm going to take GoDaddy at their word, and give them major kudos for 
  owning up to the mistake - in public.
 
 That doesn't mean that their description of the internal error fits
 what happened. Not to say that there were an attack, just that there
 can be more internal failures, including processes, to be accounted
 for. Whether they will publish a root-cause analysis/swiss chesse
 model/insert your preferred methodology or not is up to them, but to
 tech-savvy stakeholders I think they are still in debt.
 
 
 Rubens
 
 

Re: Sprint Outage - Chicago

[Patrick W. Gilmore]

On Aug 27, 2012, at 12:58, virendra rode virendra.r...@gmail.com wrote:
 On 08/25/2012 11:36 AM, Jason Baugher wrote:
 On 8/24/2012 11:39 PM, Randy Bush wrote:
 You mean outages@...
 chris, this is not productive.  outages are a very apt subject
 for nanog.

I'm actually not certain posting outages to NANOG-l is a good idea.  There are 
a LOT of outages, and I worry the list will be drowned.

But I don't run the list.  Plus this discussion is probably better suited for 
NANOG-futures@.

The stuff below, however, may belong on NANOG.


 Did anyone ever give any details of the issue? We're a Chicago
 Sprint customer, and never saw a problem. No mention of any issues
 in Compass either.
 
 Jason
 - 
 I hear there was a memory leak issue to their core IP backbone router.
 Don't have specifics as to what region(s) within chicago that was
 impacted.

I wonder if the Sprint  Telia outages were for the same reason / bug.  Anyone 
from those networks want to comment?  Or at least compare notes?


 If you and /or anyone else have any specifics, please post in the
 comments section of, http://tracker.outages.org/reports/view/25

Interesting!

Is there a way to say this may be related to ticket $FOO?

-- 
TTFN,
patrick

Re: Comcast 1, Verizon 0 [was: Comcast vs. Verizon for repair methodologies]

[Patrick W. Gilmore]

Just as a follow up, leaving my driveway this morning, the tech was installing 
a new pedestal.  Said everything should be fixed today.

Comcast++

-- 
TTFN,
patrick


On Aug 20, 2012, at 17:22 , Patrick W. Gilmore patr...@ianai.net wrote:

 Comcast has already contacted me to fix this up.
 
 -- 
 TTFN,
 patrick
 
 
 On Aug 20, 2012, at 16:12 , Patrick W. Gilmore patr...@ianai.net wrote:
 
 Given the recent VZ thread, I thought I'd show why my new house has crap 
 Internet.
 
 The story: A piece of underground cable went bad.  The techs didn't pull new 
 underground cable.  They decided it was better to do it arial (if you can 
 call 2 feet arial).  They took apart the two pedestals on either side of 
 the break and ran a new strand of RG6 (yes, the same stuff you use inside 
 your home, not the outside-plant rated stuff) tied to trees with rope.
 
  http://ianai.smugmug.com/BostonPix/2012/Comcast-Atherton-Street
 
 These pedestals have looked like this for months apparently.  I called the 
 800 # and complained, they rolled a truck.  The guy didn't even come in my 
 house, just gave me his supervisor's number and said that he's a home tech, 
 the outside plant guys are the problem and he can't fix it.  A second guy 
 rolled up while we were chatting and told me he had a call around the block 
 for the same thing.  They've been taking complaints about this for months 
 and are as tired of it as we are.  I assured them I was more tired of it, 
 given he was getting paid while I was paying, but I understood their 
 situation.
 
 Of course, since the other broadband option at my house is 1 Mbps Verizon 
 DSL, I don't have much leverage. :(
 
 -- 
 TTFN,
 patrick
 
 P.S. Worst part is ATT sux there too, so I have a picocell - which runs 
 over the Comcast cable mode
 
 

Return two locations or low TTL [was: DNS caches that support partitioning ?]

[Patrick W. Gilmore]

While I hesitate to argue DNS with Mark, I feel this needs a response.

On Aug 19, 2012, at 17:37 , Mark Andrews ma...@isc.org wrote:
 In message ddf607b5-415b-41e8-9222-eb549d3db...@semihuman.com, Chris 
 Woodfield writes:

 What Patrick said. For large sites that offer services in multiple data =
 centers on multiple IPs that can individually fail at any time, 300 =
 seconds is actually a bit on the long end.

 Which is why the DNS supports multiple address records.  Clients
 don't have to wait a minutes to fallover to a second address.  One
 doesn't have to point all the addresses returned to the closest
 data center.  One can get sub-second fail over in clients as HE
 code shows.

I'm afraid I am not familiar with HE code, so perhaps I am being silly here.  
But I do not think returning multiple A records for multiple datacenters is as 
useful as lowering the TTL.  Just a few reasons off the top of my head:

* How do you guarantee the user goes to the closer location if you respond
  with multiple addresses?  Forcing users to go to farther away datacenters
  half the time is likely a poor trade-off for the occasional TTL problem
  when a DC goes down.

* How many applications are even aware multiple addresses were returned?

* How do you guarantee sub-second failover when most apps will wait longer 
  than one second to see if an address responds?

Etc.

And that doesn't begin to touch thing such as cache efficiency that affect 
companies like Google, CDNs, etc.


 As for the original problem.  LRU replacement will keep hot items in
 the cache unless it is seriously undersized.

This was covered well by others.

-- 
TTFN,
patrick

Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]

[Patrick W. Gilmore]

On Aug 20, 2012, at 06:49 , Dobbins, Roland rdobb...@arbor.net wrote:
 On Aug 20, 2012, at 5:24 PM, Patrick W. Gilmore wrote:
 
 But I do not think returning multiple A records for multiple datacenters is 
 as useful as lowering the TTL.
 
 Some folks do this via various GSLB mechanisms which selectively respond with 
 different records based on the assumed relative topological distance between 
 the  querying resolver and various server/service instantiations in different 
 locations.

Some folks == more than half of all traffic on broadband modems these days.

However, I think you missed a post or two in this thread.

The original point was you need a low TTL to respond with a single A record or 
multiple A records which all point to the same datacenter in case that node / 
DC goes down.  Mark replied saying you can respond with multiple A records 
pointing at multiple DCs, thereby allowing a much longer TTL.

My question above is asking Mark how you guarantee the user/application selects 
the A record closest to them and only use the other A record when the closer 
one is unavailable.

-- 
TTFN,
patrick

Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]

[Patrick W. Gilmore]

On Aug 20, 2012, at 08:25 , Tony Finch d...@dotat.at wrote:
 Patrick W. Gilmore patr...@ianai.net wrote:
 On Aug 19, 2012, at 17:37 , Mark Andrews ma...@isc.org wrote:
 
 Which is why the DNS supports multiple address records.  Clients
 don't have to wait a minutes to fallover to a second address.  One
 doesn't have to point all the addresses returned to the closest
 data center.  One can get sub-second fail over in clients as HE
 code shows.
 
 I'm afraid I am not familiar with HE code, so perhaps I am being silly
 here.
 
 Mark is referring to happy eyeballs:
 http://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp

Oh.  Yep, I was being silly, thinking only of v4.  (I'm sleep deprived of late 
- yes, more than usual.)  Unfortunately, whether we like it or not, 99+% of 
traffic on the 'Net is still v4, as were the examples given.

Even with HE, though, there is no (not yet a?) way in DNS to signal use this A 
record first, then that one if the first doesn't work / is slow / whatever.  
Any chance of getting MX-style weights for A records? :)

Even then, it would not solve the original problem of low TTLs.  Just as a 
simple example, when traffic ramps quickly, a provider may want to move some 
users off a node to balance traffic.  With a long TTL, that's not really 
possible baring really bad hacks like DoS'ing some users to hope they use the 
next A record, which would lead to massive complaints.

We could go on, but hopefully the point is clear that low TTLs are useful in 
many instances despite the ability to return multiple A records.

-- 
TTFN,
patrick

Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]

[Patrick W. Gilmore]

On Aug 20, 2012, at 08:47 , Chris Adams cmad...@hiwaay.net wrote:
 Once upon a time, Patrick W. Gilmore patr...@ianai.net said:

 * How many applications are even aware multiple addresses were returned?
 
 Most anything that supports IPv6 should handle this correctly, since
 getaddrinfo() will return a list of addresses to try.

Ah, the amazing new call which destroys any possibility of randomness or round 
robin or other ways of load balancing between A /  records.

Yes, all of us returning more than one A /  record are hoping that gets 
widely deployed instantly.  Or not.

-- 
TTFN,
patrick

Re: Return two locations or low TTL [was: DNS caches that support partitioning ?]

[Patrick W. Gilmore]

On Aug 20, 2012, at 10:07 , Dobbins, Roland rdobb...@arbor.net wrote:
 On Aug 20, 2012, at 5:56 PM, Patrick W. Gilmore wrote:
 
 My question above is asking Mark how you guarantee the user/application 
 selects the A record closest to them and only use the other A record when 
 the closer one is unavailable.
 
 I understand - my point was that folks using a GSLB-type solution would 
 generally include availability probing in the GSLB stack, so that a given 
 instance won't be included in answers if it's locally unavailable

How does that allow for a long TTL?  If you set a 3600 second TTL when the DC 
is up, and the DC goes down 2 seconds later, what do you do?


 (obviously, the GSLB can't know about all path elements between the querying 
 resolver and the desired server/service).

Says who? :)

-- 
TTFN,
patrick

Comcast vs. Verizon for repair methodologies

[Patrick W. Gilmore]

Given the recent VZ thread, I thought I'd show why my new house has crap 
Internet.

The story: A piece of underground cable went bad.  The techs didn't pull new 
underground cable.  They decided it was better to do it arial (if you can 
call 2 feet arial).  They took apart the two pedestals on either side of the 
break and ran a new strand of RG6 (yes, the same stuff you use inside your 
home, not the outside-plant rated stuff) tied to trees with rope.

http://ianai.smugmug.com/BostonPix/2012/Comcast-Atherton-Street

These pedestals have looked like this for months apparently.  I called the 800 
# and complained, they rolled a truck.  The guy didn't even come in my house, 
just gave me his supervisor's number and said that he's a home tech, the 
outside plant guys are the problem and he can't fix it.  A second guy rolled up 
while we were chatting and told me he had a call around the block for the same 
thing.  They've been taking complaints about this for months and are as tired 
of it as we are.  I assured them I was more tired of it, given he was getting 
paid while I was paying, but I understood their situation.

Of course, since the other broadband option at my house is 1 Mbps Verizon 
DSL, I don't have much leverage. :(

-- 
TTFN,
patrick

P.S. Worst part is ATT sux there too, so I have a picocell - which runs over 
the Comcast cable mode

Re: Comcast vs. Verizon for repair methodologies

[Patrick W. Gilmore]

On Aug 20, 2012, at 16:25 , Leo Bicknell bickn...@ufp.org wrote:
 In a message written on Mon, Aug 20, 2012 at 04:12:22PM -0400, Patrick W. 
 Gilmore wrote:

 The story: A piece of underground cable went bad.  The techs didn't pull new 
 underground cable.  They decided it was better to do it arial (if you can 
 call 2 feet arial).  They took apart the two pedestals on either side of 
 the break and ran a new strand of RG6 (yes, the same stuff you use inside 
 your home, not the outside-plant rated stuff) tied to trees with rope.
 
 Why is that cable still in place?
 
 That's a hint, not really a question. :)

Because VZ LTE, while nice in general, is not good enough for Jezzibell to use 
all day for a week. :)

-- 
TTFN,
patrick

Comcast 1, Verizon 0 [was: Comcast vs. Verizon for repair methodologies]

[Patrick W. Gilmore]

Comcast has already contacted me to fix this up.

-- 
TTFN,
patrick


On Aug 20, 2012, at 16:12 , Patrick W. Gilmore patr...@ianai.net wrote:

 Given the recent VZ thread, I thought I'd show why my new house has crap 
 Internet.
 
 The story: A piece of underground cable went bad.  The techs didn't pull new 
 underground cable.  They decided it was better to do it arial (if you can 
 call 2 feet arial).  They took apart the two pedestals on either side of 
 the break and ran a new strand of RG6 (yes, the same stuff you use inside 
 your home, not the outside-plant rated stuff) tied to trees with rope.
 
   http://ianai.smugmug.com/BostonPix/2012/Comcast-Atherton-Street
 
 These pedestals have looked like this for months apparently.  I called the 
 800 # and complained, they rolled a truck.  The guy didn't even come in my 
 house, just gave me his supervisor's number and said that he's a home tech, 
 the outside plant guys are the problem and he can't fix it.  A second guy 
 rolled up while we were chatting and told me he had a call around the block 
 for the same thing.  They've been taking complaints about this for months and 
 are as tired of it as we are.  I assured them I was more tired of it, given 
 he was getting paid while I was paying, but I understood their situation.
 
 Of course, since the other broadband option at my house is 1 Mbps Verizon 
 DSL, I don't have much leverage. :(
 
 -- 
 TTFN,
 patrick
 
 P.S. Worst part is ATT sux there too, so I have a picocell - which runs over 
 the Comcast cable mode
 

Re: DNS caches that support partitioning ?

[Patrick W. Gilmore]

On Aug 18, 2012, at 5:35, Raymond Dijkxhoorn raym...@prolocation.net wrote:

 Reverse DNS isnt the only issue here. There are many sites that give each 
 user a subdomain. And if i look at my top talkers on some busy resolvers i do 
 see that thats doing about 25-30% of the lookups currently.
 
 akamai.net, amazonaws.com and so on. All make nice use of DNS for this.
 Those have litterly millions of entry's in DNS also. And thats what currently 
 is doing the load on resolvers...

Akamai has no users.  So not really sure what you mean by that.

There are a /lot/ of hostnames on *.akamai.net.  That may have something to do 
with the 1000s of companies that use Akamai to deliver approximately 20% of all 
the traffic going down broadband modems.  Which fits nicely in your DNS lookup 
percentage.

-- 
TTFN,
patrick

US House to ITU: Hands off the Internet

[Patrick W. Gilmore]

[Feels operational to me.]

http://www.pcworld.com/businesscenter/article/260299/us_house_to_itu_hands_off_the_internet.html

The U.S. House of Representatives voted late Thursday to send a message to the 
United Nations' International Telecommunication Union that the Internet doesn't 
need new international regulations. The vote was unanimous: 414-0

Unanimous?  I didn't think this congress could agree the earth is round 
unanimously.

-- 
TTFN,
patrick

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Patrick W. Gilmore]

I'm sorry Panashe is upset by this rule.  Interestingly, Your search - Panashe 
Flack nanog - did not match any documents.  So my guess is that a post from 
that account has not happened before, meaning the post was moderated yet still 
made it through.

Has anyone done a data mining experiment to see how many posts a month are from 
new members?  My guess is it is a trivial percentage.

-- 
TTFN,
patrick


On Jul 30, 2012, at 13:35 , valdis.kletni...@vt.edu wrote:
 On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said:
 list for continued activity. And just for reference - have you guys
 SEEN the Linux Kernel Mailing List? - it gets frequent spam posts
 and yet is perfectly able to ignore the spam/irrelevant posts and
 continue on its remit.
 
 For those who don't drink from the Linux-Kernel firehose, it averages
 1 or 2 spams per day - and anywhere from 500 to 700 postings a day.
 
 As Linus Torvalds said, back when it was averaging 200 a day:
 
 Note that nobody reads every post in linux-kernel.   In fact, nobody who
 expects to have time left over to actually do any real kernel work will
 read even half.  Except Alan Cox, but he's actually not human, but about
 a thousand gnomes working in under-ground caves in Swansea.  None of the
 individual gnomes read all the postings either,  they just work together
 really well.
 
 The list managers do an incredible job of stopping spam - but even if
 50 or 75 a day got through, they'd just be lost in the noise.   You're 
 skipping
 several hundred messages a day, skipping a few more isn't any different.
 

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Patrick W. Gilmore]

On Jul 30, 2012, at 16:35 , Jay Ashworth j...@baylink.com wrote:

 thanks MLC or whatever it calls itself this week
 
 C'mon, Randy; It's been called that since it kicked me off 7 years ago.  :-)

Except, of course, it has been called the Communications Committee for a while 
now.  (The change was made because the committee took responsibility for more 
than just the mailing list.)

But 1 change in 7 years made years ago does not, IMHO, merit a whatever it 
calls itself this week snark.

-- 
TTFN,
patrick

Re: Weekly Routing Table Report

[Patrick W. Gilmore]

On Jul 20, 2012, at 16:10 , Darius Jahandarie wrote:
 On Fri, Jul 20, 2012 at 4:04 PM,  valdis.kletni...@vt.edu wrote:
 So, whatever happened to that whole the internet will catch fire when
 we get to 280K routing table entries or whatever it was? :)
 
 But what will happen when we have 4294967295 entries?

Nothing.  But when we hit 4294967296

=)

-- 
TTFN,
patrick

Communications Committee volunteers [was: The Cidr Report]

[Patrick W. Gilmore]

On Jul 13, 2012, at 14:20 , JC Dill wrote:
 On 13/07/12 10:46 AM, Grant Ridder wrote:

 if the admins are not going to moderate this list... give me the admin
 password to the list serve and i will set it up right... gees
 
 +1

Most excellent!

Just so you know, the admins are the Communications Committee, and they are 
always looking for new volunteers.

I assume you both will be volunteering forthwith?

-- 
TTFN,
patrick