from:"Paul WALL"

Re: N91 Women mixer on Sunday?

2024-03-29 Thread Paul WALL

Hi, Anne-

I'm sure that your time was better spent gathering the "credentials"
in your signature, but I checked the last 20 or so NANOG meetings and
didn't see a single registration from you, so perhaps stay out of
things you know literally nothing about.

If it weren't for Ilissa, NANOG would not exist in the form that it
does today, and she's done more work on and off the clock driving the
success of the organization and their meetings than she takes credit
for. NANOG, and especially the women that attend NANOG, owe her a
tremendous debt of gratitude. Her opinion, and Tina's response, are
literally the only ones that carry any weight in this thread, period.

--
Drive Slow,

Paul Wall
Rapper, Retired, and Actor
Swishahouse Alum
Author: Get Money, Stay True
Nominated: Best Rap Performance as a Duo or Group
Winner: Best Rap Collaboration
Winner: Best Rap/R Collaboration
Winner: Taste Maker (Style and Trendsetter)
Contributor: Midnight Club 3: DUB Edition for Xbox and PlayStation 2 –
"Sittin' Sidewayz"
Author: The Peoples Champ
Emeritus: Houston University (no degree)


On Thu, Mar 28, 2024 at 3:24 PM Anne P. Mitchell, Esq.
 wrote:
>
>
>
> > I'm not sure people realize how much crap that staff and the PC get *every 
> > meeting* about the agenda. There's always someone unhappy because this 
> > event wasn't the same, or why was it in this room over here, or OMG Wed 
> > afternoon, etc. Having seen how that sausage gets made, they don't get 
> > enough credit.
>
> Having been the chair of the Asilomar Microcomputer workshop, and the founder 
> and chair of the original Email Deliverability Summits, as well as organizing 
> many legal conferences, I have to say "^^^ this, 1000%."
>
> Furthermore:
>
> > On Mar 28, 2024, at 11:45 AM, Ilissa Miller  wrote:
> >
> > For those that know me, I rarely provide constructive input about NANOG 
> > matters
>
> ..and you haven't here, either.  Pointing fingers and griping about things is 
> not constructive.  If you really care about this issue, then get involved and 
> help change it.
>
> Anne
>
> ---
> Anne P. Mitchell, Esq.
> Internet Law & Policy Attorney
> CEO Institute for Social Internet Public Policy (ISIPP)
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing 
> law)
> Board of Directors, Denver Internet Exchange
> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
> Prof. Emeritus, Lincoln Law School
> Chair Emeritus, Asilomar Microcomputer Workshop
> Counsel Emeritus, eMail Abuse Prevention System (MAPS)
>
>
>
>
>

On Thu, Mar 28, 2024 at 3:24 PM Anne P. Mitchell, Esq.
 wrote:
>
>
>
> > I'm not sure people realize how much crap that staff and the PC get *every 
> > meeting* about the agenda. There's always someone unhappy because this 
> > event wasn't the same, or why was it in this room over here, or OMG Wed 
> > afternoon, etc. Having seen how that sausage gets made, they don't get 
> > enough credit.
>
> Having been the chair of the Asilomar Microcomputer workshop, and the founder 
> and chair of the original Email Deliverability Summits, as well as organizing 
> many legal conferences, I have to say "^^^ this, 1000%."
>
> Furthermore:
>
> > On Mar 28, 2024, at 11:45 AM, Ilissa Miller  wrote:
> >
> > For those that know me, I rarely provide constructive input about NANOG 
> > matters
>
> ..and you haven't here, either.  Pointing fingers and griping about things is 
> not constructive.  If you really care about this issue, then get involved and 
> help change it.
>
> Anne
>
> ---
> Anne P. Mitchell, Esq.
> Internet Law & Policy Attorney
> CEO Institute for Social Internet Public Policy (ISIPP)
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing 
> law)
> Board of Directors, Denver Internet Exchange
> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
> Prof. Emeritus, Lincoln Law School
> Chair Emeritus, Asilomar Microcomputer Workshop
> Counsel Emeritus, eMail Abuse Prevention System (MAPS)
>
>
>
>
>

Re: South Africa On Lockdown - Coronavirus - Update!

2020-03-24 Thread Paul WALL

On Tue, Mar 24, 2020 at 6:22 AM Alexandre Petrescu <
alexandre.petre...@gmail.com> wrote:

>
>
> Mr. Morrow - where are you situated approximately?
>
>
He's a network operator. From North America, on the North American Network
Operators mailing list. Something you are not, so please stop spouting your
drivel on a list that has nothing to do with you. This is a crisis, not a
time for a European Project Proposer  to
spout off massively uninformed bullshit non-stop because no one else will
listen.

NANOG-L mods: it's time to show some leadership.

Re: CLEC Lawyer - New Jersey

2018-12-06 Thread Paul WALL

https://www.quora.com/Is-it-now-considered-business-etiquette-only-to-include-an-email-signature-in-the-first-email-to-someone-and-not-in-subsequent-replies-to-the-same-message

https://www.lifewire.com/email-signature-location-1173260

https://www.hanselman.com/blog/EmailSignatureEtiquetteTooMuchFlair.aspx



On Thu, Dec 6, 2018 at 1:01 PM Anne P. Mitchell, Esq. 
wrote:

>
> > Hi Anne,
> >
> > My contact there is Crystal Prais.  Her contact information is below.
> >
> > CRYSTAL M. PRAIS | Associate
> > cpr...@scarincihollenbeck.com
> > Direct Phone: 201-806-3381 | Direct Fax: 201-806-3482
> >
> > Happy connecting!
>
> Thank you, Mark!
>
> Anne
>
> Anne P. Mitchell,
> Attorney at Law
> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> CEO/President, Institute for Social Internet Public Policy
> Board of Directors, Denver Internet Exchange
> Board of Directors, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
> California Bar Association
> Cal. Bar Cyberspace Law Committee
> Colorado Cyber Committee
> Ret. Professor of Law, Lincoln Law School of San Jose
> Ret. Chair, Asilomar Microcomputer Workshop
>
>
>
>

Re: EVERYTHING about Booters (and CloudFlare)

2016-07-28 Thread Paul WALL

I'm sorry, but this entire discussion is predicated on half-truths and
nonsense spewing out of the CF team.  It's a shame too, as they're
usually great community minded folks who are well respected around
here.

No matter how you define the CloudFlare service, that they can claim
ignorance due to "common carrier" passthrough is preposterous,
especially given their purported knowledge of what's going on.
Likewise if the booter sites were connected to any other CDN,
WAF/proxy, public cloud provider, etc.  Call it what you want, but at
the end of the day, they're providing connectivity and keeping the
storefront online.  Want the problem stopped?  Easy, stop it at the
source by denying them service.  Every service provider (or its
upstream at some point) has an AUP which prevents the service from
being used for illegal purposes.  Telling NANOG members that they
don't understand the nature of the CF service, and that they should
somehow get a pass, is dishonest.

That they're keeping these criminals online at the requirement of the
FBI?  Anyone who's actually worked with law enforcement can tell you
that the first rule of fight club is to NOT talk about it, especially
if you're under gag order.  A more likely story is they're just doing
this for the attention, and basking in it, kind of like a certain blog
post suggesting they pioneered the practice of configuring hosts with
LACP for throughput and HA.

If Justin/Matthew/Martin/etc. are listening, I implore you to do the
right thing and stop providing service to criminals.  Full stop,
without caving in to your very talented marketing department.  And to
everyone else, I'd ask you to do what you think is right, and treat
CloudFlare's anycasted IP blocks as you would any other network
harboring criminal activity and security risk to the detriment of your
customers.   (Is Team CYMRU listening?)  Much like the original spam
problem in the 90s, the collateral damage might be annoying at first,
but the end will justify the means.

Drive Slow (like a souped up Supra),
Paul Wall

On Wed, Jul 27, 2016 at 10:48 PM, Randy Bush <ra...@psg.com> wrote:
>> They just lost all respect from here. Would someone from USA please
>> report these guys to the feds? What they are doing is outright
>> criminal.
>
> hyperbole.  it is not criminal.  you just don't happen to like it.

Re: NANOG67 - Tipping point of community and sponsor bashing?

2016-06-14 Thread Paul WALL

On Tue, Jun 14, 2016 at 1:49 PM, Randy Bush  wrote:

> the O in nanog is operator, not sponsor, panderer, suck up, ...

Ogre?

Drive slow,

Paul

Re: IPv6 Cogent vs Hurricane Electric

2015-12-04 Thread Paul WALL

On Tue, Dec 1, 2015 at 7:34 PM, Jeff Walter <jwal...@weebly.com> wrote:
> That cake will haunt NANOG until the end of time.
>
> On Tue, Dec 1, 2015 at 12:01 PM, Alarig Le Lay <ala...@swordarmor.fr> wrote:
>
>> On Tue Dec  1 14:39:14 2015, Andrew Kirch wrote:
>> > Might I suggest cake pleas?
>>
>> You mean
>>
>> http://www.datacenterknowledge.com/wp-content/uploads/2009/10/Hurricane-Cake.jpg
>> ?
>>

i mean

"Different companies have different personalities, and the vast
majority work through their relationships fine in the interest of the
public and the industry.  But there are always a few companies that
like to act out on the public stage to achieve their business
objectives."

  --Mike Leber, 6/29/15 Telecom Ramblings

along with the bad spelling, we have short memories.  peering is about
mutual benefits. when benefits aren't there peering doesn't happen.
going to nanog and yelling about peering by saying that you're a
victim isn't a mutual benefit last i checked. their lack of peering
doesn't demand another moment of our attention. choose wisely.

Drive slow,
Paul WALL

Re: IX Peering - BGP Session Filtering Best Practice

2015-09-21 Thread Paul WALL

You might want to check out Console by IIX (www.iix.net).

They are re-shaping peering automation with SDN.

Drive Slow,
Paul WALL

On 9/21/15, Erik Sundberg <esundb...@nitelusa.com> wrote:
> Just wondering how far everyone is going on filtering BGP sessions when
> peering with other content providers and carriers over an internet
> exchange.
>
> What are you doing.
>
> 1.  Just filtering out IPv4 Reserved Space, RFC 1918, and Default
> Routes.
>
>
> 2.  AS Path Filtering. Only filtering by the AS's that are present in
> the IRR Record.
>
>
>
> 3.  Filtering by IP Prefix based on the IRR Record for the Peer. (Yes
> some Prefix Filter list can be a couple thousand lines)
>
>
>
> 4.  Doing both #3 and 4 listed above.
>
>
>
>
>
>
> Besides Peering DB is there any software to help keep track of IX and
> Peering info. So far I have only found IXP-MANGER
>
> 
>
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files
> or previous e-mail messages attached to it may contain confidential
> information that is legally privileged. If you are not the intended
> recipient, or a person responsible for delivering it to the intended
> recipient, you are hereby notified that any disclosure, copying,
> distribution or use of any of the information contained in or attached to
> this transmission is STRICTLY PROHIBITED. If you have received this
> transmission in error please notify the sender immediately by replying to
> this e-mail. You must destroy the original transmission and its attachments
> without reading or saving in any manner. Thank you.
>

Today's Supreme Court ruling

2015-06-26 Thread Paul WALL

I hear the Supreme Court just ruled IPv6 legal in all states...

What does this mean for the backward people who have been steadily
resisting deploying the current version of the Internet Protocol?

Drive Slow,

Paul

Re: Prefix hijacking, how to prevent and fix currently

2014-08-29 Thread Paul WALL

On Friday, August 29, 2014, Randy Bush ra...@psg.com wrote:


 i am ENOTIME.  when you have a simple spec i can follow, i would really
 look forward to it.


Thanks for summing up in a few words how most of us outside your ivory
tower feel about RPKI.

Now if you'll excuse me, I'm a grown-up with real work to do.

Drive slow,
Paul

Re: Many players make up application performance (was Re: Richard Bennett, NANOG posting, and Integrity)

2014-07-29 Thread Paul WALL

It is common courtesy around these parts to not libel your customers,
especially when they're paying you lots of money and making up 30% of
your incoming traffic.  That you're posting in hypotheticals does
not mask your true messaging.

Drive Slow,
Paul Wall

On Tue, Jul 29, 2014 at 2:33 PM, McElearney, Kevin
kevin_mcelear...@cable.comcast.com wrote:


 On 7/28/14, 5:35 PM, Jim Richardson weaselkee...@gmail.com wrote:

I pay for (x) bits/sec up/down. From/to any eyecandysource.  If said
eyecandy origination can't handle the traffic, then I see a slowdown,
that's life.  But if $IP_PROVIDER throttles it specifically, rather
than throttling me to (x),I consider that fraud.

I didn't pay for (x) bits/sec from some whitelist of sources only.

 Along with paying $IP_PROVIDER for (x) bits/sec up/down, you are also
 paying (or the product of advertising) eyecandysource to deliver a service
 (w/ a level of quality).  $IP_PROVIDER plays a big role in delivering
 your *overall* Internet experience, but eyecandysource plays an even
 bigger role delivering your *specific* eyecandy experience.  If
 eyecandystore has internal challenges, business negotiation/policy
 objectives, or uses poor adaptive routing path decisions, this has a
 direct and material impact to your *specific* eyecandy experience (and
 some have found fixable by hiding your source IP with a VPN).

 While ISPs do play a big role in this, people tend to miss eyecandystore
 decisions (and business drivers) as a potential factors in isolated
 application performance issues.

Re: Many players make up application performance (was Re: Richard Bennett, NANOG posting, and Integrity)

2014-07-29 Thread Paul WALL

The devil is in the details.  Ken Florance
(http://blog.netflix.com/2014/04/the-case-against-isp-tolls.html)
paints a different picture in his blog, for example.

As a manager at Comcast, can you refer the people on this list to any
ISPs who do not have a history of congestion into your network?  This
question comes up about once a month, absent any good solutions, so
insight would be appreciated.

Drive Slow,
Paul Wall

On Tue, Jul 29, 2014 at 5:25 PM, McElearney, Kevin
kevin_mcelear...@cable.comcast.com wrote:


 On 7/29/14, 12:45 PM, valdis.kletni...@vt.edu valdis.kletni...@vt.edu
 wrote:

On Tue, 29 Jul 2014 14:33:28 -, McElearney, Kevin said:

 (w/ a level of quality).  $IP_PROVIDER plays a big role in delivering
 your *overall* Internet experience, but eyecandysource plays an even
 bigger role delivering your *specific* eyecandy experience.  If
 eyecandystore has internal challenges, business negotiation/policy
 objectives, or uses poor adaptive routing path decisions, this has a
 direct and material impact to your *specific* eyecandy experience (and
 some have found fixable by hiding your source IP with a VPN).

Very true.  But what we're discussing here is the *specific* case where
eyecandystore's biggest challenge at delivering the experience is an
external
challenge, namely that $IP_PROVIDER's service sucks.  It's particularly
galling when $IP_PROVIDER's internal net is actually up to snuff, but they
engage in shakedown tactics to upgrade peering points.


 There is a great analysis by Dr Clark (MIT) and CAIDA which shows while
 there are some challenged paths and relationships between providers, this
 is the exception vs the rule.  Using the “exceptions are business
 decisions.

 Performance is a two way street (as are shakedowns)

 - Kevin

Re: Richard Bennett, NANOG posting, and Integrity

2014-07-28 Thread Paul WALL

On Mon, Jul 28, 2014 at 5:53 AM, Richard Bennett rich...@bennett.com wrote:
 In fact Netflix is asking to connect to eyeball networks for free:

 http://blog.netflix.com/2014/03/internet-tolls-and-case-for-strong-net.html

You are aware that there are, probably, thousands of eyeball networks
doing this right now, right?

Drive Slow,
Paul Wall

Re: Richard Bennett, NANOG posting, and Integrity

2014-07-28 Thread Paul WALL

route-views will confirm that Netflix peer with a number of access
providers, including the large ones; press releases related to
OpenConnect imply that no money is passing hands.

You'll note that, in spite of his wordy replies, never once does
Richard Bennett disclose who is funding him and AEI.  Call it whatever
you want, I think lobbyist is the best word choice.

Drive Slow,
Paul Wall

On Mon, Jul 28, 2014 at 7:12 AM, mcfbbqroast . bbqro...@gmail.com wrote:
 Wait, I'm confused?

 Of the ISPs can't handle 5mbps of traffic when a customer wants to watch
 TV, why the hell are they selling 100mbps plans!?!

 Answer that with something other than because the ISPs more lucrative
 content business is threatened by Netflix?

 Stop trying to hide what this so obviously is.

 Others:

 Do you know if Netflix peers with tier 1s (level 3, cogent, etc) or
 purchases capacity?

 Bennett:

 Sorry for the double mail, still getting used to gmail on the Android.

 Jed Robertson
 On 28 Jul 2014 17:56, Richard Bennett rich...@bennett.com wrote:

 In fact Netflix is asking to connect to eyeball networks for free:

 http://blog.netflix.com/2014/03/internet-tolls-and-case-
 for-strong-net.html

  Strong net neutrality additionally prevents ISPs from charging a toll
 for interconnection to services like Netflix, YouTube, or Skype, or
 intermediaries such as Cogent, Akamai or Level 3, to deliver the services
 and data requested by ISP residential subscribers. Instead, they must
 provide sufficient access to their network without charge.

 This isn't the traditional understanding of net neutrality, but this is
 the beauty of murky notions: they can be redefined as the fashions change:
 You've designed your network to handle the traffic demands of web
 browsing? That's cute, now rebuild it to handle 40 times more traffic while
 I sit back and call you a crook for not anticipating my innovation.

 Very wow.

 RB


 On 7/27/14, 9:49 PM, Matt Palmer wrote:

 On Sun, Jul 27, 2014 at 09:08:17PM -0700, Richard Bennett wrote:

 I don't think it's conflation, Joly, since the essence of NN is for
 the eyeballs to pay for the entire cost of the network and for edge
 providers to use it for free; isn't that what Netflix is asking the
 FCC to impose under the guise of strong net neutrality?

 In a word: no.  Net neutrality is about everyone paying their own way to
 get
 their packets to where they want them to go.  Netflix doesn't get to use
 the
 Internet for free; they pay a whole heck of a lot each month to L3 and
 Cogent.

 - Matt


 --
 Richard Bennett
 Visiting Fellow, American Enterprise Institute
 Center for Internet, Communications, and Technology Policy
 Editor, High Tech Forum

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

2014-07-22 Thread Paul WALL

It's not as if Brett is doing the public a service. There is Charter
Cable and CenturyLink DSL available in Laramie. He's just a wireless
provider with some crappy infrastructure that's bitter that he can't
borrow bandwidth from the University of Wyoming anymore, resulting
in a loss of his 100% margin on the service.

You're not a charity that's providing internet access to the poor
ignored rural folks like you claim, you're a competitive overbuilder.
You give the little boys who are deploying service where the big guys
won't a bad name.

Drive slow,
Paul

On Sat, Jul 19, 2014 at 4:20 AM, George Herbert
george.herb...@gmail.com wrote:




 On Jul 17, 2014, at 5:19 AM, Jared Mauch ja...@puck.nether.net wrote:

 The problem is partly a technological one.  If you have a fiber span from 
 east- west it doesn't make sense to OEO when you can just plop in a bidi 
 amplifier.

 Almost certainly, most of the fiber going through the building just hits an 
 amplifier (or nothing and isn't broken out there).  Yes.

 But they quoted a price for access, and some research turned up signs other 
 people are doing big fiber out of that location, so my assumption at this 
 point is that at least one pair each direction down the fiber is terminating 
 in some router there.  Possibly a fiber level wave device but seems more 
 likely a router.

 Unless that assumption is not true, this comes down to We don't want your 
 antenna on our roof*, come in via fiber like everyone else and not having 
 met the right Layer 3 reseller yet.  It's not sounding at all like we have 
 to break open a fiber for you and put in a router.

 (The rest of this indirectly aimed back at Brett, not Jared )

 It's not 1995.  Even little ISPs need to get aware and step their game up.  
 Treating transit or uplink like a 1995 problem IS a short road to damnation 
 now.

 Seriously.  The net is changing. The customers are changing, the customers 
 uses and expectations are changing.  Change with it, or step out of the way.  
 You are not an exception because you're rural. You've just got a density and 
 size lag.  That is temporary at best.  Keep up.  This is critical national 
 telecommunications infrastructure.  Modern teens have mostly never used 
 landline phones and are not OK with inadequate bandwidth at home or on the 
 road.

 Being in Laramie is not a shield against change.


 * probably expands to ...you aren't big enough for me to bother working with 
 my facility staff and filling out the paperwork to get an exception or lease 
 amendment or permit and let you put an antenna on our roof, sorry, but this 
 is an educated guess not informed.


 George William Herbert
 Sent from my iPhone

Richard Bennett, NANOG posting, and Integrity

2014-07-22 Thread Paul WALL

Provided without comment:

http://www.esquire.com/blogs/news/comcast-astroturfing-net-neutrality

Drive Slow,
Paul Wall

Re: routing issues to AWS via 2914(NTT)

2014-06-13 Thread Paul WALL

Amazon peers at many key exchanges, with dozens of hosting shops
(where customers might share mutual infrastructure) like yours:

https://www.peeringdb.com/view.php?asn=16509

Rather than play the blame game with third-party transit providers,
why not hit them up for some sessions?

Drive Slow,
Paul Wall

On Fri, Jun 13, 2014 at 5:50 AM, Bryan Socha br...@digitalocean.com wrote:
 Amazon hasn't reached out to us either...

 If you have other providers, use a combination of local-preference and the
 customer communitiy strings with ntt to prepend around the circuit(s) in
 nyc with the issue.  Just check your routing table, we found many going
 through ntt to amazon and took awhile to get everything working as desired.

 Bryan Socha
 Network Engineer
 DigitalOcean

 On Thu, Jun 12, 2014 at 12:55 PM, Christopher Rogers phi...@phiber.org
 wrote:

 Could an IP engineer from AWS (16509/14618) and one from NTT (2914) kindly
 contact me off-list?  AS1 is having some major reachability issues to
 you via 2914.  Several of our applications and users are reporting problems
 trying to reach various aws hosted services such as netflix and twilio.
  I'm seeing almost 50% packet loss when transiting to you via 2914.
  Forcing traffic onto 3356 clears the issue right up.  I've had to
 effectively shift all my ingress traffic off 2914 and de-pref aws as-path
 to force egress to other transit.

 We're a customer of 2914, but not AWS.  I've got a ticket open with 2914,
 and they've reached out to AWS, but it's been two days now and we haven't
 been getting any traction on this.

 thanks!

 -chris

Re: Observations of an Internet Middleman (Level3) (was: RIP Network Neutrality (was: Wow its been quiet here...

2014-05-10 Thread Paul WALL

It is important to consider bias and factual accuracy of the material.
 George Ou was working for Comcast and ATT as a lobbyist at the time
he produced the Youtube video.

Drive Slow,
Paul Wall

On Sat, May 10, 2014 at 3:04 PM, Rick Astley jna...@gmail.com wrote:
 That was an interesting read but it's not the whole story. Skip to the
 TL;DR if you'd like but I'll attempt to explain what happened. What he
 isn't saying is the roles of the companies involved have changed over the
 last 10 years. Mostly gone are the days that content providers and access
 networks each just gave a middleman/transit provider money to reach each
 other. Content provider has expanded to become content delivery network
 and access network has expanded their role to offer transit as well. If
 these networks have a large amount of traffic between them and are able to
 reach each other in multiple locations nationally what is the technical
 reason a 3rd party transit network is required instead of a direct peering
 relationship? From a purely technical perspective content and access at
 that scale can peer directly cutting out the middle man.

 The reality is an increasingly directly peered Internet doesn't sit well if
 you are in the business of being the middle man. Now if you will, why do
 transit companies themselves charge content companies to deliver bits? How
 is it fair to be in the business of charging companies to receive their
 bits and hand them to a settlement free peer on the hook to deliver them,
 but not fair for content to just bypass the transit company and enter a
 paid peering agreement with the company delivering the bits? In this case
 paid peering is mutually beneficial to both companies involved and is
 typically cheaper for the content company than it would cost to send that
 traffic over transit.

 What we have is a major shift in the market over the last 10 or so years.
 So why are these large nationally connected access networks charging
 Level 3 for ports? That's the elephant in the room here and to understand
 that you have to go back to where (to my knowledge) this dispute first went
 public. The most comprehensive description I have seen to date is the
 following Youtube video: https://www.youtube.com/watch?v=tR1sLLOYxnY

 I recommend the video before continuing. Level 3 is really both Level 3
 transit and Level 3 CDN. Level 3 has already had a long standing precedent
 of justifying the right of an ISP to charge for content delivery. So what
 happens when Level 3 greatly expands their content delivery business and
 sends traffic to other ISP's over settlement free ports? The large access
 networks say hey, content delivery is a billable service, you should know
 and they ask Level 3 CDN for compensation. The middleman networks protest
 and say Charging for content delivery is only OK if we do it, but not when
 you do it! and their justification for this claim is made on the basis
 that unlike access networks they a) Have a large network and b) send a full
 table of prefixes.

 So lets look at the first claim. Are the transit networks large? Yes, but
 especially in the case of North American traffic destined for North America
 they are typically smaller overall than the largest access networks who
 arguably have the lions share of equipment tasked with delivering the bits
 beyond just the colo.
 The 2nd claim is mostly a strawman and this is why. Middlemen still carry
 traffic not destined to directly connected peers but how they bill for it
 is largely based on volume of traffic, not the number of prefixes
 exchanged. The big content providers and the big access networks make up a
 majority of the traffic on the Internet even if they don't make up a
 majority of the prefixes.

 TL;DR So the reason the ports are maxed out is the market has changed,
 access networks have attempted to change peering agreements to match the
 existing market conditions but the middleman networks are arguing they
 should be exempt from the long standing tradition of charging for content
 delivery they themselves helped to establish. Some middleman networks have
 responded by refusing payment to access networks for delivery and as a
 result, the paths have not been upgraded and remain congested.

 End of TL;DR

 The next part is (even) more opinion than fact so you are forgiven if you
 stop here.  My opinion is this is a peering dispute more than something
 that should fall under net neutrality. If content companies sent letters to
 middlmen that said In your statements to the public you made the case
 that content delivery to ISP's should be settlement free so we have decided
 to take your offer and refuse any further payment to you from here forward
 how would they handle it? Likely those companies would not only find
 themselves congested but depeered.

 A bunch of people say charging at both ends is double dipping but really
 modern access networks are now at least partly filling the role of transit
 as well as last

Re: Observations of an Internet Middleman (Level3) (was: RIP Network Neutrality (was: Wow its been quiet here...

2014-05-10 Thread Paul WALL

The pertinent question is what time period Level 3 was looking at /
averaging when writing the blog post.

Even if Comcast and Level 3 are not congested right at this moment,
they were most definitely congested several years following their
landmark agreement. A better question would be why that is/was.

Drive Slow,
Paul Wall

On Fri, May 9, 2014 at 12:27 PM, Livingood, Jason
jason_living...@cable.comcast.com wrote:
Hi Jeff – I noticed the question posed here so thought I’d respond, perhaps
at risk of stirring up a hornet’s nest given how long the last thread was.
;-) Anyway… there’s no congestion between Comcast and Level 3 connections,
and we’re working collaboratively with Level 3. Given these facts, we have
no reason to believe that Comcast is on their list.

- Jason
Comcast

On 5/8/14, 1:18 PM, =JeffH
jeff.hod...@kingsmountain.commailto:jeff.hod...@kingsmountain.com wrote:

Level 3 accuses five unnamed US ISPs of abusing their market power in peering
http://gigaom.com/2014/05/05/level-3-accuses-five-unnamed-us-isps-of-abusing-their-market-power-in-peering/

...I’d love to see Cogent, Google and other providers release their data
next, so even if the FCC doesn’t want to pursue this, a growing cry of
consumer outrage could push the agency to do something about a very real and
difficult problem that’s crippling access to video content on 5 U.S.
broadband networks. Level 3 didn’t name names, but based on the deals Netflix
has signed and the complaints it has made about ATT, I’m confident that
ATT, Verizon and Comcast are among the five.

Re: US patent 5473599

2014-04-22 Thread Paul WALL

On Tuesday, April 22, 2014, Henning Brauer hb-na...@bsws.de wrote:

 * Nick Hilliard n...@foobar.org javascript:; [2014-04-22 10:29]:
  ... turns 20 today.
 
  This is the patent which covers hsrp, vrrp, many applications of carp and
  some other vendor-specific standby protocols.

 it does NOT cover carp, not at all. carp was carefully designed to
 specifically avoid that.


CARP is a nonstandard protocol that was carefully designed to cause
outages.

Its authors submitted a slide deck describing their protocol instead of an
internet-draft, which somehow managed to not get any traction in the IETF
(funny that). The bar is pretty low for an informational RFC but the
CARPheads couldn't be bothered. They threw a tantrum which involved camping
out on the IETF's OUI (rather than getting their own) and deliberately
choosing host bytes that conflict with the VRRP standard.  This has the
same predictable result as any duplicate MAC address, but since odds are it
conflicts with a router, takes out the entire subnet instead of a single
host.  Of course this is not mentioned anywhere in CARP's documentation.

That's why I encourage my competitors to run it.

Drive slow,
Paul

Re: US patent 5473599

2014-04-22 Thread Paul WALL

On Tuesday, April 22, 2014, Henning Brauer hb-na...@bsws.de wrote:

 I won't waste time on your uninformed ramblings, you have the facts
 plain wrong. There is enough material on the net for everybody to read
 up on what happened.

 carp causing outages however is nothing short of a lie. carp
 announces itself as vrrp version 3. anything trying to parse it as
 vrrp2 without checking the version number in the header is buggy as
 hell and that is ITS fault, not carps. affected cisco 3600, afair.


I wasn't talking about CARP's announcements causing outages due to
bugs in VRRP implementations, I was talking about CARP's intentional
use of another organization's OUI and deliberately constructing its
bits in the host section to conflict with established practice for
VRRP.  That was childish, and causes outages.  This design choice
should be documented in CARP's man page.  It is not.

In response to Ryan Shea, here's the way it breaks down:

Both CARP and VRRP use virtual router MAC addresses that start with
00:00:5e.  This organizational unique identifier (OUI) is assigned to
IANA, not OpenBSD or a related project.  The CARP authors could have
gotten their own from IEEE.  OUIs are not free but the cost is quite
reasonable (and was even more reasonable years ago when this
unfortunate decision was made).

The next two octets for IPv4 VRRP are 00:01.  Highly coincidentally,
the CARP folks *also* decided to use 00:01 after they got upset at the
IETF for dissing their slide deck.

If either of these decisions had not been made, we would not be having
this discussion today.

The last octet is the VRID for both CARP and VRRP.  If you don't have
the same VRID configured, the protocols should peacefully coexist,
assuming no bugs in the software listening to the multicast
advertisements (which Henning mentioned above - a legitimate concern
to be sure, but not the big one).

So yes, the problem only exists if you are running VRRP and CARP on
the same subnet (say, a pair of routers speaking VRRP and a pair of
firewalls backing each other with CARP and pfsync, which is actually
fairly common) and happen to have a host identifier conflict.  In a
completely random world the likelihood of this is 1 in 256.
Unfortunately, human nature and a plethora of examples on the
intarwebs makes interface GigabitEthernet 0/3 // vrrp 1 ip blah
reasonably likely.  The same human nature causes the out of the box
configuration on many products, e.g. pfSense, to be ifconfig carp0
vhid 1.  Presto - outage for everyone on the subnet.

Soapbox time.  There are some people who decide that they will only
run FOSS software because of how they feel about software patents.  In
my case, I will not run CARP because of how I feel about folks
deliberately violating the interoperability maxim (be conservative in
what you send and liberal in what you accept) and causing *me* to be
the collateral damage.  I think we all have enough on our plates
dealing with legitimate software bugs without having rogue protocols
deliberately interfering with our networks because of a grudge.  Is
CARP malware?  A trojan?  I'm not sure I'd go that far, but it seems
to meet some of the definitions.

Nothing personal Henning (and I like what you did with OpenBGPd and
OpenNTPd) but you'd gain a lot of respect in my eyes, as well as a
bunch of other people's, if you publicly admitted the CARP OUI
decision was a huge mistake.  If your lawyers have advised you not to
apologize because of liability concerns (despite that no warranty
bit in the BSD license) it's OK - I completely understand.

Drive Slow,
Paul

Re: Severe latency at both San Jose and Los Angeles Level3/ATT peering

2014-04-11 Thread Paul WALL

This should provide some background:

http://apps.fcc.gov/ecfs/document/view?id=7022026095

Drive Slow,
Paul

On Fri, Apr 11, 2014 at 6:50 PM, David Sotnick sotnickd-na...@ddv.com wrote:
 Hi Nanog,

 I have a ticket open with Level 3, with whom I have 1gig pipes in Oakland,
 CA and Las Vegas, NV.

 One of our users noticed very slow file transfer/media delivery from the
 Bay Area to L.A., and on investigating it appears as though the peering
 point between Level3 and ATT in SF was saturated and had 300ms avg.
 latency.

 90 minutes later after receiving no call from Level3, I escalated to a P1
 ticket, as the latency is now  1000ms and we're seeing 20% packet loss.

 I decided to statically route to the destination via our DR cluster in
 Vegas, and interestingly I found the same situation where ATT and Level3
 peer in Tustin.

 mtr traceroutes, for those curious:

 Via Oakland:

My traceroute  [v0.71]

 hivemind (0.0.0.0)
 Fri Apr 11 15:36:08 2014

 Keys:  Help   Display mode   Restart statistics   Order of fields   quit

   Packets
 Pings

  Host   Loss%  Last
   Avg  Best  Wrst StDev

  1. 138.72.xxx.xxx   0.0%   0.3
   0.2   0.1   0.3   0.1
  2. pan5060-ae1-401.routerland.pixar.com 0.0%   0.4
   0.4   0.4   0.5   0.0
  3. verge-vlan66.pixar.com   0.0%   0.6
   0.7   0.6   0.9   0.1
  4. ge-6-24.car1.Oakland1.Level3.net 0.0%   0.7
 105.5   0.7 307.3 110.9
  5. ae-5-5.ebr2.SanJose1.Level3.net  0.0%   1.7
   1.7   1.6   2.8   0.4
  6. ae-92-92.csw4.SanJose1.Level3.net0.0%   1.6
   1.7   1.6   3.0   0.4
  7. ae-4-90.edge2.SanJose1.Level3.net0.0%   1.6
   4.6   1.6  37.1  10.2
  8. 192.205.32.209  41.7% 1042.
 1048. 1038. 1059.   9.1
  9. cr1.sffca.ip.att.net25.0% 1052.
 1059. 1046. 1072.  10.0
 10. cr1.la2ca.ip.att.net27.3% 1043.
 1060. 1043. 1071.  10.7
 11. cr83.la2ca.ip.att.net   16.7% 1058.
 1060. 1045. 1073.   8.8
 12. gar7.la2ca.ip.att.net   16.7% 1059.
 1061. 1044. 1087.  13.3
 13. 12.249.143.98   33.3% 1059.
 1057. 1048. 1071.   7.8
 14. ???

My traceroute  [v0.71]

 hivemind (0.0.0.0)
 Fri Apr 11 15:36:43 2014

 Resolver: Received error response 2. (server failure)er of fields   quit

   Packets
 Pings

  Host   Loss%  Last
   Avg  Best  Wrst StDev
  1. 138.72.xxx.xxx   0.0%   0.2
   0.1   0.1   0.2   0.0
  2. pan5060-ae1-401.routerland.pixar.com 0.0%   0.4
   0.4   0.3   0.6   0.1
  3. cat-vegas-01-vlan66.pixar.com0.0%  22.0
  21.8  21.7  22.3   0.2
  4. 205.129.21.101   0.0%  19.4
  19.5  19.3  19.9   0.2
  5. ae-2-5.bar1.LasVegas1.Level3.net 0.0%  19.3
  21.8  19.3  40.7   5.9
  6. ae-4-4.ebr1.LosAngeles1.Level3.net   0.0%  22.0
  22.4  21.9  26.8   1.3
  7. ae-6-6.ebr1.Tustin1.Level3.net   0.0%  20.0
  20.2  19.9  21.8   0.5
  8. ae-107-3507.bar2.Tustin1.Level3.net  0.0%  22.0
  22.0  21.9  22.1   0.0
  9. 192.205.37.145  30.8% 1052.
 1063. 1048. 1072.   8.1
 10. cr1.la2ca.ip.att.net35.7% 1050.
 1060. 1050. 1070.   7.3
 11. cr83.la2ca.ip.att.net   28.6% 1049.
 1064. 1049. 1072.   7.8
 12. gar7.la2ca.ip.att.net   21.4% 1048.
 1061. 1048. 1072.   6.7
 13. 12.249.143.98   28.6% 1050.
 1061. 1050. 1072.   7.9
 14. ???

 Just wanted to share in case anyone else is running into similar issues. I
 know, I should be on the outages list. I will add myself now. :)

 Regards,
 Dave Sotnick

Re: Level 3 blames Internet slowdowns on Technica

2014-03-22 Thread Paul WALL

On Sat, Mar 22, 2014 at 10:18 AM, TGLASSEY tglas...@earthlink.net wrote:

 How do you as the people operating the network think two exabytes of data
 gets pushed across your networks to each of the PRISM Collection Sites
 (daily) with no one noticing... Know what I mean?

Wouldn't You Like To Know?

drive slow...
Paul

Re: Verizon FIOS IPv6?

2014-03-02 Thread Paul WALL

On Thu, Feb 27, 2014 at 8:03 PM, Justin M. Streiner
strei...@cluebyfour.org wrote:
 I've heard all sorts of BS answers as to why there is no v6 for FIOS,

Step 1. Ask an ALU sales droid about their IPv6 support on PON
Step 2. Be disappointed by the answer
Step 3. Stroke chin or beard thoughtfully while enjoying the epiphany
about why FiOS doesn't do IPv6 yet

Bonus - enjoy complementary epiphany about why ATT uVerse uses 6RD

Drive Slow,
Paul

Re: Comcast/Level3 issues

2014-01-06 Thread Paul WALL

Kevin,

Thank you for the info. Can you say how many quarters or years until
Comcast is resolved?

I've seen references to that obscure whitepaper (co-authored,
ironically, by Patrick Gilmore) before on the broadbandreports forums,
by someone with a lot of knowledge on Comcast's network and internal
politics/peering discussions. Do you know who the poster is?

https://encrypted.google.com/search?q=28619103+dslreports+site:www.dslreports.combiw=1000bih=1000

Drive Slow,
Paul WALL

On Sun, Jan 5, 2014 at 6:17 PM, McElearney, Kevin
kevin_mcelear...@cable.comcast.com wrote:
FWIW, we work with each issue and try to fix them as best we can. Several
are underway. Much of the ³traffic shifting² is happening external to
Comcast with very large traffic swings congesting AND uncongesting paths.
The beauty of adaptive routing via CDN and text book ³Creating Incentives
to Peer² - feel free to google that...

- Kevin

On 1/5/14, 1:22 AM, Paul WALL pauldotw...@gmail.com wrote:

The people pushing this policy are not without a face and name. They read
this mailing list, and attend our conferences. You'll want to talk to
John
Schanz, Kevin McElearney, and Barry Tishgart.

Drive Slow (like a Comcast peering port),
Paul Wall

On Fri, Jan 3, 2014 at 10:55 AM, Scott Berkman sc...@sberkman.net wrote:

Comcast having saturated links to other providers is a common and
frequently discussed issue. Here is one previous NANOG thread on the
topic:

http://mailman.nanog.org/pipermail/nanog/2010-December/029251.html

And a related article:
http://www.dslreports.com/shownews/Claims-Resurface-
Concerning-Congested-Comcast-TATA-Links-111818

There are debates back and forth on the validity of the graphs from the
NANOG post, but it is a fact that at that time Comcast was heavily
pre-pending their Level BGP advertisements to force traffic over to
Tata,
and many many people noticed congestion at those links in a variety of
markets.

I wish you luck, but my personal opinion is that your fastest resolution
would be to move to another provider. Comcast is a residential ISP that
lives on extreme over-subscription and not actually being able to
deliver
what customers believe they have. You'll notice a lot of recent news
about
increased and more strict data caps for their subscribers, and that is
the
only thing they will likely be doing to relieve these types of recurring
issues.

-Scott

On 01/02/2014 11:18 PM, R W wrote:

I'm seeing the same as well. Can anyone from Comcast/Level(3) reach out
to me or provide comment. We're seeing heavy jitter and some packet
loss
most noticeable in NYC area connections between Level(3) and Comcast.
-Rob

Date: Tue, 31 Dec 2013 09:45:00 -0800
Subject: Comcast/Level3 issues
From: dwh...@gmail.com
To: nanog@nanog.org

Looking for a networking contact at comcast and/or level3. I've been
having some slow speed issues with hitting some sites that's going
through
level3 and I think there might be some congestion.

Doug

Re: Comcast/Level3 issues

2014-01-04 Thread Paul WALL

The people pushing this policy are not without a face and name.  They read
this mailing list, and attend our conferences.  You'll want to talk to John
Schanz, Kevin McElearney, and Barry Tishgart.

Drive Slow (like a Comcast peering port),
Paul Wall


On Fri, Jan 3, 2014 at 10:55 AM, Scott Berkman sc...@sberkman.net wrote:

 Comcast having saturated links to other providers is a common and
 frequently discussed issue.  Here is one previous NANOG thread on the topic:

 http://mailman.nanog.org/pipermail/nanog/2010-December/029251.html

 And a related article:
 http://www.dslreports.com/shownews/Claims-Resurface-
 Concerning-Congested-Comcast-TATA-Links-111818

 There are debates back and forth on the validity of the graphs from the
 NANOG post, but it is a fact that at that time Comcast was heavily
 pre-pending their Level BGP advertisements to force traffic over to Tata,
 and many many people noticed congestion at those links in a variety of
 markets.

 I wish you luck, but my personal opinion is that your fastest resolution
 would be to move to another provider.  Comcast is a residential ISP that
 lives on extreme over-subscription and not actually being able to deliver
 what customers believe they have. You'll notice a lot of recent news about
 increased and more strict data caps for their subscribers, and that is the
 only thing they will likely be doing to relieve these types of recurring
 issues.

   -Scott



 On 01/02/2014 11:18 PM, R W wrote:

 I'm seeing the same as well. Can anyone from Comcast/Level(3) reach out
 to me or provide comment. We're seeing heavy jitter and some packet loss
 most noticeable in NYC area connections between Level(3) and Comcast.
 -Rob

  Date: Tue, 31 Dec 2013 09:45:00 -0800
 Subject: Comcast/Level3 issues
 From: dwh...@gmail.com
 To: nanog@nanog.org

 Looking for a networking contact at comcast and/or level3.  I've been
 having some slow speed issues with hitting some sites that's going
 through
 level3 and I think there might be some congestion.

 Doug

Re: What routers do folks use these days?

2013-12-11 Thread Paul WALL

Based on what?


On Thu, Nov 28, 2013 at 9:59 PM, Mehmet Akcin meh...@akcin.net wrote:

 Look at Juniper, MX Series.

 mehmet

 On Nov 28, 2013, at 9:37 PM, Jawaid Desktop j...@forethought.net wrote:

  We're a service provider, and we have a network full of Cat6509's. We
 are finding that we are outgrowing them from the standpoint of their
 ability to handle lots of large routing tables. Obviously their switching
 capability is still superb but one of them with 20 peers is starting to
 groan a bit and RAM is going to be an issue soon.
 
  What do people use these days? Our backbone needs in the next 2-3 years
 are going to be sub-100Gbps.
 
 
  Jawaid

Re: NAT64 and matching identities

2013-11-18 Thread Paul WALL

MSOs logging subscriber flows, what could possibly go wrong?

Drive slow, like a Sandvine under load,
Paul Wall


On Mon, Nov 18, 2013 at 8:03 PM, Tom Taylor tom.taylor.s...@gmail.comwrote:


 On 18/11/2013 3:06 PM, Justin M. Streiner wrote:

 It's looking more and more like NAT64 will be in our future.  One of the
 valid concerns for NAT64 - much like NAT44 - is being able to determine
 the identity of a given user through the NAT at a given point in time.
 How feasible this is depends on how robust/scalable $XYZ's translation
 logging capabilities are, and possibly how easily that data can be
 matched against a source of identify information, such as RADIUS
 accounting logs, DHCP lease logs, etc.

 Other IPv6 transition mechanisms appear to be no less thorny than NAT64
 for a variety of reasons.

 I'm curious to see how others are planning to tackle (or already have
 tacked) this issue.  Discussing vendor-specific solutions is fine, but I
 think keeping things as platform/vendor agnostic as possible for the
 time being would allow this thread to be more beneficial to a wider
 audience.

 The floor is open...

 jms


 For logging, the following IETF Behave WG drafts are nearly complete. The
 IPFIX version will be updated soon (I hope) to more closely match the
 SYSLOG based one. They both will match the new NAT MIB document, also
 listed below:

 http://datatracker.ietf.org/doc/draft-ietf-behave-ipfix-nat-logging/

 http://datatracker.ietf.org/doc/draft-ietf-behave-syslog-nat-logging/

 http://datatracker.ietf.org/doc/draft-ietf-behave-nat-mib/

 There is also work being done on reducing log volumes by bulk allocation
 of ports. The following drafts will be combined to meet a Sunset WG
 milestone:

 http://datatracker.ietf.org/doc/draft-chen-sunset4-cgn-port-allocation/

 http://datatracker.ietf.org/doc/draft-tsou-behave-natx4-log-reduction/

 http://datatracker.ietf.org/doc/draft-donley-behave-deterministic-cgn/

 Tom Taylor

Re: If you're on LinkedIn, and you use a smart phone...

2013-10-25 Thread Paul WALL

Adding Zaid Ali Khan for feedback.

On Fri, Oct 25, 2013 at 10:45 AM, Shrdlu shr...@deaddrop.org wrote:

I hate to do this, but it's something that anyone managing email
servers (or just using a smart phone to update LI) needs to know
about. I just saw this on another list I'm on, and I know that there
are folks on NANOG that are on LinkedIn.

++
http://www.bishopfox.com/blog/**2013/10/linkedin-intro/http://www.bishopfox.com/blog/2013/10/linkedin-intro/

LinkedIn released a new product today called Intro. They call it
“doing the impossible”, but some might call it “hijacking email”.
Why do we say this? Consider the following:

Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of
your emails go through LinkedIn’s servers. You read that right. Once
you install the Intro app, all of your emails, both sent and received,
are transmitted via LinkedIn’s servers. LinkedIn is forcing all your
IMAP and SMTP data through their own servers and then analyzing and
scraping your emails for data pertaining to…whatever they feel like.

Read the full article. If you're using LI via your smart phone, and
you have already installed this app, you probably need to save off
your contacts and data, and wipe the phone. I wouldn't trust
uninstalling as enough, myself. In the long run, I'll be deleting my
account.

No, I don't use a smart phone to update any social media. No, I
especially do not trust LI (never have, never will). BTW, they're
currently adding back any contacts you've deleted. Thanks for
reminding me that Joe Barr, Len Sassaman, and Jay D Dyson are gone
from this world.

--
Life may not be the party we hoped for, but while we are here,
we might as well dance.

Re: Verizon Wireless security contact needed

2013-03-28 Thread Paul WALL

You should get yourself a lawyer.

This is what happened the last time someone from this community
attempted to report a security/data breach issue to a mobile provider:
http://en.wikipedia.org/wiki/Weev

Drive Slow,
Paul Wall

On 3/27/13, nick hatch nicholas.ha...@gmail.com wrote:
 Hi all,

 I just discovered a somewhat-exigent issue which affects
 confidentiality for Verizon Wireless customers. (PSTN / Voice)

 I'm failing at trying to find a Verizon Wireless security contact
 through normal means. If someone can provide a contact off-list it
 would be much appreciated.

 Thanks,

 -Nick

Re: TelePacific a good choice?

2013-02-19 Thread Paul WALL

The lack of IPv6 implementation:

http://bgp.he.net/AS14265#_asinfo

should be the only feedback you need.

On 2/19/13, Jeff Harper jhar...@well.com wrote:
 Hiya,

 We're looking at TelePacific as a possible solution for some of our transit
 needs.  If you have an honest experience with them, positive or negative,
 I'd like to hear from you.

 Simply email me off line with your experiences, thanks!

 Jeff Harper, CCIE (W) |  www.well.com
 ip access-list extended jeff
 permit tcp any any eq intelligence
 deny tcp any any eq stupid-people

F-ckin Leap Seconds, how do they work?

2012-06-30 Thread Paul WALL

Comments?

Drive Slow
Paul

A's for www.xfinitytv.com

2012-06-08 Thread Paul WALL

I'm not learning any  records for Streampix (www.xfinitytv.com), only A's.

The domains this site redirects to are available over a v6 transport,
but not the actual streaming.

Anyone know what's going on?

Thanks,
Paul Wall

Re: Cogent for ISP bandwidth

2012-05-14 Thread Paul WALL

Cogent is really better suited as a tertiary provider.

Not a bad option, but you don't want to lose redundancy when they get
involved in their peering dispute or de-peering du jour.

Drive Slow,
Paul Wall

On 5/14/12, Michael J McCafferty m...@m5computersecurity.com wrote:
 Jason,

 I agree with John. You can't use them as your only provider, but you
 wouldn't do that with *any* provider. I will add that they answer the
 phone quickly, and the person who answers usually has a clue, has access
 to the routers, and can be helpful. It's one of the benefits that they
 really only sell one product. Honestly, I think their support is better
 than most and the deliver what they say or better.

 In the past the had a A peer / B peer setup that was a little funky, but
 I think they are getting rid of that as they upgrade hardware throughout
 their network.

 We do also use Level3 (and others). As long as they come in to your
 facility on different fiber or otherwise meet you physical diversity
 requirements, you should be pretty happy. Add low commits to other
 providers for more diversity as needed.

 Good luck,
 Mike

 On Mon, 2012-05-14 at 15:12 -0700, John T. Yocum wrote:
 In my experience Cogent is fine when used in a BGP mix. When we used
 them, our service was quite reliable. Routing was funky at times, but we
 never had packet loss.

 --John

 On 5/14/2012 3:03 PM, Jason Baugher wrote:
  The emails on the Outages list reminded me to ask this question...
 
  I've done some searching and haven't been able to find much in the last
  3 years as to their reliability and suitability as an upstream
  provider.
  For a regional ISP looking for GigE ports in the Chicago/St. Louis
  area,
  is Cogent a reasonable solution? Our gut feeling is that they don't
  stack up against a Level3 or Sprint, but they are being very aggressive
  with pricing to try and get our business.
 
  Thanks,
  Jason
 


 --
 
 Michael J. McCafferty
 CEO
 M5 Hosting
 http://www.m5hosting.com

 Like us on Facebook for updates and photos:
 https://www.facebook.com/m5hosting

Re: Colocation in New York for a POP

2012-04-19 Thread Paul WALL

Stay away from the NYIIX.  It goes down every month or two, and its
current management is not competent.  There are plenty of competitive
options, including Equinix and Telx/TIE (which is free or close to
it).

Drive Slow,
Paul Wall

On 4/19/12, Abdelkader Chikh Daho achikhd...@iweb.com wrote:
 Hi everyone,

 Can some one please tell us what is the best Colo in New york to set up
 a POP (one cabinet) in order to get bandwidth, peering (NIIX, etc).

 Best regards,

 --
 Abdelkader Chikh Daho
 Network Architect
 iWeb Technologies
 Email : achikhd...@iweb.com
 Web : www.iweb.com
 Tel : 514-286-4242 ext 2309

Re: non-congested comcast peers?

2012-01-31 Thread Paul WALL

On 1/31/12, Shacolby Jackson shaco...@bluejeans.com wrote:
 Are there any providers that Comcast doesn't regularly run hot? Seems like
 no matter who I deliver through at some magical point in the evening they
 start spiking jitter and a little loss. Almost like everyone hits PLAY on
 netflix at the same time.

You could try Cogent, ATT, or Savvis, though they'll probably fill up
now that I've mentioned it.

Drive Slow (like a download going over Comcast-GBLX),
Paul Wall

Re: So... my colo was just bought.

2012-01-10 Thread Paul WALL

George,

We appreciate your sponsorship but using the NANOG mailing list to
sell your colo is inappropriate.

Best Regards,
Paul

On Tue, Jan 10, 2012 at 6:20 PM, George Fitzpatrick
gfitzpatr...@telx.com wrote:
 If folks are having colo. issues please take a look at Telx.
 We will be in San Diego as well.
 In the meantime let's talk.

 Thanks,
 George
 917.371.7257

 -Original Message-
 From: Patrick Giagnocavo [mailto:patr...@zill.net]
 Sent: Tuesday, January 10, 2012 12:31 PM
 To: nanog@nanog.org
 Subject: Re: So... my colo was just bought.

 On 1/10/2012 10:58 AM, Jay Ashworth wrote:
 By Knology.

 Should I be scared?

 My experiences with Knology have been fairly thin, but uniformly
 negative, for at least the last 5 years.  But I know that the plural
 of 'anecdote' is not 'data'.  That said, I'm accepting all anecdotes.
 :-)

 Cheers,
 -- jra

 You have to read the contract you signed.  If it is still valid (survivable 
 I think is the phrase?) then you have less to worry about.
  If not, they can mess with you a lot.

 Expect all the local guys you dealt with to be gone in 6 months.

 --Patrick


 __
 This email has been scanned by the Symantec Email Security.cloud service.
 __

Holiday Songs

2010-12-21 Thread Paul WALL

An old classic, but maybe it will help put everyone in the holiday spirit.

The Twelve Days of NYIIX


On the first day of Christmas, NYIIX gave to me,
A BPDU from someone's spanning tree.



On the second day of Christmas, NYIIX gave to me,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the third day of Christmas, NYIIX gave to me,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the fourth day of Christmas, NYIIX gave to me,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the fifth day of Christmas, NYIIX gave to me,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the sixth day of Christmas, NYIIX gave to me,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the seventh day of Christmas, NYIIX gave to me,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the eighth day of Christmas, NYIIX gave to me,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the ninth day of Christmas, NYIIX gave to me,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the tenth day of Christmas, NYIIX gave to me,
Ten proxy ARPs,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the eleventh day of Christmas, NYIIX gave to me,
Eleven OSPF hellos,
Ten proxy ARPs,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the twelfth day of Christmas, NYIIX gave to me,
Twelve peers in half-duplex,
Eleven OSPF hellos,
Ten proxy ARPs,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.

Re: GBLX Routing Issues

2010-11-18 Thread Paul WALL

On Thu, Nov 18, 2010 at 11:52 AM, Tim Donahue
tdona...@vonmail.vonworldwide.com wrote:
 We have several clients who are experiencing downtime right now on GBLX's
 network, as well as seeing some intermittent routing problems coming from
 our GBLX link.  Has anyone been able to get more than the standard The
 technicians are trying to isolate the problem out of GBLX at this point?

I've heard their recent outages/blackholing issues are MPLS related,
stemming from a rushed deployment of the Brocade MLX/XMR platform.
One of the GX people on the list might want to comment in further
depth on the specific issues encountered, if only to serve as a
learning experience for others.

Drive Slow,
Paul Wall

Re: experience with equinix exchange

2010-11-18 Thread Paul WALL

What are the layer 8-9 issues?

Drive Slow,
Paul Wall

On Thu, Nov 18, 2010 at 12:50 AM, Mehmet Akcin meh...@akcin.net wrote:

 On Nov 18, 2010, at 12:48 PM, Shacolby Jackson wrote:

 Has anyone had any experience (good or bad) with their exchange at any of
 their major datacenters, especially Great Oaks? We're wondering if people
 really love or hate it.

 -shac


 Equinix does a fair job running 7 layers , however the layer8 and layer9 seem 
 the lacking part
 which could have been improved greatly. in Great Oaks / SJC , they seem to be 
 the largest IX

 per

 https://www.peeringdb.com/private/exchange_view.php?id=5peerParticipantsPublicsOrder=Sorter_policypeerParticipantsPublicsDir=DESC

 so being there while you are in that location seems good, and they are 
 reliable.

 mehmet

Re: Extra latency at ATT exchange for UVerse

2010-11-11 Thread Paul WALL

On Thu, Nov 11, 2010 at 2:11 PM, Srikanth Sundaresan srknt...@gmail.com wrote:
 Here are the traceroutes (without the first 3 hops)

The U-Verse infrastructure is a bit of a mess when you get closer to
the end subscriber. There will be a few more L3 hops as your packets
egress the metro area towards what was the legacy BellSouth IP network
(BRIB).

The first few hops will be the U-Verse LIO (Intermediate Office),
which serves as your first layer 3 hop. After, you'll end up in the
U-Verse VHO (Video Hub Office), which is where all the IPTV gear and
U-Verse IP aggregation occurs. You'll hop through a few more devices
within the VHO until you end up on a legacy BellSouth IP backbone
device (AS6389). From there you'll then route to the ATT CBB (AS7018)
and onto a ATT MIS (IP transit) router where Google is a customer.

The legacy BellSouth ADSL product doesn't have to go through as many
hoops to reach an actual IP network. One thing to keep in mind is that
the BellSouth U-Verse customers are numbered out of classic SBC
(AS7132) IP address space, which is advertised to the Internet
originating from AS7132. I wonder if some of that return traffic is
routing into AS7132 or AS7018 at a sub-optimal location rather than
directly back to that MIS connection in Atlanta.

Another note regarding the latency, you can probably attribute some
that to the Alcatel DSLAM you terminate on. They're known for setting
a static interleaving value on all customers, regardless of line
conditions. Customers should really reach out and ask for this to be a
configurable option, just like ATT offered it for its legacy ADSL
broadband subscribers.

Drive Slow, but not due to Alcatel interleaving
Paul Wall

Re: Equinix of Candia?

2010-11-01 Thread Paul WALL

Equinix at 151 Front?

Drive Slow,
Paul Wall

On 11/1/10, Ryan Finnesey ryan.finne...@harrierinvestments.com wrote:
 Who if anyone is the Equinix of Candia?

 Cheers
 Ryan




-- 
Sent from my mobile device

Re: Mystery open source switching company claims top-of-rack price edge (was Re: Pica8 - Open Source Cloud Switch)

2010-10-31 Thread Paul WALL

I don't know what the big deal is.  I've rolled at least 20 of these
switches into my network, and not only are they more stable than the
Centillion switches that they replaced, they only cost half as much.
Most of the money I dropped was on converting my stations from token
ring to ethernet.


On Sun, Oct 31, 2010 at 6:59 PM, bas kilo...@gmail.com wrote:
 Hi,

 On Sat, Oct 30, 2010 at 11:26 PM, Kevin Oberman ober...@es.net wrote:
 I might also mention that I received private SPAM from a name we all
 know and loath. (Hint: He's been banned from NANOG for VERY good
 reason and his name is of French derivation.) I just added a filter to
 block any mail mentioning pica8 and will see no more of this thread or
 their spam.

 Same here.
 He harvests email addresses from peeringdb. (I have slight typo's in
 my peeringdb record to recognize harvested spams.)

 Bas

Re: NSF.gov Unavailable

2010-10-27 Thread Paul WALL

On Wed, Oct 27, 2010 at 4:55 PM, Nathan Eisenberg
nat...@atlasnetworks.us wrote:
 http://www.arlnow.com/2010/10/27/nsf-building-evacuated-in-ballston-
 after-apparent-lightning-strike/

 lightning strike - electrical fire

 At the science foundation.  Nature has a sense of irony.

The real irony is that the folks who brought you the NSFnet apparently
didn't get the memo vis-a-vis geographic diversity in one's secondary
nameservers (rfc 2182 et al).  Always good for a few yuks when
ill-mannered MTAs start getting unhappy and dropping mail on the floor
rather than queueing because they can't resolve the name rather than
can't can't connect to the destination (which just about everyone
handles fairly well).

nsf.gov.86400   IN  NS  swirl.nsf.gov.
nsf.gov.86400   IN  NS  TWISTER.nsf.gov.
nsf.gov.86400   IN  NS  WHIRL.nsf.gov.
;; Received 139 bytes from 66.207.175.172#53(f.usadotgov.net) in 70 ms

dig: couldn't get address for 'WHIRL.nsf.gov': not found
%

This happened to the University of Eastern Kentucky a couple of years
back during the floods there, and I'm sure it happens to other
lower-profile sites on a daily basis.  I think there is a lesson in
here for the community.

Drive Slow,
Paul

Re: [Nanog-futures] Final bylaws proposal

2010-10-03 Thread Paul WALL

On Sat, Oct 2, 2010 at 12:00 AM, Joel Jaeggli joe...@bogus.com wrote:
 On 10/1/10 9:46 PM, Randy Bush wrote:
 i started to read the bylaws draft, hit the 42 flavors of membership,
 and decided to drop this note and do something more useful with my time.

 it left out gold and platinum members, 100 meeting members, extra
 legroom members, and dismembers.  why the hell is all this crap needed?

 you forgot honorary troll, distinguished troll and fellow troll.

I would like to know the criteria for such titles.

___
Nanog-futures mailing list
Nanog-futures@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-futures

Re: AS14202 - 'jacked routes... Whoa! This is just getting silly now!

2010-10-03 Thread Paul WALL

Ronald,

A better channel for your anger would be the transit providers:

AS3257  Tinet SpA
AS3549  Global Crossing
AS577   Bell Canada

Have you tipped them off?  Why are they continuing to accept and
re-advertise these prefixes?

ARIN's done nothing wrong or counter to their policies.  If you don't
like the rules, go propose some new ones on PPML.

Drive Slow,
Paul Wall

On Sat, Oct 2, 2010 at 7:24 PM, Ronald F. Guilmette
r...@tristatelogic.com wrote:

 Somebody else on another mailing list I'm on actually found the
 following new 'jacking incident.

 Count 'em... one hundred and eighty three (183) separate jacked blocks.

 I can't take any credit.  I wanted to include, in this posting, the
 name of the guy who actually found this stuff, and give him full
 credit for finding this, but he's asked me not to.

 These announcements may not be around very long.  We'll see.


 Regards,
 rfg


 P.S. If ARIN actually does want to clean up and reclaim old abandoned
 blocks... well... it would appear that some nice helpful fellow has
 already catefully surveyed both 204/8 and 205/8 for such things, on
 their behalf.  See below.


 AS14202:

 198.153.0.0/21
 199.5.152.0/23
 199.253.192.0/21
 200.1.184.0/21
 200.4.32.0/20
 200.41.240.0/22
 204.17.128.0/23
 204.17.250.0/23
 204.17.252.0/23
 204.19.124.0/23
 204.19.126.0/23
 204.19.132.0/23
 204.19.180.0/22
 204.19.226.0/23
 204.19.234.0/23
 204.52.148.0/22
 204.57.8.0/21
 204.57.16.0/20
 204.58.132.0/23
 204.58.250.0/23
 204.58.252.0/23
 204.61.16.0/21
 204.61.24.0/22
 204.61.28.0/23
 204.62.148.0/23
 204.62.168.0/23
 204.63.144.0/21
 204.63.152.0/21
 204.63.168.0/22
 204.63.172.0/23
 204.68.232.0/23
 204.75.148.0/23
 204.75.240.0/23
 204.76.16.0/21
 204.76.24.0/22
 204.76.158.0/23
 204.76.160.0/22
 204.76.164.0/23
 204.76.198.0/23
 204.76.200.0/23
 204.76.214.0/23
 204.76.216.0/22
 204.76.230.0/23
 204.76.232.0/22
 204.76.236.0/23
 204.76.246.0/23
 204.76.248.0/22
 204.76.252.0/23
 204.79.130.0/23
 204.80.66.0/23
 204.80.68.0/22
 204.80.72.0/21
 204.80.80.0/22
 204.80.84.0/23
 204.86.0.0/21
 204.86.8.0/22
 204.86.104.0/21
 204.86.112.0/22
 204.89.0.0/21
 204.89.134.0/23
 204.110.184.0/23
 204.115.136.0/21
 204.124.4.0/22
 204.124.68.0/22
 204.124.72.0/22
 204.124.76.0/22
 204.126.180.0/23
 204.126.184.0/23
 204.126.244.0/23
 204.147.192.0/21
 204.152.16.0/23
 204.152.36.0/23
 204.152.52.0/23
 204.152.72.0/23
 204.152.120.0/23
 204.152.122.0/23
 204.152.136.0/23
 204.152.160.0/22
 204.152.164.0/23
 204.153.164.0/22
 204.153.180.0/22
 204.153.224.0/22
 204.174.48.0/23
 204.174.52.0/23
 204.174.76.0/22
 204.174.204.0/23
 204.187.50.0/23
 204.187.52.0/23
 204.187.96.0/23
 204.187.106.0/23
 204.187.108.0/22
 204.187.112.0/22
 204.187.116.0/23
 204.194.16.0/22
 204.194.48.0/21
 204.194.192.0/21
 204.194.200.0/22
 204.194.208.0/22
 204.194.216.0/22
 204.194.220.0/23
 204.209.30.0/23
 204.209.86.0/23
 204.225.184.0/23
 204.225.226.0/23
 204.225.234.0/23
 204.231.242.0/23
 204.231.244.0/23
 204.239.126.0/23
 204.239.176.0/23
 204.239.192.0/23
 204.239.200.0/23
 205.132.88.0/22
 205.132.92.0/23
 205.132.136.0/21
 205.132.152.0/21
 205.142.4.0/23
 205.142.32.0/22
 205.142.40.0/22
 205.142.68.0/22
 205.142.84.0/22
 205.142.132.0/22
 205.142.136.0/22
 205.142.140.0/22
 205.142.144.0/22
 205.142.160.0/22
 205.142.204.0/22
 205.142.208.0/22
 205.142.212.0/22
 205.143.8.0/21
 205.143.56.0/21
 205.153.4.0/22
 205.153.32.0/22
 205.153.72.0/22
 205.153.108.0/22
 205.153.124.0/22
 205.153.132.0/22
 205.153.164.0/22
 205.153.168.0/22
 205.153.184.0/22
 205.153.200.0/22
 205.153.216.0/22
 205.153.252.0/22
 205.167.12.0/23
 205.167.20.0/23
 205.167.32.0/23
 205.167.38.0/23
 205.167.50.0/23
 205.167.66.0/23
 205.167.72.0/23
 205.167.82.0/23
 205.167.98.0/23
 205.167.112.0/23
 205.167.160.0/23
 205.167.172.0/23
 205.167.178.0/23
 205.167.190.0/23
 205.167.194.0/23
 205.167.204.0/23
 205.167.228.0/23
 205.167.236.0/23
 205.167.246.0/23
 205.172.32.0/22
 205.172.36.0/22
 205.172.116.0/22
 205.172.120.0/21
 205.172.128.0/22
 205.172.140.0/22
 205.172.152.0/22
 205.172.176.0/22
 205.172.244.0/22
 205.172.252.0/22
 205.173.184.0/21
 205.189.74.0/23
 205.189.78.0/23
 205.189.118.0/23
 205.189.120.0/23
 205.189.222.0/23
 205.189.224.0/23
 206.53.128.0/21
 206.82.96.0/21
 206.208.72.0/21
 206.220.0.0/22
 207.45.96.0/21

Re: Vyatta as a BRAS

2010-07-15 Thread Paul WALL

On Thu, Jul 15, 2010 at 1:22 PM, Dennis Burgess dmburg...@linktechs.net wrote:
 RouterOS is a software based router, we have them all over the world as
 CORE and EDGE routers to networks.

You keep using that word (CORE). I do not think it means what you
think it means.

Drive Slow, DoS Slower,
Paul Wall

Re: [Nanog-futures] NANOG Transition - How we got here

2010-06-30 Thread Paul WALL

Bill,

That's precisely the problem, that (per your own admission) you
invited a salesman to NANOG, and suggested that he approach some of
the Netflix folks with an unsolicited sales pitch, all without paying
a dime.  As a seasoned attendee, you should realize that the standard
practice here is to *pay* to attend, or else follow up with the gents
from Netflix by e-mail or phone outside of the conference.  You'll
note that the other salesmen attending NANOG 49 (from OSI Hardware,
Tata, Time Warner Cable, and Tinet, to name a few) had no problem
paying to play.

The respectful thing to do would have been to call or e-mail.  Of
course, after your video taping of a past peering BOF, or your hosting
of a marketing intelligence event in Philly passed off as an impromptu
BOF, you've made it abundantly clear this is a community you have no
respect for, and that your interests are strictly commercial.

Given all the money you're making off this community's goodwill, I'd
think the forgotten $600 registration fee should be chump change to
the DrPeering enterprise.  I'll even go lightly and not hound you for
the $5000 sponsorship opportunity in Philly this community afforded
you.  :)

Drive Slow,
Paul Wall

On Wed, Jun 30, 2010 at 1:59 PM, William Norton bill.nor...@gmail.com wrote:
 This is all very interesting, inasmuch as you invited salespeople to
 crash NANOG49 (unpaid) for the purposes of pitching the sponsor.

 Wow - the story gets propagated and more exaggerated by the minute. Thank
 you Mr. Temkin, (Marketing, NANOG).
 Here is what actually happened.
 I had lunch with the CEO of MediaMelon - he said he wanted to meet Ken
 Florance (NetFlix), a friend who I have lunch with periodically.  I
 mentioned that he would be at NANOG. The gentleman works in San Francisco
 and stopped by the hotel at lunchtime, unfortunately on Tuesday and  I
 hadn't seen Ken but I did see his subordinate  (Dave Temkin) - I made the
 suggestion that maybe he could maybe grab lunch with Dave instead.
 Next thing I know, I was scolded by Mr Temkin to the SC, the NANOG Marketing
 group, and apparently through the rumor mill as evidenced by your inaccurate
 portrayal of what actually happened.  Here is the scolding:
 I find it extremely inappropriate that you brought MediaMelon in
 specifically to hunt for myself and Ken Florance at this meeting.
 We are the meeting sponsor and we expect that vendors be respectful
 of the commitments that we have to the community.

 Further, if MediaMelon would like to sell their wares to NANOG
 attendees such as Netflix, they should purchase either a meeting
 pass,  or, more appropriately, pay to sponsor like everyone else.
 How could it possibly be fair for you to sneak Kumar from
 MediaMelon in, but Network Hardware Resale, Citrix, and many others
 need to pay $5,000 and up to get a moment of my time?  If Kumar
 wants to contact me outside of NANOG where I'm not cornered, he
 certainly has many ways to do so.  It's clear that the meeting was
 engineered.

 I suggest that you discuss this with Kumar and encourage him to
 donate or sponsor NANOG or NewNOG.  I could understand that he may
 be unfamiliar with how this community works, but frankly I expected
 better from you.

 -David Temkin
 (Marketing Working Group)

 I replied to clarify what appeared to be a simple misunderstanding.
 From: William Norton [bill.nor...@gmail.com]
 Received: 6/15/10 6:33 PM
 To: David Temkin [dtem...@netflix.com]
 CC: steer...@nanog.org [steering@nanog.org]; nanog-marketing
 [nanog-market...@nanog.org]
 Subject: Re: Inappropriate vendor meeting

 Please. Give me small break.

 I did not sneak this gentleman in. He wanted to meet ken Florance. Not
 being here I suggested he talk to you.

 Geesh.

 Bill
 Which resulted in continued attack cc'ing the SC/Marketing folks:
 Bill,

 That's ridiculous, and I'll let the fact that you don't deny any of it speak
 for itself.

 I wish I could give you more credit, but after the commercialized federated
 cdn bof, taping the last peering bof, and now this, it shows that you have
 no respect for NANOG.

 This overreaction seems strikingly similar to the Avi NANOG issue of a few
 years back - one of the things that led up to the NANOG revolution in the
 first place. Avi was chewed out by the Merit NANOG Chair for sitting in the
 NANOG hotel public area and chatting with some friends - not attending
 sessions, not eating the food, not really crashing IMHO. Just enjoying
 visiting with friends for a bit. This guy came to see if he could grab a
 quick lunch with Ken - he didn't  know what Ken looked like.
 We seem to be becoming what we rebelled against, like Animal Farm.

 While I think you owe us all an explanation on how you allowed that to
 happen, the past doesn't matter, so would you be able to comment on

 My role as a NANOG attendee does not include policing the door.

 what you're doing to make things right?  Which organization, Merit or
 NewNog, should expect a $600 donation from

Re: [Nanog-futures] FW: NANOG Transition - How we got here

2010-06-30 Thread Paul WALL

On Wed, Jun 30, 2010 at 3:00 PM, William Norton bill.nor...@gmail.com wrote:
 As my original post indicated, I would like to talk about the futures of 
 NANOG.

So to steer things back on-topic and set the record straight, will you
or MediaMelon be compensating Merit and/or NewNog for Kumar's
attendance, by submitting payment for $600?

(This is a simple yes or no question.)

 And for the record - a week after NANOG I did volunteer to help Dan Golding 
 with his group on the financials.

Having seen the creative accounting in your whitepapers, I'd pass on
the generous offer, but that's just me.  ;)

Drive Slow,
Paul Wall

___
Nanog-futures mailing list
Nanog-futures@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-futures

Re: FCC dealt major blow in net neutrality ruling favoring, Comcast

2010-04-12 Thread Paul WALL

On Sat, Apr 10, 2010 at 5:43 PM, Richard Bennett rich...@bennett.com wrote:
 The FCC is structured in such a way that the chairman calls all the shots on
 policy matters. In this instance, the former chairman, Kevin Martin, was
 responsible for the Comcast order but the current chairman, Julius
 Genachowski, had to defend it in court. Some wags insist that the defense
 was a bit lackluster because Genachowski didn't much care for the legal
 basis of the Comcast order, which relied on a lot of smoke and mirrors to
 regulate aspects of edge network behavior that Congress never told the FCC
 to regulate. The defense relied on some legal theories that weren't used in
 the order itself, and that's a no-no in an appeal. The court took the rather
 extraordinary step of suggesting arguments that the FCC could have used in
 the appeal that it didn't use.
...
 Research Fellow
 Information Technology and Innovation Foundation

It should probably be noted, for purpose of establishing bias, that
Richard is a Washington lobbyist, hired to represent Comcast on
regulatory matters.  What he views as overstepping legal bounds,
others may view as protecting consumers...

Drive Slow,
Paul Wall

Re: FCC dealt major blow in net neutrality ruling favoring, Comcast

2010-04-12 Thread Paul WALL

On Mon, Apr 12, 2010 at 2:42 PM, Richard Bennett rich...@bennett.com wrote:
 One of the things I like about e-mail lists is learning things about myself
 that I never knew before, especially regarding my occupation. For the last 9
 months or so I've been working part-time with a Washington think tank in an
 analyst capacity, not as a lobbyist, and not on the Comcast payroll.

You neglected to mention that the think tank (where I'm from in
Houston, we call them lobbys) is funded by Comcast, among other big
cable/telecom players.

Drive Slow,
Paul Wall

Re: NSP-SEC

2010-03-19 Thread Paul WALL

On Thu, Mar 18, 2010 at 8:43 PM, Guillaume FORTAINE gforta...@live.com wrote:
 Misses, Misters,

You forgot the ballers, shot callers, brawlers, those who dippin' in
the benz with the spoilers. [0]

 I would want to inform you that the security of the Internet, that is
 discussed in the NSP-SEC mailing-list [0] by a selected group of vendors
 (Cisco, Juniper  Arbor) [1] and operations contacts of the big ISPs [2] :

I personally believe that that U.S. Americans are unable to do so
because, uh, some people out there in our nation don't have maps and,
uh, I believe that our, uh, education like such as in South Africa
and, uh, the Iraq, everywhere like such as, and, I believe that they
should, our education over here in the U.S. should help the U.S., uh,
or, uh, should help South Africa and should help the Iraq and the
Asian countries, so we will be able to build up our future, for our
children. [1]

 1) applies the Security through Obscurity paradigm that has been proven
 inefficient [3]. To quote [4] :

When the Sun shines upon Earth, 2 - major Time points are created on
opposite sides of Earth - known as Midday and Midnight. Where the 2
major Time forces join, synergy creates 2 new minor Time points we
recognize as Sunup and Sundown. The 4-equidistant Time points can be
considered as Time Square imprinted upon the circle of Earth. In a
single rotation of the Earth sphere, each Time corner point rotates
through the other 3-corner Time points, thus creating 16 corners, 96
hours and 4-simultaneous 24 hour Days within a single rotation of
Earth - equated to a Higher Order of Life Time Cube. [2]

 First question : Why was I able to find this mail on the Internet if it
 should be kept secret ?

ELMSFORD 12 GALAXIES CESJROGENICAL ERGONOMICS NBC: XOXPHROZENIGUL
COVERAGE WASPROVENIKIL ADMONISHMENTS MINUSCULE STRATOSPHERICAL [3]

 Second question : Do you still ask yourself why the Internet is so insecure
 ? [10]

http://www.youtube.com/watch?v=GkMvKeX7erI [4]

I am also curious [5], is OBESUS [6] the new IASON [7]? Are you Peter
and Karin Dambier [8]?

Drive Slow [9],

Paul WALL [10]

[0] http://www.lyricsmode.com/lyrics/p/p_diddy/all_about_the_benjamins.html
[1] http://en.wikipedia.org/wiki/Caitlin_Upton
[2] http://en.wikipedia.org/wiki/Time_cube
[3] http://en.wikipedia.org/wiki/Frank_Chu
[4] 
http://en.wikipedia.org/wiki/List_of_recurring_characters_in_The_Simpsons#Crazy_Cat_Lady
[5] http://www.merriam-webster.com/dictionary/curious
[6] http://mailman.nanog.org/pipermail/nanog/2010-March/019518.html
[7] http://iason.site.voila.fr/
[8] http://www.peter-dambier.de/
[9] http://en.wikipedia.org/wiki/Drive_Slow
[10] http://en.wikipedia.org/wiki/Paul_Wall

Re: lt2p/pptp vpn concentrators

2010-03-03 Thread Paul Wall

On Wed, Mar 3, 2010 at 2:52 PM, Leslie les...@craigslist.org wrote:
 We're currently looking for a small lt2p/pptp concentrator, mainly so people
 can connect via their iphones/androids with some vpn client to get email on
 the go.

If you're looking for ease of client configuration, try a Cisco router or ASA.

A current enterprise best-practice is to put your Exchange web server
in the DMZ, sacrificing some security for not having to deal with the
annoyance of supporting client-side tunneling.

Drive Slow,
Paul Wall

Re: [Fwd: [members-discuss] [ncc-announce] RIPE NCC Position On The ITU IPv6 Group]

2010-03-03 Thread Paul Wall

On Mon, Mar 1, 2010 at 12:30 AM, Randy Bush ra...@psg.com wrote:
 nope.  in japan, there is still far more powerpoint than packets.  i
 have ntt ftth.  it is v4 only.  i have to tunnel to iij to get v6.

 do not believe powerpoint.

NTT also charges its (wholesale) IP transit customers a premium for v6
connectivity in Asia.

Dorian can speak better to their rationale, though I can't see it
helping foster adoption in this economy.

Drive Slow,
Paul Wall

Re: ATT resolvers

2010-02-16 Thread Paul Wall

On Tue, Feb 16, 2010 at 4:36 AM, Nathan Ward na...@daork.net wrote:
 On 17/02/2010, at 1:28 AM, Michael McGovern wrote:

 Does anyone know if ATT has public DNS resolvers? We are an ATT customer 
 and they informed us that we could not use their DNS servers unless we paid 
 for it.  That was several years ago and do not know if they have changed 
 their stance on this.  I’m already a paying customer and I have to pay to 
 use their DNS resolvers?

 A few moments on Google finds:
 - 68.94.156.1
 - 68.94.157.1

 They seem to work.

They also have 99.99.99.99 too.

Re: qwest outage no notice

2010-01-09 Thread Paul Wall

On Thu, Jan 7, 2010 at 5:04 AM, Mike mike-na...@tiedyenetworks.com wrote:
 We just had a qwest outage of about 2 mins at 1:41am pst. When I called to
 report it I was told it was a 200+ emergency software upgrade due to a
 security concern, and that we will get a notice later after the fact.

That's not a maintenance, that's an outage.

I hope everybody impacted on this list is claiming SLA.

Drive Slow, much like the M40,
Paul Wall

Re: FTTH Active vs Passive

2009-12-01 Thread Paul Wall

On Tue, Dec 1, 2009 at 12:14 PM, Dan White dwh...@olp.net wrote:
 All valid points. Deploying a strand to each customer from the CO/Cabinet
 is a good way to future proof your plant.

I would argue that every customer is entitled to duplex fiber.

Drive Slow,
Paul Wall

Re: fight club :) richard bennett vs various nanogers, on paid peering

2009-11-25 Thread Paul Wall

RB-

Where can we find data on your group's funding sources?

If we're to continue this discussion, we need to establish bias and
motive, which you've not covered on your own accord.

Drive Slow,
Paul Wall

On 11/25/09, Richard Bennett rich...@bennett.com wrote:
 Now you've descended from Steenbergen's hair-splitting between on-net
 routes (the mechanism) vs. on-net access (the actual product) into
 Simpson's straight-up lying. ITIF is not opposed to network neutrality
 in principle, having released a paper on A Third Way on Network
 Neutrality, http://www.itif.org/index.php?id=63. There is not a single
 ultra-conservative on the ITIF board, they're all either moderate
 Democrats or moderate Republicans.

 I'm letting most of this childish venting slide, but I will point out
 the bald-faced lies.

 RB

 William Allen Simpson wrote:
 They're opposed to net neutrality, and (based on his comments and several
 of the papers) still think the Internet is some kind of bastard child
 that
 needs adult supervision in the middle -- by which they mean themselves
 /in loco parentis/.

 Looking at the board, it's populated by ultra-conservative wing-nut
 Republicans, and some Conservadems (as we call them in political circles,
 they call themselves centrists) from the New Democrat Caucus for
 bi-partisan cover.  And lots of lobbyists -- Federal lobbyists -- who
 seem to list their educational clients on their bio, but not whether
 they are also employed by a firm that represents other clients

 --
 Richard Bennett
 Research Fellow
 Information Technology and Innovation Foundation
 Washington, DC




-- 
Sent from my mobile device

Re: fight club :) richard bennett vs various nanogers, on paid peering

2009-11-24 Thread Paul Wall

On 11/25/09, Richard Bennett rich...@bennett.com wrote:
 It turns out you can say any damn thing you want about peering since
 nobody has any facts.

Indeed you can.  This is one of things where the people with the hard
facts aren't talking due to NDA, regard for their pride, or both.  In
the absence of solid data, most journalists (and I use the term
loosely) take the high road, writing on only what they know about and
can back up with fact.  It is unfortunate that you approach this
differently, attempting to pass off Bill Norton's blog, itself very
flawed and comprised of error upon error which he simply refuses to
acknowledge or correct, as the new gospel.

You write that the shift of an enormous amount of Internet traffic
from transit to paid peering is new, that’s what the data in the Arbor
Networks study shows. Nowhere in the Arbor study is there any
analysis of where money is passing hands, or any settlement-based vs.
settlement-free interconnection arrangement.  The report is a
scientific one based upon aggregated netflow/sflow data, which doesn't
take layers 8 and above into account.

Also suspiciously absent is any disclosure of employer affiliations
and biases.  You write that [you're] opposed to the
anti-discrimination rule that the FCC is considering.  What you
fail to mention is that you work for the ITIF, a Washington think-tank
allegedly funded by big cable.  Is it really any surprise that you
want to preserve this revenue stream?

Likewise, Norton neglects to mention that he works for NuMetra, a
company going around to content and broadband operators trying to
pitch a some black box which will enforce last-mile QoS and
automatically pay the friendly local Internet monopoly/duopoly in
settlement fees *on top* of your regular transit costs.  Of course
he wants Uncle Sam to back off; that's how his employer benefits.  It
is also important to consider Mr. Norton's role in Equinix, where he
worked in MARKETING, far distanced from the establishment of actual
peering agreements.  The real co-founders were Jay Adelson and Al Avery.

It is sad to see that Mr. Norton, once a valued member of the
community, so blatantly favoring the green stuff over fact-checking
and journalistic integrity.  One can only hope Om Malik will carry out
better due diligence in the future when hiring industry experts to
write for him.

Drive Slow,
Paul Wall

Re: What DNS Is Not

2009-11-08 Thread Paul Wall

On Sun, Nov 8, 2009 at 6:06 PM, Dave Temkin dav...@gmail.com wrote:
 In most cases it already is.  He completely fails to address the concept of
 Anycast DNS and assumes people are using statically mapped resolvers.

 He also assumes that DNS is some great expense and that by not allowing tons
 of caching we're taking money out of peoples' wallets.  This is just not
 true with the exception of very few companies whose job it is to answer DNS
 requests.

I don't know why Paul is so concerned, just think how many F root mirrors
it helps him sell to unsuspecting saps. The Henry Ford analogy was amazingly
apt, imagine 'ol Henry coming back and claiming that automatic transmissions
were a misuse of the automobile.

Drive Slow ('cause someone left the door open at the old folks home)

Re: Small guys with BGP issues

2009-11-01 Thread Paul Wall

On Mon, Nov 2, 2009 at 1:16 AM, Steve Bertrand st...@ibctech.ca wrote:
 - space in Torix

TorIX is not a place, its actually two switches that form an Internet
exchange. Perhaps you meant 151 Front Street? Do you have your own
suite? Whose suite are you in?

 I'm venting. I'm allowed to vent here. I think I'm qualified to do so.

Yes, according to www.ibctech.ca, you advertise that you are Sage
level IPv6 qualified individual from Hurricane Electric. If you only
had mentioned that first, no one would have replied to you with such
elementary questions.

That aside, I think you should have started your thread with
explaining the problem you are trying to solve, instead of ranting
about big providers and the ills they cause you. If you are in torix
space why aren't you peering at TorIX (I don't see your ASN on the
list)? Out of curiosity, have you contacted anyone off the TorIX
participants list to see if they would be willing to sell IP transit
and peer BGP with you?

If you want a better venting location, try IRC.

Drive Slow (because Cobourg has slow speed limits, especially near the water)

Re: Upstream BGP community support

2009-10-31 Thread Paul Wall

On Sat, Oct 31, 2009 at 8:25 PM, Randy Bush ra...@psg.com wrote:
 while i can understand folk's wanting to signal upstream using
 communities, and i know it's all the rage.  one issue needs to be
 raised.

BGP communities are all the rage? I don't think this is new concept or
fad. Signaling behaviors as well as informing users of types of routes
have been around for awhile. For example, RFC1998 (Aug 1996) outlines
some of these behaviors with modifying local preference. Even Sprint
was advertising the ability to not advertise or prepend to individual
peers back in 2002
(http://web.archive.org/web/20020607092619/www.sprintlink.net/policy/bgp.html).

 so i ain't sayin' don't do it.  after all, who would deny you the
 ability to show off your bgp macho?

How is providing better capabilities for your customers macho? People
have been using these knobs 10 years ago and it worked then (just as
well as it works now).

Drive Slow (as there are trick-or-treaters out tonight)

Re: Bandcon

2009-07-10 Thread Paul Wall

On Thu, Jul 9, 2009 at 4:43 PM, tbtbran...@gmail.com wrote:
 My name is Todd Braning, I work on the technical side of the BandCon
 house.  I am afraid Paul's email is inaccurate.

Yo Todd!

It's good to hear that you've listened to feedback and made these key
operational operational changes.  I wish you the best of luck going
foward.  Please keep in mind that I wasn't trying to smear your
company, but rather provide the original poster with real-word
feedback on a particular vendor whose customers I've worked with many
times over.  It would be great if you could stay on the list and join
us in future discussions.

Keeping things topical for the NANOG list, could you tell us a little
more about BandCon's transport offering  as relates to backbone
policy?  Is IP transit traffic preferenced over your PWEs, or the
other way around, or are they both FIFO'd?  What TE, QoS policy, and
signaling/congestion controls have you deployed to deal with multiple
customers purchasing 10G pipes and competing for access to a single
10G path between metros?  Do you have a general policy on
oversubscription ratios you'd be able to share without going into
NDA'ed territory?

Also on-topic, I know a lot of community members have voiced RECENT
concern with the relentless tactics of your sales force, some of it
bordering on CAN-SPAM violation and criminal harassment.  Could you
speak a little bit to what you're doing to bring this under control?
Would it be a problem if people mail you off-list with any specific
problems they've encountered there?

Drive Slow,
Paul Wall

Re: ISP BGP Resources

2009-07-10 Thread Paul Wall

On Fri, Jul 10, 2009 at 8:17 AM, Babak Pasdarbpas...@batblue.com wrote:
 We are in the process of rolling out communities that our customers can use 
 to manipulate their routes.  Are there any resources (books, web sites, 
 mailing lists, etc..) that anyone can recommend?

The Steenbergen presentation is a good resource, or more generally,
Internet Routing Architectures by Sam Halabi.

Drive Slow,
Paul Wall

Re: Bandcon

2009-07-09 Thread Paul Wall

On Wed, Jul 8, 2009 at 11:52 AM, Robin
Rodriguezrrodrig...@ifbyphone.com wrote:
 I don't have any usage experience, but would be very interested from anyone
 who does as well. We have spoken with them about long-haul circuits (with
 small to no commit) and their prices are indeed incredible. The prices we
 heard were for Equinix to Equinix circuits (specifically CHI1  CHI3 to DAL1
  NJ2) they also quoted us great deals on resold IBX-link to get to IBX's
 that they don't have a physical presence in (they aren't in CHI3 for
 example). I do wonder how they can undercut everyone's price by such a
 margin. Were you seeing great quotes into non Equinix facilities?

Simple, they're oversubscribing their transport circuits and letting
users fight for
bandwidth. Basically what they're doing is buying a 10GE unprotected wavelength
from a carrier, dropping a switch on the ends, and loading up multiple customer
VLANs onto the circuit. There are no bandwidth controls, no
reservations, no traffic
engineering, nothing to keep and the circuit uncongested, and these
are unprotected
waves so they go down on a regular basis whenever their carrier does a
maintenance.
How they implement multi-point service is even scarier, they just slap all your
locations into one big VLAN and let unknown unicast flooding and MAC
learning sort it
out. Most serious customers run screaming, I'm sure you can find some former
customers who can describe the horror in more detail off-list.

When things break, their support is nothing to write home about.  They
often brag that they have a former Level3 engineer on payroll,
unfortunately he's nowhere to be found, and their suport people aren't
terribly sharp on those rare occasoions when they *do* answer the
phone or respond to e-mail.  Like someone else pointed out, multi-day
outages aren't at all uncommon, so if you end up going with Bandcon,
make sure you have sufficient redundancy in place.

Since they can't really compete on quality, they compete instead on
price.  Their sales force spams and cold-calls every website, ARIN,
peeringdb, etc on a regular basis, and can't take no for an answer.
The following exchange sums it up nicely (warning: foul language):

http://attrition.org/postal/z/034/0931.html

They are currently running a $2.50/mg transit promotion, which makes
me wonder how they're doing on their Level3 and Global Crossing
bandwidth commits and whether or not they're solvent.

Drive Slow,
Paul Wall

151 Front Street in Toronto Fire (TorIX and others)

2009-07-05 Thread Paul Wall

FYI

There is a fire at 151 Front Street in Toronto, which is home to TorIX
as well as a variety of other network providers. Rumor is the fire may
have ORIGINated in the Peer1 suite.

Seems a bad weekend for fires given what happened in Seattle as well.

Drive Slow

Re: Fiber cut - response in seconds?

2009-06-02 Thread Paul Wall

On Tue, Jun 2, 2009 at 7:50 AM, Dave Wilson richard.wil...@senokian.com wrote:
 No. And here's why: If you're a naughty foreign intelligence team, and
 you know your stuff, you already know where some of the cables you'd
 really like a tap on are buried. When you hear of a construction project
 that might damage one, you set up your innocuous white panel truck
 somewhere else, near a suitable manhole. When the construction guy with
 a backhoe chops the cable (and you may well slip him some money to do
 so), *then* you put your tap in, elsewhere, with your actions covered by
 the downtime at the construction site. That's why the guys in the SUVs
 are in such a hurry, because they want to close the window of time in
 which someone can be tapping the cable elsewhere.

Sounds like a lot of work to me. Wouldn't it be easier to just find the carrier
neutral colo facilities where all the peering/transit between major networks
happens, and pay them money to put up a fake wall that you can colo your
optical taps behind?

Drive Slow, and remember, don't open any doors that say This Is Not An Exit,

Paul Wall

Re: Savvis quality?

2009-05-27 Thread Paul Wall

On Wed, May 27, 2009 at 1:35 PM, David Hubbard
dhubb...@dino.hostasaurus.com wrote:
 Just wondering if anyone can tell me their
 opinion on Savvis bandwidth/company preferably
 from a web host perspective.  Considering a
 connection.

They might be a good provider for reaching Comcast (when they're not
advertising inconsistently), but so are Level3 and Global Crossing.

I hear they've got some pretty serious peering problems in the US.

Drive Slow,
Paul Wall

Re: Data centre info

2009-05-07 Thread Paul Wall

On Thu, May 7, 2009 at 12:53 PM, JC Dill jcdill.li...@gmail.com wrote:

 I've never been happy with the room temps or equipment temps in any data
 center that used this blow cold air from the ceiling approach.  But hey,
 if it works for your equipment, more power to you.  I encourage all my
 competitors to do this.

All joking and invoking Randy aside, are you really providing
datacenter HVAC advice to other promising young equine photographers?
Care to enlighten us with some of their top concerns in data center
design?  I always suspected there was some sort of unspoken back-story
behind  Equinix's big red silo.

Drive Slow,
Paul Wall

Re: IXP

2009-04-24 Thread Paul Wall

On Fri, Apr 24, 2009 at 12:46 PM, Leo Bicknell bickn...@ufp.org wrote:
 Quite frankly, I think the failure modes have been grossly overblown.
 The number of incidents of shared network badness that have caused
 problems are actually few and far between.  I can't attribute any
 down-time to shared-network badness at exchanges (note, colos are
 a different story) in a good 5-7 years.

Wait aren't you on NYIIX and Any2? Those two alone are good for 5-7
times a year like clockwork.

Please allow me to send you a complementary copy of The Twelve
Days of NYIIX for your caroling collection this December:

On the first day of Christmas, NYIIX gave to me,
A BPDU from someone's spanning tree.



On the second day of Christmas, NYIIX gave to me,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the third day of Christmas, NYIIX gave to me,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the fourth day of Christmas, NYIIX gave to me,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the fifth day of Christmas, NYIIX gave to me,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the sixth day of Christmas, NYIIX gave to me,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the seventh day of Christmas, NYIIX gave to me,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the eighth day of Christmas, NYIIX gave to me,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the ninth day of Christmas, NYIIX gave to me,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the tenth day of Christmas, NYIIX gave to me,
Ten proxy ARPs,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the eleventh day of Christmas, NYIIX gave to me,
Eleven OSPF hellos,
Ten proxy ARPs,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.



On the twelfth day of Christmas, NYIIX gave to me,
Twelve peers in half-duplex,
Eleven OSPF hellos,
Ten proxy ARPs,
Nine CDP neighbors,
Eight defaulting peers,
Seven broadcast floods,
Six maintenances notices,
Five flapping sessions,
Four Foundry crashes,
Three routing leaks,
Two forwarding loops,
And a BPDU from someone's spanning tree.

Re: downloading speed

2009-04-17 Thread Paul Wall

On Fri, Apr 17, 2009 at 5:23 PM, chandrashakher pawar
learn.chan...@gmail.com wrote:
 our router is C12KPRP-K4P-M

 Please advise what could be the cause?

Could you perhaps paste the router configuration in your reply? If you
could execute a wr t or a show run, that should provide sufficient
information for the proper troubleshooting to take place.

Thank you.

Paul Wall
(Drive Slow)

Re: phishing attacks against ISPs (also with Google translations)

2009-03-25 Thread Paul Wall

On Wed, Mar 25, 2009 at 7:38 AM, Gadi Evron g...@linuxbox.org wrote:

 In this email message I'd like to discuss two subjects:

That makes one of us,


 b. Phishing in different languages against ISPs as soon as Google adds a
 new translation module.

 In the past few weeks there has been an increasing number of phishing
 attacks against clients of Israeli ISPs. I've only seen a few of these,
 but the local ISPs confirm it's happening across the board.

Confirmed. Not more than two days after google added its /intl/xx-bork/
translation site, my best friend, (he's Swedish - a high profile Chef), told
me he was scammed out of thousands of dollars by someone on the internet
that he didnt know.  (actually  his words were Eye lost all mee moolah on
der webs!  Its der Googol web-en page-en!  Eye don know whatta think-a, bork
bork bork!).
..
On a more serious note, how does this relate to network operations?


 In all these cases, the phishing email is in Hebrew.  While we have seen
 ISP phishing and Hebrew phishing before, these
 attacks started when Google added translation into Hebrew.

Since at the time Google added Hebrew translations, they also added

   1. Vietnamese,
   2. Slovak,
   3. Serbian,
   4. Catalan,
   5. Filipino,
   6. Indonesian,
   7. Latvian,
   8. Lithuanian,
   9. Hebrew, and
   10. Ukranian,

Any reasonable person might assume that your 1/11th of new languages would
make up a little less than 100% of what is probably hand-picked data.

Your data, or, to wit, your attempts to link Google and Phishing, need(s)
some work.

And by needs some work one might mean are full of fail, try again later

Is this a trend? Have other countries (or populations) been targeted
 when Google added a translation module for more languages?

^^ Insert blatant attempts to get unfounded interviews with clueless media
here. ^^

Router(enable)# no ip mailing-list crazy

Re: Akamai wierdness

2009-03-24 Thread Paul Wall

Nothing is unfounded.  I've previously had issues reaching Akamai at
n...@akamai.com, which is why I suggested that the poster try the
ccare@ address.

It was subsequently demonstrated (by Patrick and others) that the noc@
account is currently monitored satisfactorily.

Any further discussion would be off-topic, so I'll bow out now.  Drive Slow.

Paul Wall

Re: Akamai wierdness

2009-03-23 Thread Paul Wall

Patrick Gilmore wrote [context inserted]:
 Perhaps using the RFC required address [...@akamai] would be more
productive than e-mailing 10k strangers?

Normally I see emails like this and, if it's Not In My Back Yard, and the
Internet is not going nutz, the delete key explains how worried i am.

Back to your email:

 using the RFC required address

The correct catty response to the Akamai question is : cc...@akamai.com.
 That's C as in Customer, Care as in they actually care.

I would end the email there, but it really gets me how someone that is
in-house doesn't realize that n...@akamai is a black hole.
Drive Slow,

-paul

UnitedLayer

2009-03-18 Thread Paul Wall

I heard about some recent lay-offs and customer losses at UnitedLayer
and I was wondering if they're still solvent?

Paul

Re: Great outage of 1997 - Does anyone recall?

2009-02-22 Thread Paul Wall

On Sun, Feb 22, 2009 at 2:57 AM, Gadi Evron g...@linuxbox.org wrote:
 What was that story with an African routes some years back, any memories
 anyone? I am looking for a reference.

146.20.0.0/16?

Paul

Re: external L2 ethernet connections

2009-02-20 Thread Paul Wall

On Fri, Feb 20, 2009 at 9:59 AM, Adam Davenport a...@choopa.com wrote:
 If you're using a Cisco device on your side, you'll likely want to disable
 MOP as well:

 http://www.ciscotaccc.com/kaidara-advisor/lanswitching/showcase?case=K20523308

 Adam Davenport / a...@choopa.com
 www.choopa.com / 1.866.2.CHOOPA

A more sensible approach is to not run Enterprise code if you only
need to route IP.

Paul Wall

Re: do I need to maintain with RADB?

2009-02-20 Thread Paul Wall

On Thu, Feb 19, 2009 at 6:21 PM, Heather Schiller
heather.schil...@verizonbusiness.com wrote:
 No.  Use of a routing registry is not required.. ARIN's, RADB's or
 otherwise.

It's not required, however it's a good operational best-practice, and
it helps with automating prefix-list generation/management.

 Check w/ your provider, but in most cases you will find that they don't use
 a route registry.

Most is a very strong word.  A number of large providers do,
Level3/Savvis/GX to name a few.  Verizon might not, but they're
becoming increasingly less relevant in the transit marketplace with
every passing day... :)

Drive Slow,
Paul Wall

Re: 97.128.0.0/9 allocation to verizon wireless

2009-02-08 Thread Paul Wall

On Sun, Feb 8, 2009 at 5:37 PM, Aaron Glenn aaron.gl...@gmail.com wrote:
 NAT? why isn't Verizon 'It's the Network' Wireless using IPv6?
 speaking-from-assthere should be a FOIA-like method to see large
 allocation justifications/ass

Probably because Verizon Business isn't using it, unless you count a
couple of lab GRE tunnels.

Drive Slow,
Paul Wall

Re: 97.128.0.0/9 allocation to verizon wireless

2009-02-08 Thread Paul Wall

On Sun, Feb 8, 2009 at 4:32 PM, Jeff S Wheeler j...@inconcepts.biz wrote:
 What services require an IP, whether they can be supplied via NAT, how
 soon smart phone adoption will bring IP to every handset ... all these
 are good and valid points.  However, they all distract from the glaring
 and obvious reality that there is no current explanation for Verizon
 Wireless needing 27M IPs.

27 million IP addresses for 45 million customers with addressable
devices sounds well within ARIN's justification guidelines.

Just because most of your customers are trying to pull the wool over
ARIN's eyes doesn't mean Verizon is too. :)

Drive Slow,
Paul Wall

Re: Inauguration streaming traffic

2009-01-20 Thread Paul Wall

On Tue, Jan 20, 2009 at 12:50 PM, Ren Provo ren.pr...@gmail.com wrote:
 BitGravity did a great job.

Nearly every major CDN or web host was involved with the inauguration
in some manner, with no reported issues to speak of.

Some facilities-based providers even placed infrastructure with
their competitors to be extra certain they could handle the traffic
spike.

With so many involved, and in the interests of full disclosure, do you
or Comcast have any fiscal interest in BitGravity's streaming of this
event? ;)

Drive Slow
Paul Wall

Re: Anyone notice strange announcements for 174.128.31.0/24

2009-01-12 Thread Paul Wall

On Mon, Jan 12, 2009 at 7:29 PM, Leo Bicknell bickn...@ufp.org wrote:
 You really should make some friends Randy.

He is, on Second Life.

Seriously though... I've not seen any discussion of the application of
allowas-in, a valid neighbor configuration under certain
topologies/scenarios, as relates to impact today.  Also, I'd agree
announcing other peoples' ASNs, without their permission, is in bad
form.  It's okay he's doing it to you, but I bet Randy would be a lot
less smiley if you were to announce random paths with 3130.

Drive Slow,
Paul Wall

Hirschmann Switches?

2009-01-05 Thread Paul Wall

I'm looking for feedback from users of the Hirschmann (Belden)
ethernet switches in a service provider environment.  Private or
public appreciated.

Drive Slow,
Paul Wall

Re: Router Choice

2008-11-14 Thread Paul Wall

Whoa, excessive use of !...this isn't IOS ICMP output.

For those of you who want to have a chuckle, grep the word exit on
any of these fine 7750/7450 router configurations. Seeing a router
configuration that contains 10,000+ instances of the word exit makes
me recall the fine book FINAL EXIT. Seems like a poor mans version of
nesting with { }'s in JUNOS.

Some of my gripes on the Timetra (whens the last time Alcatel built
something themselves instead of acquire it?) box are that it really is
catered to installs where Alcatel is running the design side of the
network as well. The CLI is somewhat non-intuitive for IOS, IOS-XR or
JUNOS operations staff. Here are some examples:

Here in 2008, why are people buying boxes that do not support
candidate configuration or commit/rollback? The only thing you can
commit on the box is routing policy changes. I thought this was a
service provider box?

For years (this might not be the case anymore), any time you attempted
to use the short-form of the show command by typing sh, you
received a syntax error. This is because there were two commands that
began with sh: show and shell. The problem is that the shell command
prompts you for a password that only Alcatel knows (and won't share
with any customers that I'm aware of). So, if your own customers cant
run the command, why give users a headache?

Its a router, why do I have to do show router route to see a routing
table entry? For years, you also had to suffix the command exact on
the end of every command as well.

Pricing wise...they're way above other boxes that you can find
elsewhere that can do the jobs you need. Both the Cisco 7600 and the
Juniper MX line both have a way better CLI and employ a knowledgeable
staff of seasoned former service provider engineers. Alcatel seems to
be comprised of failed router startup guys from Caspian or Chiaro.
Feature wise, they're behind the curve when it comes to competing with
Cisco and Juniper. I think this is also shown in how they name their
software releases as Feature Groups (telco-speak, anyone?).

The main thing I want to speak to is that this box is not made for
your clueful IP operator. Alcatel is very insistent that the customer
use their UNIX/Windows NMS (I believe they call the SAM) to interface
with the routers. Sorry but...that might fly in telcoland where
executives ooh and ahh over point-and-click network management, but I
think most operators are going to find it a tad bit useless.

Sure, they do have NSR, but so did Avici. Does NSR make up for the
lack of features, high pricing and being stuck at 20Gbps per slot?
Yes, they do have 40Gbps per slot on the way, but who doesn't support
40Gbps per slot today?

Why bother stepping back a few years in development when if you want a
solid P core box, Foundry MLX/XMR, Juniper MX, Cisco 7600s and CRS-1's
are ready now and at prices that really aren't all that bad. Oh yeah,
you wont scratch the hell out of your finger nails when removing the
compact flash on those boxes.

Drive slow, pinging 10().

On Wed, Nov 12, 2008 at 10:31 AM, devang patel [EMAIL PROTECTED] wrote:
 I guess they have good lab in Plano, TX also!!!I worked on the same routers
 for IPTV deployment and really they are best!!!


 regards
 Devang Patel

 On Wed, Nov 12, 2008 at 8:43 AM, Dan Snyder [EMAIL PROTECTED] wrote:

 I think that the 7750SR routers are great and you won't be let down. We
 used to have an all Cisco network and I was skeptical at first but they have
 been great.

 As for nss and nsr when we tested this by failing a cpm we saw less than 50
 ms of traffic loss. I would see if you could go to either California or
 Canada to one of ALUs labs and have it demonstrated for you.

 hth,
 Dan



 Sent from my iPhone


 On Nov 12, 2008, at 7:40 AM, Raymond Macharia [EMAIL PROTECTED]
 wrote:

  Hello  fellow nanogers,
 I am a long time user of Cisco gear and currently evaluating an
 alternative
 for my network expansion. currently the one that looks like it will be
 able
 to do the job iare Alcatel-Lucent 7710/7750 service routers.
 I am looking for real life experience of those who have used it and what I
 may need to watch out for (if anything) I have seen in some of their
 documentation features like Non-stop Services (NSS) and Non-stop Routing
 (NSR). are these features real world deployable.
 oh, just to add I want to use the routers as P routers in my IP/MPLS core

 Regards
 --
 Raymond Macharia

Re: Sprint / Cogent dispute over?

2008-11-02 Thread Paul Wall

On Sun, Nov 2, 2008 at 6:05 PM, Brandon Galbraith
[EMAIL PROTECTED] wrote:
 Seeing as Cogent is going to try tooth and nail to keep their new found Tier
 1 status (and not pay anyone for transit), I would think this would bode
 worse for Sprint, since most of their transit customers could migrate to
 Cogent (saving $$$ and not having to face future depeerings). Just my $0.02.

Cogent has never been a Tier 1, they have only been transit free. Being
transit free is not a difficult accomplishment, it just means that you don't
announce or receive routes via a relationship which is intended to be heard
by the entire Internet. You could easily go out and buy transit from each of
the existing transit free networks, tag your routes with communities to only
announce to customers, and become a transit free network with global
reachability overnight. Of course, this carries with it the risk of breaking
global Internet connectivity in the event of a depeering. It is well known
that Cogent pays for out-of-ratio traffic with Level3 and Telia, and clearly
Sprint says that they have no actual peering agreement. This doesn't have
the making of a real tier 1 network.

As far as fighting tooth and nail, that much seems abundantly clear
considering that they are actually stealing service from Sprint (and have
been for over a year) in order to maintain their status. They used a trial
peering session to weasel their way into a direct connection with Sprint,
and once they got it they intentionally changed their announcements so
that if Sprint disconnected them it would cause unreachability.

It seems abundantly clear that this situation was created entirely by
Cogent, and that they are intentionally harming their customers and the
customers of Sprint in an effort to extort a settlement free relationship.
This is despicable behavior, if not outright criminal activity considering
the theft of service they are committing, and it is amazing that Sprint
cared enough about Internet connectivity to allow it to continue for so
long, and to restore connectivity temporarily.

If any of us stopped paying for our Internet service, and set up routing
so that as soon as our provider turned us off we would be reachable to
them and their customers complained, then demanded that they give
us free service in order to restore connectivity, we would be laughed
at. That is what Cogent has done here, and just because they've done
it on a large scale doesn't make it right. This specific issue will be
solved in a real court and not the court of public opinion, but we
should all do our parts to recognize the blatant lies Cogent has told,
and to make it clear that we will not accept that kind of behavior. The
last thing the Internet needs is more misguided regulation because
someone actually believed Cogent's lies.

Re: Sprint v. Cogent, some clarity facts

2008-11-02 Thread Paul Wall

On Mon, Nov 3, 2008 at 1:26 AM, Patrick W. Gilmore [EMAIL PROTECTED] wrote:
 1. Neither Sprint nor Cogent have transit
 Both Sprint  Cogent are transit-free networks.  (Notice how I carefully
 avoided saying tier one?)

How do you explain Cogent's arrangement with NTT (AS 2914)?  If it's
not transit, what is it?

Does Akamai have peering arrangements with Cogent directly?

Paul

Re: paix palo attitude

2008-10-01 Thread Paul Wall

IIJ had some empty space when I was there the other day, you should
ask them for a feed and some Us. :)

Seriously though, is the requirement to be physically plugged into the
fabric an important one?  Might some ebgp multihop feeds to a remote
route collector suffice?

Drive Slow,
Paul Wall

On Tue, Sep 30, 2008 at 12:45 PM, Randy Bush [EMAIL PROTECTED] wrote:
 we're looking at dropping 2/3 of a rack of routing research measurement
 kit into paix palo alto, and have some questions.  considering the price
 of space and power, we want to kinda make sure we'll get the data we need.

 we are looking specifically for a large amount of bgp peering data, we
 hope that folk will give us bgp peering though we expect no in- or
 out-bound traffic.  think analogously to route views, though the kit on
 our end will be grinding the beans much more finely, espressoBGP :).

 pnis are expensive.  if we plug into the peering mesh, are any larger
 folk on it?

 if not, would we be better off at the linx, at de-cix, at amsix, in
 stockholm?

 private replies are probably better as this is not of general interest.
  thanks.

 randy

Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer

2008-09-24 Thread Paul Wall

Russell,

Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.

Why are you only now shutting them down?

Thank you for proving that our research was not for naught, and that
Atrivo/Intercage is a black hat operation which needs to be
permanently disconnected from the Internet at all costs.

Drive Slow,
Paul Wall

Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer

2008-09-24 Thread Paul Wall

On Wed, Sep 24, 2008 at 12:13 AM, Russell Mitchell [EMAIL PROTECTED] wrote:
 Hello Paul,

 Those are their IP Blocks. We were simply routing them, as they were our 
 client.
 They've owned these blocks for quite a while. They seem to have moved that 
 after a day of being down.

You're not very good at this are you? For future reference, when
you're trying to pretend like you've cleaned up your act and someone
asks you why your second largest cyber criminal customer is no longer
on your network, you say we kicked them off for abuse too, not they
left us after a day of being down due to outages caused by our hosting
of an even bigger criminal.

Drive Slow,
Paul Wall

Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer

2008-09-23 Thread Paul Wall

Hold the rejoicing, Atrivo is back, this time on UnitedLayer.

I'd contact them, only they seem to change CTOs every month or two,
does anybody know who's currently in charge?

Thank you, and Drive Slow,
Paul Wall

Re: Atrivo/Intercage: NO Upstream depeer

2008-09-22 Thread Paul Wall

Emil,

If you've actually shut off the RBN, you should have no problem
finding some new transit to turn up, right?

We're in a buyer's market, and there are dozens of vendors on-net at
200 Paul who'd love a piece of your business.

Drive Slow,
Paul Wall

On Sun, Sep 21, 2008 at 3:20 PM, Emil Kacperski [EMAIL PROTECTED] wrote:
 Hello,

 It's true that David from PIE disconnected our link approx 9pm or so 
 yesterday.  Things were going perfect, no complaints for a few weeks now.  
 The only thing I believe is that NTT gave lots of pressure to PIE.  For some 
 unknown reason when I tried to reach out to the security guy at NTT he 
 basically said our contract is with PIE.

 So in a time like this you really get to know who your friends are and who 
 should be avoided.

 Onward and upward!  What doesn't kill you only makes you stronger ;-).  Just 
 feel bad for the customers for which I am truly sorry for right now ;-(.

 Thanks!

 Contact: Emil Kacperski

 Company: Intercage Inc. - Atrivo

 Dedicated Servers

 San Francisco Datacenter

 E-Mail:  [EMAIL PROTECTED]

 Phone:   925-550-3947

 ICQ: 23531098

Atrivo Update

2008-09-17 Thread Paul Wall

I've been in touch with all of the upstream transit providers
currently routing Atrivo/Intercage netblocks.

Without naming any names, they are all aware, and working on getting
them pulled in accordiance with their AUPs.

Hats off particularly to NTT and AboveNet for going the extra mile here.

(Unfortuantely, I understand sales and contractual pushback can
sometimes put a damper on these things.)

Gas is still expensive, so Drive Slow,
Paul Wall

Re: Atrivo/Intercage: Now Only 1 Upstream

2008-09-15 Thread Paul Wall

Paul,

Cogent is keeping tabs of the Intercage/Atrivo situation in ticket
HD000789038.  Be sure to e-mail or call them referencing that
number with any information you may have to share.

AboveNet's ticket auto-responder is broken.

I've been unable to get a response out of NTT (AS 2914).

Drive Slow,
Paul Wall

Re: New Intercage upstream

2008-09-12 Thread Paul Wall

This is easy.

Hey Cogent (174), AboveNet (6461), and NTT/Verio (2914),

Could you guys please be sure you're not routing the following rogue
customer prefixes?

58.65.238.0/24
58.65.239.0/24
64.28.176.0/20
67.130.99.0/24
67.210.0.0/21
67.210.8.0/22
67.210.13.0/24
67.210.14.0/23
69.1.78.0/24
69.22.162.0/23
69.22.168.0/22
69.22.184.0/22
69.31.64.0/20
69.50.160.0/20
69.50.176.0/20
69.130.99.0/24
69.250.145.0/24
85.255.113.0/24
85.255.114.0/23
85.255.116.0/23
85.255.118.0/24
85.255.119.0/24
85.255.120.0/24
85.255.121.0/24
85.255.122.0/24
93.188.160.0/21
116.50.10.0/24
116.50.11.0/24
195.95.218.0/23
216.255.176.0/20

Thank you, and Drive Slow,
Paul Wall

On Fri, Sep 12, 2008 at 4:29 AM,  [EMAIL PROTECTED] wrote:
 Looks like they found a new willing partner.

 AS32335  PACIFICINTERNETEXCHANGE-NET - Pacific Internet Exchange LLC.

 http://cidr-report.org/cgi-bin/as-report?as=AS27595

 http://www.pacificinternetexchange.net/


 Marc

Re: only WV FIBER now peering with Atrivo / Intercage

2008-09-06 Thread Paul Wall

Gadi,

A quick look at route-views will confirm that Atrivo is multi-homed.
And WV Fiber is a transit provider to them, not a peer.

As NANOG community members in good standing, I'm sure WV, nLayer, etc
would take the appropriate action if you were to contact their
respective abuse departments, *privately*, with evidence of active
abuse on Atrivo's part.

Drive Slow,
Paul Wall

On Sat, Sep 6, 2008 at 9:47 AM, Gadi Evron [EMAIL PROTECTED] wrote:
 http://cidr-report.org/cgi-bin/as-report?as=AS27595v=4view=2.0#AS27595

Gadi.

Re: BCP38 dismissal

2008-09-05 Thread Paul Wall

On Thu, Sep 4, 2008 at 2:12 PM, Greg Hankins [EMAIL PROTECTED] wrote:
 Hey Paul, would you be able to demonstrate this problem?  I'd like to see
 it so that we can investigate and fix it.

 You are correct that the first generation of E-Series hardware (EtherScale)
 had little control plane protection.

 The current E-Series hardware (TeraScale) has a completely different
 architecture that rate limits, queues and filters all packets destined to
 the control plane.

In my current job, I don't have access to this kind of iron.  The
afforementioned Linksys solution provides more than enough capacity.

If you could provide me login/enable access to a current E-series box
with no firewalls sitting in front, I can most likely replicate.

(Off-list, in the interest of keeping things on-topic, with a
follow-up summary sent on-...)

Drive Slow,
Paul Wall

Re: [Fwd:] Nvidia NICs with duplicate mac addresses

2008-09-05 Thread Paul Wall

On Fri, Sep 5, 2008 at 12:04 PM, Jim Shankland [EMAIL PROTECTED] wrote:

 Nvidia NICs ... as my mother said, if you can't say anything nice,
 don't say anything at all.  So the rest is silence.

Hi Jim,

My mother wasn't quite so adamant, she just said don't cuss, so I'll
try to keep it clean as I relate my experiences with these NICs of
our affliction.

As you're probably aware, Nvidia doesn't really have it together in
terms of playing nicely with open source folks.  The Linux driver is
horribly reverse-engineered and the execution of the implementation is
even worse - it couldn't figure out the card's actual MAC address so
it assigned a random (and until recently often invalid, with an OUI
from bogus space) address.  This resulted in some interesting stuff in
our switch logs.

My recollection is that FreeBSD was no better.  We had one batch that
refused to pass traffic at 1000/full even when forced.  Left me pining
for nice reliable stuff like counterfeit Cisco hardware bought from a
shady eBay store out of Hong Kong.

But I digress.  Eventually we voted with our feet; I gave strict
instructions to our build guys to stop wasting our time with crummy
NICs with no support, and insisted that they pay the small amount of
extra money it takes to go with Intel.  If you're looking for a funny
prank to play on your tech staff, speccing a batch of these, sitting
back, and watching the fun would get two thumbs up from me...  but
otherwise steer clear.

Drive Slow,
Paul Wall

Re: Force10 Gear - Opinions

2008-09-04 Thread Paul Wall

On Wed, Sep 3, 2008 at 8:28 PM, Jo Rhett [EMAIL PROTECTED] wrote:
 For equivalent redundancy and ports, the Force10 is always cheaper - even
 just in list price. (on the E-series -- Cisco has some cheaper options than
 the S-series so I've heard - don't care)

Some food for thought, comparing apples to apples...

FORCE 10
*
CH-E300-BNA8-L $35,000.00
E300 110V AC Terascale Chassis Bundle: 6-slot E300 chassis
with 400 Gb backplane, fan subsystem, 3 AC Power Supplies
(CC-E300-1200W-AC) 1 Route Processor Module (EF3), 2
Switch Fabric Modules
LC-EF3-1GE-24P $30,000.00
E300 Terascale 24-port Gigabit Ethernet line card - SFP optics
required (series EF3)
CC-E300-1200W-AC $4,000.00 E300 1200W/800W AC Power Supply
CC-E-SFM3 $12,500.00 E-Series Switch Fabric Module
LC-EF3-RPM $30,000.00E300 Terascale Route processor module (series EF3)
** BASIC CONFIG WITH 24 GIG-E (SFP PORTS): $65000.00 (USD) **

CISCO

WS-C6503-E  Catalyst 6500 Enhanced 3-slot chassis,4RU,no PS,no Fan Tray 
2500
WS-SUP720-3BXL= Catalyst 6500/Cisco 7600 Supervisor 720 Fabric MSFC3
PFC3BXL 4
WS-X6724-SFP=   Catalyst 6500 24-port GigE Mod: fabric-enabled (Req. SFPs)  
15000
WS-CAC-3000W=   Catalyst 6500 3000W AC power supply (spare) 3000
PWR-950-DC= Spare 950W DC P/S for CISCO7603/Cat 65031245
WS-C6503-E-FAN= Catalyst 6503-E Chassis Fan Tray495
** BASIC CONFIG WITH 24 GIG-E (SFP PORTS) (not counting two bonus
ports on Sup :) 62240.00 (USD) **

Please realize that the above is list vs. list.  Cisco 6500 series
hardware is extremely popular in the secondary market, with discounts
of 80% or greater on linecards, etc common, furthering the argument
that Cisco is the cheaper of the two solutions.

 As a box designed with the enterprise datacenter in mind, the E-series
 looks to be missing several key service provider features, including
 MPLS and advanced control plane filtering/policing.

 Ah, because Cisco does either of these in hardware?

 Yes, they do, on the s720-3B and better.

 No, they don't.  There are *no* *zero* providers doing line-speed uRPF on
 Cisco for a reason.  Stop reading, start testing.

Cisco absolutely does MPLS and control-plane policing in hardware on
the SUP720 (3B and higher), ditto uRPF.  Force 10 doesn't even support
the first two last I checked!

On the subject of uRPF, it's true, Cisco's implementation is less than
ideal, and is not without caveats.  Nobody seems to get this right,
though Juniper tries the hardest.   Practically speaking, it can be
made to work just fine.  Possible solutions commonplace among larger
tier 1/2 providers include having your OSS auto-generate an inbound
access-list against a list of networks routed to the customer, or just
applying a boilerplate don't allow bad stuff filter on the ingress.

uRPF strict as a configuration default, on customers without possible
asymmetry (multihoming, one-way tunneling, etc) is not a bad default.
But when the customers increase in complexity, the time might come to
relax things some.  It's certainly not a be-all-end-all.  And it's
been demonstrated time after time here that anti-spoof/bogon filtering
isn't even a factor in most large-scale attacks on the public Internet
these days.  Think massively sized, well connected, botnets.  See also
CP attacks (which, again, the F10 can't even help you with).

Drive Slow,
Paul Wall

Re: Force10 Gear - Opinions

2008-09-04 Thread Paul Wall

On Thu, Sep 4, 2008 at 12:36 PM, Jo Rhett [EMAIL PROTECTED] wrote:
 Linksys, D-Link, SMC, etc are able to pull it off on the layer 3
 switches sold at Fry's for a couple benjamins a pop.  :)


 I am.  All of these boxes can forward packets at line rate, and list
 for a fraction of the price of the Force 10 S-Series.


 You and I (and any real network operator) must have different definitions of
 forward at line rate.

forwards a gig-e full of 64 byte packets, random src/dst, when you
hook a smartbits/ixia up to it is mine.  What's yours?

Mind you, this is probably one of the more useless metrics for vendor
selection these days, and nobody has a major problem with it.

Drive Slow,
Paul Wall

Re: Force10 Gear - Opinions

2008-09-04 Thread Paul Wall

On Thu, Sep 4, 2008 at 12:40 PM, Jo Rhett [EMAIL PROTECTED] wrote:
 You added a third SFM3 which has no place to go in this chassis.

No, I did not.  I did, however, list it as a point of reference for
a-la-carte analysis.

 So $52,500 versus $62,240 for the Cisco.

No, $65000.00 vs $62240.00.

 Then you need to add recertify cost, which isn't cheap.  And given that you
 can purchase Force10 stuff *NEW* at 60% discount, you're pitting new against
 used for similar prices.

Yes and no.  Level3 might have an aversion to running random refurbs
in production (just using them as an example, they also might not :).
Smaller hosting or SP shop represented on the list, not so much.

And 60 points off Cisco is possible, even for small shops with some
negotiating ability.

Drive Slow,
Paul Wall

Re: BCP38 dismissal

2008-09-04 Thread Paul Wall

On Thu, Sep 4, 2008 at 12:45 PM, Jo Rhett [EMAIL PROTECTED] wrote:
 I'm sorry, but nonsense statements such as these burn the blood.  Sure, yes,
 protecting yourself is so much more important than protecting anyone else.

 Anyone else want to stand up and join the I am an asshole club?

uRPF is important.  But all the uRPF in the world won't protect you
against a little tcp/{22,23,179} SYN aimed at your Force 10 box.

Ya know what I mean?

Paul Wall

1 2 >

1 - 100 of 134 matches

Mail list logo