Re: My First BGP-Hijacking Explanation

[scott]

On 4/8/2021 12:19 PM, Eric Kuhnke wrote:


As an anecdotal data point, the only effect this has had is teaching 
random 14 year olds how to use ordinary consumer grade VPNs, which 
work just fine.

-



That's a silver lining in the dark cloud.  They're learning networking; 
sort of. :)


scott

Re: 10 years from now... (was: internet futures)

[scott]

On 3/26/2021 9:42 AM, Michael Thomas wrote:

LEO internet providers will be coming online which might make a
difference in the corners of the world where it's hard to get access,
but will it allow internet access to parachute in behind the Great
Firewall?

How do the Chinas of the world intend to deal with the Great Firewall
implications?

This is what I hope will change in the next 10 years.  "Turning off the
internet" will be harder and harder for folks suppressing others, many
times violently, and hiding it from everyone else.  A small-ish antenna
easily hidden would be necessary.


On 3/27/2021 5:30 PM, na...@jima.us wrote:

Please don't forget that RF sources can be tracked down by even 
minimally-well-equipped adversaries.


Spread spectrum?  ;)

https://en.wikipedia.org/wiki/Spread_spectrum

scott
 

Re: 10 years from now... (was: internet futures)

[scott]

On 3/26/2021 9:42 AM, Michael Thomas wrote:
LEO internet providers will be coming online which might make a 
difference in the corners of the world where it's hard to get access, 
but will it allow internet access to parachute in behind the Great 
Firewall?


How do the Chinas of the world intend to deal with the Great Firewall 
implications? 



This is what I hope will change in the next 10 years.  "Turning off the 
internet" will be harder and harder for folks suppressing others, many 
times violently, and hiding it from everyone else.  A small-ish antenna 
easily hidden would be necessary.


scott

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

On Tue, Mar 23, 2021 at 2:35 PM scott <mailto:sur...@mauigateway.com>> wrote:



Well, now we are likely find out what happens when Discord is bought:


"Microsoft in talks to buy Discord messaging platform - sources"


https://www.reuters.com/article/us-discord-m-a/microsoft-in-talks-to-buy-discord-messaging-platform-sources-idUSKBN2BE320

<https://www.reuters.com/article/us-discord-m-a/microsoft-in-talks-to-buy-discord-messaging-platform-sources-idUSKBN2BE320>


--

On 3/23/2021 8:39 AM, Tom Beecher wrote:

Nope.

https://www.discourse.org/ <https://www.discourse.org/> != 
https://discord.com/ <https://discord.com/>





Oops, thanks.  I will go and hide in the corner with my coffee pot...

scott

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

Well, now we are likely find out what happens when Discord is bought:


"Microsoft in talks to buy Discord messaging platform - sources"

https://www.reuters.com/article/us-discord-m-a/microsoft-in-talks-to-buy-discord-messaging-platform-sources-idUSKBN2BE320


scott

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

One last thing before I stop.  How would the numerous NANOG archives 
work when everything is on Discourse?  The same?


scott

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

On 3/22/2021 11:43 AM, Edward McNair wrote:

Our mailing list is a clear indication that size does not fit all.


--


Could you elaborate on that?  This assumes everyone agrees with the 
statement.  I don't think that is the case.  It is certainly not the 
case for me.  I know how to filter out subjects I don't want to read.  
It is easy.


What happens if Discourse get bought or goes out of business?

scott


Just a few yuck things:

"Let the community suppress spam and dangerous content, and amicably 
resolve disputes." (that would never be misused to suppress something 
the community moderators don't like...never...)


"When someone quotes your post, we’ll notify you. When someone mentions 
your @name, we’ll notify you. When someone replies to your post… well, 
you get the idea. And if you’re not around, we’ll email you, too." (WTF?)


"Encourage positive community behaviors through the included set of 
badges"  (ohhh, I want a shiny badge!)


"Discourse was designed for high resolution touch devices..."

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

On 3/22/2021 4:00 AM, Mike Hammett wrote:
The migration happened just a month or two ago. Are we talking about 
the same thing?


TBH, most discussion in the WISP space has moved to Facebook. The busy 
WISPA mailing lists used to get about 20k messages per year. When I 
last checked, they were down to 5k or so and on a downward trend. 
Meanwhile, the Facebook groups have exploded, both in members per 
group and the number of groups.


--



Please tell me you're not suggesting that to be able to participate in 
NANOG a person must move to FB.  I would get banned from NANOG for 
saying what I think about that...



scott

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

On 3/20/2021 3:34 PM, David Siegel wrote:


...not to mention that all mature networks are moving more towards GUI 
front ends for their automated network.  As the complexity of 
a network increases, CLI access becomes considerably more risky.


The idea that "real engineers use the CLI" is dinosaur thinking that 
will eventually land those with that philosophy out of a job.  Just my 
personal $.02 (though I'm certainly not alone in my opinion).


-

I didn't mean to imply "real engineers use the CLI" only, but that's the 
way you read it (perhaps others, too), so all good. Definitely, there is 
no shortage of network engineering jobs for those that mainly use CLI 
compared to those that use mainly/only a GUI, at least as far as I have 
seen.  The CLI works on all networks, but a GUI is different in each 
network.  As was mentioned upthread, there is a place for a GUI.  I am 
not implying there is not a place for it.


I can't even begin to imagine trying to troubleshoot the complex 
problems I deal with day-to-day on a GUI and I am on a medium sized 
network compared to those on this list.




But I'd like to reiterate that the board's goal with modernization is 
not to alienate anyone from the existing community by forcing them 
into a web-interface. Discourse is under evaluation, and if it doesn't 
accomplish the goal we'll try something else or build our own tool.


---

Thanks for that. I consider this list one of the most important tools I 
have for learning about networking.


scott









Dave




On Sat, Mar 20, 2021 at 6:52 PM Matthew Petach <mailto:mpet...@netflight.com>> wrote:




On Sat, Mar 20, 2021 at 5:13 PM scott mailto:sur...@mauigateway.com>> wrote:
[...]

 Of course, one would
not find an HTTP GUI on the bigger networks dealt with on this
list;
only on the tiny networks.  So they're beginning learners and
are, of
course, welcome.  They will lean a lot, just as I did in the
early days
and do every day now days.

[...]

scott


Let's see...
Google: Gmail
Microsoft: Hotmail/Outlook/Office365
Yahoo/VerizonMedia: Yahoo Mail

I'd have to say, there's some pretty big networks on this list that
use HTTP GUIs for their email.

Of course, you might be big enough that you look down on the
networks of Google, Microsoft, and VZM as "tiny networks" -- in
which case, you're definitely entitled to your opinion, as all 8000
pound gorillas that look down on the puny 800 lb gorillas are.  ;)

Matt

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

On 3/20/2021 2:47 PM, Matthew Petach wrote:

On Sat, Mar 20, 2021 at 5:13 PM scott <mailto:sur...@mauigateway.com>> wrote:

[...]

 Of course, one would
not find an HTTP GUI on the bigger networks dealt with on this list;
only on the tiny networks.  So they're beginning learners and are, of
course, welcome.  They will lean a lot, just as I did in the early
days
and do every day now days.

[...]

Let's see...
Google: Gmail
Microsoft: Hotmail/Outlook/Office365
Yahoo/VerizonMedia: Yahoo Mail

I'd have to say, there's some pretty big networks on this list that
use HTTP GUIs for their email.





You missed the sentence just before that:

"I would think a person who can't figure out how use filters on a mail 
client would rather configure routers through the HTTP GUI, rather than 
the CLI."


scott

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[scott]

:: The board has been thinking about enhancements to the NANOG list for 
a couple of years now


Please let me put in my $0.02.  I would like to ask that there're no 
changes.  For myself, it has been 24 years here and I see no problems.  
I enjoy the off-topic as much as the on-topic...most times.  If a person 
can't figure out how to filter out a subject or sender in an email 
client they will have way more problems trying to be a network engineer 
on anything but the tiniest of networks.  I would think a person who 
can't figure out how use filters on a mail client would rather configure 
routers through the HTTP GUI, rather than the CLI.  Of course, one would 
not find an HTTP GUI on the bigger networks dealt with on this list; 
only on the tiny networks.  So they're beginning learners and are, of 
course, welcome.  They will lean a lot, just as I did in the early days 
and do every day now days.


In agreement with others here, randy's comment:

"i do not find the volume or diversity on the nanog list problematic.
in fact, i suspect its diversity and openness are major factors in
it being the de facto global anything-ops list.  perhaps we do not
need to fix that."

Is spot on.

And last, John Covici also hit the nail on the head and all network 
engineers will recognize his comment "Keep it simple, please" as a very 
nice way of saying KISS, which any network engineer who has had time on 
a network will realize as the basic design principle.


scott

Re: Australian Dark Fibre Providers - Sydney

[scott]

On 3/10/2021 3:37 PM, Rod Beck wrote:

Anyone besides Superloop?


---


Try over on AusNOG.


scott

Re: Microsoft Exchange zero day

[Scott Morizot]

On Fri, Mar 5, 2021 at 4:26 PM Eric Kuhnke  wrote:

> ISPs/NSPs with customers running self hosted or on-premises Exchange may
> want to be aware of this.
>
>
>
> https://krebsonsecurity.com/2021/03/at-least-3-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
>
>
> https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
>

Yes, and CISA released an alert and an emergency directive.

https://us-cert.cisa.gov/ncas/current-activity/2021/03/03/cisa-issues-emergency-directive-and-alert-microsoft-exchange

Re: Famous operational issues

[scott]

On 2/23/2021 12:22 PM, Justin Streiner wrote:

An interesting sub-thread to this could be:
Have you ever unintentionally crashed a device by running a perfectly 
innocuous command?

---


There was that time in the later 1990s where I took most of a global 
network down several
times by typing "show ip bgp regexp " on most all of the 
core routers.  It turned
out to be a cisco bug.  I looked for a reference, but cannot find one.  
Ahh, the earlier days of

the commercial internet...gotta love'em.

scott

Re: Famous operational issues

[scott]

On 2/16/2021 9:37 AM, John Kristoff wrote:

I'd suggest the AS 7007 event is perhaps the most notorious and 
likely to top many lists including mine. 




AS7007 is how I found NANOG.  We (Digital Island; first job out
of college) were in 10-20 countries around the planet at the time.
All of them wentdown while we were in cisco training.  I kept
interrupting the class andtelling my manager "everything's down!
We need to stop the training and get on it!"  We didn't because I
was new and no onebelieved that much could go down all at once.
They assumed it was a monitoring glitch.So, the training
continued for a while until very senior engineers got involved.
One of the senior guys said something to the effect of "yeah, it's
all over NANOG."  I said what is NANOG?  I signed upfor the list
and many of you have had to listen to me ever since... ;)

scott

Re: DoD IP Space

[scott]

On 2/12/2021 8:39 PM, Mark Tinka wrote:

On 2/12/21 21:56, scott wrote:


100% agreed!  Been whining about that here many times.  I have been 
trying to get IPv6 going for a long time, but the above stopped my 
plans.  One thing I mentioned recently, though, is we just got a 
$BIGCUSTOMER and their requirement was we do IPv6. So keep your IPv6 
deployment plans ready.  In my case they said a 'we need it right 
now' kind of thing.  That could happen to anyone here.


How about just doing it and then asking for forgiveness later :-)?

That's what I did in 2005, but fair point, the network was only 2 
routers big and in just one city :-).





I would be looking for a new job and it is a much larger network than 2 
routers is a big city.  :)    Sabri Berisha was correct: "The true enemy 
here is mid-level management that refuses to prioritize deployment of 
IPv6.   What we should be discussing is how best to approach that 
problem. It's where ops and corporate politics overlap."   What I always 
heard when I bring it up and they don't want to talk about it was 
"What's the business case?" They know there isn't one.


scott

Re: DoD IP Space

[scott]

--- sa...@cluecentral.net wrote:
From: Sabri Berisha 

The true enemy here is mid-level management that refuses to prioritize 
deployment of IPv6.


What we should be discussing is how best to approach that problem. It's 
where ops and corporate politics overlap.

--


100% agreed!  Been whining about that here many times.  I have been 
trying to get IPv6 going for a long time, but the above stopped my 
plans.  One thing I mentioned recently, though, is we just got a 
$BIGCUSTOMER and their requirement was we do IPv6.  So keep your IPv6 
deployment plans ready.  In my case they said a 'we need it right now' 
kind of thing.  That could happen to anyone here.


scott

Re: Parler

[K. Scott Helms]

They certainly have been many many times, but that's an entirely
different animal than the rules for content hosting and publishing.
Actions from network providers have (AFAIK) always been in conjunction
with some traffic from or to the violating party rather than an
otherwise legal content hosting arrangement.


Scott Helms


On Sun, Jan 10, 2021 at 9:05 PM mark seery  wrote:
>
> I assume multiple networks/ ISPs that have acceptable use policies that call 
> out criminality and incitement to violence, for example:
>
> https://www.xfinity.com/support/articles/comcast-acceptable-use-policy
>
> Have these AUPs been invoked previously for these reasons, or would that be 
> new territory?
>
> Sent from Mobile Device
>
> On Jan 10, 2021, at 2:52 PM, K. Scott Helms  wrote:
>
> 
> Right, it's not a list for content hosting.
>
> Scott Helms
>
> On Sun, Jan 10, 2021, 5:42 PM  wrote:
>>
>> No, this is a list for Network Operators.
>>
>> Sent from my iPhone
>>
>> On Jan 10, 2021, at 5:32 PM, K. Scott Helms  wrote:
>>
>> 
>> This is a list for pushing bits.  The fact that many/most of us have other 
>> businesses doesn't make this an appropriate forum for SIP issues (to use my 
>> own work as an example).
>>
>> On Sun, Jan 10, 2021, 4:52 PM  wrote:
>>>
>>> This is a list for Network Operators, AWS certainly operates networks.
>>>
>>> Sent from my iPhone
>>>
>>> On Jan 10, 2021, at 4:27 PM, K. Scott Helms  wrote:
>>>
>>> 
>>> No,
>>>
>>> It really does not.  Section 230 only applies to publishers, and not to 
>>> network providers.  If this were a cloud hosting provider list then you'd 
>>> be correct, but as a network provider's list it does not belong here.
>>>
>>>
>>> Scott Helms
>>>
>>>
>>>
>>> On Sun, Jan 10, 2021 at 3:21 PM Lady Benjamin PD Cannon  
>>> wrote:
>>>>
>>>> As network operations and compute/cloud/hosting operations continue to 
>>>> coalesce, I very much disagree with you.  Section 230 is absolutely 
>>>> relevant, this discussion is timely and relevant, and it directly affects 
>>>> me as both a telecom and cloud compute/services provider.
>>>>
>>>>
>>>> —L.B.
>>>>
>>>> Lady Benjamin PD Cannon, ASCE
>>>> 6x7 Networks & 6x7 Telecom, LLC
>>>> CEO
>>>> b...@6by7.net
>>>> "The only fully end-to-end encrypted global telecommunications company in 
>>>> the world.”
>>>> FCC License KJ6FJJ
>>>>
>>>> 
>>>> 
>>>>
>>>> On Jan 10, 2021, at 12:13 PM, K. Scott Helms  
>>>> wrote:
>>>>
>>>> It's not, and frankly it's disappointing to see people pushing an agenda 
>>>> here.
>>>>
>>>>
>>>> Scott Helms
>>>>
>>>>
>>>> On Sun, Jan 10, 2021 at 9:37 AM  wrote:
>>>>
>>>>
>>>> NANOG is a group of Operators, discussion does not have to be about 
>>>> networking. I have already explained how this represents a significant 
>>>> issue for Network Operators.
>>>>
>>>> On Jan 10, 2021, at 9:09 AM, Mike Bolitho  wrote:
>>>>
>>>> 
>>>> It has nothing to do with networking. Their decision was necessarily 
>>>> political. If you can specifically bring up an issue, beyond speculative, 
>>>> on how their new chosen CDN is somehow now causing congestion or routing 
>>>> issues on the public internet, then great. But as of now, that isn't even 
>>>> a thing. It's just best to leave it alone because it will devolve into 
>>>> chaos.
>>>>
>>>> - Mike Bolitho
>>>>
>>>> On Sun, Jan 10, 2021, 6:54 AM  wrote:
>>>>
>>>>
>>>> Why? This is extremely relevant to network operators and is not political 
>>>> at all.
>>>>
>>>> On Jan 10, 2021, at 8:51 AM, Mike Bolitho  wrote:
>>>>
>>>> 
>>>> Can we please not go down this rabbit hole on here? List admins?
>>>>
>>>> - Mike Bolitho
>>>>
>>>> On Sun, Jan 10, 2021, 1:26 AM William Herrin  wrote:
>>>>
>>>>
>>>> Anybody looking for a new customer opportunity? It seems Parler is in
>>>> search of a new service provider. Vendors need only provide all the
>>>> proprietary AWS APIs that Parler depends upon to function.
>>>>
>>>> https://www.washingtonpost.com/technology/2021/01/09/amazon-parler-suspension/
>>>>
>>>> Regards,
>>>> Bill HErrin
>>>>
>>>>

Re: Parler

[K. Scott Helms]

Right, it's not a list for content hosting.

Scott Helms

On Sun, Jan 10, 2021, 5:42 PM  wrote:

> No, this is a list for Network Operators.
>
> Sent from my iPhone
>
> On Jan 10, 2021, at 5:32 PM, K. Scott Helms 
> wrote:
>
> 
> This is a list for pushing bits.  The fact that many/most of us have other
> businesses doesn't make this an appropriate forum for SIP issues (to use my
> own work as an example).
>
> On Sun, Jan 10, 2021, 4:52 PM  wrote:
>
>> This is a list for Network Operators, AWS certainly operates networks.
>>
>> Sent from my iPhone
>>
>> On Jan 10, 2021, at 4:27 PM, K. Scott Helms 
>> wrote:
>>
>> 
>> No,
>>
>> It really does not.  Section 230 only applies to publishers, and not to
>> network providers.  If this were a cloud hosting provider list then you'd
>> be correct, but as a network provider's list it does not belong here.
>>
>>
>> Scott Helms
>>
>>
>>
>> On Sun, Jan 10, 2021 at 3:21 PM Lady Benjamin PD Cannon 
>> wrote:
>>
>>> As network operations and compute/cloud/hosting operations continue to
>>> coalesce, I very much disagree with you.  Section 230 is absolutely
>>> relevant, this discussion is timely and relevant, and it directly affects
>>> me as both a telecom and cloud compute/services provider.
>>>
>>>
>>> —L.B.
>>>
>>> Lady Benjamin PD Cannon, ASCE
>>> 6x7 Networks & 6x7 Telecom, LLC
>>> CEO
>>> b...@6by7.net
>>> "The only fully end-to-end encrypted global telecommunications company
>>> in the world.”
>>> FCC License KJ6FJJ
>>>
>>> 
>>> 
>>>
>>> On Jan 10, 2021, at 12:13 PM, K. Scott Helms 
>>> wrote:
>>>
>>> It's not, and frankly it's disappointing to see people pushing an agenda
>>> here.
>>>
>>>
>>> Scott Helms
>>>
>>>
>>> On Sun, Jan 10, 2021 at 9:37 AM  wrote:
>>>
>>>
>>> NANOG is a group of Operators, discussion does not have to be about
>>> networking. I have already explained how this represents a significant
>>> issue for Network Operators.
>>>
>>> On Jan 10, 2021, at 9:09 AM, Mike Bolitho  wrote:
>>>
>>> 
>>> It has nothing to do with networking. Their decision was necessarily
>>> political. If you can specifically bring up an issue, beyond speculative,
>>> on how their new chosen CDN is somehow now causing congestion or routing
>>> issues on the public internet, then great. But as of now, that isn't even a
>>> thing. It's just best to leave it alone because it will devolve into chaos.
>>>
>>> - Mike Bolitho
>>>
>>> On Sun, Jan 10, 2021, 6:54 AM  wrote:
>>>
>>>
>>> Why? This is extremely relevant to network operators and is not
>>> political at all.
>>>
>>> On Jan 10, 2021, at 8:51 AM, Mike Bolitho  wrote:
>>>
>>> 
>>> Can we please not go down this rabbit hole on here? List admins?
>>>
>>> - Mike Bolitho
>>>
>>> On Sun, Jan 10, 2021, 1:26 AM William Herrin  wrote:
>>>
>>>
>>> Anybody looking for a new customer opportunity? It seems Parler is in
>>> search of a new service provider. Vendors need only provide all the
>>> proprietary AWS APIs that Parler depends upon to function.
>>>
>>>
>>> https://www.washingtonpost.com/technology/2021/01/09/amazon-parler-suspension/
>>>
>>> Regards,
>>> Bill HErrin
>>>
>>>
>>>

Re: Parler

[K. Scott Helms]

This is a list for pushing bits.  The fact that many/most of us have other
businesses doesn't make this an appropriate forum for SIP issues (to use my
own work as an example).

On Sun, Jan 10, 2021, 4:52 PM  wrote:

> This is a list for Network Operators, AWS certainly operates networks.
>
> Sent from my iPhone
>
> On Jan 10, 2021, at 4:27 PM, K. Scott Helms 
> wrote:
>
> 
> No,
>
> It really does not.  Section 230 only applies to publishers, and not to
> network providers.  If this were a cloud hosting provider list then you'd
> be correct, but as a network provider's list it does not belong here.
>
>
> Scott Helms
>
>
>
> On Sun, Jan 10, 2021 at 3:21 PM Lady Benjamin PD Cannon 
> wrote:
>
>> As network operations and compute/cloud/hosting operations continue to
>> coalesce, I very much disagree with you.  Section 230 is absolutely
>> relevant, this discussion is timely and relevant, and it directly affects
>> me as both a telecom and cloud compute/services provider.
>>
>>
>> —L.B.
>>
>> Lady Benjamin PD Cannon, ASCE
>> 6x7 Networks & 6x7 Telecom, LLC
>> CEO
>> b...@6by7.net
>> "The only fully end-to-end encrypted global telecommunications company in
>> the world.”
>> FCC License KJ6FJJ
>>
>> 
>> 
>>
>> On Jan 10, 2021, at 12:13 PM, K. Scott Helms 
>> wrote:
>>
>> It's not, and frankly it's disappointing to see people pushing an agenda
>> here.
>>
>>
>> Scott Helms
>>
>>
>> On Sun, Jan 10, 2021 at 9:37 AM  wrote:
>>
>>
>> NANOG is a group of Operators, discussion does not have to be about
>> networking. I have already explained how this represents a significant
>> issue for Network Operators.
>>
>> On Jan 10, 2021, at 9:09 AM, Mike Bolitho  wrote:
>>
>> 
>> It has nothing to do with networking. Their decision was necessarily
>> political. If you can specifically bring up an issue, beyond speculative,
>> on how their new chosen CDN is somehow now causing congestion or routing
>> issues on the public internet, then great. But as of now, that isn't even a
>> thing. It's just best to leave it alone because it will devolve into chaos.
>>
>> - Mike Bolitho
>>
>> On Sun, Jan 10, 2021, 6:54 AM  wrote:
>>
>>
>> Why? This is extremely relevant to network operators and is not political
>> at all.
>>
>> On Jan 10, 2021, at 8:51 AM, Mike Bolitho  wrote:
>>
>> 
>> Can we please not go down this rabbit hole on here? List admins?
>>
>> - Mike Bolitho
>>
>> On Sun, Jan 10, 2021, 1:26 AM William Herrin  wrote:
>>
>>
>> Anybody looking for a new customer opportunity? It seems Parler is in
>> search of a new service provider. Vendors need only provide all the
>> proprietary AWS APIs that Parler depends upon to function.
>>
>>
>> https://www.washingtonpost.com/technology/2021/01/09/amazon-parler-suspension/
>>
>> Regards,
>> Bill HErrin
>>
>>
>>

Re: Parler

[K. Scott Helms]

It's not, and frankly it's disappointing to see people pushing an agenda here.


Scott Helms


On Sun, Jan 10, 2021 at 9:37 AM  wrote:
>
> NANOG is a group of Operators, discussion does not have to be about 
> networking. I have already explained how this represents a significant issue 
> for Network Operators.
>
> On Jan 10, 2021, at 9:09 AM, Mike Bolitho  wrote:
>
> 
> It has nothing to do with networking. Their decision was necessarily 
> political. If you can specifically bring up an issue, beyond speculative, on 
> how their new chosen CDN is somehow now causing congestion or routing issues 
> on the public internet, then great. But as of now, that isn't even a thing. 
> It's just best to leave it alone because it will devolve into chaos.
>
> - Mike Bolitho
>
> On Sun, Jan 10, 2021, 6:54 AM  wrote:
>>
>> Why? This is extremely relevant to network operators and is not political at 
>> all.
>>
>> On Jan 10, 2021, at 8:51 AM, Mike Bolitho  wrote:
>>
>> 
>> Can we please not go down this rabbit hole on here? List admins?
>>
>> - Mike Bolitho
>>
>> On Sun, Jan 10, 2021, 1:26 AM William Herrin  wrote:
>>>
>>> Anybody looking for a new customer opportunity? It seems Parler is in
>>> search of a new service provider. Vendors need only provide all the
>>> proprietary AWS APIs that Parler depends upon to function.
>>>
>>> https://www.washingtonpost.com/technology/2021/01/09/amazon-parler-suspension/
>>>
>>> Regards,
>>> Bill HErrin

RE: Video Conferencing options to Beijing

[Scott, Thomas]

Spencer,

Skype (not for business) is what I've used in the past for video-conferencing 
inside the great (fire)wall. It works without a VPN, not sure if there are any 
limitations currently.

Regards,
[cid:image001.png@01D6E5BC.7D885F70]<https://www.intelsat.com/>
Thomas Scott
Engineer, Network Operations

2875 Fork Creek Church Road, Ellenwood, GA 30294
+1 404-381-2446 | M +1 480-241-7422
www.intelsat.com<http://www.intelsat.com/>


From: NANOG  On Behalf Of 
Spencer Coplin
Sent: Friday, January 8, 2021 12:36
To: North American Network Operators' Group 
Subject: Video Conferencing options to Beijing

External Email - Use Caution |

I know this is a bit outside of North America, so if this isn't relevant, 
please let me know. I have a client that is asking for video conferencing 
options back to Beijing for their users. What has everyone's experience been 
with setting up a solution like this?

We have to assume the Chinese users will be on non-VPN connections and under 
the filters of the Great Firewall of China. We are looking for software that 
can be installed on Windows, so apps that rely on Android or iOS are at bottom 
of our list, but not fully out of consideration.

Teams was my first thought, but per Microsoft, Teams isn't available in China:
https://docs.microsoft.com/en-us/microsoft-365/admin/services-in-china/services-in-china?view=o365-21vianet<https://urldefense.com/v3/__https:/docs.microsoft.com/en-us/microsoft-365/admin/services-in-china/services-in-china?view=o365-21vianet__;!!NlOElhM7!2rjVTVk6M6S63HI6gfuyz3jleBUnBfZMYyPf-rhqfHEryoOOJ_cNm1BvpY6VVUiEh7o$>

Thank you,
Spencer


*** This email was received from a system outside of Intelsat's network and may 
contain hyperlinks.

Emails from external sources could be malicious in nature. Please ensure that 
the message is from a trusted, validated source before taking any action.

Please contact the Intelsat Help Desk with any questions or concerns.

Thank You ***

[https://www.intelsat.com/wp-content/uploads/2020/12/INTELSAT-Logo-Horiz_4C_200-002.jpg]

As the foundational architects of satellite technology, Intelsat operates the 
largest, most advanced satellite fleet and connectivity infrastructure in the 
world. We apply our unparalleled expertise and global scale to reliably and 
seamlessly connect people, devices and networks in even the most challenging 
and remote locations. Transformation happens when businesses, governments and 
communities build a ubiquitous connected future through Intelsat's 
next-generation global network and simplified managed services. At Intelsat, we 
turn possibilities into reality. Imagine Here, with us, at Intelsat.com.

For more information, visit www.intelsat.com<http://www.intelsat.com> and 
follow us on 
Facebook<https://www.facebook.com/#%21/pages/Intelsat/106822915740>, 
Twitter<https://twitter.com/INTELSAT> and 
LinkedIn<http://www.linkedin.com/company/5071?trk=vsrp_companies_res_name=VSRPsearchId%3A858898061376423570001%2CVSRPtargetId%3A5071%2CVSRPcmpt%3Aprimary>

This email message is for the sole use of the intended recipients and may 
contain confidential and privileged information. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply email and destroy all copies of 
the original message. Any views expressed in this message are those of the 
individual sender, except where the sender specifically states them to be the 
views of Intelsat S.A. and its subsidiaries.

Re: Hulu Proxy Blocking our IP's

[Pennington, Scott]

Darin - If you are able to make progress on this, please share back to the 
list.   We've recently been getting sporadic complaints of same.   I did speak 
to a support agent at hulu who advised they utilize google's geo database, but 
haven't been able to get beyond that.

-Scott


From: NANOG  on behalf of 
Darin Steffl 
Sent: Thursday, December 3, 2020 9:37 AM
To: North American Network Operators' Group 
Subject: Hulu Proxy Blocking our IP's

Hey all,

We are a residential and business ISP. We don't host any servers or lease our 
IP space to anyone but ourselves.

Yesterday we had customers report Hulu was blocking their streaming with a 
proxy error. Customer contacted Hulu who blamed us. I emailed the hulu email 
yesterday morning and haven't heard a thing back.

Can someone help get this resolved for us?

Thank you

ipad...@hulu.com<mailto:ipad...@hulu.com>

--
Darin Steffl
Minnesota WiFi
www.mnwifi.com<http://www.mnwifi.com/>
507-634-WiFi
Like us on Facebook<http://www.facebook.com/minnesotawifi>

Re: A letter from the CEO

[Thomas Scott]

"Terrorbits" sounds like a 3 year old unplugging a router - over and over
until which point it then had to be relocated to a top shelf with a UPS.
Telling this from a friend's experience, not my own. Promise.

- Thomas Scott | mr.thomas.sc...@gmail.com


On Mon, Nov 23, 2020 at 11:09 AM Warren Kumari  wrote:

> On Mon, Nov 23, 2020 at 10:22 AM Andy Ringsmuth  wrote:
> >
> >
> > > On Nov 23, 2020, at 12:35 AM, Carsten Bormann  wrote:
> > >
> > >> 8tbps (8 terrabits per second).
> >
> > Terrabits? That’s a new one to me. Would that be akin to an “earthbit”
> or something like that?
>
> They are better than terrorbits, which is what happen when anyone in
> the family says "My Internet is broken, can you fix it?"
>
> W
>
> >
> >
> > -Andy
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>---maf
>

Re: Cable Company Hotspots

[Thomas Scott]

>It shares the aggregate bandwidth of the HFC but not your contracted
bandwidth

That's how I remember them being provisioned, they were on the same modem,
but using their own timing slots, so essentially the subscriber at their
own premises was never using the channels at the same time as the "roaming
subscriber" who was on their own SSID. This led to some... *interesting*
setups where you could increase your bandwidth decently, but with an
increase in latency. Depending on your use case, ymmv.

https://msol.io/blog/tech/how-i-doubled-my-internet-speed-with-openwrt/
<https://msol.io/blog/tech/how-i-doubled-my-internet-speed-with-openwrt/>

is a great example of a "creative setup"

- Thomas Scott | mr.thomas.sc...@gmail.com


On Mon, Nov 23, 2020 at 9:12 AM Rod Beck 
wrote:

> It is a lifesaver. It is a good back up to have if primary services fails
> as my telco service did Friday. Transmission rates up and down vary
> dramatically from as high as 40 megs down to as low 500K down. It is
> definitely shared bandwidth in the Last Mile. 
>
> -R.
>
> --
> *From:* Rob Seastrom 
> *Sent:* Monday, November 23, 2020 2:55 PM
> *To:* Lady Benjamin PD Cannon 
> *Cc:* Rod Beck ; NANOG Operators' Group <
> nanog@nanog.org>
> *Subject:* Re: Cable Company Hotspots
>
> On Nov 22, 2020, at 12:42, Lady Benjamin PD Cannon  wrote:
> >
> > Rod, that’s exactly how they are delivering it. Unclear wether it’s over
> a separately provisioned bandwidth channel, or wether it shares the
> aggregate capacity of the HFC.
>
> It shares the aggregate bandwidth of the HFC but not your contracted
> bandwidth.  Itmight be possible, but its extremely unlikely, to dedicate
> downstream or particularly upstream DOCSIS channels for this, and if you’re
> running docsis 3.1 “channel” takes on a rather different shade of meaning
> anyway.
>
> This is done with “service flows” which are part of the docsis spec.
> They’re more like CAR with an ACL than DSCP.  Your cable modem already has
> at least four service flows defined in its profile:  one each for upstream
> and downstream, cablemodem management and contracted-bandwidth commodity
> internet.   If there is a built in phone jack (NANOG would call this an
> ATA, but the cablelabs term for it is an MTA or eMTA) then add a couple of
> more flows to it for the voip.  There could be still more; uses are up to
> your imagination.
>
> I haven’t seen better than 10-20m service flows for guest wifi...
>
> Shared vs dedicated wifi radio for guest would be dependent on the CPE.  I
> believe they are mostly shared, but my information is dated at this point
> and radios have gotten stupid cheap in the meantime.
>
> Likewise, backhaul technology is implementation dependent; L2TP is what
> I’ve generally seen, not GRE, but again that info is five years out of date
> at this point.
>
> So in short, assuming minimal interference and good wifi config (which may
> be a lot to ask in some environments) someone running speedtest on the
> guest wifi should have almost no effect on your contracted network
> performance, modulo any timing effects of the docsis channel transmission
> time slot allocator.
>
> HTH,
> -r
>
> Sent from my iPad
>
>

Re: AFRINIC IP Block Thefts -- The Saga Continues

[scott weeks]

On 11/15/20 8:57 PM, Elad Cohen wrote:

That's it...

-


I find it strange that you ignored the exact same message at AfNOG
sent several minutes earlier, yet try to save your 'reputation' here.
I also note that after Ronald's email at AfNOG there was exactly zero
discussion by anyone on that list.

scott

Re: att or sonic "residential" fiber service at a "nontraditional" residence.

[Scott McGrath]

I’d say ‘it depends’ on the sales organization being willing to sell it.
 The non-profit also has to realize that they get the same service
restoration speeds and customer support that a residential customer gets.



On Sun, Nov 1, 2020 at 8:24 PM Mark Seiden  wrote:

> att 1Gb/sec symmetric fiber is about $70/month.
>
> their “business class” service costs >10x that price.
>
> if i don’t want an SLA, does anything keep a non-profit organization from
> ordering (from att or sonic) residential service at what normally would be
> considered a business location?
> sonic seems to overlay on the att fiber network (in parts of the sf bay
> area)?
>
> (say, for example, you have a caretaker who lives on premises and you
> terminate the fiber in or near the caretaker’s apartment…)
>
> (would this violate some tariff?  could they refuse to install?)
>
> (for me this harkens back to much earlier days where i would order dry
> copper loops intended for alarm purposes and run data or conditioned audio
> over them…)

Re: Vint Cerf & Interplanetary Internet

[scott weeks]

*From:* NANOG  on behalf of 
Rod Beck 

https://www.quantamagazine.org/vint-cerfs-plan-for-building-an-internet-in-space-20201021/



On 10/21/20 2:27 PM, Suresh Ramasubramanian wrote:

Right. This means we are going to catch a spaceship for a future nanog / 
have
interplanetary governance federation debates with space aliens from 
Andromeda,
and we will finally run out of v6 and ipv9 will rule the roost while 
there’s a
substantial aftermarket + hijack scene going on for the last remaining 
v6 blocks.




More like IP to Nokia's new cell network on the moon:

https://www.theguardian.com/science/2020/oct/20/talking-on-the-moon-nasa-and-nokia-to-install-4g-on-lunar-surface
(Everyone on the moon will want to have access to LOL cats!)

Or... using DTN (https://datatracker.ietf.org/wg/dtn/about) to reach 
Mars and other
planets by being relayed through communications relay satellites similar 
to the

Mars Telecommunication Orbiter (canceled),  Mars Odyssey or Mars
Reconnaissance Orbiter spacecraft.

Or... IP to robots visiting other non-planet objects in the solar system 
like

comets/asteroids:
https://spacenews.com/osiris-rex-touches-down-on-asteroid
https://www.bbc.com/news/science-environment-47293317

Or... 

The IPI idea has been around for a long time now:
https://en.wikipedia.org/wiki/Interplanetary_Internet

The main question is will NANOG On The Road meet on the moon?  I missed
the only Hawaii one, so maybe I could make the moon one!

scott

Re: Gaming Consoles and IPv4

[Scott Morizot]

On Mon, Sep 28, 2020 at 8:30 AM Jeremy Bresley  wrote:

> I'm outside of Tampa (18th largest MSA in the US).  The two providers
> here, Spectrum (former Brighthouse area) and Frontier (bought out Verizon's
> FIOS offering) are both IPv4 only (including on their SOHO/SMB offerings).
>
> So I'm stuck with doing an HE tunnel still for my IPv6 access.  If anybody
> has a petition to change this with these providers, let me know, happy to
> sign it.
>

I empathize. My home provider, Suddenlink, is one of the laggards. Spectrum
here in the Austin area, though, is fully IPv6 enabled. Last year I did a
fair amount of testing at my younger son's apartment. It's frustrating.

I don't have any sort of detailed breakdown because that's not our primary
focus, but my very large organization has been supporting a daily average
of between 50k-60k VPN remote workers from around the country in all sorts
of locations. Because of COVD-19, it's been a significant percentage
increase, though our normal levels are quite large. We see about a quarter
of those incoming connections over IPv6. Most of our remote workers are
non-technical so that's an indication of not just ISP deployment but
penetration into their home networks. Again, we don't have any breakdown
since that's not our primary focus, but it does provide a high level
perspective.

Scott

Re: curious spam...

[Thomas Scott]

>
> I treat it as a back-end mailbox for my own smtp server. 100% of email
> that reaches my gmail

box without going to another address at my mail server first is spam.


I used a similar flow a few years ago that worked until I made the mistake
of signing into some service using "Sign in with Google" and then it was
all down-hill from there. Within a few months I found myself on customer
lists that I hadn't signed up for, and my spam folder grew as well. YMMV,
but that was my culprit.
- Thomas Scott | mr.thomas.sc...@gmail.com


On Tue, Sep 15, 2020 at 8:15 AM J. Hellenthal via NANOG 
wrote:

> Hey google, siri, or Alexa phoning home and your information put into a
> local database as a new person in the area for which they have bought your
> address I could believe that.
>
> --
>  J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says
> a lot about anticipated traffic volume.
>
> > On Sep 14, 2020, at 13:33, William Herrin  wrote:
> >
> > Howdy,
> >
> > I've noticed something odd. When I lived in Virginia, I started
> > receiving email directly to my gmail box from my U.S. Representative.
> > Unsolicited spam from Congressmen is nothing new but it was a little
> > odd that they found my gmail box (which I don't give out) and not one
> > of the hundreds of aliases at herrin.us or dirtside.com which I do
> > give out. The gmail box exists only in mail headers; "From" is always
> > a different address.
> >
> > I moved to Seattle. Today I found my grmail box subscribed to a
> > congressman's list from a nearby Washington jurisdiction. Not some
> > random congressman. And not any of the addresses I give out; my gmail
> > box's address which I don't.
> >
> > Anyone else have a similar experience? Any idea how a hidden address
> > is making it on to relevant congressmens' lists but not any others?
> > That's weird right?
> >
> > Regards,
> > Bill Herrin
> >
> > --
> > William Herrin
> > b...@herrin.us
> > https://bill.herrin.us/
>

Re: Centurylink having a bad morning?

[K. Scott Helms]

We've been on hold for more than an hour trying to get an update.

We see the same behavior where they continue to announce our blocks
despite all the interfaces to them being hard down.

Scott Helms


On Sun, Aug 30, 2020 at 8:58 AM Jason Kuehl  wrote:
>
> Well, When I tried calling I got a fast busy, so that's nice.
>
> On Sun, Aug 30, 2020 at 8:33 AM David Hubbard  
> wrote:
>>
>> Same.  Also, as reported on outages list, what’s even worse is that they 
>> appear to be continuing to propagate advertisements from circuits whose 
>> sessions have been turned down.  I validated ours still were via a couple 
>> looking glass portals.  Down Detector shows nearly every major service 
>> provider impacted.
>>
>>
>>
>> They’re not reachable so who knows if they’re even working on it.  I feel 
>> like they’ve been cutting heavily on the network ops side in recent years…
>>
>>
>>
>> From: NANOG  on 
>> behalf of Drew Weaver via NANOG 
>> Reply-To: Drew Weaver 
>> Date: Sunday, August 30, 2020 at 8:23 AM
>> To: "nanog@nanog.org" 
>> Subject: Centurylink having a bad morning?
>>
>>
>>
>> Hello,
>>
>>
>>
>> Woke up this morning to a bunch of reports of issues with connectivity had 
>> to shut down some Level3/CTL connections to get it to return to normal.
>>
>>
>>
>> As of right now their support portal won’t load: 
>> https://www.centurylink.com/business/login/
>>
>>
>>
>> Just wondering what others are seeing.
>>
>>
>
>
>
> --
> Sincerely,
>
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.ku...@gmail.com

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

[K. Scott Helms]

Nick,

Data on blocking inbound TCP or the kinds of gear that mistakenly
labels UDP fragments as DST port 0?

Scott Helms


On Wed, Aug 26, 2020 at 9:00 AM Nick Hilliard  wrote:
>
> K. Scott Helms wrote on 26/08/2020 13:55:
> > To be clear, UDP port 0 is not and probably shouldn't be blocked
> > because some network gear and reporting tools may mistake a fragmented
> > UDP PDU for port 0.  That's an implementation error, but one that may
> > be common enough to create issues for users.
> do you have data on this?
>
> Nick
>

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

[K. Scott Helms]

To be clear, UDP port 0 is not and probably shouldn't be blocked
because some network gear and reporting tools may mistake a fragmented
UDP PDU for port 0.  That's an implementation error, but one that may
be common enough to create issues for users.  Blocking inbound TCP
port 0 is something that I've personally done in dozens of ISP
networks over more than a decade without a single reported issue.

Scott Helms


On Tue, Aug 25, 2020 at 7:39 PM narhiro  wrote:
>
>
> > "Port 0 is a reserved port, which means it should not be used by
> > applications. Network abuse has prompted the need to block this port."
> >
> > "What about UDP IP fragmentation?"
> >
> > I'm not sure I follow this.  The IP packet will be fragmented with UDP
> > inside it.  When the IP packet gets put together the UDP PDU will have
> > a port number.  It's possible that some packet analyzers or network
> > gear will improperly "see" a partial UDP flow as port 0 but that's a
> > mischaracterization of the flow.
> >
> >
> > Scott Helms
> >
> > Scott Helms
> >
> >
> >
> >>> On Tue, Aug 25, 2020 at 8:17 AM Job Snijders  wrote:
> >>>
> >>>> On Tue, Aug 25, 2020 at 07:27:33AM -0400, K. Scott Helms wrote:
> >>> I think a fairly easy thing to do is see what other large retail ISPs
> >>> have done.  Comcast, as an example, lists all of the ports they block
> >>> and 0 is blocked.  I do recommend that port 0 be blocked by all of the
> >>> ISPs I work with and frankly Comcast's list is a pretty good one to
> >>> use in general, though you will get some pushback on things like SMTP.
> >>> https://www.xfinity.com/support/articles/list-of-blocked-ports
> >>
> >> I may be reading the table incorrectly, but it seems to me Comcast is
> >> *not* blocking UDP port 0 according to the above URL?
> >>
> >>> Transit providers are a little bit different, but then again port 0 is
> >>> also different since AFAIK it's never had a legitimate use case.  It's
> >>> always been a reserved port.  I'd personally block it if I ran a
> >>> transit, but I'd be more willing to open it up for one of my large
> >>> customers (in a limited way) than I would on the retail side.
> >>> https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
> >>
> >> What about UDP IP fragmentation?
> >>
> >> Kind regards,
> >>
> >> Job

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

[K. Scott Helms]

That's correct, I can only blame my lack of coffee at that point for
the oversight.  I went back and looked at where we have this
implemented and it's only TCP.


Scott Helms


On Tue, Aug 25, 2020 at 8:46 AM Job Snijders  wrote:
>
> On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote:
> > Comcast is blocking it.  From the table on that page.
> >
> > "Port 0 is a reserved port, which means it should not be used by
> > applications. Network abuse has prompted the need to block this port."
>
> The 'Transport' column seems to indicate that TCP port 0 is blocked, but
> not that UDP port 0 is blocked. I believe there are comcast people on
> this mailing list, it would be interesting to hear what the
> considerations were to block one but not the other.
>
> > "What about UDP IP fragmentation?"
> >
> > I'm not sure I follow this.  The IP packet will be fragmented with UDP
> > inside it.  When the IP packet gets put together the UDP PDU will have
> > a port number.  It's possible that some packet analyzers or network
> > gear will improperly "see" a partial UDP flow as port 0 but that's a
> > mischaracterization of the flow.
>
> You are absolutely right. There is no layer-4 header in a fragment.
> 'port 0' in netflow/ipfix traffic analyzer tools when displayed may be
> the result of a lack of ability to label it differently in the
> datastructures used. "mischaracterization" is a fitting word :-)
>
> Kind regards,
>
> Job

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

[K. Scott Helms]

Job,

Comcast is blocking it.  From the table on that page.

"Port 0 is a reserved port, which means it should not be used by
applications. Network abuse has prompted the need to block this port."

"What about UDP IP fragmentation?"

I'm not sure I follow this.  The IP packet will be fragmented with UDP
inside it.  When the IP packet gets put together the UDP PDU will have
a port number.  It's possible that some packet analyzers or network
gear will improperly "see" a partial UDP flow as port 0 but that's a
mischaracterization of the flow.


Scott Helms

Scott Helms



On Tue, Aug 25, 2020 at 8:17 AM Job Snijders  wrote:
>
> On Tue, Aug 25, 2020 at 07:27:33AM -0400, K. Scott Helms wrote:
> > I think a fairly easy thing to do is see what other large retail ISPs
> > have done.  Comcast, as an example, lists all of the ports they block
> > and 0 is blocked.  I do recommend that port 0 be blocked by all of the
> > ISPs I work with and frankly Comcast's list is a pretty good one to
> > use in general, though you will get some pushback on things like SMTP.
> >
> > https://www.xfinity.com/support/articles/list-of-blocked-ports
>
> I may be reading the table incorrectly, but it seems to me Comcast is
> *not* blocking UDP port 0 according to the above URL?
>
> > Transit providers are a little bit different, but then again port 0 is
> > also different since AFAIK it's never had a legitimate use case.  It's
> > always been a reserved port.  I'd personally block it if I ran a
> > transit, but I'd be more willing to open it up for one of my large
> > customers (in a limited way) than I would on the retail side.
> >
> > https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
>
> What about UDP IP fragmentation?
>
> Kind regards,
>
> Job

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

[K. Scott Helms]

Douglas,

I think a fairly easy thing to do is see what other large retail ISPs have
done.  Comcast, as an example, lists all of the ports they block and 0 is
blocked.  I do recommend that port 0 be blocked by all of the ISPs I work
with and frankly Comcast's list is a pretty good one to use in general,
though you will get some pushback on things like SMTP.

https://www.xfinity.com/support/articles/list-of-blocked-ports

Transit providers are a little bit different, but then again port 0 is also
different since AFAIK it's never had a legitimate use case.  It's always
been a reserved port.  I'd personally block it if I ran a transit, but I'd
be more willing to open it up for one of my large customers (in a limited
way) than I would on the retail side.

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml


Scott Helms



On Tue, Aug 25, 2020 at 7:16 AM Douglas Fischer 
wrote:

> I think that the subject of the e-mail is very self-explanatory.
>
> With some analysis of what is running over our network, ISP or ITP, we
> will be able to see some TCP/UDP(mostly UDP) packets with source or
> destination to port 0.
>
> I can think of a genuine use of it.
> (Maybe someone cloud help me see what I'm not seen.)
>
> So I have two questions:
>
> a) Should an ISP block that Kind of traffic?
> (like anti-spoofing on BNG/B-RAS)
>
> b) Should a Transit Provider block that Kind of traffic?
>
>
> --
> Douglas Fernando Fischer
> Engº de Controle e Automação
>

Re: Has virtualization become obsolete in 5G?

[Scott Weeks]

--- ed...@ieee.org wrote:
From: Etienne-Victor Depasquale 

See, for example, Azhar Sayeed's (Red Hat) contribution here
<https://www.lightreading.com/webinar.asp?webinar_id=1608>@15:33.



Don't send links to this list that require one to register 
to read the article and then say, "By registering for our 
site, your email will be added to our promotions list" and 
"Occasionally our trusted partners may want to send you 
information about exciting new products and services"

No one's going to click on that!

scott

Re: favorite network troubleshooting tools (online)

[Scott Weeks]

>> what are your favorite network troubleshooting tools?

I thought I'd add a little data to my first response:



To watch the network in real time with syslog, which puts 
messages in /var/log/router.log:

tail -f /var/log/router.log | egrep -vi 
'terms|I|do|not|want|to|see|SyncConfigOK|SaveConfigSucceeded|LogFile|etcetera|etcetera'




To look for a problems on router1:

grep -i router1 /var/log/router.log | egrep -vi 'terms|I|do|not|want|to|see' | 
less


scott

ps. it's free.  no cost.  low learning curve.  easy and fast.

Re: favorite network troubleshooting tools (online)

[Scott Weeks]

On 15/07/2020 10:37, Mehmet Akcin wrote:


> what are your favorite network troubleshooting tools?
--


syslog  :)


scott

Re: questions asked during network engineer interview

[Scott Weeks]

--- mpet...@netflight.com wrote:
From: Matthew Petach 
On Tue, Jul 14, 2020, 11:00 Ahmed elBorno  wrote:

> I had less than two years experience.
>
> The interviewer asked me:
> [...]
> 2) If we had a 1GB file that we need to transfer between America and
> Europe, how much time do we need, knowing that we start with a TCP size of
> X?
>


I *love* questions like that, because I can immediately respond back with
"well, that depends; did your sysadmin configure rfc1323 extension support
in your TCP stack?  Is SACK enabled?  What about window scaling?  Does your
OS do dynamic buffer tuning for TCP, or are the values locked in at start
time?"




I'm not so sure someone with only 2 years experience would know that.

scott

Re: ARIN

[Scott Weeks]

--- nanog@nanog.org wrote:

I had to do several things in ARIN. The support has team was very 
quick responding, very useful with their recommendations to my 
questions, and had a great attitude towards solving problems.


thank you all ARIN support desk 
--


I mentioned this the last time we had this conversation, but I 
want to say it again.  As mentioned, folks are quick to complain 
and slow to compliment.  So, I want to add a +1 to the original 
email.

I am having my first dealings with them since about 10 years ago.  
And now, just like then, the support folks are stellar in their 
interaction with me.  

Thanks a LOT! :)

scott

Re: RIPE NCC Executive Board election

[Pennington, Scott]

Can this slap fight go somewhere besides this list?


From: NANOG  on behalf of Elad Cohen 
Sent: Wednesday, May 13, 2020 7:34 PM
To: Töma Gavrichenkov 
Cc: Shane Ronan ; North American Network Operators' 
Group 
Subject: Re: RIPE NCC Executive Board election

You start your posts with Peace but your posts are full of hate.

From: Töma Gavrichenkov 
Sent: Thursday, May 14, 2020 2:17 AM
To: Elad Cohen 
Cc: Shane Ronan ; North American Network Operators' 
Group 
Subject: Re: RIPE NCC Executive Board election

Peace,

On Thu, May 14, 2020 at 2:14 AM Elad Cohen  wrote:
> A degree in economics is not needed [..]

Which is the common thing to say by the ones who don't have it.

I think, dixi.

--
Töma

Re: How to manage Static IPs to customers

[K. Scott Helms]

The spec allows for bridging or layer 3 but none of the major or certified
manufacturers support bridging on larger platforms.  (>1000 modems)

Scott Helms



On Fri, May 8, 2020 at 3:56 PM Brandon Martin 
wrote:

> I'm curious...
>
> Is it part of the DOCSIS spec that the CMTS terminates L3, or can they
> bridge to IEEE 802(.3) and delegate that to some other piece of gear?
> I'm unfortunately not familiar with the MSO world much at all aside from
> a little bit of L1.
>
> --
> Brandon Martin
>

Re: How to manage Static IPs to customers

[K. Scott Helms]

Javier,

There's really no good way to handle this without routing or tunneling that
I've been able to find in a very long time.  (SD-WAN can help, but it's
just a fancy way to tunnel in this regard.)  It's pretty amazing that this
is such an issue, but it remains so.  I have tried to work around this
using BSoD (
https://specification-search.cablelabs.com/business-services-over-docsis-layer-2-virtual-private-networks
)
but we eventually abandoned the effort because it rapidly became to
expensive to scale to solve a niche problem.

Scott Helms



On Fri, May 8, 2020 at 8:58 AM Javier Gutierrez Guerra <
guer...@westmancom.com> wrote:

> That's surprising to me, I have no intentions to do routing with our cable
> subscribers, that seems like a headache for both sides
> Today we have specific ranges within subnets from where we assign IPs to
> customers, my main problem that I'm trying to get around is having to
> change a customer static IP if their node gets splitter and I have to mode
> them to a different CMTS
>
> Thanks,
>
> Javier Gutierrez Guerra
>
>
>
> -Original Message-
> From: NANOG  On Behalf Of Bryan Fields
> Sent: Thursday, May 7, 2020 5:57 PM
> To: nanog@nanog.org
> Subject: Re: How to manage Static IPs to customers
>
> CAUTION: This email is from an external source. Do not click links or open
> attachments unless you recognize the sender and know the content is safe.
>
> On 5/7/20 5:54 PM, Brandon Jackson via NANOG wrote:
> > I have seen (Charter) and heard quite a few run RIP or some other
> > routing protocol on the CPE.
>
> Yep, it's RIP.  They don't support IPv6 on this either.  I've been asking
> for
> IPv6 since 2006, it's always next year.
>
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> http://bryanfields.net
>

Re: mail admins?

[Scott Weeks]

--- m...@mtcc.com wrote:
From: Michael Thomas 

I'm not sure why the admins of nanog's site should 
particularly care about appeasing the js tinfoil hat 
set. i mean, computers computing! who will stop this 
madness!
-


Not the tin foil hat crowd, security.  Computers be
computing with or without security.  Many turn off JS.
Especially in this crowd.  The only time I wanted to 
use the site anyway was to find a thread as I can't 
seem to find them well in search engines.  For example, 
what was the thread about SOHO firewalls and pfsense
not too long ago?  I can't remember what everyone was 
saying about a pfsense replacement as pfsense is no 
longer what it was.  I am having to greenfield my home 
network and want to find a nerdable "dual WAN' firewall.  
That's off topic, though, as it's just a home network 
question.

scott

Re: mail admins?

[Scott Weeks]

--- m...@mtcc.com wrote

> So I should just get used to configuring routers with HTTP and
> Notepad and forget about that nasty, old, 20th century vi crap? :)

No, but complaining about javascript on websites 
-


Just to be clear, I was only complaining about NANOG's site. 
Well, ARIN's, too. I get what you're saying for the internet 
in general.  It seems NANOG could see javascript being 
blocked and redirect folks to a non-insecure (javascript) 
site like others (twitter, for example) do.  Then, I could 
use Lynx! (kidding!) :)

scott

Re: mail admins?

[Scott Weeks]

--- m...@mtcc.com wrote:

From: Michael Thomas 
To: nanog@nanog.org
Subject: Re: mail admins?
Date: Tue, 21 Apr 2020 17:34:36 -0700


On 4/21/20 5:19 PM, Scott Weeks wrote:
>
>
>> I think you just need to let scripts run in your browser for
>> nanog.org.
> sad.  http://nanog.org used to be the brilliant example of a fully
> featured web site sans javascript, flash, ...
> ---
>
>
> I'm not one to plus-one anything, but this should be plus-infinity.
> I whined about it a year or so ago.  Crickets.  I gave up on doing
> anything on the web site because I can't get anything to work
> unless I make my computer less secure.  Sad trend.  More flash and
> trash marketing crap and less network engineering acumen.  Like
> configuring routers from a web browser, rather than a CLI...
>
this ship left port in the 90's. you might as well be an old man yelling 
at clouds. oh wait, randy does kind of resemble grandpa simpson :)
--



So I should just get used to configuring routers with HTTP and 
Notepad and forget about that nasty, old, 20th century vi crap? :)

scott

ps.  One guy I know claims vi is the spawn of satan.

Re: mail admins?

[Scott Weeks]

> I think you just need to let scripts run in your browser for
> nanog.org.

sad.  http://nanog.org used to be the brilliant example of a fully
featured web site sans javascript, flash, ...
---


I'm not one to plus-one anything, but this should be plus-infinity.
I whined about it a year or so ago.  Crickets.  I gave up on doing 
anything on the web site because I can't get anything to work 
unless I make my computer less secure.  Sad trend.  More flash and 
trash marketing crap and less network engineering acumen.  Like 
configuring routers from a web browser, rather than a CLI...

scott

Command and Control Centres | COVID-19

[Scott E. MacKenzie]

All,

This question has arisen and I was wondering if I could request some
feedback from the community.  We operate a 24x7x365 Command and
Control Centre that provides mission critical services (Security
Operations, Network Operations, and Enterprise Management) as does
many on this list.

How many on the list have sent all personnel home using work from home
practices and home many have opted to run skeleton crews while
implementing tight social distancing restrictions?  How many are
operating status quo?

We are trying to find a balanced position and I was wondering what is
the communities position on this topic?


Scott

Re: Scientists predict more major hurricanes than normal in 2020 season

[Scott Weeks]

On 4/2/20 10:02 AM, Sean Donelan wrote:
>
> How is ISPs hurricane response planning going?


--- m...@mtcc.com wrote:
From: Michael Thomas 

And a comet too!

https://www.cnet.com/news/brightening-comet-atlas-could-soon-lift-your-gaze-and-spirits-just-a-little/



Relatively well prepared for a hurricane hit, but 
prepared for a comet hit?  Haven't started that 
prep yet... ;-)

scott

Re: CISA critical infrastructure letters

[Scott Weeks]

I got these.  One each for travel and fuel.  I could fake
one in 15 minutes or so.  Heck, I could probable find one 
online and modify it in less time than that! Because of 
that I don't see the usefulness.

scott

Re: free collaborative tools for low BW and losy connections

[Scott Weeks]

Thanks, my facepalm moment of the day (so far; it's 
only 7:30am here) is...

Use tools from the past when the connections everywhere
were losy and slow.  They already mentioned RT.  I'll
mention that and NNTP/UUCP/etc.

scott

free collaborative tools for low BW and losy connections

[Scott Weeks]

Hello,I was watching SDNOG and saw the below conversation recently.  Here is the relavant part:"I
 think this is the concern of all of us, how to work from home and to 
keep same productivity level,, we need collaborative tools to engaging the team.  I am still searching for tool and apps that are free, tolerance the poor internet speed."I know of some free tools and all, but am not aware of the tolerancethey may have to slow speed and (likely) poor internet connections.I was wondering if anyone here has experience with tools that'd work, so I could suggest something to them.I don't know if everyone's aware of what they have been going throughin Sudan (both of them), but it has been a rough life there recently.Thanks!scott Original Message Subject: [sdnog] How to work from homeHi all Hope you are all safe wherever you are,Regards to the current situation around the world , and as we all adviced/forced to start working from home which is not common here in our community , and I know some bosses are not convinced unless they saw you in your desk :D my question is , for simple offices ,with no great infrastructure , just an internet connection to their edge ,how can they work from home ? Is there any free tools /ways  they can use,  what are the options, with taking along the security concernswhat is your advice to achieve that in a proper way , and for those who managed to work from home , how did you do that ? Please share your experience ^_^And how we as "sdnog community" can help in that "for the old fashioned bosses :D"--From: "aseromeru...@hotmail.com" I
 think this is the concern of all of us, how to work from home and to 
keep same productivity level,, we need collaborative tools to engaging 
the team.I am still searching for tool and apps that are free, tolerance the poor internet speed. Any suggestion 

Re: COVID-19 vs. our Networks

[Scott Weeks]

We do about 70-80Gbps at peak over the external 
BGP links we have and I am not seeing a large 
increase nor am I seeing it spread out over time.  
We're an eyeball network plus some really large 
customers.

Anyone else seeing something different?  We're
now into the 3rd day, so I thought I'd see
something change by now.

scott

Re: COVID-19 vs. our Networks

[Scott Weeks]

--- alexandre.petre...@gmail.com wrote:
From: Alexandre Petrescu 
  
That map does not show Texas, as far as I know America 
(USA) geography. 
---


Being raised in Texas in a family that've been there 
for a buncha generations, I know that at least some 
folks there would challange that... :)

https://en.wikipedia.org/wiki/Texas_secession_movements

It was a nation unto itself for over decade:

https://en.wikipedia.org/wiki/Republic_of_Texas



Many old timers are a pretty independent type of people.


scott
ps. traffic is still normal here

Re: DNS Recursive Operators: Please enable QNAME minimization (RFC7816) for the enhanced privacy of your users

[Scott Weeks]

--- o...@delong.com wrote:
From: Owen DeLong 

For anyone considering enabling DOH, I seriously recommend 
reviewing Paul Vixie’s keynote at SCaLE 18x Saturday morning.

https://www.youtube.com/watch?v=artLJOwToVY

It contains a great deal of food for thought on a variety 
of forms of giving control over to corporations over things 
you probably don’t really want corporations controlling in 
your life.

---



Definitely informative.  I had no idea.  As well Paul Vixie
always sees things from a uniqus PoV.  Thanks for sharing!

I add a +1 that folks should watch this.

scott

Draft of the next US Federal Government IPv6 guidance to civilian agencies memo released

[Scott Morizot]

Hello all,

Since it's been released for comment on the Federal Register this week and
it's something that potentially has ripple effects to network and equipment
providers in the US especially, I thought some here might be interested in
the following.

Request for Comments on Updated Guidance for Completing the Transition to
the Next Generation Internet Protocol, Internet Protocol Version 6 (IPv6)

https://www.federalregister.gov/documents/2020/03/02/2020-04202/request-for-comments-on-updated-guidance-for-completing-the-transition-to-the-next-generation


The draft memo itself is not necessarily straightforward to locate, but it
is published on the Federal CIO website.

https://www.cio.gov/assets/resources/internet-protocol-version6-draft.pdf

The memo outlines the next mandated IPv6 transition step for US civilian
agencies and establishes reporting requirements on their progress toward
those mandated goals.

The comment process is outlined in the Federal Register notice should
anyone have comments they would like to submit.

Scott

Re: China’s Slow Transnational Network

[Scott Weeks]

In fact, Great Canon (GC) [55] is such an in-path system. But it 
is known for intercepting a subset of traffic (based on protocol 
type) only. What’s more, GC has been activated only twice in 
history (the last one in 2015 [55]). 
---


AT security says otherwise:

https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again

The Great Cannon is a distributed denial of service tool (“DDoS”) 
that operates by injecting malicious Javascript into pages served 
from behind the Great Firewall."

"The Great Cannon was the subject of intense research after it was 
used to disrupt access to the website Github.com in 2015. Little 
has been seen of the Great Cannon since 2015. However, we’ve 
recently observed new attacks..."

"On August 31, 2019, the Great Cannon initiated an attack 
against a website (lihkg.com) used by members of the Hong 
Kong democracy movement to plan protests."

scott

Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

[Scott Weeks]

I can't help myself... :)



My mother in the 1980s: "no one can ever call us because the phone line is 
always busy"

Me with an Osborne 1 and a 300 baud modem:  "We need a second phone line!"  
(https://en.wikipedia.org/wiki/Osborne_1)

My mother: "That's too expensive.  Quit clogging up the phone line with that 
toy!"

Me: 
"Ok...Pshhhkk​kakingkakingkakingtsh​chchchchchchchcch​*ding*ding*ding*" 
  (*)



I never would've guessed in those days that it would provide me an entire 
professional career.

scott



(*) I copied 
Pshhhkk​kakingkakingkakingtsh​chchchchchchchcch​*ding*ding*ding*
from a website as I could not spell that.

Re: akamai yesterday - what in the world was that

[Scott Weeks]

--
On 2/11/20 6:41 PM, Tom Deligiannis wrote:
> There is a major update that has released today, how's everything 
> looking for everyone?
---


Did anyone else notice a big traffic dip from noon to 8pm local time?  
Strange look on the graphs.

scott

Re: akamai yesterday - what in the world was that

[Scott Weeks]

--
On 2/11/20 6:41 PM, Tom Deligiannis wrote:
> There is a major update that has released today, how's everything 
> looking for everyone?
---


eyeball network here...

It shifted our traffic patterns to earlier peaks.  It started at 9am.  
The first peak was at 3pm and the main peak was at 7pm and the traffic
fell back to normal loads at 1am.  There was increased traffic all 
night, though, as our low traffic was still 4-5Gbps over normal lows 
at the 2-5am period.

Normal peak is ~16Gbps, but this one was ~33Gbps almost all on one
inexpensive link.  The other main link showed and increase of about 
8Gbps with a funny dip between noon and 9pm HST.

scott

Re: CISCO 0-day exploits

[Scott Weeks]

--- nanog@nanog.org wrote:
From: "Jean | ddostest.me via NANOG" 

> https://www.armis.com/cdpwn/
>
> What's the impact on your network? Everything is under control?
---

I really thought that more Cisco devices were deployed among NANOG.

I guess that these devices are not used anymore or maybe that I 
understood wrong the severity of this CVE.
---


Just because you use cisco devices doesn't mean you have to use 
their proprietary protocols, such as EIGRP or CDP.  OSPF or LLDP
work just fine and interoperate with other vendors... :)

scott

Re: Hawaii exchange and connection to mainland pops

[Scott Weeks]

--- a.matama...@gmail.com wrote:
From: Antoni Matamalas 

I'm trying to figure out how is the connectivity in the Hawaiian Islands
for a project I have. I'm based in Europe and my knowledge of the details
of the communications in the islands is still limited. The project is based
in the O'ahu island but I'm trying to understand how things are working in
the whole Hawaiian islands (pure professional curiosity). I'm focusing on
two aspects:

* Content delivery and connection to content providers (Google, Apple,
Netflix,...)
* Availability of providers that can supply wavelength between Hawaiian
Islands and the continent (LA, Seattle or other locations)
--




I'm assuming you're talking Commercial only?  DoD is a different 
animal as is UH.

I work for the ILEC and can fill you in on that to a certain 
degree. We have the normal Google/Netflix/Akamai/etc caches.

The population in the state of Hawaii is small.
https://census.hawaii.gov/whats-new-releases/2019-state-population-estimates
On July 1, 2019, the resident population for the State of Hawaii 
was 1,415,872.

And of those about 1 million live on one island: Oahu.  There're 
5 other islands.

We have a lot of trans-pacific fiber landing here, but it mostly 
just transits the island.  Not much gets peeled off to service 
the state due to its size.  The ILEC owns part of SEA-US:
https://www.submarinenetworks.com/systems/trans-pacific/sea-us
and we get service on Hawaiki for South Pacific connectivity.
https://www.submarinenetworks.com/en/systems/australia-usa/hawaiki-cable

Most of the inter-island fiber is owned by the ILEC, which was
bought by Cincinatti Bell, which will be bought by either 
Brookfield Infrastructure or another company whose name isn't 
public yet. (Anyone been bought by BI?  email me, please)

As mentioned in another email HIX is the internet exchange 
managed by UH and DR Fortress connects to that.  We do as 
well:

http://www.hawaii.edu/hix/Hawaii_Internet_Exchange/Home.html

https://www.drfortress.com/about/company-overview/

https://www.drfortress.com/services/internet-exchange/overview/

https://www.drfortress.com/services/internet-exchange/drfxchange/

https://www.drfortress.com/services/internet-exchange/peering-and-connectivity/

scott

Re: Backup over 4G/LTE

[K. Scott Helms]

There are lots of options to solve that problem.

Peplink, 128T, Viptela (Cisco), Velocloud (VMWare), etc.

Scott Helms



On Tue, Jan 28, 2020 at 6:31 PM K MEKKAOUI  wrote:

> Dear NANOG Community,
>
>
>
> Can anyone help with any device information that provides redundancy for
> business internet access? In other words when the internet provided through
> the cable modem fails the 4G/LTE takes over automatically to provide
> internet access to the client.
>
>
>
> Thank you
>
>
>
> KARIM M.
>
>
>

Re: cisco nexus 9000 cctrl ERROR

[Scott Weeks]

--- bs...@teamonesolutions.com wrote:From: Brandon Svec Anyone can create a Cisco login.  I would do that and check the bug tracking tool.  I did a quick search on your error message and came up with this:I was unaware that anyone could do that as I have been away from cisco for a good while now.  Thank you both for the quick response.  It helped a lot!scott

cisco nexus 9000 cctrl ERROR

[Scott Weeks]

I don't have a login to cisco to find out what this 
is and I'm having trouble finding anything about it 
in search engines that doesn't require a login to 
cisco.  I guess they only want certain folks to know 
about it... :(  Does anyone know anything about this 
and can explain it to me?  If not, I'll go join 
cisco-nsp and ask there.


%KERN-3-SYSTEM_MSG: [65292299.903992]  - kernel

%KERN-3-SYSTEM_MSG: [66730914.839059] cctrl ERROR: 
cctrl_wait_for_pmbio_busy_status NACK error tmp_data 3b19600 - kernel

%KERN-3-SYSTEM_MSG: [67511639.312284] cctrl ERROR: 
cctrl_wait_for_pmbio_busy_status NACK error tmp_data 1b18100 - kernel


Those last numbers after tmp_data repeat over and over.

Thanks!
scott

please block servicefinder-kundservice.se

[Scott Weeks]

I resort to this again because I have sent email to admin,
had an email conversation with someone at NANOG (who is 
reading the list, I'm sure) and sent to the main list 
previously.  Also, others have complained here about the 
same autoresponder.

Please block this.  I get an email from them every time
we respond to the list.

scott



MIME-Version:   1.0
X-Google-Original-From: nanog@nanog.org
In-Reply-To:<20200102140348.30d...@m0117459.ppops.net>
X-Mailer:   Desk.com Support Platform
Content-Type:   multipart/alternative; 
boundary=mimepart_5e0e694ec6881_fcee3fa5196d9324185880
Message-ID: 
<5e0e694a7c046_1a3b13fec074d9328213...@servicefinder-kundservice.se>
Reply-To:   nanog@nanog.org
X-Received: by 2002:a17:902:fe98:: with SMTP id 
x24mr88078733plm.155.1578002767934; Thu, 02 Jan 2020 14:06:07 -0800 (PST)

Received:   from mail-pl1-f172.google.com (mail-pl1-f172.google.com 
[209.85.214.172])by m0116275.mta.everyone.net (EON-INBOUND) with ESMTP id 
m0116275.5dc217b6.11c6bd0for ; Thu, 2 Jan 2020 14:06:09 
-0800

by mail-pl1-f172.google.com with SMTP id g6so18335892plt.2 for 
; Thu, 02 Jan 2020 14:06:09 -0800 (PST)

from delayed-be-usw1c-04.internal.desk.com 
(ec2-54-241-38-66.us-west-1.compute.amazonaws.com. [54.241.38.66]) by 
smtp.gmail.com with ESMTPSA id i127sm67580843pfc.55.2020.01.02.14.06.06 for 
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 
bits=128/128); Thu, 02 Jan 2020 14:06:07 -0800 (PST)

X-Google-SMTP-Source:   
APXvYqze6Ii/ETQC1QG3kiX5U9tkqjiGY8ag8p5QouCiRfzP/5jDBh9BVhylmWL75beyXkCX+SUX8A==
X-Eon-DM:   m0116275.ppops.net
Subject:ServiceFinder: Ärendenummer 185897
Return-Path:


Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=servicefinder-com.20150623.gappssmtp.com; s=20150623; 
h=from:date:reply-to:to:message-id:in-reply-to:subject:mime-version; 
bh=CmyhFklukE5vTFzzo4EsDP1hM3yGEviWCJuyYmYbApc=; 
b=QIuRiEFG7HqV0Ip9Z9D/jbWS922hEAcpH1965kKlEfzxCavGKWhkZuBP4o5XLNGwH4 
Mku7ZPz0plXKh86H0MWlCoKLeYbVg3S4Lw+dpP3YF0vEdfeMNOJo/vIlfWuZ0AY+t/fj 
J9fNi9Tr+b9Rm1nUywilHMbYUGCRSur8Xjh8ZtpmaaHAqMwLZ6/lEgbrJtvGOWd3ZHT2 
+imxWlrnhTrL5n71tAxfkhZ1nl4tEOxto+Szr2Tv933S91W21JciaB74MiM/qe58LSg3 
5EOdccl1V8q15CBGL0Jvr+dHLzrd11aLlTF+Pp55pNxsDgE/G03MTU8bLEmrI7M3dCpN k+Cg==

X-Google-Dkim-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=1e100.net; s=20161025; 
h=x-gm-message-state:from:date:reply-to:to:message-id:in-reply-to 
:subject:mime-version; bh=CmyhFklukE5vTFzzo4EsDP1hM3yGEviWCJuyYmYbApc=; 
b=D6IEnflaUU6dG+ssr79vdk3iw7nSLPwwheHHpDWnRsiFt6FdoNCh9BZ6PyFiZkbmPo 
L2bIt/mGb0j99L3GDmac/lJUUpHHS/XOW5sS1OMj+zSJu7rLDchLSkFsJHAmWJEAk0Af 
2wivow/Qr5hUvqUYJmPK6qDAn2hM5Y1Bz9KByMpTwMvmnLzwERefcxEaRXXlLbyclCfx 
12wl56VQP/IxE1azDlLKExGNR0u9VJKB8BTMzl4hFRYXFL8GBcjR5/JXei6Ld0IYy5/f 
mvTOjVZ+EXlYQVo+XzoCF88q5S5JI5IGn/gF+HAhGscORcFK1rqdOJDJf97tn1bUgiL7 ISqw==

Date:   Thu, 2 Jan 2020 22:06:06 +
To: sur...@mauigateway.com
X-GM-Message-State: 
APjAAAUAq9G57eo7rjhSO5QUcw0c4p4TAHsAidALbc/UjqsbVMGhfDIcjEj3gCWCCs6Qd+N49yUirDQg3kr0l3Y=
From:   i...@servicefinder.com


 
Vänligen skriv endast ovanför denna markering när du svarar på meddelandet.
Hej Scott Weeks,
Tack för din fråga!

Vi har nu registrerat ditt ärende och du kommer inom kort att bli kontaktad av 
oss på Kundservice.

Du kan också få hjälp själv via vårt Support Center på 
www.support.servicefinder.se.

Du har ärendenummer 185897 – och alla våra ärenden hanteras i den turordning 
som de kommer in.

Vi kontaktar dig så snart vi bara kan, din fråga är viktig för oss.

Ha en fortsatt bra dag,
--

Med vänliga hälsningar
Kundservice

Öppettider: Vardagar 9-17 | Växel: 08-653 00 00
Hemsida: www.servicefinder.se   ServiceFinder.se
--
Detta meddelande skickades till sur...@mauigateway.com med hänvisning till 
ärende 185897.

Re: power to the internet

[Scott Weeks]

-
> I don't know where you live, but I pay around 38 cents/KWh. Depending
> on your rate, that can go up to 53 cents/KWh during peak times.

I live in upstate New York where I pay about 8c/kwh and a fixed $15/mo 
connection charge.  We have day/night rates available but they're not very 
different for retail customers.  I get a slight discount due to credits
from remote net metering at a nearby solar farm.
--


Damn, I'm jealous:

https://www.hawaiianelectric.com/billing-and-payment/rates-and-regulations/average-price-of-electricity

These're averaged...

Rate Schedule  2018 Average Cents/kWh

Oahu
"R" Residential 31.18
"G" Small Power Use Business32.58
"J" Medium Power Use Business   27.44
"P" Large Power Use Business25.17
"DS" Large Power Use Business, Directly Served  24.04

maui/molokai/lanai
"R" Residential 34.21   40.16   40.14
"G" Small Power Use Business38.40   47.17   45.09
"J" Medium Power Use Business   33.53   38.98   42.73
"P" Large Power Use Business30.80   33.05   38.78

scott

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- jhellent...@dataix.net wrote:
From: "J. Hellenthal" 

Yeah sorry to say any email list or not is going to be one 
of the things that are not going to get through unless ... 
you’ve taken extra measures to circumvent that.

Personally, email would be the easiest to block behind 
riuting.
---


After I sent the email I started to realize I likely 
misunderstood.  I hesitated to correct that to the list, 
but here I go. :)


> queues can be written to media, physically transported 
> in/out, and then injected either into an internal or 
> external network seamlessly modulo the time delay.

I believe he meant similar to *nix boxes where you could 
just copy the files in $HOME/mail (or where ever it is) 
onto media and once the data is out of the country it can 
be copied onto another mail system's $HOME/mail and then 
shared with the unblocked part of the internet.  Not a 
user account on somethingmail.com, but rather the entire 
$HOME/mail of all accounts and mailed to someone else who 
is somewhere else on a regular basis.  Also, the reverse 
path for receiving mail in the repressive country.

A good idea either way.  KISS works. :)

scott
















-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Dec 29, 2019, at 15:57, Scott Weeks  wrote:
> 
> 
> 
> :: If you're trying to get information in/out of a 
> :: society that is raising network barriers to 
> :: realtime communication, then you need methods 
> :: that don't rely on a network and aren't realtime.
> 
> 
> This is a great idea, but 99.9% of folks use GUI
> email. :-(
> 
> scott
> 
> 
> 
> 
> --- r...@gsp.org wrote:
> 
> From: Rich Kulawiec 
> To: nanog@nanog.org
> Subject: Re: Iran cuts 95% of Internet traffic
> Date: Sun, 29 Dec 2019 09:11:23 -0500
> 
> 
> And this is why, despite all the disdainful remarks labeling such
> things as "antiquated", mailing lists and Usenet newsgroups are vastly
> superior to web sites/message boards/et.al. when it comes to facilitating
> many-to-many communications between people.  Why?  Well, there are many
> reasons, but one of the applicable ones in this use case is that their
> queues can be written to media, physically transported in/out, and then
> injected either into an internal or external network seamlessly modulo the
> time delay.  And because the computing resources required to handle this
> are in any laptop or desktop made in the last decade, probably earlier.
> 
> If you're trying to get information in/out of a society that is raising
> network barriers to realtime communication, then you need methods that
> don't rely on a network and aren't realtime.
> 
> ---rsk
> 
> 
> 

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

:: If you're trying to get information in/out of a 
:: society that is raising network barriers to 
:: realtime communication, then you need methods 
:: that don't rely on a network and aren't realtime.


This is a great idea, but 99.9% of folks use GUI
email. :-(

scott




--- r...@gsp.org wrote:

From: Rich Kulawiec 
To: nanog@nanog.org
Subject: Re: Iran cuts 95% of Internet traffic
Date: Sun, 29 Dec 2019 09:11:23 -0500


And this is why, despite all the disdainful remarks labeling such
things as "antiquated", mailing lists and Usenet newsgroups are vastly
superior to web sites/message boards/et.al. when it comes to facilitating
many-to-many communications between people.  Why?  Well, there are many
reasons, but one of the applicable ones in this use case is that their
queues can be written to media, physically transported in/out, and then
injected either into an internal or external network seamlessly modulo the
time delay.  And because the computing resources required to handle this
are in any laptop or desktop made in the last decade, probably earlier.

If you're trying to get information in/out of a society that is raising
network barriers to realtime communication, then you need methods that
don't rely on a network and aren't realtime.

---rsk

Re: Requesting /24 from ARIN

[Pennington, Scott]

Hi Terrance.   I don't represent ARIN in any way, but typically proof of dual 
BGP homing with 2 or more upstreams is adequate for my customers.

Get Outlook for Android<https://aka.ms/ghei36>


From: Terrance Devor 
Sent: Saturday, December 28, 2019 2:33:09 PM
To: Pennington, Scott 
Cc: Kaiser, Erich ; Darin Steffl 
; North American Network Operators' Group 

Subject: Re: Requesting /24 from ARIN

Hello Scott,

That is the part I am a little confused about. Justification? We are cloud 
based solution/service providers with ISP reseller accounts and increased 
amount of long term relationships who need dedicated IP addresses. Securing a 
/24 is our entry point and we will require more as we move forward. What type 
of justifications will they need?

Kind Regards,

Terrance

On Sat, Dec 28, 2019 at 1:23 PM Pennington, Scott 
mailto:scott.penning...@cinbell.com>> wrote:
This is not a change. You've always had to justify in order to legitimately 
transfer even from an auction.

Get Outlook for Android<https://aka.ms/ghei36>


From: NANOG mailto:nanog-boun...@nanog.org>> on behalf 
of Kaiser, Erich mailto:er...@gotfusion.net>>
Sent: Saturday, December 28, 2019 1:13:53 PM
To: Darin Steffl mailto:darin.ste...@mnwifi.com>>
Cc: North American Network Operators' Group 
mailto:nanog@nanog.org>>
Subject: Re: Requesting /24 from ARIN

They have changed their policies from what I can tell.  It was easier to get 
IPs when there were none and you were buying from an auction but now that they 
have them they want you to fill out a bunch of info and recertify everything.


Erich Kaiser
The Fusion Network
er...@gotfusion.net<mailto:er...@gotfusion.net>
Office: 815-570-3101

[https://docs.google.com/uc?export=download=0B12mNmVrr3-PVWFkTjVnNnh2czg=0B12mNmVrr3-PVlJBWlZ1Z3kyeS80RUJjSWZWaFBUa0NCV1lBPQ]



On Sat, Dec 28, 2019 at 11:23 AM Darin Steffl 
mailto:darin.ste...@mnwifi.com>> wrote:
In the most polite manner possible, RTFM.

ARIN has all the info on their website on how to request resources. It is not 
difficult. I've never had to call them before.

On Sat, Dec 28, 2019, 9:53 AM Seth Mattinen 
mailto:se...@rollernet.us>> wrote:
On 12/28/19 7:12 AM, Terrance Devor wrote:
> Thank You Jorge! What is important for us is not to overpay That's
> why auctions are really a last resort. Can someone please walk me
> through this with a few links? This is my first time going through this
> process.


Ask ARIN. They will help you.

Re: Requesting /24 from ARIN

[Pennington, Scott]

This is not a change. You've always had to justify in order to legitimately 
transfer even from an auction.

Get Outlook for Android


From: NANOG  on behalf of Kaiser, Erich 

Sent: Saturday, December 28, 2019 1:13:53 PM
To: Darin Steffl 
Cc: North American Network Operators' Group 
Subject: Re: Requesting /24 from ARIN

They have changed their policies from what I can tell.  It was easier to get 
IPs when there were none and you were buying from an auction but now that they 
have them they want you to fill out a bunch of info and recertify everything.


Erich Kaiser
The Fusion Network
er...@gotfusion.net
Office: 815-570-3101

[https://docs.google.com/uc?export=download=0B12mNmVrr3-PVWFkTjVnNnh2czg=0B12mNmVrr3-PVlJBWlZ1Z3kyeS80RUJjSWZWaFBUa0NCV1lBPQ]



On Sat, Dec 28, 2019 at 11:23 AM Darin Steffl 
mailto:darin.ste...@mnwifi.com>> wrote:
In the most polite manner possible, RTFM.

ARIN has all the info on their website on how to request resources. It is not 
difficult. I've never had to call them before.

On Sat, Dec 28, 2019, 9:53 AM Seth Mattinen 
mailto:se...@rollernet.us>> wrote:
On 12/28/19 7:12 AM, Terrance Devor wrote:
> Thank You Jorge! What is important for us is not to overpay That's
> why auctions are really a last resort. Can someone please walk me
> through this with a few links? This is my first time going through this
> process.


Ask ARIN. They will help you.

Re: Thursday: Internet outage eastern Europe Iran and Turkey

[Scott Weeks]

--- morrowc.li...@gmail.com wrote:
From: Christopher Morrow 
On Sat, Dec 21, 2019 at 11:53 PM Scott Weeks  wrote:

> --- morrowc.li...@gmail.com wrote:
> From: Christopher Morrow 
>
> I do think the overall conversation about nation states
> disabling internet (which is not likely the case with
> Sean's original post?) is nanog-worthy.
> --
>
> Yes, I believe you're correct for the most part.  I just
> was more interested in the technical parts and there is
> a global audience here that may have insight as to how
> that part of the network is working.  I can easily see
> how that would get out of control.  But, how are they
> configuring their network elements to block is my
> question.  (DPI? BGP? etc.)

ah! ok... I imagine there are a few knobs for each sort of thing that
can get turned. I think we've seen over the years at least:
  1) turkey blocking access to 8.8.8.8
   (looked like mostly done with static /32's?)

  2) egypt turning off internet for the country
 (prior to overthrow? - I believe 'phone calls to providers' was
renesys's conclusion)
 https://dyn.com/blog/egypt-leaves-the-internet/
this article points at tunisia and iran as well.

  3) pktelecom bgp routery making youtube less cat and more pain.
   https://dyn.com › blog › pakistan-hijacks-youtube-1

  4) prc firewall - forms of mostly DPI packet skullduggery
   blocking random http (really tcp traffic), specific DNS RRs,
disrupting/blocking various VPN technologies

I'd say it probably depends a bunch on whom is doing the poking, for
how long they plan
to make this work/not-work and the tools they have immediately available :(

Figuring more of this out seems like a good plan though... I'm not
sure trying to
actively subvert any of these nation state actions is particularly
smart/healthy though :(
  (note: i don't think YOU/scott are looking for this last part, but
generally speaking...
   it seems like folk put themselves in a bad place if/when they
attempt to get around
   a nationstate's actions, particularly from inside that nationstate)
---


Thanks, I have left this on the list for now.  I can go off list 
if necessary.

That's good information.  Does Dyn put this out regularly or just 
for certain events?  I knew about 1-3, but how do folks find out 
about 4?

:: Figuring more of this out seems like a good plan though...

What I would like to find out is something like "the XXXcountry
part of the network is unreachable via BGP/DNS/at all (firewall 
drops)" or something like that.  It would be interesting to see 
how the different blocks are technically implemented and how that 
changes over time.

And, no, I'm not looking to subvert those things.  I live in the 
US where they do everything sneakily (ATT closet in SF still 
going?) but I wonder why microwave over the border or satellite 
isn't used.  Then ad-hoc jumped through the country.  I guess the 
getting killed or jailed if you get caught thing is why?

I dunno, it is just an interesting thing to me.

scott

Re: Thursday: Internet outage eastern Europe Iran and Turkey

[Scott Weeks]

--- morrowc.li...@gmail.com wrote:
From: Christopher Morrow 

I do think the overall conversation about nation states 
disabling internet (which is not likely the case with 
Sean's original post?) is nanog-worthy.
--


Yes, I believe you're correct for the most part.  I just
was more interested in the technical parts and there is
a global audience here that may have insight as to how
that part of the network is working.  I can easily see 
how that would get out of control.  But, how are they 
configuring their network elements to block is my 
question.  (DPI? BGP? etc.)

scott

javascript just to email the admins :(

[Scott Weeks]

X3wg79X9l41rfGF4dQC 
Xkka2IykcN2b+2rpYM4VCHQ28LWtBEjlznq8nNddO6V+eH6cVAOoVhAFkFVJbeD9QNHx 
t52AKb+XTBcxv7jfT+SbGJjLzhsquT0xEFmMQsBPqEeb4Rt24KEbwfmHhPTg5T0uyDW7 9i+w==

X-Google-Dkim-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=1e100.net; s=20161025; 
h=x-gm-message-state:from:date:reply-to:to:message-id:in-reply-to 
:subject:mime-version; bh=AUZb1VOf2RbCoIpNW/MKWz+SC2n9UZdx/xRe60MVz2g=; 
b=f0lhUuEkCNOFN20pu3E5CNxMKBjMV50x0aQ+sz9tqgHXfQfoTrRevr8E85iBfprjjI 
X4z/Y+rgA7u8nBEfrekE0k4l4erUxj35k1i47gyBd4X4pXbreROvYPgxKEcEaEjdWHo+ 
DRlqWiUkzvUFtThUiYlIpjFIdohzMm7x6kLCzMsOYwSmWoWnzTLQFzzkwXyqeiysyGl1 
xLwa9eJTuuGUWhAKHdops3OCOuRE9uRFJXfuSBjcq58mb0vo9UBoWee3sOjS6ppweHyu 
djrkFAHNi4WQxYzFnU4VySU5uoblzmaVaVWZz8OY0hW61QHIYd8QQZXAef/GCBAEZLCU hUDQ==

Date:   Sat, 21 Dec 2019 23:24:00 +

To: sur...@mauigateway.com

X-GM-Message-State: 
APjAAAU4uaCfoofYxJwyG6p0f1ph3aN+Pu7AjE4tff5HkE6zC3IotHA6tRA/YN6c3OPHsOzbGk69dq+d+yNPKx0=

From:   i...@servicefinder.com



Attachments
NameTypeSaveView
Part 1  text/plain  Save 
Part 2  text/html   Save 
Vänligen skriv endast ovanför denna markering när du svarar på meddelandet.
Hej Scott Weeks,
Tack för din fråga!

Vi har nu registrerat ditt ärende och du kommer inom kort att bli kontaktad av 
oss på Kundservice.

Du kan också få hjälp själv via vårt Support Center på 
www.support.servicefinder.se.

Du har ärendenummer 185004 – och alla våra ärenden hanteras i den turordning 
som de kommer in.

Vi kontaktar dig så snart vi bara kan, din fråga är viktig för oss.

Ha en fortsatt bra dag,
--

Med vänliga hälsningar
Kundservice

Öppettider: Vardagar 9-17 | Växel: 08-653 00 00
Hemsida: www.servicefinder.se   ServiceFinder.se
--
Detta meddelande skickades till sur...@mauigateway.com med hänvisning till 
ärende 185004.

Re: Thursday: Internet outage eastern Europe Iran and Turkey

[Scott Weeks]

--- s...@donelan.com wrote:
From: Sean Donelan 

I hadn't seen messages about this Internet outage affecting multiple 
countries (Eastern Europe, Turkey and Iran) from Thursday.

Multiple fiber cuts affecting major parts of sub-continents don't happen 
as much any more. Yes, I still remember the day of FIVE (5) simultaneous, 
trans-continental fiber cuts in the USA.  I was busy :-)

I don't know if Internet route diversity has improved... or people aren't 
sending me messages about them anymore.
-

I have become quite interested in this lately.  I don't send them
to the list as no one seemed interested when I sent them before.  
For example, India as been turning off the internet like they turn 
the lights:

https://internetshutdowns.in/


Kashmir has been without internet for over 100 days:

https://guardian.ng/news/world/restive-kashmir-marks-100-days-since-india-stripped-autonomy/

Just think how you'd do anything without internet for 100+ days!





Usually after a country as 3 or 4 major egress points, large-scale 
unintentional internet outages are relatively rare. Countries with only 
1 or 2 egress points still have lots of problems.


I'm not so sure 3-4 is a large enough number.  Many countries are
copying China in information repression (among other things) which 
includes building in the ability to turn off internet access
(internationally as well as intranationally) as their network is 
built out. Funny that one thing something as large as a country 
is afraid of is normal folks talking to each other freely.  They
really don't like the end-to-end principle. :)

scott






https://www.bbc.com/news/technology-50851420

Severed fibre optic cables disrupted internet access in parts of eastern 
Europe, Iran and Turkey on Thursday.

The issue, which lasted for about two hours, was caused by multiple fibre 
cables being physically cut at the same time, a highly unusual thing to 
happen.
[...]

Re: RIPE our of IPv4

[Scott Weeks]

--- sur...@mauigateway.com wrote:
From: "Scott Weeks" 

No, it's just that (at least in my case at several different
companies) we're so focused by management on getting the sale
done by augmenting the existing network there is not enough 
time to devote to **planning an entire network from the 
ground up**, then working your plan.  The other way (just 
start configuring stuff) is replete with troubles.

BTW, I have been the IPv6 loudmouth every time, but I don't 
get any traction at all in any of the companies I've worked 
for.  Eyes gloss over and someone quickly changes the 
conversation.  Then we talk about sizing subnets and stuff...
-


BTW, what Mark Andrews said about 6rd fixes (I'm assuming 
a relatively low level of network architecturing work is 
necessary to get it done) what I am saying, but it feels 
so dirty.  I would like to go straight to dual stack.

scott

Re: RIPE our of IPv4

[Scott Weeks]

--- bran...@rd.bbc.co.uk wrote:
From: Brandon Butterworth 

If you're an internet professional you are a negligent one if by
now you are not ensuring all you build quietly includes IPv6, no
customer should need to know to ask for it. It's not like it
needs different kit.
-


No, it's just that (at least in my case at several different
companies) we're so focused by management on getting the sale
done by augmenting the existing network there is not enough 
time to devote to **planning an entire network from the 
ground up**, then working your plan.  The other way (just 
start configuring stuff) is replete with troubles.

BTW, I have been the IPv6 loudmouth every time, but I don't 
get any traction at all in any of the companies I've worked 
for.  Eyes gloss over and someone quickly changes the 
conversation.  Then we talk about sizing subnets and stuff...

scott

Re: RIPE our of IPv4

[Scott Weeks]

--- cb.li...@gmail.com wrote:
From: Ca By 

If your business is dysfunctional, that is a different 
issue from ipv6 being dysfunctional.
-


I was just expressing the problems eyeball networks are 
having getting this done.  Shittons of stuff is out there 
in the CPE that mobile and DC networks do not have to deal 
with.  The suits are looking at the short term cost/risk.

scott

Re: RIPE our of IPv4

[Scott Weeks]

--- c...@firsthand.net wrote:
From: Christian 

Sounds like your company is about to go offline. So I will 
say bye bye for now just in case it happens faster than you 
expected.
-


Speaking of flippant...  No the ILEC has been here since the 
1800s.  I don't think it's going anywhere fast.

scott

Re: RIPE our of IPv4

[Scott Weeks]

Top posting...

-
:: But it is not that simple in the real corporate world. 
:: Execs have bonus targets.

Why would an exec care?  Ipv6 is just normal work like ipv4.
-

No, you have to make purchases and have folks across the 
company do work to get everything going.  Refocusing folks 
work on deploying IPv6 to *everything* (rather than, say, 
getting that shiny new Nokia 7750 deployed so we can sell 
more services) costs money.  Ancient boxen are out here 
and don't support aye pee vee six well or at all.  Getting 
ones that do costs money.  Training lower level folks takes 
them away from their current work and costs money.  Etc.

::> - Modifying old (ancient) internal code;
:: Ancient in 2019 means what? Is this code not in security 
:: compliance ?

I recently started back with a company after being gone nine 
years.  My code was still running and no one in neteng had 
the knowledge of how to do anything with it much less to try 
to write in IPv6 sections.  To take an SA and look into the 
networking code I wrote takes them away from things they
need to do to sell services.  That costs money.

What Sabri wrote hit home here.  Folks are not looking into 
it and will wait until forced to do so.  Then said companies 
will be behind the ball in a big way, but that it what it is 
here and in the other companies I worked for.

A lot of this read to me as flippant.  You don't seem to be 
willing to listen to those of us out here on the raggedy 
edges. I've said what Sabri said at least a few times on this 
list.

scott





--- cb.li...@gmail.com wrote:

From: Ca By 
To: Sabri Berisha 
Cc: nanog 
Subject: Re: RIPE our of IPv4
Date: Tue, 26 Nov 2019 15:11:40 -0800

On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha 
wrote:

> - On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us wrote:
>
> > I get that some people still don't like it, but the answer is IPv6. Or,
> > folks can keep playing NAT games, etc. But one wonders at what point
> > rolling out IPv6 costs less than all the fun you get with [CG]NAT.
>
> When the MBAs start realizing the risk of not deploying it.
>

Hey, i have an mba. That and $5 will get me cup of coffee.


> I have some inside knowledge about the IPv6 efforts of a large eyeball
> network.


Me too.

In that particular case, the cost of deploying IPv6 internally is not
> simply configuring it on the network gear; that has already been done. The
> cost of fully supporting IPv6 includes (but is probably not limited to):
>
> - Support for deploying IPv6 across more than 20 different teams;


Wow.  I support 80M mobile subscribers, 90% of which are ipv6-only.  I
think 20 people in the company can spell ipv6, but somehow you need 20
teams how many teams speak ipv4 ?


> - Modifying old (ancient) internal code;


Ancient in 2019 means what? Is this code not in security compliance ?


> - Modifying old (ancient) database structures (think 16 character fields
> for IP addresses);


Hash 128 bits into 240/4 is how i heard Google handled it early on


> - Upgrading/replacing load balancers and other legacy crap that only
> support IPv4 (yeah, they still exist);


Again, with all the CVEs, this code is always moving in the real world.


> - Modifying the countless home-grown tools that automate firewalls etc;


Home grown means it can be fixed instead of replaced.


> - Auditing the PCI infrastructure to ensure it is still compliant after
> deploying IPv6;
>

Ah, so you are keeping up with compliance / cve and are upgrading at
regular intervals?



> If it was as simple as upgrading a few IP stacks here and there, it would
> be a non-issue.
>

Usually is just a few edge stacks to start and scale the edge


> Don't get me wrong, I'm not advocating against IPv6 deployment; on the
> contrary. But it is not that simple in the real corporate world. Execs have
> bonus targets.


Why would an exec care?  Ipv6 is just normal work like ipv4.

IPv6 is not yet important enough to become part of that bonus target:


The bonus target was normal business continuity planning... in 2008.  Sorry
you missed that one.  Here you go, just put 1 in 2009 to make it 2019 so
you dont look so bad

https://www.arin.net/vault/knowledge/about_resources/ceo_letter.pdf


there is no ROI at this point. In this kind of environment there needs to
> be a strong case to invest the capex to support IPv6.
>
> IPv6 must be supported on the CxO level in order to be deployed.
>
> Thanks,
>
> Sabri, (Badum tsss) MBA


I seewell let me translate it you MBA-eese for you:

FANG deployed ipv6 nearly 10 years ago. Since deploying ipv6, the cohort
experienced 300% CAGR. Also, everything is mobile, and all mobile providers
in the usa offer ipv6 by default in most cases. Latency! Scale! As your
company launches its digital transformation iot 202

Re: RIPE our of IPv4

[Scott Weeks]

> RIPE isn’t dead… Just IPv4.



--- jeffshu...@sctcweb.com wrote:
From: Jeff Shultz 

Hard to say that something that is in full implementation 
and use is dead.
---


Ok...  In the process of dying a slow, painful, agonizing, 
brutal, sickening, won't-just-up-and-friggin-die-already 
death.  Does that work? :)

scott

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- eric.kuh...@gmail.com wrote:
From: Eric Kuhnke 

The vast majority of Iranian ISPs' international transit 
connectivity is through AS12880 DCI , which is a government 
run telecom authority. Google "AS12880 DCI Iran" for more 
info. DCI is also responsible for layer 2 transport and 
DWDM services for smaller downstream ISPs, on other
international terrestrial fiber links, which are opaque to 
us NANOG list people from the perspective of global v4/v6 
routing table/prefix announcement analysis.
-



Quoting a journalist, so

https://www.theguardian.com/world/2019/nov/21/irans-digital-shutdown-other-regimes-will-be-watching-closely

First quote out of order from the article:

"Internet penetration and complexity has vastly grown in Iran 
over the past decade, but the country’s users still connect 
to the global network through just two gateways. Both are 
controlled by the regime, and can be blocked when it chooses."





"Access to the internet is gradually being restored in Iran 
after an unprecedented five-day shutdown that cut its population 
off from the rest of the world and suppressed news of the 
deadliest unrest since the country’s 1979 revolution."

"The internet-freedom group Access Now recorded 75 internet
outages in 2016, which more than doubled to 196 last year."

"Iranians were cut off from the global internet, but 
internally, networks appeared to be functioning relatively 
normally."

"the Iranian government has been working to develop the 
so-called “halal net”, a closed-off version of the internet 
similar to China’s “great firewall”. Iran has been 
pressuring businesses to shift their operations inside the 
country on to what it calls the National Information Network, 
which now boasts its own banking platforms, industrial 
services and messaging apps – ones that activists believe 
are closely surveilled by authorities."



"The Trump sanctions have actually made it easier for Iran 
to seal its citizens off from the global internet ... Many 
Iranian tech firms have been left with no option but to use 
the Islamic Republic’s internal network and infrastructure 
instead."  (reordered quote)

"The last time Iran attempted to choke off access, during 
unrest in January 2018, it was forced to open connections 
again after just 30 minutes, Rashidi says.

“It was a disaster,” he says. “Nothing was working: all 
the government offices, hospitals, financial services 
were gone ... they’ve discovered a lot of things do need 
access to the outside world”

This time, it appears to have gone more smoothly: two 
sources able to monitor internet traffic inside Iran 
confirmed to the Guardian there was no significant 
disruption, indicating hospitals, financial software 
and even ride-sharing apps were still able to function, 
even as Iranians were unable to connect to websites 
such as Google."

"Other authoritarian governments are pursuing a similar 
path. This month, Russia implemented a new law requiring 
ISPs to install equipment better able to identify the 
source of web traffic, as part of a strategy to one day 
be able to completely re-route the Russian internet 
through state-controlled data points."

  :)

“Regimes around the world will be watching very closely 
both the public response and the response of the 
international community,” he says. “If it turns out 
this is feasible to implement, they will see there is 
no political cost.”

scott

Re: Iran cuts 95% of Internet traffic

[Scott Fisher]

One would hope so, but I am I sure they will just threaten their
population on using it. Tyrannical regimes know no bounds.

Thanks,
Scott Fisher
Team Cymru

On 11/18/19 2:26 PM, Tony Wicks wrote:
>>Implementation specifics vary. Most rely on state control of consumer
> ISPs and implement a variety of systems at that layer. Many also have
> chokepoints for >international connectivity as well.
> 
>  
> 
> I guess all these governments who like to control access so tightly are
> going to be in a total tailspin over Starlink eh.
> 
>  
> 
>  
> 
>  
> 



signature.asc
Description: OpenPGP digital signature

OT: RE: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- t...@wicks.co.nz wrote:
From: "Tony Wicks" 

I guess all these governments who like to control...



The wierd thing to me is the one thing governments are afraid 
of is people talking to each other without restriction.  Not 
this or that, rather just people talking freely.  WTF...

scott

 

 

 

Re: Iran cuts 95% of Internet traffic

[Scott Weeks]

--- s...@donelan.com wrote:
From: Sean Donelan 

Its very practical for a country to cut 95%+ of its Internet connectivity. 
Its not a complete cut-off, there is some limited connectivity. But for 
most ordinary individuals, their communication channels are cut-off.

https://twitter.com/netblocks/status/1196366347938271232
--


Does anyone know the network mechanics of how this happens?  For
example, do all fiber connections go through a governmant choke
point for suppression?  If so, what's to stop ubiquity-style 
microwave over the border to sympathetic folks on the other side?  

scott

Re: TCP and anycast (was Re: ECN)

[Scott Weeks]

--- ra...@psg.com wrote:
lots of good research lit on catchment topology of anycasted 
dns, which is very non-local.
---


For the others here that didn't know what that is and are 
curious.  I couldn't take it and just had to know... :)

https://tools.ietf.org/html/rfc4786

Catchment:  in physical geography, an area drained by a river, also
  known as a drainage basin.  By analogy, as used in this document,
  the topological region of a network within which packets directed
  at an Anycast Address are routed to one particular node.

scott

Re: Russian government’s disconnection test

[Scott Weeks]

--- sur...@mauigateway.com wrote:
From: "Scott Weeks" 

Anyone got any technical info on how Russia plans to execute 
a disconnection test of the internet?  



Got crickets, so now I have to respond to my own post on 
what I just found out about it.  Is that like talking to 
yourself? :)

https://www.npr.org/2019/11/01/775366588/russian-law-takes-effect-that-gives-government-sweeping-power-over-internet

"The "sovereign Internet law," as the government calls it, 
greatly enhances the Kremlin's control over the Web. It was 
passed earlier this year and allows Russia's government to 
cut off the Internet completely or from traffic outside 
Russia "in an emergency," as the BBC reported. But some of 
the applications could be more subtle, like the ability to 
block a single post."

"The equipment would conduct what's known as "deep packet 
inspection," an advanced way to filter network traffic. 

"Regardless of what the government intends, some experts 
think it would be technically difficult for Russia to 
actually close its network if it wanted to, because of the 
sheer number of its international connections."

"What I found was that there were hundreds of existing 
Internet exchange points in Russia, some of which have 
hundreds of participants...Many of them are international 
network providers, he says, so "basically it's challenging 
— if not impossible, I think — to completely isolate the 
Russian Internet."

Belson says that the requirement for Internet service 
providers to install tracking software will very likely 
also be challenging in practice. He adds that it will be 
difficult to get hundreds of providers to deploy it and 
hard to coordinate that they're all filtering the same 
content.

scott

Re: D'oH III: In 3-D! Plot Twist from Google/Chrome, Vixie approves?

[Scott Morizot]

+1

On Wed, Oct 30, 2019 at 11:03 AM Todd Underwood  wrote:

> the relevant sentiment is:  thanks for whitelisting a fixed number of them
> so i can block them.
>

Russian government’s disconnection test

[Scott Weeks]

Anyone got any technical info on how Russia plans to execute a 
disconnection test of the internet?  I am starting to see this 
on web sites again: 

https://slate.com/technology/2019/10/russia-runet-disconnection-domestic-internet.html

and started wondering how they plan to do that?  DNS? firewalls?
Shut off optics on fiber?  Stop satellite comms?  What about 
microwave?

https://aviatnetworks.com/solutions/ip-mpls-microwave


"Russia plans to execute a so-called disconnection test of the 
internet sometime in October—right ahead of Nov. 1, when a new 
law about domestic internet kicks into gear. Russia plans to then 
repeat this test at least once a year."

"For one, “equipment is being installed on the networks of 
major telecom operators,” Alexander Zharov, head of Roskomnadzor, 
told reporters."


scott

Re: Quantum Internet Article - Netherlands

[Scott Weeks]

--- rod.b...@unitedcablecompany.com wrote:

https://www.quantamagazine.org/stephanie-wehner-is-designing-a-quantum-internet-20190925/
[https://d2r55xnwy6nx47.cloudfront.net/uploads/2019/09/WehnerQA_1200x630.jpg]<https://www.quantamagazine.org/stephanie-wehner-is-designing-a-quantum-internet-20190925/>
To Invent a Quantum Internet - Quanta 
Magazine<https://www.quantamagazine.org/stephanie-wehner-is-designing-a-quantum-internet-20190925/>
Fifty years after the current internet was born, the physicist and computer 
scientist Stephanie Wehner is planning and designing the next internet — a 
quantum one. The first data ever transmitted over Arpanet, the precursor of the 
internet, blipped from a computer at the University of California ...
www.quantamagazine.org
-


Also see IRTF's Qirg.   https://irtf.org/qirg

scott

RE: IPv6 Pain Experiment

[Scott Weeks]

--- aar...@gvtc.com wrote:
From: "Aaron Gould" 

Thank God for DNS  ;)



No, just Paul Mockapetris... :-)

https://en.wikipedia.org/wiki/Paul_Mockapetris

scott

Re: IPv6 Thought Experiment

[Scott Weeks]

--
“MUST NOT support IPv4”..

I think a good start would be: "MUST support IPv6"!
---


Woah, there!  Hold your horses.  It's only been 20-something 
years.  You can't expect these things to happen overnight!  

>;-)
scott

Re: This DNS over HTTP thing

[K. Scott Helms]

They almost have to change the default since there are (comparatively) very
few DoH providers compared to DNS providers.

On Tue, Oct 1, 2019, 2:40 PM Damian Menscher via NANOG 
wrote:

> On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth  wrote:
>
>> - Original Message -
>> > From: "Stephane Bortzmeyer" 
>> > To: "Jeroen Massar" 
>>
>> >> While the 'connection to the recursor' is 'encrypted', the recursor
>> >> is still in clear text... one just moves who can see what you are
>> >> doing with this.
>> >
>> > As with any cryptographic protocol. Same thing with VPNs, SSH and
>> > whatever: the remote end can see what you do. What's your point?
>>
>> I'm still assimilating this, but based on what I've read this half hour,
>> his point is that "*it's none of Alphabet's damn business* where I go that
>> isn't Google".
>>
>
> What's missing from this discussion are some basic facts, like "is Google
> going to change your DNS settings to 8.8.8.8?"
>
> The opening paragraph of
> https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
>  reads:
>
> "This experiment will be done in collaboration with DNS providers who
> already support DoH, with the goal of improving our mutual users’ security
> and privacy by upgrading them to the DoH version of their current DNS
> service. With our approach, the DNS service used will not change, only the
> protocol will. As a result, existing content controls of your current DNS
> provider, including any existing protections for children, will remain
> active."
>
> Could someone provide a reference of Google saying they'll change the
> default nameserver?  Without that, I think all of Jeroen's arguments fall
> apart?
>
> Damian
>

RE: Colombia Network Operators Group

[Scott Weeks]

>-Original Message-
>From: NANOG  On Behalf Of Scott Weeks
>--- meh...@akcin.net wrote:
>From: Mehmet Akcin 
>
>Few people who is doing a lot of work in Colombia, we decided to start
>Colombia network operators group and arrange local meetups, provide
>people
>support who want to have infrastructure here.
>
>Feel free to join www.nog.com.co and our first face to face meeting will
>be
>in december, date to be announced soon!
>-


>For whatever reason, cisco is not happy with the site:
>
>"This site is blocked due to a security threat that was discovered by
>the Cisco Umbrella security researchers."



--- kmedc...@dessus.com wrote:
From: "Keith Medcalf" 

Fascinating.  What is the security threat I wonder, that there is no 
JavaScript?
---



I don't know.  New job with new security stuff (that I don't have 
anything to do with) and I am sure I'm not the one, so I thought 
I'd let folks know.

scott

Re: Colombia Network Operators Group

[Scott Weeks]

--- meh...@akcin.net wrote:
From: Mehmet Akcin 

Few people who is doing a lot of work in Colombia, we decided to start
Colombia network operators group and arrange local meetups, provide people
support who want to have infrastructure here.

Feel free to join www.nog.com.co and our first face to face meeting will be
in december, date to be announced soon!
-



For whatever reason, cisco is not happy with the site:

"This site is blocked due to a security threat that was discovered by 
the Cisco Umbrella security researchers."

scott

Re: Art and Tech is madness

[Scott Weeks]

--- cb...@gizmopartners.com wrote:
From: Chris Boyd 

There’s also this gem from 2005 or 2007 days. I’ve heard Cisco staff was 
involved in its creation.
http://www.mattzrelak.com/mp3/t1down.htm
--



At work...

==
This site is blocked due to a security threat.

www.mattzrelak.com

This site is blocked due to a security threat that was discovered by the 
Cisco Umbrella security researchers.

Report an incorrect block 
=


scott

list admin contact is only a web gui???

[Scott Weeks]

We can only get to the list admins through a GUI (ewww) 
now days, or am I having drinks on the beach and not 
finding it on the web site because of that?

Please stop this guy.  Four of these for every post.

scott


--- Begin forwarded message:

From: 
To: 
Subject:
Date: 01 Sep 2019 20:06:08 EDT

Message to 7867650...@email.uscc.net failed.

Re: Weekly Routing Table Report

[Scott Weeks]

--- mo...@necom830.hpcl.titech.ac.jp wrote:
From: Masataka Ohta 
Scott Weeks wrote:

> I have been reading your posts on IETF and here regarding the
> above and I'm curious as to your thoughts on John Day's RINA.

As you give no reference, let's rely on wikipedia

https://en.wikipedia.org/wiki/Recursive_Internetwork_Architecture



Yes, my apologies for no reference.  Further, I have no URL to
point to as I read the book. (actual book; no e-something)

Here's something:  http://pouzinsociety.org

Like the book, in the Wikipedia article you have to get through 
or skip the first part.  In the book, that's the first 5 or so 
chapters.  He just describes why, in his opinion, previous things 
have failed and the way he does it turns a lot of folks off.  
Likewise, I skipped the last 1-2 chapters.  So in the Wikipedia 
article skip to the Introduction" section.


A couple more things:

---
E2E (end-to-end principle) is not relevant

IPv6 is/was a waste of time

The RINA's fundamental principles are that computer 
networking is just Inter-Process Communication or IPC,
and that layering should be done based on scope/scale, 
with a single recurring set of protocols, rather than 
function, with specialized protocols.
---



 more from Wikipedia 

The IPC model of RINA concretizes distributed applications in 
Distributed Application Facilities or DAFs, as illustrated in 
Figure 2. A DAF is composed of two or more Distributed Application 
or DAPs, which collaborate to perform a task. These DAPs 
communicate using a single application protocol called Common 
Distributed Application Protocol or CDAP, which enables two DAPs 
to exchange structured data in the form of objects. All of the 
DAP's externally visible information is represented by objects and 
structured in a Resource Information Base or RIB, which provides a 
naming schema and a logical organization to the objects known by 
the DAP (for example a naming tree). CDAP allows the DAPs to 
perform six remote operations on the peer's objects: create, delete, 
read, write, start and stop.

In order to exchange information, DAPs need an underlying facility 
that provides communication services to them. This facility is 
another DAF whose task is to provide and manage Inter Process 
Communication services over a certain scope, and is called a 
Distributed IPC Facility or DIF. A DIF can be thought of as a layer, 
and enables a DAP to allocate flows to one or more DAPs, by just 
providing the names of the targeted DAPs and the characteristics 
required for the flow such as bounds on data loss and delay, 
in-order delivery of data, reliability, etc. 

DIFs, being DAFs, can in turn use other underlying DIFs themselves. 
This is the recursion of the RINA.


scott














and restrict scope only for multihoming.

Then, it is true that:

 > 1972. Multi-homing not supported by the ARPANET.

which means current specifications do not support multihoming very well.

but, the statement

 > The solution was obvious: as in operating systems, a logical address
 > space naming the nodes (hosts and routers) was required on top of the
 > physical interface address space.

is wrong, because it is enough to let transport layer identify
connections based on a set of physical interface addresses of
all the interfaces, which is what draft-ohta-e2e-multihoming-*
proposes.

That is, he misunderstand restrictions by the current specification
something inevitably required by layering.

 > It tosses all this on its head.

If you have some text of RINA denying the E2E argument, quote it
with URLs please.

Masataka Ohta

Re: Weekly Routing Table Report

[Scott Weeks]

From: Masataka Ohta 

If you can't accept the following principle of the End to End
argument:

The function in question can completely and correctly be
implemented only with the knowledge and help of the
application standing at the end points of the
communication system.
---


I have been reading your posts on IETF and here regarding the 
above and I'm curious as to your thoughts on John Day's RINA.  
It tosses all this on its head.

scott