Re: Verizon Policy Statement on Net Neutrality
Daniel, We'd have to come to some standard definition of, But even if 1% of users would reasonably be using a fully symmetric link to its potential... As I said, I have visibility into a large number of symmetric connections and without exception they'd fit well into a plan that offered upstreams with that had a fractional speed of the downstream. Now, keep in mind I'm not talking about 1/10 as a ratio here, but 1/5 would accommodate ~99.2% and 1/4 would fit ~99.9%. It's also important to note that all of these accounts are in the 25mbps down territory so their upstreams are 5mbps. What I see when I look at customer satisfaction ratings is a very strong correlation with low uplink speeds and a high satisfaction rate when we look at uplink speeds greater than 4mbps. What I don't see is an increase in customer satisfaction as upload speeds go past ~6mbps. Conversely, increases in customer satisfaction with correlate with increases in download speeds past ~30mbps before the correlation starts weakening. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:57 PM, Daniel Taylor dtay...@vocalabs.com wrote: The statistics certainly *should* be used when provisioning aggregate resources. But even if 1% of users would reasonably be using a fully symmetric link to its potential, that's a good reason to at least have such circuits available in the standard consumer mix, which they aren't today. On 02/27/2015 01:30 PM, Scott Helms wrote: Daniel, Well, I wouldn't call using the mean a myth, after all understanding most customer behavior is what we all have to build our business cases around. If we throw out what customers use today and simply take a build it and they will come approach then I suspect there would fewer of us in this business. Even when we look at anomalous users we don't see symmetrical usage, ie top 10% of uploaders. We also see less contended seconds on their upstream than we do on the downstream. These observations are based on ~500k residential and business subscribers across North America using FTTH (mostly GPON), DOCSIS cable modems, and various flavors of DSL. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:21 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: But by this you are buying into the myth of the mean. It isn't that most, or even many, people would take advantage of equal upstream bandwidth, but that the few who would need to take extra measures unrelated to the generation of that content to be able to do so. Given symmetrical provisioning, no extra measures need to be taken when that 10 year old down the street turns out to be a master musician. On 02/27/2015 11:59 AM, Scott Helms wrote: This is true in our measurements today, even when subscribers are given symmetrical connections. It might change at some point in the future, especially when widespread IPv6 lets us get rid of NAT as a de facto deployment reality. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 12:48 PM, Naslund, Steve snasl...@medline.com mailto:snasl...@medline.com wrote: How about this? Show me 10 users in the average neighborhood creating content at 5 mbpsPeriod. Only realistic app I see is home surveillance but I don't think you want everyone accessing that anyway. The truth is that the average user does not create content that anyone needs to see. This has not changed throughout the ages, the ratio of authors to readers, artists to art lovers, musicians to music lovers, YouTube cat video creator to cat video lovers, has never been a many to many relationship. On 2015-02-27 12:13, valdis.kletni...@vt.edu mailto:valdis.kletni...@vt.edu wrote: Consider a group of 10 users, who all create new content. If each one creates at a constant rate of 5 mbits, they need 5 up. But to download all the new content from the other 9, they need close to 50 down. And when you expand to several billion people creating new content, you need a *huge* pipe
Re: Verizon Policy Statement on Net Neutrality
'Normal is whatever the user normally tries to do.' That's simply not a realistic definition. There's no way to determine what a consumer will want to do before they sign up for the service. For that matter, it's impossible to determine what a customer will want 2 years after they've signed. Further, its impossible to understand what is normal without spying on your customers. 'Reasonable is whatever the user is willing to pay for. Any mismatch between the two finds its error in your marketing department.' Reasonable pricing is what the market will bear as always, but what the market will bear versus what customers *expect* often greatly diverge. Anyone who wants to pay for a direct connection to a Tier 1 of their choice with SLAs can do so, but that's not that doesn't happen. 'Seems like a competitive service provider focused on meeting that customer population's needs would do well. Any notion what has prevented that from happening?' They *are *the alternative operator in this market. What's keeping anyone else from doing it better is that it's more expensive than customers will pay to do it better. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 3:17 PM, William Herrin b...@herrin.us wrote: On Fri, Feb 27, 2015 at 3:01 PM, Scott Helms khe...@zcorum.com wrote: The problem is in defining what is normal and reasonable when customers only know what those mean in regards to their behavior and not the larger customer base nor the behavior of the global network. Hi Scott, Normal is whatever the user normally tries to do. Reasonable is whatever the user is willing to pay for. Any mismatch between the two finds its error in your marketing department. If your understanding of normal and reasonable radically diverges from this, you've made a mistake. It's exactly as simple as this. I have a customer on the west coast that has a very large Asian immigrant population and a very high percentage of the traffic from this access provider is going to and from Asia. This introduces a lot of variables that are far outside of the operator's control, so what's reasonable for this operator to do to ensure reasonable speeds when the links to Asia get saturated far upstream of them? They certainly could choose to buy alternative connectivity to that region, but then they'd have to raise rates and most of the time that extra connectivity isn't needed. So what are they doing? Playing it one-size-fits-all and giving this very large customer population no way to get acceptable speed to the portions of the Internet that population wants to reach? Seems like a competitive service provider focused on meeting that customer population's needs would do well. Any notion what has prevented that from happening? Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/
Re: Verizon Policy Statement on Net Neutrality
Daniel, 50MB/s might be tough to fill, but even at home I can get good use out of the odd 25MB/s upstream burst for a few minutes. Which would you choose, 50/50 or 75/25? My point is not that upstream speed isn't valuable, but merely that demand for it isn't symmetrical and unless the market changes won't be in the near term. Downstream demand is growing, in most markets I can see, much faster than upstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms
Re: Verizon Policy Statement on Net Neutrality
My point is that the option should be there, at the consumer level. Why? What's magical about symmetry? Is a customer better served by having a 5mbps/5mbps over a 25mbps/5mbps? There are so many use cases for this, everything from personal game servers to on-line backups, that the lack of such offerings is an indication of an unhealthy market. Until we get NAT out of the way, this is actually much harder to leverage than you might think. I don't think there is anything special about symmetrical bandwidth, I do think upstream bandwidth usage is going up and will continue to go up, but I don't see any evidence in actual performance stats or customers sentiment to show that it's going up as fast as downstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 3:36 PM, Daniel Taylor dtay...@vocalabs.com wrote: My point is that the option should be there, at the consumer level. If not for fully symmetrical service (I admit that 50MB/s upstream is a tough pipe to fill), at least for significantly higher upstream service than is currently available in most neighborhoods. There are so many use cases for this, everything from personal game servers to on-line backups, that the lack of such offerings is an indication of an unhealthy market. On 02/27/2015 02:25 PM, Scott Helms wrote: Daniel, We'd have to come to some standard definition of, But even if 1% of users would reasonably be using a fully symmetric link to its potential... As I said, I have visibility into a large number of symmetric connections and without exception they'd fit well into a plan that offered upstreams with that had a fractional speed of the downstream. Now, keep in mind I'm not talking about 1/10 as a ratio here, but 1/5 would accommodate ~99.2% and 1/4 would fit ~99.9%. It's also important to note that all of these accounts are in the 25mbps down territory so their upstreams are 5mbps. What I see when I look at customer satisfaction ratings is a very strong correlation with low uplink speeds and a high satisfaction rate when we look at uplink speeds greater than 4mbps. What I don't see is an increase in customer satisfaction as upload speeds go past ~6mbps. Conversely, increases in customer satisfaction with correlate with increases in download speeds past ~30mbps before the correlation starts weakening. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:57 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: The statistics certainly *should* be used when provisioning aggregate resources. But even if 1% of users would reasonably be using a fully symmetric link to its potential, that's a good reason to at least have such circuits available in the standard consumer mix, which they aren't today. On 02/27/2015 01:30 PM, Scott Helms wrote: Daniel, Well, I wouldn't call using the mean a myth, after all understanding most customer behavior is what we all have to build our business cases around. If we throw out what customers use today and simply take a build it and they will come approach then I suspect there would fewer of us in this business. Even when we look at anomalous users we don't see symmetrical usage, ie top 10% of uploaders. We also see less contended seconds on their upstream than we do on the downstream. These observations are based on ~500k residential and business subscribers across North America using FTTH (mostly GPON), DOCSIS cable modems, and various flavors of DSL. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:21 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: But by this you are buying into the myth of the mean. It isn't that most, or even many, people would take advantage of equal upstream bandwidth, but that the few who would need to take extra measures unrelated to the generation of that content to be able to do so. Given symmetrical provisioning, no extra measures need to be taken when that 10 year old down the street turns out to be a master musician. On 02/27/2015 11:59 AM, Scott Helms wrote
Re: Verizon Policy Statement on Net Neutrality
Chris, because gameservers, backups, etc don't work just fine today in the 'world of nat' ??? I'm fairly certain that I can do backups to carbonite/etc with my nat working just fun, right? I'm also fairly certain that WoW (or whatever, hell I don't play games, so I'll just say: Angband) etc that turn the fastest user in the group into a server also work just fine... Talk to someone at Carbonite and ask them how much effort they have to exert to make that work. Also, keep in mind that your game example is not someone running a game server as a residential subscriber, it's a residential subscriber accessing a server hosted on a dedicated network. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 4:16 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Feb 27, 2015 at 3:53 PM, Scott Helms khe...@zcorum.com wrote: My point is that the option should be there, at the consumer level. Why? What's magical about symmetry? Is a customer better served by having a 5mbps/5mbps over a 25mbps/5mbps? it sort of depends on what the user is doing, right? there's some chatter that (queue akapella in 3...2) upstream ack packet loss is actually more detrimental to user experience than downstream packet loss, so maybe more upstream just to protect (and simplify) ack management is helpful? There are so many use cases for this, everything from personal game servers to on-line backups, that the lack of such offerings is an indication of an unhealthy market. Until we get NAT out of the way, this is actually much harder to leverage than you might think. I don't think there is anything special about because gameservers, backups, etc don't work just fine today in the 'world of nat' ??? I'm fairly certain that I can do backups to carbonite/etc with my nat working just fun, right? I'm also fairly certain that WoW (or whatever, hell I don't play games, so I'll just say: Angband) etc that turn the fastest user in the group into a server also work just fine... symmetrical bandwidth, I do think upstream bandwidth usage is going up and will continue to go up, but I don't see any evidence in actual performance stats or customers sentiment to show that it's going up as fast as downstream demand. possibly because the places where this is available are so few and so far-between that 'users' don't generally know or see this? so ... err, they won't know if it's better for their usecases or not.
Re: Verizon Policy Statement on Net Neutrality
hopefully not much since it's rsync (or was). I'm not sure I care a lot though if they have to run a stun/ice server... that's part of the payment I make to them, right? Sure it is, but the point is if it's easier to deliver then the price will go down and more people will choose to use it. That's kind of my point. Carbonite (and others) have built a decent business, but imagine if their costs were cut by ~15% because they didn't have to deal with NAT transversal they could offer more services for the same amount of money or offer the same service for less. Either would result in more people using that kind of service. Imagine what *might *be possible if direct communication would work without port forwarding rules inside your neighborhood. no it wasn't. Blizzard or one of the others used to select the 'fastest player' to be the server for group play... That's not WoW, it might be Diablo III or StarCraft (both Blizzard products) my son has a minecraft server as well behind nat, his pals all over play on it just fine. It happens to have v6, but because the minecraft people are apparently stuck in 1972 only v4 is a configurable transport option, and the clients won't make queries so my is a wasted dns few bytes. Frankly folk that want to keep stomping up and down about NAT being a problem are delusional. Sure direct access is nice, it simple and whatnot, but ... really... stuff just works behind NAT as well. It doesn't just work there is a real cost and complexity even if you're using UPNP or you're comfortable doing the port forwarding manually to get around it to a certain extent. Session border controllers cost tens of thousands of dollars to handle SIP sessions behind NAT. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 4:29 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Feb 27, 2015 at 4:21 PM, Scott Helms khe...@zcorum.com wrote: Chris, because gameservers, backups, etc don't work just fine today in the 'world of nat' ??? I'm fairly certain that I can do backups to carbonite/etc with my nat working just fun, right? I'm also fairly certain that WoW (or whatever, hell I don't play games, so I'll just say: Angband) etc that turn the fastest user in the group into a server also work just fine... Talk to someone at Carbonite and ask them how much effort they have to exert hopefully not much since it's rsync (or was). I'm not sure I care a lot though if they have to run a stun/ice server... that's part of the payment I make to them, right? to make that work. Also, keep in mind that your game example is not someone running a game server as a residential subscriber, it's a residential subscriber accessing a server hosted on a dedicated network. no it wasn't. Blizzard or one of the others used to select the 'fastest player' to be the server for group play... my son has a minecraft server as well behind nat, his pals all over play on it just fine. It happens to have v6, but because the minecraft people are apparently stuck in 1972 only v4 is a configurable transport option, and the clients won't make queries so my is a wasted dns few bytes. Frankly folk that want to keep stomping up and down about NAT being a problem are delusional. Sure direct access is nice, it simple and whatnot, but ... really... stuff just works behind NAT as well. -chris
Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]
Hardened carrier grade Ethernet gear appeared quite a time after PON gear did and until we got gear that could be deployed in cabinets the cost of the fiber plant being back hauled to the CO was much more expensive. Google decided to do GPON purely because of cost, they really wanted to do Active Ethernet but the economics didn't work out. Can we remember that most corporate and campus (and, for that matter home) networks are symmetric, at least at the edges. Only if we're talking about Ethernet, your WiFi network is almost never symmetrical. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 3:47 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Folks, Let's not go overboard here. Can we remember that most corporate and campus (and, for that matter home) networks are symmetric, at least at the edges. Personally, I figure that by deploying PON, the major carriers were just asking for trouble down the line. It's not like carrier-grade gigE switches are that much more expensive than PON gear. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]
Stephen is dead on here. In DOCSIS the downstream communication happens in one or more normal cable TV channel band, ie 6MHz channels from 54 MHz to 890MHz. The upstreams will be (in most cases) either 1.6 MHz, 3.2 MHz, or 6.4MHz wide and in the 5-42 MHz range. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 4:56 PM, Stephen Satchell l...@satchell.net wrote: On 02/27/2015 01:27 PM, Jack Bates wrote: My 2 cents. I don't design these things, but you'd think people would start realizing that static allocation is kind of limiting. Giving someone 50mb/s with 20mb/s waste is annoying when they are saturating 3mb/s the opposite direction. Wouldn't it be cool if your backup at night could use 50mb/s upstream and drop your downstream to 5mb/s because you aren't downloading anything? That's possible with multicarrier technology, such as xDSL. When you get into the data-over-cable technology, you find a completely different story -- it's a system limitation that you have an upstream channel that is less efficient than the downstream channel because the upstream channel has to be accessed by a number of sources, with access control, whereas the downstream channel is nothing more than a broadcast pipe (just like 10base-2 Ethernet) where you pick your packets out of the stream. Other technologies have their quirks, too...
Re: Verizon Policy Statement on Net Neutrality
I don't know that price is the problem with carbonite, or any backup solution. I think most folk don't see why they OUGHT to backup their pictures/etc... until they needed to get them from a backup :( Are you really trying to say they wouldn't get more customers if they could lower their prices or alternatively increase marketing? I doubt it's 15%, if it is... wow they seem to be doing it wrong. I invite you to try and do some of the programming tricks needed to work around NAT and the ongoing costs needed to run an external set of servers just to handle session state. 15% is probably underestimating the costs, but I don't have hard numbers to be any more precise. this is a point problem (backup for carbonite), there are lots of things that work 'just fine' with NAT (practically everything... it would seem) I'm not sure digging more into why carbonite/etc are 'hard' (because they aren't, because they are working...) is helpful. Just because it's easy for you, doesn't have a thing to do with the effort that the Carbonite engineers and software folks had to put in to make it easy. I can imagine that, I have that silly thing that my dsl modem does (zeroconf or whatever crazy sauce my windows ME desktop does to tell the 'router' to open a port so johnny down the street can chat me).' Wait, are you really running Windows ME folk could deploy v6 though, eh? it's not costing THAT much I guess if they can't get off their duffs and deploy v6 on the consumer networks that don't already have v6 deployed. You can't be all: NAT IS HARD!!! AND EXPENSIVE!!! and not deploy v6. You're misunderstanding, IPv6 is expensive for the carriers and NAT is expensive for the OTT service providers and software companies. Both are hard and expensive, but to completely different groups. This is why Netflix, Google, Carbonite, Spotify, and host of other content or OTT services want the carriers to deploy IPv6. It's also why the carriers have been less than enthusiastic. They get the bulk of the cost while others get the bulk of the benefits. Frankly, SBCs exist for a whole host of reasons unrelated to NAT, so that's a fine red herring you've also brought up. No, it's not. SBCs can and do a lot more than NAT transversal, but the reasons that SIP operators of any scale can't live without them is NAT. Anyone who tells you differently is misinformed Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 5:05 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Feb 27, 2015 at 4:41 PM, Scott Helms khe...@zcorum.com wrote: hopefully not much since it's rsync (or was). I'm not sure I care a lot though if they have to run a stun/ice server... that's part of the payment I make to them, right? Sure it is, but the point is if it's easier to deliver then the price will go down and more people will choose to use it. That's kind of my point. I don't know that price is the problem with carbonite, or any backup solution. I think most folk don't see why they OUGHT to backup their pictures/etc... until they needed to get them from a backup :( Carbonite (and others) have built a decent business, but imagine if their costs were cut by ~15% because they didn't have to deal with NAT transversal they could offer more services for the same amount of money or offer the I doubt it's 15%, if it is... wow they seem to be doing it wrong. same service for less. Either would result in more people using that kind of service. this is a point problem (backup for carbonite), there are lots of things that work 'just fine' with NAT (practically everything... it would seem) I'm not sure digging more into why carbonite/etc are 'hard' (because they aren't, because they are working...) is helpful. Imagine what might be possible if direct communication would work without port forwarding rules inside your neighborhood. I can imagine that, I have that silly thing that my dsl modem does (zeroconf or whatever crazy sauce my windows ME desktop does to tell the 'router' to open a port so johnny down the street can chat me). also I have ipv6, so i have open access directly to my internal network. (so do 70+% of the rest of the comcast user base... and TWC and ...) no it wasn't. Blizzard or one of the others used to select the 'fastest player' to be the server for group play... That's not WoW, it might be Diablo III or StarCraft (both Blizzard products) you'll note in my first message about this (not the morse code one) I said I don't play games so call it angband (http://rephial.org/) my son has a minecraft server as well behind nat, his pals all over play on it just fine. It happens to have v6, but because the minecraft people are apparently stuck in 1972 only v4 is a configurable transport option, and the clients won't make queries so
Re: mpls over microwave
Just in case anyone looks this thread up in the future... We're likely going with Aviat and their DAC GE card EXD-181-002 cards. From the company: Yes the Ethernet card does support jumbo frame size, IPV6 and MPLS EXP bits, QOS and VLANs with 802.1q tagging. scott
Re: gmail spam help
I'd be interested to know how you can be so adamant about the lack of spam from this specific server. A great percentage of the spam hitting servers I have visibility into comes from very similar kinds of set ups because they tend to have little or no over sight in place. Also, lots of commercial email gets flagged as spam by users, even when they opted in for the email. If enough people flagged email from this server as spam it will cause Google to consider other email from the same small server as likely to be spam as well. Small systems, especially new ones, tend to unintentionally look like spam sources by not having proper reverse records, making sure you have SPF set up for the domain, etc. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Feb 12, 2015 at 10:41 AM, Alex Rubenstein a...@corp.nac.net wrote: I should have been clearer. I have been getting complaints from my sales folks that when they send emails to people who use gmail (either a gmail account or google apps) that they recipient is reporting that the email is ending up in the Spam folder. So, I tested this myself, sending an email from a...@corp.nac.netmailto: a...@corp.nac.net to rubenstei...@gmail.commailto:rubenstei...@gmail.com [cid:image001.png@01D046AD.3B2FA890] This is curious to me, since @corp.nac.net is a small exchange implementation with only about 50 users behind it, and there is no question that there is no spamming going on from here. So, it’s not a question of adding a filter or not using gmail; it is not me who is using gmail in this problem. From: Josh Luthman [mailto:j...@imaginenetworksllc.com] Sent: Thursday, February 12, 2015 9:32 AM To: Alex Rubenstein Cc: NANOG list Subject: Re: gmail spam help Create a filter. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Feb 12, 2015 8:11 AM, Alex Rubenstein a...@corp.nac.netmailto: a...@corp.nac.net wrote: Is there anyone on-list that can help me with a world - gmail email issue, where email is being considering spam by gmail erroneously? Thanks.
Re: gmail spam help
Alex, I won't begin to claim to know the root cause behind this, but I own it isn't a good reason to say that no spam has come from it, indeed it's not even a reason to say that a great amount of spam hasn't come from it. The only way Google allows contact on these issues is via this form: https://support.google.com/mail/contact/msgdelivery I also see that your domain is listed by http://www.squidblacklist.org/ http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3acorp.nac.netrun=toolpage Clearly it's not just Google that sees some issues, but your domain doesn't appear to be on any other email black lists, which generally means that a machine(s) on your network is/was compromised and being used in a phishing attack. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Feb 12, 2015 at 10:54 AM, Alex Rubenstein a...@corp.nac.net wrote: Mainly because I own it, and the people who use it. The server has been around 10+ years and has tight oversight. SPF is proper. This is a recent issue. *From:* Scott Helms [mailto:khe...@zcorum.com] *Sent:* Thursday, February 12, 2015 10:51 AM *To:* Alex Rubenstein *Cc:* Josh Luthman; NANOG list *Subject:* Re: gmail spam help I'd be interested to know how you can be so adamant about the lack of spam from this specific server. A great percentage of the spam hitting servers I have visibility into comes from very similar kinds of set ups because they tend to have little or no over sight in place. Also, lots of commercial email gets flagged as spam by users, even when they opted in for the email. If enough people flagged email from this server as spam it will cause Google to consider other email from the same small server as likely to be spam as well. Small systems, especially new ones, tend to unintentionally look like spam sources by not having proper reverse records, making sure you have SPF set up for the domain, etc. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Feb 12, 2015 at 10:41 AM, Alex Rubenstein a...@corp.nac.net wrote: I should have been clearer. I have been getting complaints from my sales folks that when they send emails to people who use gmail (either a gmail account or google apps) that they recipient is reporting that the email is ending up in the Spam folder. So, I tested this myself, sending an email from a...@corp.nac.netmailto: a...@corp.nac.net to rubenstei...@gmail.commailto:rubenstei...@gmail.com [cid:image001.png@01D046AD.3B2FA890] This is curious to me, since @corp.nac.net is a small exchange implementation with only about 50 users behind it, and there is no question that there is no spamming going on from here. So, it’s not a question of adding a filter or not using gmail; it is not me who is using gmail in this problem. From: Josh Luthman [mailto:j...@imaginenetworksllc.com] Sent: Thursday, February 12, 2015 9:32 AM To: Alex Rubenstein Cc: NANOG list Subject: Re: gmail spam help Create a filter. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Feb 12, 2015 8:11 AM, Alex Rubenstein a...@corp.nac.netmailto: a...@corp.nac.net wrote: Is there anyone on-list that can help me with a world - gmail email issue, where email is being considering spam by gmail erroneously? Thanks.
Re: Comcast New England dropped for 5-15 min? Anyone
On Tue, Feb 10, 2015 at 7:27 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: Hey, anyone had problems just now? My team and I at homes lost internet access for about 10 min. I also had many sites drop off. Still digging, but maybe trouble upstream? I'm in 50.133.128.0/17 at home. Yah, we lost two offices with Comcast feeds in northern Mass about two hours ago, and a cow-orker reports his home feed in southern NH went out around the same time. His is back but the offices are still down. Their phone support says they had a massive outage in the North-East, including MA, NH, CT, others. I think he even said Virgina. Now I'm on hold while they try to reset us. -- Ben
Re: UVerse question
ATT will do a bonded VDSL2 connection in cases where a single connection isn't getting enough throughput. Also, be aware that the device may now be branded as an Arris, but Tim is correct that it's normally a NVG589 for new installs. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Feb 10, 2015 at 3:03 AM, Tim Burke t...@tburke.us wrote: What is a “4wire” modem? Is that a Chinese knockoff of a 2wire brand? ;-) Or are you referring to a pair-bonded modem? ATT seems to only offer the pair-bonded device (in most cases, a Motorola NVG589) when you have their 45mbps “Power” service. If anything, you could always upgrade to the 45mbps service just to get the new modem, and then downgrade after you get the modem installed. The newer modems, including the 589, provide IPv6 support using 6rd. The compatibility test previously mentioned will determine if your current device is capable of IPv6. The older equipment has firmware updates available that will provide IPv6 connectivity. On Feb 8, 2015, at 4:48 PM, TR Shaw ts...@oitc.com wrote: Any suggestions on what to tell ATT to get IPv6 added to a current account and upgrade a 2wire router to 4wire with halfway decent performance and capability? Any and all help would be appreciated. Tom
RE: mpls over microwave
-Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Weeks Thanks everyone, I feel a lot more confident on this project after this discussion. I will be working with a comm engineer who'll be doing the various radio links. I just need to be sure he can make the best decision as we're moving from ATM to MPLS and he doesn't understand the networking part and I only understand the basics of microwave links. --- snasl...@medline.com wrote: From: Naslund, Steve snasl...@medline.com I would try to recommend finding a microwave guy that knows IP. Quite a lot of them do now since most of their installs are IP traffic backhaul. --- There is no choice in this situation. I get what I get and make it work. And, it is hard to find technical folks *way* out in the country on a dot in the middle of the Pacific Ocean. :-) scott
RE: IPv6 allocation plan, security, and 6-to-4 conversion
On Jan 30, 2015, at 07:37 , Owen DeLong owen@delong wrote: /48 for all customer sites is not at all unreasonable and is fully supported by ARIN policy. Where Bill is correct is that some customers may have more than one site. The official policy definition of a site is a single building or structure, or, in the case of a multi-tenant building or structure, a single tenant within that building. Yes, this could technically mean that a college dorm contains thousands of sites and could justify thousands of /48s. Is this your recommendation for colleges? Or, are you simply pointing out a possible interpretation of ARIN policy?
Re: mpls over microwave
Thanks everyone, I feel a lot more confident on this project after this discussion. I will be working with a comm engineer who'll be doing the various radio links. I just need to be sure he can make the best decision as we're moving from ATM to MPLS and he doesn't understand the networking part and I only understand the basics of microwave links. scott
Re: mpls over microwave
On Thu, Feb 5, 2015 at 3:55 PM, Scott Weeks sur...@mauigateway.com wrote: Anyone doing MPLS over microwave radios? Please share your experiences on list or off. --- ada...@amarillowireless.net wrote: From: Adair Winter ada...@amarillowireless.net We are. What would you like to know? - What kind of radios? What kind of hand off? What kind of router does the radio connect to? Any gotchas I should watch out for? scott
mpls over microwave
Anyone doing MPLS over microwave radios? Please share your experiences on list or off. scott
Re: mpls over microwave
--- davidbass...@gmail.com wrote: Always used Ethernet handoffs on the radios to keep things simple. - Had to run off to a meeting. Back now. This is one thing I was worried about. I'm not doing the radio part. Someone else is. I didn't know if folks do pure Ethernet or if it's an IP hand off. If it's an IP addressed hand off, I have to come out of MPLS, cross the link, then go back into MPLS. Thanks for the pointers on packet size. I will be sure to check into that. scott
Re: cable modem firmware upgrade
Sam, The most common approach from the MSOs is to take one of two paths. Either simply not allow non-approved devices to come online, this is common from the larger MSOs, or to simply not try and update the firmware for unfamiliar devices, this is common for smaller operators. It's very unusual for a MSO to work with an unapproved vendor simply because they almost never have enough of their own customers using those devices to make the effort worthwhile *and *most of the direct to consumer vendors stop producing firmware updates on a much quicker pace than service provider gear vendors do. A direct to consumer device will often get 3 firmware updates total, while the devices sold to/through service providers are supported for much longer and I can commonly get firmware updates for devices that are 8+ years old. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Jan 29, 2015 at 9:56 PM, Sam Hayes Merritt, III s...@themerritts.org wrote: That has been my experience as well (only from the RF side) and I would believe this was a design choice. The ISP usually wants to keep control over the firmware versions of the CM for various technical/support reasons versus having consumers mess with the firmware. Its a design choice but not one that always works out well. Customers that bring their own modems that aren't on a certified list, end up with a device that the provider may not have ever seen. Then, if you run into an issue with the modem that can be fixed with a firmware issue (some vendors have issues that they cannot fix - rhymes with netgear) then the MSO has to work with the maker of that modem, even though they may have never had any interactions with them, get the certificate and firmware for that modem and upgrade customer owned devices - possibly turning them into bricks. I'd rather allow customers to turn their own modems into bricks. sam
Re: scaling linux-based router hardware recommendations
On 1/26/15 14:53, micah anderson wrote: Hi, I know that specially programmed ASICs on dedicated hardware like Cisco, Juniper, etc. are going to always outperform a general purpose server running gnu/linux, *bsd... but I find the idea of trying to use proprietary, NSA-backdoored devices difficult to accept, especially when I don't have the budget for it. I've noticed that even with a relatively modern system (supermicro with a 4 core 1265LV2 CPU, with a 9MB cache, Intel E1G44HTBLK Server adapters, and 16gig of ram, you still tend to get high percentage of time working on softirqs on all the CPUs when pps reaches somewhere around 60-70k, and the traffic approaching 600-900mbit/sec (during a DDoS, such hardware cannot typically cope). It seems like finding hardware more optimized for very high packet per second counts would be a good thing to do. I just have no idea what is out there that could meet these goals. I'm unsure if faster CPUs, or more CPUs is really the problem, or networking cards, or just plain old fashioned tuning. Any ideas or suggestions would be welcome! DPDK is your friend here. -Scott micah
Re: Comcast Support
--- aa...@heyaaron.com wrote: From: Aaron C. de Bruyn aa...@heyaaron.com http://xkcd.com/806/ Maybe Comcast train the level 1 techs that if someone says NANOG you get transferred to someone who knows routing... ;) Then, like the last cell in the comic, you wake up and the real world smacks you right between the eyes before you've waken up all the way. ;-) scott
Re: NETGEAR Contacts?
Jared, Netgear is divided into a few divisions and they don't overlap, is this direct to consumer gear or gear they sold through an ISP? Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Jan 22, 2015 at 3:50 PM, Jared Mauch ja...@puck.nether.net wrote: I’m wondering if someone has any contacts at Netgear they would be willing to forward some information to. While working with their devices one of my colleagues discovered some poor behavior of their embedded DNSMASQ, such as returning REFUSED to DNS queries. eg: $ dig +tcp puck.nether.net. ; DiG 9.8.3-P1 +tcp puck.nether.net. ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: REFUSED, id: 33649 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;puck.nether.net. IN A ;; Query time: 136 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Thu Jan 22 13:28:59 2015 ;; MSG SIZE rcvd: 33 where a UDP query passes just fine. This is one of a few issues we’ve uncovered, so hoping for someone who can work on building some fixed firmware. Device in question: Netgear wnr2000v3 v1.1.2.10 (latest on website) Is there a mailing list that exists for the purposes of discussing these types of CPE device issues? - Jared
Re: NETGEAR Contacts?
Sorry, the guys I know are on the ISP side :( I'll ask if there is anyone they can point us to on the direct side. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Jan 22, 2015 at 4:02 PM, Jared Mauch ja...@puck.nether.net wrote: Direct consumer, eg: http://www.amazon.com/NETGEAR-Wireless-Router-N300-WNR2000/dp/B001AZP8EW - Jared On Jan 22, 2015, at 3:57 PM, Scott Helms khe...@zcorum.com wrote: Jared, Netgear is divided into a few divisions and they don't overlap, is this direct to consumer gear or gear they sold through an ISP? Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Jan 22, 2015 at 3:50 PM, Jared Mauch ja...@puck.nether.net wrote: I’m wondering if someone has any contacts at Netgear they would be willing to forward some information to. While working with their devices one of my colleagues discovered some poor behavior of their embedded DNSMASQ, such as returning REFUSED to DNS queries. eg: $ dig +tcp puck.nether.net. ; DiG 9.8.3-P1 +tcp puck.nether.net. ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: REFUSED, id: 33649 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;puck.nether.net. IN A ;; Query time: 136 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Thu Jan 22 13:28:59 2015 ;; MSG SIZE rcvd: 33 where a UDP query passes just fine. This is one of a few issues we’ve uncovered, so hoping for someone who can work on building some fixed firmware. Device in question: Netgear wnr2000v3 v1.1.2.10 (latest on website) Is there a mailing list that exists for the purposes of discussing these types of CPE device issues? - Jared
Re: VDSL CPE Mixed Results
I'm going to guess you're a CLEC from your website and a common problem I've seen in that scenario is that vectoring doesn't work between DSLAMs because it needs all pairs to be part of the vector group so that the DSLAM can mitigate FEXT. DSLAM vendors have been working on system level, rather than DSLAM/binder level, vectoring for a while but cross vendor support is questionable at best. Read the section on system level vectoring especially: http://www.adtran.com/web/fileDownload/doc/32362 If you are sharing binders with the ILEC and potentially other CLECs then you really need to talk to you ILEC rep and find out what they're doing for system level vectoring to see if there is an option for your DSLAMs to be included. That benefits everyone and will _greatly_ increase performance. VDSL2 speeds will otherwise be unreachable unless the ILEC gives each CLEC their own binder, not very practical. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Wed, Jan 14, 2015 at 9:29 AM, Stetson Blake stetson.bl...@datayardworks.com wrote: Hey All, We have been deploying Adtran 838(shdsl) and 868(dsl) units in our metro area with mixed results. The devices themselves are reliable and secure it would seem, but the speeds were are able to get are not. ie. we have deployed 'vdsl' and needed 3 lines to get up to 10x10 speeds. We are using an Adtran TA5000 on the other end to terminate our connections. The distance between the site and CO is not great (under 6k feet). What gives? Are we provisioning wrong, using the wrong equipment, or a combination of both? If we were able to get the speeds others have been reporting from VDSL, life would be great. Anyone feel free to contact me off-list or on, this has had me scratching my head for a while now. Thanks, -- Stetson Blake Network Technician DataYard 130 West Second St. Suite 250 Dayton, OH 45402 http://datayardworks.com
Re: DDOS solution recommendation
--- na...@ics-il.net wrote: From: Mike Hammett na...@ics-il.net So the preferred alternative is to simply do nothing at all? That seems fair. --- No, the answer is to find the groups that have already looked into the issues, learn what they've done and see if you can provide quality input to the group. scott
Re: DDOS solution recommendation
In looking at this thread, it's apparent that some are trying to over-simplify a not-so-simple problem. As someone brought out earlier, there is no silver bullet to fix for several reasons. Some reasons that I can come up with at the top of my head are: 1) DDOS types vary. 2) Not every network is the same (shocker I know) 3) Time/Money - not every company has the same budget (again, shocker) 4) Staff/Resources - Not every company have admin/engineers at different technical levels. So someone may decide on blocking an attack at different levels because that's what they know. EG: wordpress guy blocks attacks at the webserver level, an admin blocks it at the system, network admin at the edge. The questions should be much more narrow. How should I mitigate an NTP reflection or what are common mistakes people make when mitigating attacks are questions that more specific that all can glean from. Thanks, Scott On Mon, Jan 12, 2015 at 4:35 PM, Mike Hammett na...@ics-il.net wrote: So the preferred alternative is to simply do nothing at all? That seems fair. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Christopher Morrow morrowc.li...@gmail.com To: Brandon Ross br...@pobox.com Cc: Mike Hammett na...@ics-il.net, NANOG list nanog@nanog.org Sent: Monday, January 12, 2015 3:05:14 PM Subject: Re: DDOS solution recommendation On Mon, Jan 12, 2015 at 3:17 PM, Brandon Ross br...@pobox.com wrote: On Sun, 11 Jan 2015, Mike Hammett wrote: I know that UDP can be spoofed, but it's not likely that the SSH, mail, etc. login attempts, web page hits, etc. would be spoofed as they'd have to know the response to be of any good. Okay, so I'm curious. Are you saying that you do not automatically block attackers until you can confirm a 3-way TCP handshake has been completed, and therefore you aren't blocking sources that were spoofed? If so, how are you protecting yourself against SYN attacks? If not, then you've made it quite easy for attackers to deny any source they want. this all seems like a fabulous conversation we're watching, but really .. if someone wants to block large swaths of the intertubes on their systems it's totally up to them, right? They can choose to not be functional all they want, as near as I can tell... and arguing with someone with this mentality isn't productive, especially after several (10+? folk) have tried to show and tell some experience that would lead to more cautious approaches. If mike wants less packets, that's all cool... I'm not sure it's actually solving anything, but sure, go right ahead, have fun. -chris -- Scott
Re: The state of TACACS+
Colton, Yes, that's the 'normal' way of setting it up. Basically you still have to configure a root user, but that user name and password is kept locked up and only accessed in case of catastrophic failure of the remote authentication system. An important note is to make sure that the fail safe password can't be accessed without having several people engaged so it can't be used without many people knowing. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Dec 29, 2014 at 10:15 AM, Colton Conor colton.co...@gmail.com wrote: We are able to implement TACAS+. It is my understanding this a fairly old protocol, so are you saying there are numerous bugs that still need to be fixed? A question I have is TACAS+ is usually hosted on a server, and networking devices are configured to reach out to the server for authentication. My question is what happens if the device can't reach the server if the devices network connection is offline? Our goal with TACAS+ is to not have any default/saved passwords. Every employee will have their own username and password. That way if an employee gets hired/fired, we can enable or disable their account. We are trying to avoid having any organization wide or network wide default username or password. Is this possible? Do the devices keep of log of the last successful username/password combinations that worked incase the device goes offline? On Sun, Dec 28, 2014 at 5:02 PM, Robert Drake rdr...@direcpath.com wrote: Picking back up where this left off last year, because I apparently only work on TACACS during the holidays :) On 12/30/2013 7:28 PM, Jimmy Hess wrote: Even 5 seconds extra for each command may hinder operators, to the extent it would be intolerable; shell commands should run almost instantaneously this is not a GUI, with an hourglass. Real-time responsiveness in a shell is crucial --- which remote auth should not change. Sometimes operators paste a buffer with a fair number of commands, not expecting a second delay between each command --- a repeated delay, may also break a pasted sequence. It is very possible for two of three auth servers to be unreachable, in case of a network break, but that isn't necessary. The response timeout might be 5 seconds, but in reality, there are cases where you would wait longer, and that is tragic, since there are some obvious alternative approaches that would have had results that would be more 'friendly' to the interactive user. (Like remembering which server is working for a while, or remembering that all servers are down -- for a while, and having a 50ms timeout, with all servers queried in parallel, instead of a 5 seconds timeout) I think this needs to be part of the specification. I'm sure the reason they didn't do parallel queries was because of both network and CPU load back when the protocol was drafted. But it might be good to have local caching of authentication so that can happen even when servers are down or slow. Authorization could be updated to send the permissions to the router for local handling. Then if the server dies while a session is open only accounting would be affected. That does increase the vendors/implementors work but it might be doable in phases and with partial support with the clients and servers negotiating what is possible. The biggest drawback to making things like this better is you don't gain much except during outages and if you increase complexity too much you make it wide open for bugs. Maybe there is a simpler solution that keeps you happy about redundancy but doesn't increase complexity that much (possibly anycast tacacs, but the session basis of the protocol has always made that not feasible). It's possible that one of the L4 protocols Saku Ytti mentioned, QUIC or MinimaLT would address these problems too. It's possible that if we did the transport with BEEP it would also provide this, but I'm reading the docs and I don't think it goes that far in terms of connection assurance. -- -JH So, here is my TACACS RFC christmas list: 1. underlying crypto 2. ssh host key authentication - having the router ask tacacs for an authorized_keys list for rdrake. I'm willing to let this go because many vendors are finding ways to do key distribution, but I'd still like to have a standard (https://code.google.com/p/openssh-lpk/ for how to do this over LDAP in UNIX) 3. authentication and authorization caching and/or something else
Re: The state of TACACS+
Colton, The best thing is to create the password with a random generator so it's impossible for most people to memorize in a short amount of time. It should be ~14 characters long with mixed cases, numbers, and special characters. That password should be tested once and then put in an envelope that is put in a safe. For all new routers/switches the encrypted form can be pasted in. The envelope should be pretty much impossible to open without it being obvious. You can get even more paranoid/security conscious and put the envelope in a safe deposit box, which would log and tape anyone retrieving it, but that keeps you from getting to the password if you need it when the bank isn't open. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Dec 29, 2014 at 10:32 AM, Colton Conor colton.co...@gmail.com wrote: Scott, Thanks for the response. How do you make sure the failsafe and/or root password that is stored in the device incase remote auth fails can't be accessed without having several employees engaged? Are there any mechanisms for doing so? My fear would be we would hire an outsourced tech. After a certain amount of time we would have to let this part timer go, and would disabled his or her username and password in TACAS. However, if that tech still knows the root password they could still remotely login to our network and cause havoc. The thought of having to change the root password on hundreds of devices doesn't sound appealing either every time an employee is let go. To make matters worse we are using an outsourced firm for some network management, so the case of hiring and firing is fairly consistent. On Mon, Dec 29, 2014 at 9:22 AM, Scott Helms khe...@zcorum.com wrote: Colton, Yes, that's the 'normal' way of setting it up. Basically you still have to configure a root user, but that user name and password is kept locked up and only accessed in case of catastrophic failure of the remote authentication system. An important note is to make sure that the fail safe password can't be accessed without having several people engaged so it can't be used without many people knowing. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Dec 29, 2014 at 10:15 AM, Colton Conor colton.co...@gmail.com wrote: We are able to implement TACAS+. It is my understanding this a fairly old protocol, so are you saying there are numerous bugs that still need to be fixed? A question I have is TACAS+ is usually hosted on a server, and networking devices are configured to reach out to the server for authentication. My question is what happens if the device can't reach the server if the devices network connection is offline? Our goal with TACAS+ is to not have any default/saved passwords. Every employee will have their own username and password. That way if an employee gets hired/fired, we can enable or disable their account. We are trying to avoid having any organization wide or network wide default username or password. Is this possible? Do the devices keep of log of the last successful username/password combinations that worked incase the device goes offline? On Sun, Dec 28, 2014 at 5:02 PM, Robert Drake rdr...@direcpath.com wrote: Picking back up where this left off last year, because I apparently only work on TACACS during the holidays :) On 12/30/2013 7:28 PM, Jimmy Hess wrote: Even 5 seconds extra for each command may hinder operators, to the extent it would be intolerable; shell commands should run almost instantaneously this is not a GUI, with an hourglass. Real-time responsiveness in a shell is crucial --- which remote auth should not change. Sometimes operators paste a buffer with a fair number of commands, not expecting a second delay between each command --- a repeated delay, may also break a pasted sequence. It is very possible for two of three auth servers to be unreachable, in case of a network break, but that isn't necessary. The response timeout might be 5 seconds, but in reality, there are cases where you would wait longer, and that is tragic, since there are some obvious alternative approaches that would have had results that would be more 'friendly' to the interactive user. (Like remembering which server is working for a while, or remembering that all servers are down -- for a while, and having a 50ms timeout, with all servers queried in parallel, instead of a 5 seconds timeout) I think this needs to be part of the specification. I'm sure the reason they didn't do parallel queries was because of both network and CPU load back when the protocol was drafted. But it might be good to have local caching
Re: How our young colleagues are being educated....
All networking courses SHOULD have some version of binary in them. Too many things rely on it to be skipped. Yes, in the real world we have shortcuts. But when those shortcuts become the only thing everyone knows, bad things may be left to happen. Besides, if one can¹t do binary, how can they be expected to understand hex? Anyway Good these things are here, but one thing I will point out is that there is a distinct difference with people glazing over because they don¹t understand something versus the fact that something is truly boring. There¹s nothing sexy about binary. But that doesn¹t mean it can¹t be fun! So if the classes are Death by Powerpoint (which is very typical in academia it seems), then I can certainly understand the aversion that students would have to that. Amazingly enough, for a skill that everyone SHOULD understand, I find a tremendous number of people who don¹t. And for something that¹s boring and nobody wants to learn, I have LOTS of people sign up for various sessions I do at certain vendor¹s trade shows on that very subject. So someplace there¹s a disparity in there. Now, as a side, one problem that I often have with various academic-based courses is that the people who teach them often don¹t have enough real-world experience (or not current anyway) in order to pass along any benefit in that matter. There are many things that need to be addressed at this level within the higher-education arena, and I¹m sure it¹s not just related to networking subjects! Scott -Original Message- From: Dennis Bohn b...@adelphi.edu Date: Tuesday, December 23, 2014 at 2:40 PM To: Ken Chase m...@sizone.org Cc: nanog@nanog.org Subject: Re: How our young colleagues are being educated On Mon, Dec 22, 2014 at 3:31 PM, Ken Chase m...@sizone.org wrote: Learning how to do CIDR math is a major core component of the coursework? Im thinking that this is about a 30 minute module in the material, once you know binary, powers of 2 and some addition and subtraction (all of which is taught in most schools by when, first year highschool?) you should be done with it. So... just finished up teaching a network course because the Math/Comp Sci dept had lost professors I can tell you it was really tough getting across the idea of four bytes of dotted decimal from binary and THEN subnet masks and getting the students THEN to convert to CIDR. Many glazed eyeballs. We asked some of the students who had taken the network class in prior years and it was true that they learned very little of the things we consider basic, as Javier mentioned. The profs seemed to have been focusing on programming more than neworking per se, even tho the book they were using covered the technology as well as socket programming. We covered all of the things in Javier's initial rant and more, like the principles of TCP congestion control and the history of packet switching. It was fun being able to let them in on some real world things, like say the sinking feeling of making a change in a network and then the phone starts ringing off the hook :-)Unfortunately, this was likely a one-time deal that the students got to really learn a couple of things about networking. Dennis Bohn Adelphi University
Re: How our young colleagues are being educated....
I will agree with most of the others that took the Cisco academy courses at the local community college. it all depends on the instructor. My 1st year was taught in the evenings by a full time Network Engineer. Best 3 terms I had. The problem was that year two was taught be a bunch of old guys that used to teach electronics and DB classes. So everything the old DB guy taught was how the network was like a DB. I think that getting real world teachers are the only way to fix it. unfortunately the program went away as the CC could not pay for new hardware.. Scott On Tue, Dec 23, 2014 at 12:29 PM, Mike Hammett na...@ics-il.net wrote: When I took my CCNA a bit over ten years ago, it was terribly out of date. That said, I beleive I was the last class to go through on that version. The next one added OSPF and some other things. At the time, though, Ethernet belonged within a building. If you were wanting to connect multiple buildings together, bust out those T1s. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Kyle Kinkaid kkink...@usgs.gov To: Javier J jav...@advancedmachines.us Cc: nanog@nanog.org Sent: Tuesday, December 23, 2014 9:38:02 AM Subject: Re: How our young colleagues are being educated In addition to my 9 to 5 job of network engineer, I teach evening courses at a US community college (for you non-USers, it's a place for the first 2-years of post-secondary education, typically before proceeding to a full 4-year university). The community college I work at participates in the Cisco Academy program which trains students to get specific Cisco certifications like CCNA, CCNP, CCNA Security. I feel like the Cisco Academy program does a pretty good job at training the students and and addresses many of the issues you found with education in US. Without knowing for sure, your description sounds like that of a traditional 4-year university curriculum. The Cisco Academy program focuses on being up-to-date (revisions happen every 4 years or so) and emphasizes working with (preferably physical) routers and switches from day one. I've found 4-year universities, if they have networking courses at all, cover too much theoretical material, emphasize legacy technologies, and are updated only when they must. Further, when in front of students, I always try and relate the material to either what they have experienced in their professional lives (if they are already working) or to what I see in my job regular. I try and keep the students focused on what's practical and only discuss theory and abstract ideas when necessary. I might not be able to do that if I was a professor at a 4-year university, having worked hard on a Ph.D. then on getting tenure. I think it's important to seek to be educated at schools and seek to hire from schools where the instructors have copious practical experience and, preferably, experience which is concurrent with their teaching experience. That will hopefully get you a corps of workers who are better prepared for a job from day one. Just my 2 cents. P.S. This is not to denigrate the value of a Ph.D. or academia. My mentor in my network engineering career has a Ph.D. in Mathematics and having that high-level education was a boon to his being able to understand difficult networking concepts. On Mon, Dec 22, 2014 at 1:13 AM, Javier J jav...@advancedmachines.us wrote: Dear NANOG Members, It has come to my attention, that higher learning institutions in North America are doing our young future colleagues a disservice. I recently ran into a student of Southern New Hampshire University enrolled in the Networking/Telecom Management course and was shocked by what I learned. Not only are they skimming over new technologies such as BGP, MPLS and the fundamentals of TCP/IP that run the internet and the networks of the world, they were focusing on ATM , Frame Relay and other technologies that are on their way out the door and will probably be extinct by the time this student graduates. They are teaching classful routing and skimming over CIDR. Is this indicative of the state of our education system as a whole? How is it this student doesn't know about OSPF and has never heard of RIP? If your network hardware is so old you need a crossover cable, it's time to upgrade. In this case, it’s time to upgrade our education system. I didn't write this email on the sole experience of my conversation with one student, I wrote this email because I have noticed a pattern emerging over the years with other university students at other schools across the country. It’s just the countless times I have crossed paths with a young IT professional and was literally in shock listening to the things they were being taught. Teaching old technologies instead of teaching what is currently being used benefits no one. Teaching
Re: Looking for piece of undersea cable
On Dec 12, 2014, at 14:58, Colin McIntosh cmcintos...@gmail.com wrote: I'm looking for a piece of undersea cable to use for educational purposes and was hoping somebody would have a section they can part with. Doesn't need to be a big piece, really any size will work. I can pay for shipping and the cable, if needed. --- --- jhellent...@dataix.net wrote: From: Jason Hellenthal jhellent...@dataix.net Tanzania looks to have a peace they wouldn’t miss … grab your scuba gear we’ll go swimming :-) --- How would you upload your scuba (and surfing) pictures from the Seychelles islands to the internet if that piece were to go away? ;-) scott
Re: Comcast thinks it ok to install public wifi in your house
Not a law, it's in their updated terms and conditions that no one reads. On Dec 11, 2014 8:12 AM, William Herrin b...@herrin.us wrote: On Wed, Dec 10, 2014 at 9:35 PM, Jeroen van Aart jer...@mompl.net wrote: Whose fault would it be if your comcast installed public wifi would be abused to download illegal material or launch a botnet, to name some random fun one could have on your behalf. :-/ Doesn't work that way. Separate authenticated channel. Presents differently from you with a different IP address out on the Internet. What Comcast is stealing is electricity. Pennies per customer times a boatload of customers. theft n. the generic term for all crimes in which a person intentionally and fraudulently takes personal property of another without permission or consent and with the intent to convert it to the taker's use (including potential sale). In many states, if the value of the property taken is low (for example, less than $500) the crime is petty theft, Unless of course the knucklehead jurisdiction passed a law to allow it. I'm betting they didn't. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: Comcast thinks it ok to install public wifi in your house
All of the members of the CableWiFi consortium have been. Bright House Networks, Cox Communications, Optimum, Time Warner Cable and Comcast. http://www.cablewifi.com/ Liberty Global, the largest MSO, also does it and this year announced an agreement with Comcast to allow roaming on each other's WiFi networks, though that is not extended to the other members of CableWiFi at this time. http://corporate.comcast.com/news-information/news-feed/comcast-and-liberty-global-announce-agreement-to-connect-u-s-and-european-wi-fi-networks Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 8:53 AM, Ryan Pavely para...@nac.net wrote: http://bgr.com/2014/05/12/cablevision-optimum-modem-wifi-hotspots/ I thought cablevision has been doing this for years. I had a higher level tech at mi casa within the last two years and he suggested their goal was to get enough coverage to start offering CV voip cell phones. pay a little less, for not guaranteed coverage' Ryan Pavely Net Access http://www.nac.net/ On 12/10/2014 9:35 PM, Jeroen van Aart wrote: Why am I not surprised? Whose fault would it be if your comcast installed public wifi would be abused to download illegal material or launch a botnet, to name some random fun one could have on your behalf. :-/ (apologies if this was posted already, couldn't find an email about it on the list) http://www.theregister.co.uk/2014/12/10/disgruntled_ customers_lob_sueball_at_comcast_over_public_wifi/ A mother and daughter are suing Comcast claiming the cable giant's router in their home was offering public Wi-Fi without their permission. Comcast-supplied routers broadcast an encrypted, private wireless network for people at home, plus a non-encrypted network called XfinityWiFi that can be used by nearby subscribers. So if you're passing by a fellow user's home, you can lock onto their public Wi-Fi, log in using your Comcast username and password, and use that home's bandwidth. However, Toyer Grear, 39, and daughter Joycelyn Harris – who live together in Alameda County, California – say they never gave Comcast permission to run a public network from their home cable connection. In a lawsuit [PDF] filed in the northern district of the golden state, the pair accuse the ISP of breaking the Computer Fraud and Abuse Act and two other laws. Grear – a paralegal – and her daughter claim the Xfinity hotspot is an unauthorized intrusion into their private home, places a vast burden on electricity bills, opens them up to attacks by hackers, and degrades their bandwidth. Comcast does not, however, obtain the customer's authorization prior to engaging in this use of the customer's equipment and internet service for public, non-household use, the suit claims. Indeed, without obtaining its customers' authorization for this additional use of their equipment and resources, over which the customer has no control, Comcast has externalized the costs of its national Wi-Fi network onto its customers. The plaintiffs are seeking monetary damages for themselves and on behalf of all Comcast customers nation-wide in their class-action case – the service was rolled out to 20 million customers this year.
Re: Comcast thinks it ok to install public wifi in your house
Not really, this is much more like the mesh networks that have been put in place by lots of WISPs where every customer is also a relay. It's also comparable to pico cells that many of the LTE operators use to extend coverage. http://en.wikipedia.org/wiki/Mesh_networking http://en.wikipedia.org/wiki/Picocell https://wirelesstelecom.wordpress.com/tag/picocell/ Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 9:23 AM, TR Shaw ts...@oitc.com wrote: Seems to me that they (Bright House Networks, Cox Communications, Optimum, Time Warner Cable and Comcast) are effectively operating a business out of your house and without a business license. I am sure that this is illegal in many towns and many towns would like the revenue. In fact does this put the homeowner at risk since they are effectively supporting a business running out of their house? Tom On Dec 11, 2014, at 9:02 AM, Scott Helms khe...@zcorum.com wrote: All of the members of the CableWiFi consortium have been. Bright House Networks, Cox Communications, Optimum, Time Warner Cable and Comcast. http://www.cablewifi.com/ Liberty Global, the largest MSO, also does it and this year announced an agreement with Comcast to allow roaming on each other's WiFi networks, though that is not extended to the other members of CableWiFi at this time. http://corporate.comcast.com/news-information/news-feed/comcast-and-liberty-global-announce-agreement-to-connect-u-s-and-european-wi-fi-networks Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 8:53 AM, Ryan Pavely para...@nac.net wrote: http://bgr.com/2014/05/12/cablevision-optimum-modem-wifi-hotspots/ I thought cablevision has been doing this for years. I had a higher level tech at mi casa within the last two years and he suggested their goal was to get enough coverage to start offering CV voip cell phones. pay a little less, for not guaranteed coverage' Ryan Pavely Net Access http://www.nac.net/ On 12/10/2014 9:35 PM, Jeroen van Aart wrote: Why am I not surprised? Whose fault would it be if your comcast installed public wifi would be abused to download illegal material or launch a botnet, to name some random fun one could have on your behalf. :-/ (apologies if this was posted already, couldn't find an email about it on the list) http://www.theregister.co.uk/2014/12/10/disgruntled_ customers_lob_sueball_at_comcast_over_public_wifi/ A mother and daughter are suing Comcast claiming the cable giant's router in their home was offering public Wi-Fi without their permission. Comcast-supplied routers broadcast an encrypted, private wireless network for people at home, plus a non-encrypted network called XfinityWiFi that can be used by nearby subscribers. So if you're passing by a fellow user's home, you can lock onto their public Wi-Fi, log in using your Comcast username and password, and use that home's bandwidth. However, Toyer Grear, 39, and daughter Joycelyn Harris – who live together in Alameda County, California – say they never gave Comcast permission to run a public network from their home cable connection. In a lawsuit [PDF] filed in the northern district of the golden state, the pair accuse the ISP of breaking the Computer Fraud and Abuse Act and two other laws. Grear – a paralegal – and her daughter claim the Xfinity hotspot is an unauthorized intrusion into their private home, places a vast burden on electricity bills, opens them up to attacks by hackers, and degrades their bandwidth. Comcast does not, however, obtain the customer's authorization prior to engaging in this use of the customer's equipment and internet service for public, non-household use, the suit claims. Indeed, without obtaining its customers' authorization for this additional use of their equipment and resources, over which the customer has no control, Comcast has externalized the costs of its national Wi-Fi network onto its customers. The plaintiffs are seeking monetary damages for themselves and on behalf of all Comcast customers nation-wide in their class-action case – the service was rolled out to 20 million customers this year.
Re: Comcast thinks it ok to install public wifi in your house
It's very scary, and something I'm doing a paper on. It _is_ just MAC recognition, at least until you try and use a MAC address that's already active somewhere else. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 9:24 AM, valdis.kletni...@vt.edu wrote: On Thu, 11 Dec 2014 00:11:07 -0500, Jay Ashworth said: I will give them their props: I only had to sign in *once*, last year; their auth controller has recognized my MAC address at every spot I've used since. Actually, that's sort of scary if you think about it too hard. Shared-secret authentication has its flaws, but it still beats shared-nonsecret auth. I really hope it's something on your laptop other than the mac address
Re: Comcast thinks it ok to install public wifi in your house
It is, you only have to log in once and then it remembers your MAC address. Harvesting usable MAC addresses is as trivial as putting up an open access point with the SSIDs xfinitywifi and CableWifi and recording the MAC addresses that connect to it. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 9:30 AM, John Peach john-na...@peachfamily.net wrote: On Thu, 11 Dec 2014 09:24:10 -0500 valdis.kletni...@vt.edu wrote: On Thu, 11 Dec 2014 00:11:07 -0500, Jay Ashworth said: I will give them their props: I only had to sign in *once*, last year; their auth controller has recognized my MAC address at every spot I've used since. Actually, that's sort of scary if you think about it too hard. Shared-secret authentication has its flaws, but it still beats shared-nonsecret auth. I really hope it's something on your laptop other than the mac address It's not - Cablevision allow you to register devices via their website by mac address.
Re: Comcast thinks it ok to install public wifi in your house
John, My apologies, I misread your email :) Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 9:46 AM, John Peach john-na...@peachfamily.net wrote: On Thu, 11 Dec 2014 09:37:22 -0500 Scott Helms khe...@zcorum.com wrote: It is, you only have to log in once and then it remembers your MAC address. Harvesting usable MAC addresses is as trivial as putting up an open access point with the SSIDs xfinitywifi and CableWifi and recording the MAC addresses that connect to it. I was just pointing out that you don't even need to login with the device. Cablevision allow you to register a MAC address on their website. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Dec 11, 2014 at 9:30 AM, John Peach john-na...@peachfamily.net wrote: On Thu, 11 Dec 2014 09:24:10 -0500 valdis.kletni...@vt.edu wrote: On Thu, 11 Dec 2014 00:11:07 -0500, Jay Ashworth said: I will give them their props: I only had to sign in *once*, last year; their auth controller has recognized my MAC address at every spot I've used since. Actually, that's sort of scary if you think about it too hard. Shared-secret authentication has its flaws, but it still beats shared-nonsecret auth. I really hope it's something on your laptop other than the mac address It's not - Cablevision allow you to register devices via their website by mac address.
Re: Comcast thinks it ok to install public wifi in your house
Perhaps we should balance that against what a subscriber might pay for bandwidth while away from home, especially in Europe. On Dec 11, 2014 6:35 PM, Larry Sheldon larryshel...@cox.net wrote: On 12/11/2014 16:29, Jay Ashworth wrote: - Original Message - From: Larry Sheldon larryshel...@cox.net On 12/11/2014 07:10, William Herrin wrote: What Comcast is stealing is electricity. Pennies per customer times a boatload of customers. .and floorspace, physical security, air conditioning, and all sorts of labor overheads. Nope; at that stage, Larry, you're makin it up. In the particular case we're talking about here, Comcast -- who are not my favorite people by any means -- have *enabled a feature built into the terminal device they're provisioning*. It *might* increase the overall power consumption of that device by as much as 5-10 Wh/*month*. The increase in A/C won't register on the chart. Physical security is no different than it was otherwise: none. And floorspace and labor? It is, as they say, to laugh. If we want to diss Comcast, let us not descend to things they *are not* doing; there are plenty of dissable things they *are* doing. Do me a favor and re-write your message from the standpoint of what the provider would have to pay for if they were not extorting the customers. You don't need to respond unless that changes your thinking. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Comcast thinks it ok to install public wifi in your house
Your chances of traveling somewhere ate probably several orders of magnitude higher than Comcast being interested in paid hosting in your house :) On Dec 11, 2014 6:53 PM, Larry Sheldon larryshel...@cox.net wrote: On 12/11/2014 17:42, Scott Helms wrote: Perhaps we should balance that against what a subscriber might pay for bandwidth while away from home, especially in Europe. Why would that interest me--I have no interest in traveling anywhere. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Comcast thinks it ok to install public wifi in your house
Seriously, I mean the availability of WiFi coming from your house clearly trumps trespassing laws. On Dec 11, 2014 8:16 PM, Matthew Kaufman matt...@matthew.at wrote: Lots of other good reasons to oppose this (Comcast customers parking in your driveway to get the service, etc.) What would you tell ATT if they installed a coin phone at every residential outside demarc? Matthew Kaufman (Sent from my iPhone) On Dec 11, 2014, at 4:33 PM, Owen DeLong o...@delong.com wrote: This thread is out of control... I will attempt to summarize the salient points in hopes we can stop arguing about inaccurate minutiae. I don't like the way Comcast went about doing what they are doing, but I do like the general idea... Reasonably ubiquitous free WiFi for your subscribers when they are away from their home location is not a bad idea. The way Comcast has gone about it is a bit underhanded and sneaky. The flaws in their plan are not technical, they are ethical and communication-oriented in nature. To wit: There's nothing wrong with Comcast adding a separate SSID with dedicated upstream bandwidth on a WAP I rent from them[1]. There's no theft of power, as the amount of additional power used is imperceptible, if any. There's no theft of space, climate control, or other overhead as this is performed by existing CPE. There's probably no legal liability being transferred by this to the subscriber. In short, the only thing really truly wrong with this scenario is that Comcast is using equipment that the subscriber should have exclusive control over (they are renting it, so while Comcast retains ownership, they have relinquished most rights of control to the tenant) how the device is used. As I see it, there are a couple of ways Comcast could have made this an entirely voluntary (opt-in) program and communicated it to their customers positively and achieved a high compliance rate. Unfortunately, in an action worthy of their title as America's worst company, instead of positively communicating with their customers and seeking cooperation and permission to build out something cool for everyone, they instead simply inflicted this service on chosen subscribers without notice, warning, or permission. In short, Comcast's biggest real failure here is the failure to ask permission from the subscriber before doing this on equipment the subscriber should control. Arguing that some obscure phrase in updated ToS documents that nobody ever reads permits this may keep Comcast from losing a law suit (though I hope not), but it certainly won't improve their standing in the court of public opinion. OTOH, Comcast seems to consider the court of public opinion mostly irrelevant or they would be trying to find ways not to retain their title as America's worst company. I will say that my reaction to this, if Comcast had done it to me would be quite different depending on how it was executed... Scenario A: Positive outcome CCMr. DeLong, we would like to replace your existing cablemodem with a DOCSIS 3.0 unit and give you faster service for free. However, the catch is that we want to put up an additional 2.4Ghz WiFi SSID on the WAP built into the modem that will use separate cable channels (i.e. won't affect your bandwidth) that our other subscribers can use once they authenticate when they are in range. Would you mind if we did that? MEWell, since I currently own my modem, and it's already DOCSIS 3, I don't want to give up any of my existing functionality and I have no desire to start paying rental fees. If you can provide the new one without monthly fees and it will do everything my current one does (e.g. operating in transparent bridge mode), then I don't see any reason why not. Scenario B: Class Action? CC ME-- Discovers Xfinity WiFi SSID and wonders WTF is this? -- Tracks down source of SSID and discovers CC Modem in my garage is doing this. -- Calls Comcast WTF? CCblah blah blah, updated ToS, you agreed, blah blah MEStarts calling lawyers Unfortunately, it seems to me that Comcast (and apparently other Cable WiFi assn. members) have chosen Scenario B. Very unfortunate, considering how much easier and more productive scenario A could be. Owen
Re: Comcast thinks it ok to install public wifi in your house
In this case, they do own the modems. I am not aware of any case where they do this to customer owned gear. On Dec 11, 2014 8:41 PM, Ricky Beam jfb...@gmail.com wrote: On Thu, 11 Dec 2014 19:33:03 -0500, Owen DeLong o...@delong.com wrote: In short, the only thing really truly wrong with this scenario is that Comcast is using equipment that the subscriber should have exclusive control over (they are renting it, so while Comcast retains ownership, they have relinquished most rights of control to the tenant) how the device is used. Except every ISP (pretty much universally) thinks the modem/router is theirs and they can, therefore, do whatever they flippin' please with it. In some markets (not necessarily comcast), they lock down the router to the point the customer can't even access it; every single change has to go through them. (ATT Uverse... you can change anything you want, with sufficient access (i.e. telnet), but the mothership can (and will) undo your changes pretty much instantly -- apply triggers a CWMP event.)
Re: Comcast residential DNS contact
It's also entirely possible that the behavior observed will change because of testing. The more a test looks different from normal residential traffic the more likely that it's going to be handled differently. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Wed, Dec 3, 2014 at 1:37 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Wed, Dec 3, 2014 at 12:54 PM, Grant Ridder shortdudey...@gmail.com wrote: Hi Everyone, Thanks for the replies! After reading them, i am doing some digging into DNS RFC's and haven't found much with respect to ANY queries. Not responding with full results to protect against being used in an attack makes sense. However, I find it odd that only 1 of the 4 anycast servers I tried would institute this. it's possible (jason hinted at this) that the servers in question are not a homogeneous software set... and have different behaviour being displayed because of that. Also, just because you sent a packet to 4 different ip addresses doesn't mean that they didn't end up on one or some of the same hosts behind loadbalancers/ecmp/etc, right? (so it's not clear you are/can test this properly from your vantage point) -chris (what's a bit concerning is my comcast link's not able to talk to cdns02 at all... over ipv4 at least, v6 works, thankfully I suppose)
Re: Low-numbered ASes being hijacked? [Re: BGP Update Report]
- Original Message - Do these people never check what exactly they end up originating outbound due to a config change, if that's really the case? Of course not because their neighbors are allowing it to pass; so as with all hijacks, deaggregation, and other unfiltered noise, the only care is traffic going in and out. QA (let alone automated sanity checks) are alien concepts to many, and well it works is the answer from some when contacted. That's sort of the BGP equivalent to BCP38 filtering, isn't it? --- ja...@rice.edu wrote: From: Jason Bothe ja...@rice.edu I’m not new here but the thread caught my eye, as I am one of the lower ASs being mentioned. I guess there isn’t really anything one can do to prevent these things other than listening to route servers, etc. I guess it’s all on what the upstream decides to allow-in and re-advertise. First, obviously, set BGP filters to allow only what you expect to send upstream. Then, look at what your routers are advertising to your upstreams using 'sho bgp advertised routes' type commands to make sure it's exactly what you're expecting to send. Last, look on route servers at various places around the internet to make sure everything is advertised to expectations . You can find a lot here: http://www.traceroute.org/#Route%20Servers Also, of course, all of this can be done on a regular basis using programs instead of being done manually. scott
Re: Seeking IPv6 Security Resources
--- cgrundem...@gmail.com wrote: From: Chris Grundemann cgrundem...@gmail.com I am looking for IPv6 security resources to add to: http://www.internetsociety.org/deploy360/ipv6/security/ These could be best current practice documents, case-studies, lessons-learned/issues-found, research/evaluations, RFCs, or anything else focused on IPv6 security really. I'm not requesting that anyone do any new work, just that you point me to solid public documents that already exist. Feel free to share on-list or privately, both documents you may have authored and those you have found helpful. -- http://www.si6networks.com/tools/ipv6toolkit/index.html List of Tools •addr6: An IPv6 address analysis and manipulation tool. •flow6: A tool to perform a security asseessment of the IPv6 Flow Label. •frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects. •icmp6: A tool to perform attacks based on ICMPv6 error messages. •jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms. •na6: A tool to send arbitrary Neighbor Advertisement messages. •ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets. •ns6: A tool to send arbitrary Neighbor Solicitation messages. •ra6: A tool to send arbitrary Router Advertisement messages. •rd6: A tool to send arbitrary ICMPv6 Redirect messages. •rs6: A tool to send arbitrary Router Solicitation messages. •scan6: An IPv6 address scanning tool. •tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks. scott
Re: A case against vendor-locking optical modules
I've asked the same question and got the answer that there is a REAL BIG chip manufacture that was having huge system issue and told the vendor that they were going to rip out all the manufactures routing / switching equipment if they didn't get it fixed. after the manufacture send engineering staff on site they found that the problem was not the routers or switches but the SFP's that the Chip manufacture had purchased. After replacing the SFP's they had no problems. So if you were the router manufacture you might also put in the locks... Just say'n I hate it also, but I also really like a stable network. I also know that there are some OEM's for even Cisco that I have used in the past. Just my two cents. Scott On Mon, Nov 17, 2014 at 10:11 AM, Jérôme Nicolle jer...@ceriz.fr wrote: Hello, I'm having a discussion with Arista, trying to explain to them why I _can't_ buy any hardware unable to run with compatible optical modules. My points are : - I need specific modules, mostly *WDM and BiDi, some still unavailable in their product line - I run at least two other vendors on every locations and can't stack up every spare optics for each of them, neither could remote-hands safely re-program optics to match a specific vendor when needed. - I have an established relationship with a trusted optics supplier, providing support, warranty and re-coding hardware for their entire (impressive) lineup. And this supplier is still 2-5x times cheaper than any vendor-labeled optics even with NFR-like discounts. Based on these points, I discourage every customers of ever using locked-in equipments, and forbid them on my own network. Of course, Arista can't be pleased because their hardware never stepped chord in my customer's networks. But they seem to deliberatly miss my points every time the subject comes up. What are other arguments against vendor lock-in ? Is there any argument FOR such locks (please spare me the support issues, if you can't read specs and SNMP, you shouldn't even try networking) ? Did you ever experience a shift in a vendor's position regarding the use of compatible modules ? Thanks ! -- Jérôme Nicolle +33 6 19 31 27 14
Re: Cisco CCNA Training
You can grab GNS separately and for free, which will allow you to build the topologies that you are looking for. That is what is used to demonstrate most of the Cisco courses between the trainers. Scott From: Colton Conor colton.co...@gmail.com Date: Tuesday, November 11, 2014 at 9:59 AM To: Scott Morris s...@emanon.com Cc: NANOG nanog@nanog.org Subject: Re: Cisco CCNA Training Does CBT or any of these other subscription based learning courses include a Cisco IOS simulator so we don't have to buy a Cisco lab or equipment? On Sun, Nov 2, 2014 at 7:36 PM, Scott Morris s...@emanon.com wrote: Depends on how quickly you want them trained, and how they tend to learn thingsŠ Reading is good, but can be boring and tedious and not always have all the answers. Standard ILT can be costly, but very quick and often standard (though I¹d shop around for who you have as an instructor since that can make or break the success)! Video-based training gives a good mix of things and there are options out there. I know there¹s been one other response for CBT Nuggets, which I would definitely recommend. Take that with a grain of salt (and I¹m ok with that) since I do some work for them now. However, I would have recommended them even before I started developing training for them. :) Jeremy Cioara teaches the CCNA courses for CBT, and he is quite animated and very knowledgeable. He will definitely get all the necessary points across. In addition to the certification courses you mentioned, there are also many ³real world² variants of materials as well, which give a different slant to the teachings that you may find useful for your group. And being a subscription cost, you can watch as many different things as you¹d like rather than being limited to one course. Something worth checking out. Don¹t take my word for it, go look for yourself (or have your group do that). Cheers, Scott -Original Message- From: Colton Conor colton.co...@gmail.com Date: Sunday, November 2, 2014 at 1:02 PM To: NANOG nanog@nanog.org Subject: Cisco CCNA Training We have a couple of techs that want to learn cisco and networking in general. What do you recommend for learning and getting certified on Cisco? There seems to be a million different training courses, books, etc out there.
Re: Kind of sad
--- jmkel...@houseofzen.org wrote: From: James Michael Keller jmkel...@houseofzen.org On 11/10/2014 06:34 PM, Joe wrote: Kind of sad that the state govs don't curtail telnet,,, [root@bighughness ~]# telnet 167.240.254.155 623 Trying 167.240.254.155... Connected to external-dns1.state.mi.us (167.240.254.155). Escape character is '^]'. Username:root Password: Hopefully a honeypot / synthetic response from an IPS unit -- State gov't. I doubt it. I've seen the horrors that happen in those places... :-) scott
Re: I am about to inherit 26 miles of dark fiber. What do I do with it?
--- fkitt...@gwi.net wrote: From: Fletcher Kittredge fkitt...@gwi.net The below is a really sad story. Condolences on the coming trainwreck. I hope you get someone on staff or on consult that understands outside plant architecture, because it is much more important and complex topic than you seem to realize. - Help guide and build knowledge instead of publicly beat down. scott
Re: I am about to inherit 26 miles of dark fiber
:: Ah, the famous good-will of NANOG. But you got more of the good than the other. :: I knew I would get some interesting responses. And you got more of that than non-interesting... :-) scott
Re: Cisco CCNA Training
For vendor agnostic netgeek training there is always the NANOG Education Series: https://www.nanog.org/meetings/education/home scott
Re: Tail-F
--- colton.co...@gmail.com wrote: From: Colton Conor colton.co...@gmail.com Can do simple command like show interface so even non-network techs and CSR's can get basic is the port up or down type stats without having to directly login to the network. - Do an snmpget on the SNMP OIDs you want them to see. If they're not *nix savvy you could write a tiny shell script that'd do it for them. It won't be the output of sho int but the data will be the same. scott
Re: Cisco CCNA Training
Depends on how quickly you want them trained, and how they tend to learn things Reading is good, but can be boring and tedious and not always have all the answers. Standard ILT can be costly, but very quick and often standard (though I¹d shop around for who you have as an instructor since that can make or break the success)! Video-based training gives a good mix of things and there are options out there. I know there¹s been one other response for CBT Nuggets, which I would definitely recommend. Take that with a grain of salt (and I¹m ok with that) since I do some work for them now. However, I would have recommended them even before I started developing training for them. :) Jeremy Cioara teaches the CCNA courses for CBT, and he is quite animated and very knowledgeable. He will definitely get all the necessary points across. In addition to the certification courses you mentioned, there are also many ³real world² variants of materials as well, which give a different slant to the teachings that you may find useful for your group. And being a subscription cost, you can watch as many different things as you¹d like rather than being limited to one course. Something worth checking out. Don¹t take my word for it, go look for yourself (or have your group do that). Cheers, Scott -Original Message- From: Colton Conor colton.co...@gmail.com Date: Sunday, November 2, 2014 at 1:02 PM To: NANOG nanog@nanog.org Subject: Cisco CCNA Training We have a couple of techs that want to learn cisco and networking in general. What do you recommend for learning and getting certified on Cisco? There seems to be a million different training courses, books, etc out there.
Microsoft DNS issue
we are seeing two of Microsofts DNS servers are giving out Private IP's. Any idea who to contact to get it fixed? Thanks Scott “Two of the authoritative servers for partners.extranet.microsoft.com are giving unreachable private addresses for that domain” ##Query of dns11 gives unreachable private addresses [ ~]$ dig @*dns11.one.microsoft.com http://dns11.one.microsoft.com partners.extranet.microsoft.com http://partners.extranet.microsoft.com* ; DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-15.P2.fc19 @ dns11.one.microsoft.com partners.extranet.microsoft.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6928 ;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;partners.extranet.microsoft.com. INA ;; ANSWER SECTION: partners.extranet.microsoft.com. 9 IN A 10.251.94.19 partners.extranet.microsoft.com. 9 IN A 10.251.94.18 partners.extranet.microsoft.com. 9 IN A 10.251.67.137 partners.extranet.microsoft.com. 9 IN A 10.251.67.4 partners.extranet.microsoft.com. 9 IN A 10.251.58.95 partners.extranet.microsoft.com. 9 IN A 10.251.172.137 partners.extranet.microsoft.com. 9 IN A 10.251.172.136 partners.extranet.microsoft.com. 9 IN A 10.147.87.135 partners.extranet.microsoft.com. 9 IN A 10.251.26.13 partners.extranet.microsoft.com. 9 IN A 10.251.58.94 partners.extranet.microsoft.com. 9 IN A 10.251.172.135 partners.extranet.microsoft.com. 9 IN A 10.251.174.149 partners.extranet.microsoft.com. 9 IN A 10.147.63.134 partners.extranet.microsoft.com. 9 IN A 10.147.63.135 partners.extranet.microsoft.com. 9 IN A 10.251.26.14 partners.extranet.microsoft.com. 9 IN A 10.147.88.134 partners.extranet.microsoft.com. 9 IN A 10.147.63.136 partners.extranet.microsoft.com. 9 IN A 10.251.168.246 partners.extranet.microsoft.com. 9 IN A 10.251.58.97 partners.extranet.microsoft.com. 9 IN A 10.251.168.247 partners.extranet.microsoft.com. 9 IN A 10.251.58.96 ;; Query time: 167 msec ;; SERVER: 94.245.124.49#53(94.245.124.49) ;; WHEN: Thu Oct 23 09:01:16 PDT 2014 ;; MSG SIZE rcvd: 396 ##Query of dns13 gives unreachable private addresses [ ~]$ dig @*dns13.one.microsoft.com http://dns13.one.microsoft.com partners.extranet.microsoft.com http://partners.extranet.microsoft.com* ; DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-15.P2.fc19 @ dns13.one.microsoft.com partners.extranet.microsoft.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 47872 ;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;partners.extranet.microsoft.com. INA ;; ANSWER SECTION: partners.extranet.microsoft.com. 177 IN A 10.251.67.4 partners.extranet.microsoft.com. 177 IN A 10.251.168.246 partners.extranet.microsoft.com. 177 IN A 10.251.58.97 partners.extranet.microsoft.com. 177 IN A 10.251.168.247 partners.extranet.microsoft.com. 177 IN A 10.251.58.96 partners.extranet.microsoft.com. 177 IN A 10.251.94.19 partners.extranet.microsoft.com. 177 IN A 10.251.94.18 partners.extranet.microsoft.com. 177 IN A 10.251.174.149 partners.extranet.microsoft.com. 177 IN A 10.147.63.136 partners.extranet.microsoft.com. 177 IN A 10.251.58.95 partners.extranet.microsoft.com. 177 IN A 10.251.172.137 partners.extranet.microsoft.com. 177 IN A 10.251.172.136 partners.extranet.microsoft.com. 177 IN A 10.147.87.135 partners.extranet.microsoft.com. 177 IN A 10.251.26.13 partners.extranet.microsoft.com. 177 IN A 10.251.58.94 partners.extranet.microsoft.com. 177 IN A 10.251.172.135 partners.extranet.microsoft.com. 177 IN A 10.251.67.137 partners.extranet.microsoft.com. 177 IN A 10.147.63.134 partners.extranet.microsoft.com. 177 IN A 10.147.63.135 partners.extranet.microsoft.com. 177 IN A 10.251.26.14 partners.extranet.microsoft.com. 177 IN A 10.147.88.134 ;; Query time: 16 msec ;; SERVER: 65.55.31.17#53(65.55.31.17) ;; WHEN: Thu Oct 23 09:01:28 PDT 2014 ;; MSG SIZE rcvd: 396
Re: Netgear
Eric, You may want to be a little more specific. I know from personal experience that the divisions inside of Netgear (corporate/enterprise, direct to consumer, and service provider) don't work together nor have common infrastructure in many cases. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Oct 20, 2014 at 3:44 PM, Eric C. Miller e...@ericheather.com wrote: Is there anyone from Netgear on this list? If you could contact me off-list, it was be appreciated. Thanks! Eric Miller, CCNP Network Engineering Consultant (407) 257-5115
Re: hawaii hurricane [was] Re: fema.net dnssec issues
--- ra...@psg.com wrote: From: Randy Bush ra...@psg.com http://weather.hawaii.edu/satellite/jsanim.cgi?res=4kmchnl=irdomain=nepperiod=720incr=30rr=900banner=uhmetsatplat=goeswestoverlay=off http://www.prh.noaa.gov/cphc http://www.prh.noaa.gov/cphc/tc_graphics/2014/sat/probCP022014_141017_2030_sata.gif well, clearly it has hit the hawaii.edu site :) but all ok so far up in hawi - It hasn't gotten here yet, but it's not too bad on the northern end of the archipelago either, so DR plans seem to be getting a sort of dry run. I can't imagine a closer miss, though. http://www.ssd.noaa.gov/goes/west/cpac/flash-vis.html scott
hawaii hurricane [was] Re: fema.net dnssec issues
--- r...@seastrom.com wrote: From: Rob Seastrom r...@seastrom.com best of luck in the storm; stay dry. For anyone who has stuff in Hawaii, it's hitting the Big Island already. Now we'll see which DR plans work and which don't. ;-) http://weather.hawaii.edu/satellite/jsanim.cgi?res=4kmchnl=irdomain=nepperiod=720incr=30rr=900banner=uhmetsatplat=goeswestoverlay=off http://www.prh.noaa.gov/cphc http://www.prh.noaa.gov/cphc/tc_graphics/2014/sat/probCP022014_141017_2030_sata.gif scott
Re: Book / Literature Recommendations
On Sep 16, 2014, at 10:48 AM, James Bensley jwbens...@gmail.com wrote: What is the single best book you have read on networking? - Paper is s 20th century. C'mon, we're a decade and a half into the 21st century. :-) http://www.tcpipguide.com/free/t_toc.htm scott
Re: Fwd: Interesting problems with using IPv6
--- fergdawgs...@mykolab.com wrote: From: Paul Ferguson fergdawgs...@mykolab.com There's been a lot of on-and-off discussion about v6, especially about security and operational concerns about some aspects of IPv6 deployment, specifically regarding neighbor discovery (although there are other operational security concerns, as well). I'd like to provide this as an example of those concerns, without any additional commentary. :-) See also: http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html -- I read the article and Tim Warnock on ipv6.org.au gave a pretty good and very brief summary. Pasted here for those that don't have time to read it. :-) large L2 domain + ipv6 windows privacy extensions + some intel card bug + some mention of igmp snooping = multicast flood w/ high switch/router cpu... Of course it's worth reading and there is a lot more to the post... scott
Re: Urgent
-Original Message- Contact for God, please reach out to me offlist. Regards, -AS666 NOC -- ASN 666 is the US army. I was curious a long time ago and looked it up... ;-) scott
Re: [HFC] pooling modems in layer2
Toney, Depending on which DHCP server software you're using, its probably easier to do this kind of move with it rather than trying to build layer 2 tunnels. Since each modem MAC is added (usually) to the DHCP server you can simply run two different server instances and with the original server instance handing out ISP1 IP information and the second one handing out ISP2 addresses and info. The only gotcha is that you have to make sure your DHCP servers won't NAK unknown clients, but this is how most of the conversions I've been involved with are done. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Aug 14, 2014 at 8:48 AM, Toney Mareo halfli...@gmx.com wrote: Hello Thanks for the responses, I think it clarified a lot and I already started reading this CM-SP-L2VPN-I13-140403.pdf documentation. What I need here is that existing clients are sent through ISP1 currently and I would like to add ISP2 for future clients without interfering anything with the current operations. Then later on move the old clients over to ISP2 as well. As I see it, this can only be done on the CMTS device not after it unless it's possible to relay packets from the cable side with their original HFC macs through the CMTS. Yes indeed I do not want to setup failover or balance DHCP servers, but I want to move every new subscriber to a different pool which gets directed to a different DHCP server which then finally able to provide the modems with ips and other settings to be able to go out on ISP2. On Tue, Aug 12, 2014 at 10:23 AM, Toney Mareo halfli...@gmx.com wrote:Hello I think it's kind of an isp secret but I would be curious how do people distribute modems to pools before they would even reach the actual IP network so on layer2: http://dl.packetstormsecurity.net/papers/evaluation/docsis/Service_Distribution.jpg[http://dl.packetstormsecurity.net/papers/evaluation/docsis/Service_Distribution.jpg] Certainly not secret, DOCSIS is a very well documented protocol with most of the information being publicly available. For this I would like to get some clarification because I do not work in the telco industry. As I can figure out of the docsis, cablelabs documents. The CMTS device is connected to the coax segments through fiber. Therefore one could say that the modem facing side is a fiber optic interface but it's not 1000 Base-FX, not a regular Ethernet over fiber. It sends signals through a broad range of frequencies. While fiber is commonly used in cable plants as part of a HFC network its completely transparent from a protocol standpoint the entire communication is over RF. D3 and older uses QAM modulation and the downstream runs over normal 6 MHz channels which are the same as TV channels. So what I would like to accomplish to provide a different pool of dhcp servers, which provides different config file, tod server, router, dns etc. infos to the modems but to do all this in Layer2. Why? The operator is the only one who can tell the CMTS which DHCP server(s) to send traffic to and modern CMTSs do that as an IP relay and passes its IP address as the GIADDR. Because I advise the operator, you would think they are expert on the CMTS? Think again, I'm not an expert either but at least I learning. I don't have hands on experience with CMTS-es but I would think that they are able to pool clients by MACs and able to send eg 500 clients to DHCP server1 and the other 1500 to DHCP server2 before they would even get an IP, so I talking of pure layer2 here! Not exactly, first in nearly all cases the DHCP communication is an IP unicast rather than a layer 2 broadcast. Second, the way that the DHCP server is selected is normally based on the type of device so that modems get a specific GIADDR, CPE (PCs, routers behind modems, etc) get another one, and often the EMTA gets a third. It might be possible to do that off a count of devices, but if so it will be more of a load balancing scenario rather than these specific 500 CMs get this DHCP server. It is possible to do open access in a DOCSIS system, but its very difficult and involves creating filters in both the CMTS and CM configurations. Let's say if the CMTS device does not support this, what are the other options for routing layer2 traffic coming out of the CMTS? If I would know more about the device I would say that put a linuxbox after it (on the ISP facing nic) and mark the packets going out with arptables/ebtables then send them out of different nics to different dhcp servers. It doesn't really work that way, but the closest thing is a soft tunnel that gets used for things like transparent LAN services, carrier WiFi, and a few other use cases. http://www.cablelabs.com/wp-content/uploads/specdocs/CM-SP-L2VPN-I09-100611.pdf[http://www.cablelabs.com/wp-content/uploads/specdocs
Re: [HFC] pooling modems in layer2
The upstream channels are comparatively low (under 80 MHz) and the downstream channels are comparatively high (over 80 MHz to 800-1000 MHz depending on the system). Splitting them out is accomplished with bidirectional high and low pass filters called diplexers. The upstream spectrum is (at the moment) is 5-42 MHz in the US, though most people don't use below 20 MHz and often avoid 26-28 MHz because of interference. Let's say if the CMTS device does not support this, what are the other options for routing layer2 traffic coming out of the CMTS? I don't recommend PPPoE. :) PPPoE not supported on any of the DOCSIS 3.0 certified CMTSs except the Cisco UBR and then it must also be the termination point for the PPPoE session, though it can be part of a L2TP (LAC--LNS) handoff to another device that can handle the PPPoE termination. I will certainly agree that's its not a good technology for DOCSIS systems. If I would know more about the device I would say that put a linuxbox after it (on the ISP facing nic) and mark the packets going out with arptables/ebtables then send them out of different nics to different dhcp servers. Any suggestions are welcome. You might start by sharing a high level overview of what it is that you're trying to accomplish. If it's simply sandboxing people who haven't paid their bills, there are well-known ways to do that. If it's business services over DOCSIS, there are likewise ways to do that. Nailed it here.
Re: [HFC] pooling modems in layer2
Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Aug 12, 2014 at 10:23 AM, Toney Mareo halfli...@gmx.com wrote: Hello I think it's kind of an isp secret but I would be curious how do people distribute modems to pools before they would even reach the actual IP network so on layer2: http://dl.packetstormsecurity.net/papers/evaluation/docsis/Service_Distribution.jpg Certainly not secret, DOCSIS is a very well documented protocol with most of the information being publicly available. For this I would like to get some clarification because I do not work in the telco industry. As I can figure out of the docsis, cablelabs documents. The CMTS device is connected to the coax segments through fiber. Therefore one could say that the modem facing side is a fiber optic interface but it's not 1000 Base-FX, not a regular Ethernet over fiber. It sends signals through a broad range of frequencies. While fiber is commonly used in cable plants as part of a HFC network its completely transparent from a protocol standpoint the entire communication is over RF. D3 and older uses QAM modulation and the downstream runs over normal 6 MHz channels which are the same as TV channels. So what I would like to accomplish to provide a different pool of dhcp servers, which provides different config file, tod server, router, dns etc. infos to the modems but to do all this in Layer2. Why? The operator is the only one who can tell the CMTS which DHCP server(s) to send traffic to and modern CMTSs do that as an IP relay and passes its IP address as the GIADDR. I don't have hands on experience with CMTS-es but I would think that they are able to pool clients by MACs and able to send eg 500 clients to DHCP server1 and the other 1500 to DHCP server2 before they would even get an IP, so I talking of pure layer2 here! Not exactly, first in nearly all cases the DHCP communication is an IP unicast rather than a layer 2 broadcast. Second, the way that the DHCP server is selected is normally based on the type of device so that modems get a specific GIADDR, CPE (PCs, routers behind modems, etc) get another one, and often the EMTA gets a third. It might be possible to do that off a count of devices, but if so it will be more of a load balancing scenario rather than these specific 500 CMs get this DHCP server. It is possible to do open access in a DOCSIS system, but its very difficult and involves creating filters in both the CMTS and CM configurations. Let's say if the CMTS device does not support this, what are the other options for routing layer2 traffic coming out of the CMTS? If I would know more about the device I would say that put a linuxbox after it (on the ISP facing nic) and mark the packets going out with arptables/ebtables then send them out of different nics to different dhcp servers. It doesn't really work that way, but the closest thing is a soft tunnel that gets used for things like transparent LAN services, carrier WiFi, and a few other use cases. http://www.cablelabs.com/wp-content/uploads/specdocs/CM-SP-L2VPN-I09-100611.pdf Any suggestions are welcome.
Re: Muni Fiber and Politics
Happens all the time, which is why I asked Leo about that scenario. There are large swarths of the US and even more in Canada where that's the norm. On Aug 2, 2014 1:29 PM, Owen DeLong o...@delong.com wrote: Such a case is unlikely. On Aug 1, 2014, at 13:32, Scott Helms khe...@zcorum.com wrote: I can never see a case where letting them play at Layer 3 or above helps. That’s bad news, stay away. But I think some well crafted L2 services could actually _expand_ consumer choice. I mean running a dark fiber GigE to supply voice only makes no sense, but a 10M channel on a GPON serving a VoIP box may… Even in those cases where there isn't a layer 3 operator nor a chance for a viable resale of layer 1/2 services.
Re: Muni Fiber and Politics
I can never see a case where letting them play at Layer 3 or above helps. That’s bad news, stay away. But I think some well crafted L2 services could actually _expand_ consumer choice. I mean running a dark fiber GigE to supply voice only makes no sense, but a 10M channel on a GPON serving a VoIP box may… Even in those cases where there isn't a layer 3 operator nor a chance for a viable resale of layer 1/2 services.
Re: Greenfield Access Network
What is the ideal way to aggregate the 40 10G connections from the uplinks of the chassis? I would guess a 10G switch since 10G ports on a router would be much more expensive? Definitely aggregate into a switch first unless you want to run a Layer 3 switch as your router, which I don't recommend. Which router is recommended to handle 4 10G internet connections with full tables, and then at least 4 10G ports going back to the 10G aggregation switch? Your math is a little backwards, its very unlikely that you're going to have 40 Gbps of Internet (or other interconnection) for the router to actually have to process. What is the average provisioned speed for each of the 10k PON ports? What over subscription rate are you planning for? What, if anything, will you be carrying on net, ie bandwidth consumption that won't come from or go to the public Internet? Your own video, voice, or other service are examples of things that are often on net. In any case you're probably in the ASR family with Cisco and I can't remember the equivalent from Juniper. How do you handle IP address management? a /20 is only 4096 IP addresses, but the network would have potentially 10,000 customers. Assume that getting more space from ARIN is not an option. Is CGN an option? CGN is the option of last resort IMO, but you may have to consider it. A better approach is to see if your backbone providers will agree to give some blocks that you can announce and use those blocks for dynamic customers only. Your static IP customers should come from your direct ARIN allotment in case you need to choose a new backbone provider, which is extremely common over time. Dynamic IP addresses? DHCP? DHCP with enforcement from the shelves. All the major OLT vendors support doing this so that a customer can only use the address assigned to him by DHCP and nothing else, except for those customers that you choose to hard code. Make most of your static customers actually DHCP reservations and only hard code those that you must. How do you separate users and traffic? VLANs, Service VLANs, Per Customer VLANs, Usernames? Passwords? PPPoE? MAC Separation? Is a BRAS or BGN functionally really needed or are these older concepts? DHCP, with Option 82 logging for the circuit ID is the better path than a BRAS (PPPoE) these days. Here's a paper we put together on that topic a while back: http://www.zcorum.com/wp-content/uploads/Why-Should-I-Move-from-PPPoA-or-PPPoE-to-DHCP.pdf Depending on your OLT vendor you can either use their built in port isolation or QinQ tagging, both are reliable and scalable, just ask your vendor which is the best option for your specific gear. If CGNAT or DHCP is needed, what will host the CGNAT or DHCP service? The core router, a linux box, or something else? I wouldn't have those two services connected personally, though there are hooks for some of the CGN boxes to talk to DHCP servers. I would hope you can get another 6k addresses and avoid the need for CGN altogether. Having said that, have you tested your OLTs and ONTs for IPv6 interoperability? If they don't handle it well then you're going to have to think about alternatives like 6RD (http://en.wikipedia.org/wiki/IPv6_rapid_deployment) For DHCP at your scale you can run ISC DHCP ( http://www.isc.org/downloads/dhcp/) which is the most common open source DHCP daemon if you someone who can take care of a Linux server, parse the Option 82 information for logging, and handle the configuration of the DHCP daemon itself. Otherwise you might want to look at commercial products designed for the service provider market like Incongito's BCC and Cisco's BAC (CNR replacement) http://www.incognito.com/products/broadband-command-center/ http://www.cisco.com/c/en/us/products/cloud-systems-management/broadband-access-center/index.html What about DNS? Is a firewall needed in the core? What else is needed? There are two kinds of DNS, caching (recursive) and authoritative. The first is what your customers will use to resolve things on the Internet and the second is used to provide caching name servers on the Internet with information about domains you control (are authoritative for). The first needs good performance, availability, and scalability since your customers will use your caching name servers constantly. Most people can run BIND at your scale, again if you have someone with Linux experience, but there are other alternatives. PowerDNS has both caching and authoritative modules and there are some commercial offerings out there both as cloud hosting and local deployments. Your backbone provider will also often have caching name servers your customers can use, but the quality varies quite a bit. You can also, especially at first, leverage some of the free offerings like Google's DNS. I don't recommend firewalls for service provider networks, but you should make sure your gear can run (and is configured to do so) BCP 38. Scott Helms Vice President
Re: Greenfield Access Network
On Thu, Jul 31, 2014 at 12:07 PM, Colton Conor colton.co...@gmail.com wrote: Scott, Thanks for the long post. We will use a layer 2 10G aggregation switch then to aggregate the chassis at the core location. Do you have any recommendations on 10G switches? Not really, just stick with one of the major brands and you _should_ be fine. Yes I realize the math is a little backwards as this is all hypothetical at this point. We would provision each ONT as a shared 1Gbps offering similar to Google Fiber. We know there will be a large amount of oversubscription as no one really uses a full Gbps or anywhere close to it. I just wanted to stress the point that carrier redundancy at the 10G level would be a requirement for the core router, and it should of course have 10G links going to the uplinks on the aggregation switch. I think the Cisco ASR9k and the Juniper MX line will do well. Not sure if there are any others that can handle this level of traffic on the BGP side? That's reasonable IMO and yes, I think the Juniper MX can handle that as well as some other functions for you related to subscriber management if you want. The MX line has a full BRAS set of capabilities built into it that it inherited from the older ERX line, but they're commonly deployed without using any of them of as well. So we have a 10G aggregation switch to aggregate the chassis uplink connections, and a 10G router BGP capable router. I really liked your article on DHCP vs PPP for DSL networks. We definitely agree the way to go is with a DHCP server. A couple of items your article left as big questions: 1. The article mentioned DHCP doesn't do the other part of what PPPoE or PPPoA does, which is generate RADIUS accounting records that give us the bandwidth information. So that’s one of the main challenges in switching to a DHCP based system. So, how do you handle bandwidth tracking in an all DHCP environment then? If I want to track how many GB a customer used last month, or the average Mbps used how do you do so? There are a few ways to get at that problem. You can use Netflow/IPFIX collection to gather the usage from your router, accepting that you're only going to get information on layer 3 traffic, which generally isn't a problem. You will need to match the IPs up against your Option 82 parsing which will give you the circuit ID, IP address, and WAN MAC of the ONT. You can also poll your shelves via SNMP, CLI, TL-1, and/or Netconf to collect the data and put it into a database in much the same way you can use RADIUS accounting data. 2. I liked your option 82 example, and that works well for DSL networks where one port is tied to one customer. But how does option 82 work when you have multiple customers hanging off a GPON port? What does GPON use a subport identifier? Yep, the different vendors implement it slightly differently, usually the ONT MAC/serial will be included or the ONT ID will be included. Talk with your vendor, all the major OLT vendors are very familiar with Option 82 and in many cases they can tailor what their boxes send to make it easier for you. 3. You mentioned, DHCP is again, not a authentication protocol. So what handles authentication then if only DHCP is used, and there are no usernames and passwords? I guess for DSL networks you can enable or disable the port to allow or disallow access, and Option 82 for identification? I assume you wouldn't want to shut off the GPON OLT port if one customer wasn't paying their bill as it would affect the other customers on that port. I assume access vendors allow you to shut down the sub port or ONT in this situation for GPON? Still that seems messy having to login to a shelf or EMS system or API to an EMS system especially if you have multiple access vendors in a network. Is there a way to do authentication with DHCP? What about open networks like wifi where anyone can connect, so you don't have the ability to turn of the port or disable the end device? 4. I don't think anyone is buying a BRAS anymore, but looks like Cisco, Juniper, and ALU have what they call BGN, Broadband Subscriber Management, and other similar software. How are these different from BRAS functionality? First, if you can manage it turn on DOCSIS provisioning of your GPON network. AFAIK only Calix has announced this functionality, but I expect the others to follow suit now that there is an official effort at CableLabs to allow that. http://www.lightreading.com/cable-video/docsis/calix-launches-docsis-provisioning-of-gpon/d/d-id/709859 The notion of managing ports and profiles via (an ever changing) shelf API is one of the main reasons that telco billing systems cost so much compared to cable billing systems. If you can't swing DPoG then you're kind of stuck, either you can implement the API your vendor supplies with your billing system, manage the profile assignment manually (yuck), or just provision everyone with the same speed
Re: Greenfield Access Network
On Thu, Jul 31, 2014 at 2:25 PM, Colton Conor colton.co...@gmail.com wrote: I have read both the Juniper MX and Cisco ASR9K do support this advanced BRAS functionality, what Juniper calls Subscriber Feature Management and what Cisco calls BGN. These software functions run on the router itself, however the are not free or included with the base chassis. To enable these you must pay a hefty fee. So you are saying that these advanced feature packs that the largest networking markers in the world sell are really not needed anymore due to advancements on the access vendor side of the house? From the reading I have done about these solutions, it is kind of like PPPoE with a radius setup, but instead DHCP option 82 with a radius setup. These routers are also capable of running a local DHCP server, but I am not sure if that is recommended. Yeah, that's it in a nutshell. There are several options, like matching on Option 82 or redirecting to a web page, but at the end of the day I don't believe they're worth the time or expense. Keep in mind that earlier in my career I was a huge proponent of BRAS architecture and I've put in everything from Nortel Shasta's to Lucent Terminators, to Redbacks, to Juniper ERXs and several more models I can't remember. Once you get past the whole lack of authentication, which was never very secure, and understand that you can depend on Option 82 to tell you where a session came from physically the rest is just finding away to count and account for bits. Oh, and I never recommend running the DHCP daemon on a piece of networking gear for service providers. The DPoE DOCSIS provisioning of your GPON network is interesting, but is that really relevant for a new provider if they don't have cable CMTS systems already deployed. Sure, it makes sense for the cable compaines who have already bought billing systems and are used to living in a DOCSIS world. But if you were starting fresh from the group up are you recommending we look at GPON providers like Calix because they support DPoE so we can buy DOCIS billing systems? That is an interesting concept. I'd strongly recommend finding a vendor that says they will support it on the shelves you're going to buy even if they don't today. Even if you're not doing DOCSIS cable modems and don't ever plan to the provisioning paradigm (DHCP, TFTP, ToD) is much simpler than the proprietary north bound (usually SOAP) API that direct integration requires. You can even build your own provisioning system with a little scripting and there are many more commercial options than there are for direct integration to the shelves. On Thu, Jul 31, 2014 at 12:59 PM, Scott Helms khe...@zcorum.com wrote: On Thu, Jul 31, 2014 at 12:07 PM, Colton Conor colton.co...@gmail.com wrote: Scott, Thanks for the long post. We will use a layer 2 10G aggregation switch then to aggregate the chassis at the core location. Do you have any recommendations on 10G switches? Not really, just stick with one of the major brands and you _should_ be fine. Yes I realize the math is a little backwards as this is all hypothetical at this point. We would provision each ONT as a shared 1Gbps offering similar to Google Fiber. We know there will be a large amount of oversubscription as no one really uses a full Gbps or anywhere close to it. I just wanted to stress the point that carrier redundancy at the 10G level would be a requirement for the core router, and it should of course have 10G links going to the uplinks on the aggregation switch. I think the Cisco ASR9k and the Juniper MX line will do well. Not sure if there are any others that can handle this level of traffic on the BGP side? That's reasonable IMO and yes, I think the Juniper MX can handle that as well as some other functions for you related to subscriber management if you want. The MX line has a full BRAS set of capabilities built into it that it inherited from the older ERX line, but they're commonly deployed without using any of them of as well. So we have a 10G aggregation switch to aggregate the chassis uplink connections, and a 10G router BGP capable router. I really liked your article on DHCP vs PPP for DSL networks. We definitely agree the way to go is with a DHCP server. A couple of items your article left as big questions: 1. The article mentioned DHCP doesn't do the other part of what PPPoE or PPPoA does, which is generate RADIUS accounting records that give us the bandwidth information. So that’s one of the main challenges in switching to a DHCP based system. So, how do you handle bandwidth tracking in an all DHCP environment then? If I want to track how many GB a customer used last month, or the average Mbps used how do you do so? There are a few ways to get at that problem. You can use Netflow/IPFIX collection to gather the usage from your router, accepting that you're only going to get information on layer 3 traffic, which
Re: [OPINION] Best place in the US for NetAdmins
--- s...@donelan.com wrote: From: Sean Donelan s...@donelan.com http://www.bls.gov/oes/current/oes151142.htm http://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm -- As is usual, you come up with the coolest data on stuff. This http://www.bls.gov/oes/current/sw151142.png Annual Mean Wage of Network and Computer Systems Administrators by State, May 2013 is surprising, though. The numbers are much lower than I would expect. scott
Re: [OPINION] Best place in the US for NetAdmins
--- m...@mtcc.com wrote: From: Michael Thomas m...@mtcc.com Maybe the webrtc stuff will help this by making ad hoc communication trivial - Some work from home well and some don't. It all depends on self-discipline. However, for those that can telecommute successfully (I've done that in the past, so I have experience to speak from) easy communication of various types (text, audio, or a/v when needed) with team members is crucial. scott
Re: [OPINION] Best place in the US for NetAdmins
--- valdis.kletni...@vt.edu wrote: On Fri, 25 Jul 2014 17:52:05 -0400, Miles Fidelman said: Still DC is a nice place to live. Depends on your definition of nice. I'm perfectly OK with the fact that when I look out the window here in my office, the skyline is mostly National Forest. Not many places in DC have that going for them - Just for fun... Nice is indeed subjective. We have crap for restaurants for the most part, the only mall here is tiny, traffic is terrible and everything is expensive, so we go do free stuff like: hiking http://meteora.ucsd.edu/~iacob/photos/Kauai/napali05.jpg http://www.world-of-waterfalls.com/images/Hanakoa_060L.jpg and surfing http://media-cache-ak0.pinimg.com/736x/db/ca/ff/dbcaff7ecc0504a9278e2b804cd85122.jpg scott One day, hopefully, telecommuting really takes off, I can actually sound intelligent in an interview (I do worse than geek-attempting-to-ask-a-girl-out-for-a-date) and I get to do the job I want from here instead of struggling through what I do for work. You gain some; you lose some.
Re: Muni Fiber and Politics
That's not an excuse, its simply the political reality here in the US. There is a narrow place band on the size scale for a municipality where its politically acceptable in most places AND there is a true gap in coverage. In nearly all of the larger areas, though there are some exceptions, there is very little reason for a muni to go through the pain, and it is most certainly painful, any time a city considers any kinds of moves in this direction a certain percentage of the voters there will have the same position that Bill Herrin has written from. It takes a real need to exist in the minds of enough voters to get past that and get to a place where spending money is politically feasible. I would add that this is much harder in some parts of the country than in others and this is one of the reasons that you see muni's building layer 3 networks rather than going for a more open approach. The people involved in the bond arrangements almost invariably see having the city the layer 3 provider as more reliable path to getting repaid than an open system. On Wed, Jul 23, 2014 at 1:31 AM, mcfbbqroast . bbqro...@gmail.com wrote: The chances that a muni network in North America has both 10-20k apartments and needs to build its own fiber are pretty much non-existent. We don't have the population density that exists in much of Europe and our cities are much less dense. I'm tired of seeing these excuses in the US. New Zealand is much less dense than the US and has a good municipal style open access fiber network being built.
Re: Muni Fiber and Politics
Mikael, Its an interesting idea and I'd like to see some communities try it here. Having said that, I anticipate that B4RN style networks will run into some substantial maintenance and reliability issues over time. I love the quote in the economist from the farmer's wife who learned (assuming automated) fusion splicing, It’s only like knitting,” but that doesn't make me confident about the quality of the splices nor the cabling in general. They are also running into serious problems trying to scale and while getting 400 homes wired up is laudable, having it take more than two years is not impressive at all. B4RN is a case in point. In two years its volunteers have laid 200km of cable, and wired up around 400 homes, without any taxpayer money. http://www.economist.com/news/britain/21601265-frustrated-country-dwellers-build-their-own-internet-connections-going-underground Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Wed, Jul 23, 2014 at 8:58 AM, Mikael Abrahamsson swm...@swm.pp.se wrote: On Wed, 23 Jul 2014, Scott Helms wrote: for a more open approach. The people involved in the bond arrangements almost invariably see having the city the layer 3 provider as more reliable path to getting repaid than an open system. Another model is the one described for instance in https://www.youtube.com/watch?v=DXYaAd5ubok . This has worked successfully in Sweden as well, people getting together and putting in ducts or fiber themselves. In the countryside, people (at least in Sweden) people are used to cooperating in maintenance of roads and other things, one neighbor has a backhoe, second one has a snowplow attachment and everybody helps out. It's a lot easier to accept digging on your property when it's your neighborhood people getting together in doing something, instead of $BIGTELCO that has screwed you before and will screw you again, wanting to do the same thing. Also, after putting it in, you own the infrastructure, so it might actually be a good investment and raise your property value. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Muni Fiber and Politics
Mikael, Fiber length is least representative measure of work as it relates to putting fiber in the ground. Now, its impressive that they did anything but if a professional crew took more than a couple of months to do this they'd be out of a job. I 'd be much more impressed by a lower distance covered but more homes and businesses connected or the cabling being ready for connection (ie homes passed). Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Wed, Jul 23, 2014 at 9:26 AM, Mikael Abrahamsson swm...@swm.pp.se wrote: On Wed, 23 Jul 2014, Scott Helms wrote: They are also running into serious problems trying to scale and while getting 400 homes wired up is laudable, having it take more than two years is not impressive at all. I am impressed by it. 200km of fiber is not easy to do. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Muni Fiber and Politics
The problem is marketing/spin/lobbying is both cheaper and more effective in most scenarios. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Wed, Jul 23, 2014 at 6:55 PM, Rich Kulawiec r...@gsp.org wrote: On Wed, Jul 23, 2014 at 03:50:40PM -0500, Blake Hudson wrote: I would love to see the Verizon blog response on that... I would love to see Verizon invest the resources (both financial and personnel) that are being deployed to update their blog, lobby Congress, lobby the FCC, astroturf, issue press releases, etc. in actual real live engineering that would -- and I know this is a ridiculous concept, so bear with me -- fix the root cause of the problem. ---rsk
Re: Verizon Public Policy on Netflix
Isn't it interesting how that coincides with pay per bit (for the most part) pricing. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 10:12 AM, Ca By cb.li...@gmail.com wrote: On Jul 22, 2014 7:04 AM, Jared Mauch ja...@puck.nether.net wrote: Verizon wireless has other transits apart from 701. That's interesting that they have a different capacity management strategy for the competitive wireless market than they have for their captive landline customers. Seems market forces are making wireless a functional network without the peering brinksmanship while market failings are allowing landline to take advantage of a captive install base Sent via telepathy On Jul 22, 2014, at 9:01 AM, Ca By cb.li...@gmail.com wrote: Question: does verizon wireless have a different capacity / peering practice from verizon broadband ? Or do verizon wireless customers also suffer the same performance issue?
Re: Muni Fiber and Politics
One of the main problems with trying to draw the line at layer 1 is that its extremely inefficient in terms of the gear. Now, this is in large part a function of how gear is built and if a significant number of locales went in this direction we _might_ see changes, but today each ISP would have to purchase their own OLTs and that leads to many more shelves than the total number of line cards would otherwise dictate. There are certainly many other issues, some of which have been discussed on this list before, but I've done open access networks for several cities and _today_ the cleanest situations by far (that I've seen) had the city handling layer 1 and 2 with the layer 2 hand off being Ethernet regardless of the access technology used. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 2:13 PM, Ray Soucy r...@maine.edu wrote: IMHO the way to go here is to have the physical fiber plant separate. FTTH is a big investment. Easy for a municipality to absorb, but not attractive for a commercial ISP to do. A business will want to realize an ROI much faster than the life of the fiber plant, and will need assurance of having a monopoly and dense deployment to achieve that. None of those conditions apply in the majority of the US, so we're stuck with really old infrastructure delivering really slow service. Municipal FTTH needs to be a regulated public utility (ideally at a state or regional level). It should have an open access policy at published rates and be forbidden from offering lit service on the fiber (conflict of interest). This covers the fiber box in the house to the communications hut to patch in equipment. Think of it like the power company and the separation between generation and transmission. That's Step #1. Step #2 is finding an ISP to make use of the fiber. Having a single municipal ISP is not really what I think is needed. Having the infrastructure in place to eliminate the huge investment needed for an ISP to service a community is. Hopefully, enough people jump at the idea and offer service over the fiber, but if they don't, you need to get creative. The important thing is that the fiber stays open. I'm not a fan of having a town or city be an ISP because I know how the budgets work. I trust a town to make sure my fiber is passing light; I don't trust it to make sure I have the latest and greatest equipment to light the fiber, or bandwidth from the best sources. I certainly don't trust the town to allow competition if it's providing its own service. This is were the line really needs to be drawn IMHO. Municipal FTTH is about layer 1, not layer 2 or layer 3. That said, there are communities where just having the fiber plant won't be enough. In these situations, the municipality can do things like create an incentive program to guarantee a minimum income for an ISP to reach the community which get's trimmed back as the ISP gains subscribers. I don't think a public option is bad on the ISP side of things; as long as the fiber is open and people can choose which ISP they want. The public option might be necessary for very rural communities that can't get service elsewhere or to simply serve as a price-check, but most of us here know that a small community likely won't be able to find the staff to run its own ISP, either. TL;DR Municipal FTTH should be about fixing the infrastructure issues and promoting innovation and competition, not creating a government-run ISP to oust anyone from the market. Think about it: If you're an ISP, and you can lease fiber and equipment space (proper hut, secured, with backup power and cooling etc) for a subsidized rate; for cheaper than anything you could afford to build out; how much arm twisting would it take for you to invest in installing a switch or two to deliver service? If you're a smaller ISP, you were likely already doing this in working with telephone companies in the past (until they started trying to oust you). On Tue, Jul 22, 2014 at 11:27 AM, Aaron aa...@wholesaleinternet.net wrote: So let me throw out a purely hypothetical scenario to the collective: What do you think the consequences to a municipality would be if they laid fiber to every house in the city and gave away internet access for free? Not the WiFi builds we have today but FTTH at gigabit speeds for free? Do you think the LECs would come unglued? Aaron On 7/21/2014 8:33 PM, Miles Fidelman wrote: I've seen various communities attempt to hand out free wifi - usually in limited areas, but in some cases community-wide (Brookline, MA comes to mind). The limited ones (e.g., in tourist hotspots) have been city funded, or donated. The community-wide ones, that I've seen, have been public-private partnerships - the City provides space on light
Re: Muni Fiber and Politics
Mikael, PON versus Active Ethernet versus $topology_of_the_day makes no real difference. If you buy low port density shelves then your cost per port will be higher. BCP38 (and BCP64) have nothing to do with who is doing layer 2 since neither of those technologies pay any attention to the layer 2 network anyway. I'd be curious to see your reasoning as to why it needs to be done between layer 2 and layer 3 given that all of the access gear, including the Ethernet equipment, has layer 2 enforcement of layer 3 information like DHCP and static assignments of IP addresses. It's cleaner just to do L1 and aggregate thousands or tens of thousands of residential properties in the same place. In my experience that's simply untrue today. Trying to put multiple operator's layer 2 gear into the collocation space needed inevitably leads to that space not having enough power, rack units, or cooling and that's not considering the complaints (actual) of ISP1 accusing ISP2's tech of intentionally tripping over a cable and causing an outage for them. Keep in mind that in most places a muni network is currently feasible that muni doesn't have a telco quality wiring center in place already and where cities have the resources to build one the market usually doesn't need them to. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 2:39 PM, Mikael Abrahamsson swm...@swm.pp.se wrote: On Tue, 22 Jul 2014, Scott Helms wrote: One of the main problems with trying to draw the line at layer 1 is that its extremely inefficient in terms of the gear. Now, this is in large part a function of how gear is built and if a significant number of locales went in this direction we _might_ see changes, but today each ISP would have to purchase their own OLTs and that leads to many more shelves than the total number of line cards would otherwise dictate. There are certainly many other issues, some of which have been discussed on this list before, but I've done open access networks for several cities and _today_ the cleanest situations by far (that I've seen) had the city handling layer 1 and 2 with the layer 2 hand off being Ethernet regardless of the access technology used. Stop doing PON then. Use point to point fiber, you get 40-48 active customers per 1U. I'd imagine there might be newer platforms with even higher densities. Yes, there are many examples of L2 being used but in order to deliver triple play the L2 network won't be purely L2, also BCP38 needs it to start doing L2.5+ functions, meaning it's harder to deploy new servies such as IPv6 because now the local network needs to support it. It's cleaner just to do L1 and aggregate thousands or tens of thousands of residential properties in the same place. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Muni Fiber and Politics
Mikael, Let me see if I can clarify for you. I don't know where to start. Either you do one vlan per customer and use very expensive gear that scales this way, or you do several customers per vlan and do DHCPv4/DHCPv6 inspection (see for instance http://tools.ietf.org/wg/savi/ documents). Does this answer your question? First, QinQ VLAN scaling hasn't been a problem in about a decade nor is it hard to split out the VLANs to hand them off to other providers. Second, all of the gear vendors that I've worked with already have methods for handling source verification and port isolation if you don't want to do QinQ. Certainly any of the traditional vendors of broadband gear will have answers for this already and unless you're planning on grabbing some enterprise class shelf and jamming it with long range lasers (which most won't take) you don't have a problem. Even the Cisco ME line, which is pretty damn cheap, does this by default http://www.cisco.com/c/en/us/td/docs/switches/metro/me3400/software/release/12-2_25_seg_seg1/configuration/guide/3400scg/swtrafc.html#wp1038501 If you're aggregating 10-20k apartments in the same place, I think this warrants proper space and trained engineers to do the cabling. The chances that a muni network in North America has both 10-20k apartments and needs to build its own fiber are pretty much non-existent. We don't have the population density that exists in much of Europe and our cities are much less dense. This worked for the PSTN companies, why wouldn't it work for municipalities? The economies of scale are completely different for one thing. Second, the phone companies designed their land purchases and buildings around doing wiring centers and central offices, the cities have never had this need and most don't have a suitable building (power, cooling, and security) that isn't already occupied. That's why its _much_ easier to let the ISPs bring in some fiber and let them hold all their gear at their site. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 3:08 PM, Mikael Abrahamsson swm...@swm.pp.se wrote: On Tue, 22 Jul 2014, Scott Helms wrote: BCP38 (and BCP64) have nothing to do with who is doing layer 2 since neither of those technologies pay any attention to the layer 2 network anyway. I'd be curious to see your reasoning as to why it needs to be done between layer 2 and layer 3 given that all of the access gear, including the Ethernet equipment, has layer 2 enforcement of layer 3 information like DHCP and static assignments of IP addresses. I don't know where to start. Either you do one vlan per customer and use very expensive gear that scales this way, or you do several customers per vlan and do DHCPv4/DHCPv6 inspection (see for instance http://tools.ietf.org/wg/savi/ documents). Does this answer your question? Keep in mind that in most places a muni network is currently feasible that muni doesn't have a telco quality wiring center in place already and where cities have the resources to build one the market usually doesn't need them to. If you're aggregating 10-20k apartments in the same place, I think this warrants proper space and trained engineers to do the cabling. This worked for the PSTN companies, why wouldn't it work for municipalities? -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Muni Fiber and Politics
Owen, This specific issue has nothing to do with splitters versus all the fiber in home runs. If you buy a shelf that can support 16 ports of PON or 96 ports of Ethernet you will pay more per port than if you buy a shelf that supports 160 PON ports or 576 ports of Ethernet. If every ISP has to buy their own layer 2 gear that's what happens. If that gear has to all be hosted in a central meet point then that room will need much more power, space, and cooling. Not really... You buy OLTs on a per N subscribers basis, not on a per N potential subscribers, so while you'd have possibly Y additional shelves per area served where Y = Number of ISPs competing for that area, I don't see that as a huge problem. There are scenarios where it doesn't matter, mainly where the number of ISPs is very low. If we only have 4 service providers trying to offer services in city then the extra power and heat isn't that big of an issue and the wasted money in chassis and management cards is only in the 10s of thousands of dollars. The problem is that you very quickly, as the city, run out of a location that has suitable space, cooling, and power. Remember that each extra shelf has the same power supply and heat dissipation. OTOH, if the municipality provides only L1 concentration (dragging L1 facilities back to centralized locations where access providers can connect to large numbers of customers), then access providers have to compete to deliver what consumers actually want. They can't ignore the need for newer L2 technologies because their competitor(s) will leap frog them and take away their customers. This is what we, as consumers, want, isn't it? No, what we as consumers want is inexpensive and reliable bandwidth. How that happens very few consumers actually care about. What they do care about is the city saying we have to raise $300,000 extra dollars in bond money to build a new facility to house the ISPs who might want to collocate with us. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 4:05 PM, Owen DeLong o...@delong.com wrote: On Jul 22, 2014, at 11:26 , Scott Helms khe...@zcorum.com wrote: One of the main problems with trying to draw the line at layer 1 is that its extremely inefficient in terms of the gear. Now, this is in large part It's not, actually. The same GPON gear can be centrally located and has the same loss characteristics as it would if you put the splitters farther out. a function of how gear is built and if a significant number of locales went in this direction we _might_ see changes, but today each ISP would have to purchase their own OLTs and that leads to many more shelves than the total number of line cards would otherwise dictate. There are certainly many Not really... You buy OLTs on a per N subscribers basis, not on a per N potential subscribers, so while you'd have possibly Y additional shelves per area served where Y = Number of ISPs competing for that area, I don't see that as a huge problem. other issues, some of which have been discussed on this list before, but I've done open access networks for several cities and _today_ the cleanest situations by far (that I've seen) had the city handling layer 1 and 2 with the layer 2 hand off being Ethernet regardless of the access technology used. The problem with this approach is that it is great today, but it's a recipe for exactly the kinds of criticisms that were leveled against Ashland in earlier comments in this thread... The aging L2 setup will not be upgraded nearly as quickly as it should because there's no competitive pressure for that to happen. OTOH, if the municipality provides only L1 concentration (dragging L1 facilities back to centralized locations where access providers can connect to large numbers of customers), then access providers have to compete to deliver what consumers actually want. They can't ignore the need for newer L2 technologies because their competitor(s) will leap frog them and take away their customers. This is what we, as consumers, want, isn't it? Owen Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 2:13 PM, Ray Soucy r...@maine.edu wrote: IMHO the way to go here is to have the physical fiber plant separate. FTTH is a big investment. Easy for a municipality to absorb, but not attractive for a commercial ISP to do. A business will want to realize an ROI much faster than the life of the fiber plant, and will need assurance of having a monopoly and dense deployment to achieve that. None of those conditions apply in the majority of the US, so we're stuck with really old infrastructure delivering really slow service
Re: Muni Fiber and Politics
My experience is completely opposite though admittedly this may be because of the specific projects and cities I've worked with. In all the cases I've been involved with giving the ISPs layer 2 responsibility led to a never ending stream of finger pointing. I'd also say that just because your TDR doesn't see a reflection does not mean you have a clean path. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 5:01 PM, Mikael Abrahamsson swm...@swm.pp.se wrote: On Tue, 22 Jul 2014, Ray Soucy wrote: The equipment is what makes the speed and quality of service. If you have shared infrastructure for L2 then what exactly differentiates a service? More to the point; if that equipment gets oversubscribed or gets neglected who is responsible for it? I don't think the municipality or public utility is a good fit. I can also tell from experience in this area, that having the muni active network in between you as a customer, and the ISP, makes for no fun fault finding. The ISP is blind to what's going on, and you have a commercial relationship with the ISP. Their subcontractor, ie the L2 network, needs to assist in qualified fault management, and they usually don't have the skill and resources needed. Running an L1 network is easier because most of the time the only thing you need to understand is if the light is arriving and how much of it, and you can easily check this with a fiber light meter. Running L2 network, perhaps even with some L3 functions to make multicast etc more efficient, is not as easy to do as it might sound considering all factors. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Muni Fiber and Politics
I'll be there when I see it can be done practically in the US. I agree with you from a philosophical standpoint, but I don't see it being there yet. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 5:00 PM, Owen DeLong o...@delong.com wrote: The beauty is that if you have a L1 infrastructure of star-topology fiber from a serving wire center each ISP can decide active E or PON or whatever on their own. That's why I think it's so critical to build out colo facilities with SWCs on the other side of the MMR as the architecture of choice. Let anyone who wants to be an ANYTHING service provider (internet, TV, phone, whatever else they can imagine) install the optical term at the customer prem and whatever they want in the colo and XC the fiber to them on a flat per-subscriber strand fee basis that applies to all comers with a per-rack price for the colo space. So I think we are completely on the same page now. Owen On Jul 22, 2014, at 13:37 , Ray Soucy r...@maine.edu wrote: I was mentally where you were a few years ago with the idea of having switching and L2 covered by a public utility but after seeing some instances of it I'm more convinced that different ISPs should use their own equipment. The equipment is what makes the speed and quality of service. If you have shared infrastructure for L2 then what exactly differentiates a service? More to the point; if that equipment gets oversubscribed or gets neglected who is responsible for it? I don't think the municipality or public utility is a good fit. Just give us the fiber and we'll decided what to light it up with. BTW I don't know why I would have to note this, but of course I'm talking about active FTTH. PON is basically throwing money away if you look at the long term picture. Sure, having one place switch everything and just assign people to the right VLAN keeps trucks from rolling for individual ISPs, but I don't think giving up control over the quality of the service is in the interest of an ISP. What you're asking for is basically to have a competitive environment where everyone delivers the same service. If your service is slow and it's because of L2 infrastructure, no change in provider will fix that the way you're looking to do it. On Tue, Jul 22, 2014 at 2:26 PM, Scott Helms khe...@zcorum.com wrote: One of the main problems with trying to draw the line at layer 1 is that its extremely inefficient in terms of the gear. Now, this is in large part a function of how gear is built and if a significant number of locales went in this direction we _might_ see changes, but today each ISP would have to purchase their own OLTs and that leads to many more shelves than the total number of line cards would otherwise dictate. There are certainly many other issues, some of which have been discussed on this list before, but I've done open access networks for several cities and _today_ the cleanest situations by far (that I've seen) had the city handling layer 1 and 2 with the layer 2 hand off being Ethernet regardless of the access technology used. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 22, 2014 at 2:13 PM, Ray Soucy r...@maine.edu wrote: IMHO the way to go here is to have the physical fiber plant separate. FTTH is a big investment. Easy for a municipality to absorb, but not attractive for a commercial ISP to do. A business will want to realize an ROI much faster than the life of the fiber plant, and will need assurance of having a monopoly and dense deployment to achieve that. None of those conditions apply in the majority of the US, so we're stuck with really old infrastructure delivering really slow service. Municipal FTTH needs to be a regulated public utility (ideally at a state or regional level). It should have an open access policy at published rates and be forbidden from offering lit service on the fiber (conflict of interest). This covers the fiber box in the house to the communications hut to patch in equipment. Think of it like the power company and the separation between generation and transmission. That's Step #1. Step #2 is finding an ISP to make use of the fiber. Having a single municipal ISP is not really what I think is needed. Having the infrastructure in place to eliminate the huge investment needed for an ISP to service a community is. Hopefully, enough people jump at the idea and offer service over the fiber, but if they don't, you need to get creative. The important thing is that the fiber stays open. I'm not a fan of having a town or city be an ISP because I know how
Re: Muni Fiber and Politics
In an organization as large as Verizon there are many reasons why a policy gets changed. I'm certain that there are product guys who were saying our customers want this. I'm sure there were marketing folks saying we can build a marketing campaign around it. I am equally certain that some there were some folks, perhaps lawyers, who said this gives us a better position to argue from if we need to against Netflix. I'll be watching to see how well this roll out goes. If they didn't re-engineer their splits (or plan for symmetrical from the beginning) they could run into some problems because the total speed on a GPON port is asymmetrical, about 2.5 gbps down to 1.25 gbps up. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 21, 2014 at 1:13 PM, Jay Ashworth j...@baylink.com wrote: Is anyone else cynical enough to say FiOS going symmetrical is an attempt to blunt the pro-NetFlix argument on that point? - jra On July 21, 2014 12:46:27 PM EDT, Jason Iannone jason.iann...@gmail.com wrote: There was a muni case in my neck of the woods a couple of years ago. Comcast spent an order of magnitude more than the municipality but still lost. Anyway, follow the money. Blackburn’s largest career donors are .. PACs affiliated with ATT ... ($66,750) and Comcast ... ($36,600). ... Blackburn has also taken $56,000 from the National Cable Telecommunications Association. http://www.muninetworks.org/content/media-roundup-blackburn-amendment-lights-newswires In other news, FIOS has gone symmetrical. http://newscenter.verizon.com/corporate/news-articles/2014/07-21-fios-upload-speed-upgrade/ On Mon, Jul 21, 2014 at 8:20 AM, Jay Ashworth j...@baylink.com wrote: Over the last decade, 19 states have made it illegal for municipalities to own fiber networks -- encouraged largely, I am told, by Verizon and other cable companies/MSOs[1]. Verizon, of course, isn't doing any new FiOS deployments, per a 2010 press release[2]. FCC Chair Tom Wheeler has been making noises lately that he wants the FCC to preempt the field on this topic, making such deployments legal. Congressional Republicans think that's a bad idea: http://www.vox.com/2014/7/20/5913363/house-republicans-and-obamas-fcc-are-at-war-over-city-owned-internet [ and here's the backgrounder on the amendment: http://www.broadcastingcable.com/news/washington/blackburn-bill-would-block-fcc-preemption/132468 ] While I generally try to avoid bringing up topics on NANOG that are political; this one seems to be directly in our wheelhouse, and unavoidably political. My apologies in advance; let's all try to be grownups, shall we? Cheers, -- jra [1] http://motherboard.vice.com/read/hundreds-of-cities-are-wired-with-fiberbut-telecom-lobbying-keeps-it-unused [2] https://secure.dslreports.com/shownews/Verizon-Again-Confirms-FiOS-Expansion-is-Over-118949 -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: Muni Fiber and Politics
Bill, I've certainly seen poor execution from public operators, but I have also seen several that were well run and over the course of years (in one case decades). They're not right in all cases, but to simply say it can't be done well is false. Now, we do have to be sensitive to public -- private competition but in cases where there is already a monopoly or even worse no broadband service I can't see how keeping muni's out helps consumers. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 21, 2014 at 2:38 PM, William Herrin b...@herrin.us wrote: On Mon, Jul 21, 2014 at 10:20 AM, Jay Ashworth j...@baylink.com wrote: Over the last decade, 19 states have made it illegal for municipalities to own fiber networks Hi Jay, Everything government does, it does badly. Without exception. There are many things government does better than any private organization is likely to sustain, but even those things it does slowly and at an exorbitant price. Muni fiber is a competition killer. You can't beat city hall; once built it's not practical to compete, even with better service, so residents are stuck with only the overpriced (either directly or via taxes), usually underpowered and always one-size-fits-all network access which results. As an ISP I watched something similar happen in Altoona PA a decade and a half ago. It was a travesty. The only exception I see to this would be if localities were constrained to providing point to point and point to multipoint communications infrastructure within the locality on a reasonable and non-discriminatory basis. The competition that would foster on the services side might outweigh the damage on the infrastructure side. Like public roads facilitate efficient transportation and freight despite the cost and potholes, though that's an imperfect simile. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ Can I solve your unusual networking challenges?
Re: Muni Fiber and Politics
Jay, I really doubt that the guys who designed Verizon's access network had anything to do or say about their peering nor do I believe there was a cross departmental design meeting to talk about optimal peering to work with the access technology. The group responsible for peering and other transit operations and planning probably pre-dated FiOS being at scale by decades. Asymmetrical networks from telecom operators is and has been the norm world wide for a very long time. We're only now getting to a place where that consideration is even being talked about and even now none of the common approaches for access give symmetrical traffic except for Ethernet. I'd like to see EPON more common, but the traditional telco vendors either don't offer it or its just now becoming available. Again, I have no doubt that _after the fact_ someone at Verizon said that this is a good because it helps with the Netflix flap, but drawing causality between their prior asymmetrical offering and the way they went after transit is a mistake IMO. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 21, 2014 at 3:31 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Christopher Morrow morrowc.li...@gmail.com On Mon, Jul 21, 2014 at 1:28 PM, Scott Helms khe...@zcorum.com wrote: I am equally certain that some there were some folks, perhaps lawyers, who said this gives us a better position to argue from if we need to against Netflix. wasn't this part of the verizon network specifically NOT the red part in the verizon blog? (so I'm unclear how this change is in any way related to verizon/netflix issues) I made the argument, so I'll clarify. One of the arguments which was put up for why this was Verizontal's problem was that they should have *understood* that if they deployed an eyeball network which was *by design* asymmetrical downhill, that that's how their peering would look too -- asymmetrical incoming; the thing they're complaining about now. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Muni Fiber and Politics
Bill, If your issues are common in your town then getting the attention of city/town hall ought to be pretty damn easy, I've had to do so myself. If its just your neighborhood it still ought not be very hard. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 21, 2014 at 4:04 PM, William Herrin b...@herrin.us wrote: On Mon, Jul 21, 2014 at 3:57 PM, Scott Helms khe...@zcorum.com wrote: I'd say your experience is anomalous. I don't know which township you're in, but I'd suggest you focus on getting a set of more effective local officials. Sure, 'cause fixing local utility problems at the voting booth has a long and studied history of success. Who do I vote for? The officials that allow rate increases and, when the utilities fail to fix the problems, allow more rate increases? Or the officials who refuse rate increases so that the utilities can't afford to fix the problems? Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ Can I solve your unusual networking challenges?
Re: BGP Session
Fundamental routing training would greatly help you here. I would suggest looking for that. If you are not peering with TATA, then your routes would not go to TATA first. (unless the next-hop is indirect and that brings up other fundamental routing things that you should learn about) AS13335 is not TATA. So if this is what your provider gave you, one first assumes you¹d be directly connected to them (that¹s one of the rules in BGP¹s RFC for external connections).. If you have multiple providers, you may have multiple peers. Each one would give you information. But like others have stated, I would strongly suggest you stop your testing for the moment and either hire someone to help or take some time to learn the basics on there. Otherwise, successful or not, your testing will really have no meaning to you. Just my two cents. Scott -Original Message- From: Abuse Contact stopabuseandrep...@gmail.com Date: Saturday, July 19, 2014 at 1:12 PM To: Jonathan Lassoff j...@thejof.com Cc: nanog@nanog.org nanog@nanog.org Subject: Re: BGP Session Yeah, we're using it for an anycasted node but like, I'm confused on certain parts like, just a really basic question. When doing things like conf t router bgp AS1337 neighbor 208.54.128.0 remote-as AS13335 neighbor 208.54.128.0 description BGP with Upstream neighbor 208.54.128.0 password lolpass address-family ipv4 no synchronization neighbor 208.54.128.0 activate neighbor 208.54.128.0 soft-reconfiguration inboung I'm confused on when doing this, would I need to state like First go to AS13335 then go to TATA then go to my server or would it just automatically do that or would my provider do that? I'm confused on that. how would I state multiple peers.? On Sat, Jul 19, 2014 at 10:06 AM, Jonathan Lassoff j...@thejof.com wrote: An Anycasting node. For example, as part of a reliable DNS service. A /24 is usually the smallest prefix length that is portably accepted. Also, applications where connections need to appear to be coming from many source IPs. On Saturday, July 19, 2014, Suresh Ramasubramanian ops.li...@gmail.com wrote: A single linux box with a whole /24 on it? What sort of use case is that, BTW? On 19-Jul-2014 10:26 pm, Abuse Contact stopabuseandrep...@gmail.com wrote: I know, the DC is going to be giving me a BGP session on their router so I can set it up, I'm not using a Linux server as a router. On Sat, Jul 19, 2014 at 9:04 AM, William Herrin b...@herrin.us wrote: On Wed, Jul 16, 2014 at 4:05 AM, Abuse Contact stopabuseandrep...@gmail.com wrote: So I just purchased a Dedicated server from this one company and I have a /24 IPv4 block that I bought from a company on WebHostingTalk, but I am clueless on how to setup the /24 IPv4 block using the BGP Session. I want to set it up to run through their network as if it was one of their IPs, etc. I keep seeing things like iBGP (which I think means like a inner routing BGP) and eBGP (what I'm talking about??) but I have no idea how to set those up or which one I would need. Howdy, Unless you have (1) a real router available, not a just a server and (2) an expert available to help you with your first BGP configuration I strongly recommend you simply ask your service provider to announce the /24 to the Internet on your behalf. Server-based BGP software like Quagga for Linux is reasonably good but it should absolutely not be involved in your _first_ attempt to connect with the Internet's default-free zone. Simple mistakes with eBGP can cause tremendous damage to other folks on the Internet. Trial and error is simply not OK. If it isn't worth it to you to buy a BGP-capable router then you also aren't prepared to make the investment in learning it takes to use BGP without causing harm. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ Can I solve your unusual networking challenges?
Re: Net Neutrality...
Here is the actual document for defining what the federal government considers to be an ETC. Keep in mind that state level boards actually make the designation based on these, and potentially state level regulations, so there is some variation based on the state(s) you operate in. Having said, that the requirements have not seemed overly onerous to us where we have considered them, which certainly isn't all 50 states. https://apps.fcc.gov/edocs_public/attachmatch/FCC-05-46A1.pdf 20. As described above, ETC applicants must meet statutorily prescribed requirements before we can approve their designation as an ETC.46 Based on the record before us, we find that an ETC applicant must demonstrate: (1) a commitment and ability to provide services, including providing service to all customers within its proposed service area; (2) how it will remain functional in emergency situations; (3) that it will satisfy consumer protection and service quality standards; (4) that it offers local usage comparable to that offered by the incumbent LEC; and (5) an understanding that it may be required to provide equal access if all other ETCs in the designated service area relinquish their designations pursuant to section 214(e)(4) of the Act.47 As noted above, these requirements are mandatory for all ETCs designated by the Commission. ETCs designated by the Commission prior to this Report and Order will be required to make such showings when they submit their annual certification filing on October 1, 2006. We also encourage state commissions to apply these requirements to all ETC applicants over which they exercise jurisdiction. We do not believe that different ETCs should be subject to different obligations, going forward, because of when they happened to first obtain ETC designation from the Commission or the state. These are responsibilities associated with receiving universal service support that apply to all ETCs, regardless of the date of initial designation. Its also worth noting that you do _not_ have to offer voice or life line services according the federal guidelines. 3947 U.S.C. § 214(e)(1)(A). The services that are supported by the federal universal service support mechanisms are: (1) voice grade access to the public switched network; (2) local usage; (3) Dual Tone Multifrequency (DTMF) signaling or its functional equivalent; (4) single-party service or its functional equivalent; (5) access to emergency services, including 911 and enhanced 911; (6) access to operator services; (7) access to interexchange services; (8) access to directory assistance; and (9) toll limitation for qualifying low-income customers. See 47 C.F.R. § 54.101. While section 214(e)(1) requires an ETC to “offer” the services supported by the federal universal service support mechanisms, the Commission has determined that this does not require a competitive carrier to actually provide the supported services throughout the designated service area before designation as an ETC. Federal-State Joint Board on Universal Service; Western Wireless Corporation Petition for Preemption of an Order of the South Dakota Public Utilities Commission, Declaratory Ruling, CC Docket No. 96-45, 15 FCC Rcd 15168, 15172-75, paras. 10- 18 (2000), recon. pending (Section 214(e) Declaratory Ruling). That was once a requirement that kept most WISPs from being able to participate, but is no longer. I don't personally see a large hurdle for WISPs in the federal language and I work with 4 I know of that have ETC status in 3 different states. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 15, 2014 at 9:53 PM, Bob Evans b...@fiberinternetcenter.com wrote: I think your point needs to be explained. Because anything gnment is riddled will large carrier benefiting. Look at the school discounts for internet services...pretty much just for LECs. Thank You Bob Evans CTO I have stayed out of much of this, but can't help myself. Along with everything else, you are seriously misinformed about the process of becoming an ETC. It is not onerous. Please stop. You are giving rural ISPs a bad reputation. On Tue, Jul 15, 2014 at 7:57 PM, Brett Glass na...@brettglass.com wrote: At 05:06 PM 7/15/2014, Rubens Kuhl wrote: Do you see Connect America Fund, the successor to Universal Service Fund, as a threat to US rural WISPs or as the possible solution for them ? It's a major threat to rural WISPs and all competitive ISPs. Here's why. The FCC is demanding that ISPs become Eligible Telecommunications Carriers, or ETCs, before they can receive money from it. An ETC is a telephone company which is regulated under the mountain of regulations, requirements, and red tape of Title II of the Telecomm Act. It has to report to both state regulatory agencies AND the FCC. It's a classification that doesn't
Re: Inevitable death, was Re: Verizon Public Policy on Netflix
Matt, IP address portability isn't really a problem, but I understand your point of view a bit better. One of the things we figured out is that ARIN allows for non-connected operators to reallocate blocks. It does frequently confuse whoever the ISP is getting their tier 1 connectivity from and its even worse if they get connectivity from smaller providers, but it does effectively allow the ISP to have portable space without having an ASN. Frequently the smaller operators are happy to have a /23 of portable space so they can use that for their static IP customers and deal with the change of addressing for everyone else. Please note, this is not a money making operation for us. Its something we started doing in ~2003 to avoid having to constantly renumber networks and disrupt business accounts while allowing the ISPs to shop new bandwidth providers when they became available. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 14, 2014 at 9:47 PM, Matthew Petach mpet...@netflight.com wrote: On Mon, Jul 14, 2014 at 4:32 PM, Scott Helms khe...@zcorum.com wrote: Matt, While I understand your point _and_ I agree that in most cases an ISP should have an ASN. Having said that, I work with multiple operators around the US that have exactly one somewhat economical choice for connectivity to the rest of the Internet. In that case having a ASN is nice, but serves little to no practical purpose. For clarity's sake all 6 of the ones I am thinking about specifically have more than 5k broadband subs. And as long as they're happy with their single upstream connectivity picture, more power to them. But the minute they're less than happy with their connectivity option, it would sure be nice to have their own ASN and their own IP space, so that going to a different upstream provider would be possible. Heck, even just having it as a *bargaining point* would be useful. By not having it, they're essentially locking the slave collar around their own neck, and handing the leash to their upstream, along with their wallet. As a freedom-of-choice loving person, it boggles my mind why anyone would subject their business to that level of slavery. But I do acknowledge your point, that for some category of people, they are happy as clams with that arrangement. I continue to vehemently disagree with the notion that ASN = ISP since many/most of the ASNs represent business networks that have nothing to do with Internet access. Oh, yes; totally agreed. It's a one-way relationship in my mind; it's nigh-on impossible to be a competitive ISP without an ASN; but in no way shape or form does having an ASN make you an ISP. Thanks! Matt
Re: Net Neutrality...
Steve, I'd question you're use of the word rural if this statement is accurate, Yes, a LEC may control the last mile but I can usually get circuits from a lot of carriers. A company I work for has over 50 locations mostly in rural areas and we do not have much problem getting Sprint and CenturyLink access circuits to them regardless of location. In fact, we have never found a location in the US that I can't get both of those carrier to deliver to us. Perhaps you've just been lucky or your economics are different, but I can (off list) provide you with lots of locations in the US that neither of those operators, much less both, can reach. Perhaps more importantly the economics are such that one and only one tier 2 (sometimes tier 2/3) operator is available. I work with an ISP in west Texas who has been waiting on an ATT build out for nearly 14 months to be able to buy bandwidth from anyone because there is no remaining capacity on the SONET network and no other operator has any physical facilities in the area. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 15, 2014 at 11:19 AM, Naslund, Steve snasl...@medline.com wrote: I don't believe either of those points. I will grant you that the LECs are near monopolies in some rural areas, but these are few and far between. Yes, a LEC may control the last mile but I can usually get circuits from a lot of carriers. A company I work for has over 50 locations mostly in rural areas and we do not have much problem getting Sprint and CenturyLink access circuits to them regardless of location. In fact, we have never found a location in the US that I can't get both of those carrier to deliver to us. In a lot of areas there is also a cable provider available. Residential users have somewhat more limited options but you do always have the option of deciding where to live. Most of us in this group would consider the broadband options available to them before they move. Being a content provider has very little to do with market forces. Comcast is, of course, a major content provider and access provider but if they limit their customer's access to Netflix (which they have been accused of) the customers will still react to that. The content providing access provider has to know that no matter how good their content is, they are not the only source and their customers will react to that. I think the service providers are sophisticated enough to know that and they will walk the fine line of keeping their customer happy while trying to promote their own content. It is like saying a Ford dealer does not want to change the oil on your Chevy, sure they would like for you to have bought from them but they will take what they can get. Steven Naslund Steve, the key piece you're missing here is that the major broadband providers are both - near-monopolies in their access areas - content providers Not a situation where market forces can work all that well. Miles Fidelman
Re: Inevitable death, was Re: Verizon Public Policy on Netflix
Brett, You should investigate TVWS ( http://en.wikipedia.org/wiki/White_spaces_(radio) it works extremely well in your kind of scenario and at a minimum will solve your over the air data rate challenges. The release of TVWS has provided WISPs in rural areas with almost 1 GHz of unlicensed space and it goes much further than the other unlicensed bands like ISM and UNII. Technically the same amount of frequency was released for everyone, but in urban/suburban markets much more is already taken by licensed over the air TV broadcasters and wireless microphones, both as licensed users have absolute rights to the frequencies they're using. If you want to know vendors that supply the gear, since most of the BWA guys haven't grabbed it yet, let me know and I'll send what I have off list. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Tue, Jul 15, 2014 at 1:28 PM, Brett Glass na...@brettglass.com wrote: At 09:30 AM 7/15/2014, Baldur Norddahl wrote: If that is the case, how would peering with Netflix help you any? It would not, and that is the point. Netflix' peering scheme (again, I take issue with the use of the term) doesn't help ISPs with high backhaul costs. Measures to reduce the amount of bandwidth that Netflix wastes, via uncached unicast streaming, would. But (and this is the point of the message which started this thread) they are sitting pretty as a monopoly and do not feel a need to work with ISPs to solve this problem. It's frustrating and is causing us to look for workarounds -- including going as far as to found a competing streaming service that is more ISP-friendly. I took a look at your plans at http://www.lariat.net/rates.html. You use the Netflix brand in your advertising (in the flyer) We don't use their brand, but do mention them as an example of a company that provides streaming media. (We also mention YouTube, Hulu, and Amazon Prime.) It's natural for them to be on that list because they have such a large market share that they qualify as a monopoly. They are attempting to leverage their market power against ISPs instead of working with us, which is a shame. Again, a customer of a small rural ISP ought to be every bit as valuable to them as a Comcast customer. We should receive at least the amount per customer that Comcast receives, especially because our costs are higher. but none of your plans are actually fast enough to provide Netflix service (up to 6 Mbps per stream for Super HD). Netflix itself claims that you need only half a megabit to stream. (Whether that claim is accurate is another matter, but that is what they themselves say.) Selling 1 Mbps is just not going to do it going forward, not even in rural areas. Unfortunately, due to the cost of backhaul (which the FCC is doing nothing about; it has refused to deal with the problem of anticompetitive price gouging on Special Access lines), that's what we can offer. The FCC has also failed to release enough spectrum (Shannon's Law) to allow us to provide much more to the average user; we have to budget access point bandwidth carefully. We do what we can and price as best we can. Most of our customers, given a choice of possible levels of service, choose 1 Mbps and in fact are satisfied with that because the quality is high. Remember, due to Van Jacobson's algorithm, a 10 Mbps TCP session that drops packets slows down (by a factor of 2 for each dropped packet!) to a net throughput of less than 1 Mbps very quickly. So, we concentrate on quality and our customers have a very good experience. Usually better than with cable modem connections with much higher claimed speeds. We're used to doing a lot with a little and watching every penny. But Netflix doesn't have the same attitude. It wastes bandwidth. Rural ISPs and their customers cannot afford to cover the cost of that waste. I can say how we solve the backhaul problem. We only lease dark fiber and then put our own 10 Gbps equipment on it. We can upgrade that any day to 40G, 100G or whatever we need, without any additional rent for the fiber. Nice if you can do that. We have not been able to obtain affordable dark fiber in our area. Given your expertise seems to be wireless links, you could also backhaul using Ubiquiti Airfiber: http://www.ubnt.com/airfiber/airfiber5/ That Ubiquiti radio reaches at most one mile reliably due to rain fade. Most of our links go much farther. Wireless is our specialty and we do know our options; we use carefully selected and engineered microwave and millimeter wave links throughout our network. Being a WISP is not easy; it employs every skill I've acquired throughout my entire life and is constantly challenging me to improve and learn more. --Brett Glass
Re: Inevitable death, was Re: Verizon Public Policy on Netflix
Benson, The difference, and its a large one, is that the large operators have no interest in building in the less dense rural (and sometimes suburban) areas. The smaller operators are often the only provider in the area and unlike a bookstore if someone wants broadband in an area they can't drive to a larger town and bring a bagful home the way we can with books. There are a few potential paths forward that I can see and I'm sure there are more that others can identify: 1) Various governmental funding sources like CAF subsidize the market enough for smaller operators to continue to get by. 2) CAF and other funding make rural territories profitable enough that the large operators buy many/most/all of the smaller providers. 3) Prices for rural customers increase to cover the increased costs. 4) Content providers contribute $some_amount to help cover the costs of connectivity. 5) Operators in rural markets fall further behind making rural markets even less attractive and that contributes the trend of rural to urban migration here in the US. Of course a combination of these is also possible or local governments could get more involved, but these look to be the most likely in no real order. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 14, 2014 at 12:08 PM, Benson Schliesser bens...@queuefull.net wrote: Thanks for adding this perspective, Barry. I think it's realistic. But I also think it might miss an orthogonally connected issue - this isn't just about bandwidth, but about commoditization, consolidation, size etc. It may be that small ISPs just can't compete (at least in the broader market) as the market evolves. Similar to how I was disappointed by the loss of my local bookstore, but still buy all my stuff from Amazon. ... I hear Brett essentially asking for Netflix to do more for him than it does for big ISPs, because his small rural business model can't compete with the big guys. Thoughts? Cheers, -Benson On Jul 13, 2014 3:59 PM, Barry Shein b...@world.std.com wrote: Just an observation: I've been on the internet since dirt was rocks. It seems to me that one theme which has come up over and over and over is that some new-ish technology demands more bandwidth than whatever it was people were doing previously and as it popularizes people begin fighting. In the early 80s it was downloading the host table, could people please try NOT to all download via a script at exactly midnight!!! Then it was free software in the eighties, did WSMR et al really have a RIGHT to become a magnet for such popular program downloads?! And graphic connection to remote super-computer centers. Could the images please be generated locally and downloaded off hours (whatever off hours meant on the internet) or even shipped via tape etc rather than all these real-time graphical displays running???!!! Hey, the BACKBONE was 56kb. Then Usenet, and images, particularly, oh, explicit images because OMG imagine if our administration found out our link was slow because students (pick a powerless political class to pick on and declare THEIR use wasteful) were downloading...um...you know. And games OMG games. I remember sitting in an asst provost's office in the 80s being lectured about how email was a complete and total waste of the university's resources! Computers were for COMPUTING (he had a phd in physics which is where that was coming from.) And the public getting on the internet (ahem.) On and on. Now it's video streaming. And then the bandwidth catches up and it's no big deal anymore. And then everyone stops arguing about it and goes on to the next thing to argue about. Probably will be something in the realm of this Internet of Things idea, too many people conversing with their toaster-ovens. My comment has always been the same: There are two kinds of people in this world: Those who try to figure out how bake more bread, and those who herd people into bread lines. I've always tried to be the sort of person who tries to figure out how to bake more bread. This too shall pass. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Inevitable death, was Re: Verizon Public Policy on Netflix
Matt, While I understand your point _and_ I agree that in most cases an ISP should have an ASN. Having said that, I work with multiple operators around the US that have exactly one somewhat economical choice for connectivity to the rest of the Internet. In that case having a ASN is nice, but serves little to no practical purpose. For clarity's sake all 6 of the ones I am thinking about specifically have more than 5k broadband subs. I continue to vehemently disagree with the notion that ASN = ISP since many/most of the ASNs represent business networks that have nothing to do with Internet access. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Mon, Jul 14, 2014 at 6:12 PM, Matthew Petach mpet...@netflight.com wrote: On Mon, Jul 14, 2014 at 1:42 PM, George Herbert george.herb...@gmail.com wrote: On Jul 14, 2014, at 10:41 AM, Matthew Petach mpet...@netflight.com wrote: Brett's concerns seem to center around his ability to be cost-competitive with the big guys in his area...which implies there *are* big guys in his area to have to compete with. He 's running wireless links, from web and prior info as I recall. His key business seems to be outside the cable tv / DSL wire loop ranges from wire centers. The bigger services seem to have fiber into Laramie, and Brett seems to have fiber to that Denver exchange pointlet . Why he's not getting fiber to a bigger exchange point or better transit is unclear. There are bandwidth reseller / BGP / interconnect specialist ISPs out there who live to fix these things, if there's anything like a viable customer base... Ah--right, that was the genesis of my rant about if you don't have an ASN, you don't exist. He'd first have to get an ASN before he could engage in getting a different upstream transit, or connect to different exchange points, etc. As much as people insisted you can be an ISP without an AS number, I will note that it's much, MUCH harder, to the point where the ARIN registration fees for the AS number would quickly be recouped by the cost savings of being able to shop for more competitive connectivity options. Matt George William Herbert Sent from my iPhone
Re: Verizon Public Policy on Netflix
Matt, That's simply not true, if it were then several million US subscribers wouldn't have access to the Internet at all. There are _lots_ of small providers that serve rural America (and Canada) that have gotten their IPs from their transit provider rather than ARIN, are single homed, and have never considered getting an ASN because it doesn't do anything for them. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 12:31 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jul 10, 2014 at 8:46 PM, Jima na...@jima.us wrote: [...] I guess I'm just glad that my home ISP can justify anteing up for a pipe to SIX, resources for hosting OpenConnect nodes, and, for that matter, an ASN. Indeed, not everyone can. Jima I'm sorry. If your ISP doesn't have an ASN, it's not an ISP. Full stop. There *are* some fundamental basics that are necessary to function as an ISP; having an AS number and being able to speak BGP are pretty much at the top of the list. If you cannot manage to obtain and support an AS number as an ISP, it is probably time to consider closing up shop and finding another line of work. Matt
Re: Verizon Public Policy on Netflix
Owen, That's because you're not thinking about the geography involved. Where possible the smaller operators often do form groups and partnerships, but creating networks that serve more than a 3-4 operators often means covering more distance than if the operators simply go directly to the tier 1 ISP individually. There have been many attempts at creating networks that provide that kind of service but the economics are often bad. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 12:50 PM, Owen DeLong o...@delong.com wrote: On Jul 10, 2014, at 8:46 PM, Jima na...@jima.us wrote: On 2014-07-10 19:40, Miles Fidelman wrote: From another list, I think this puts it nicely (for those of you who don't know Brett, he's been running a small ISP for years http://www.lariat.net/) While trying to substantiate Mr. Glass' grievance with Netflix regarding their lack of availability to peer, I happened upon this tidbit from two months ago: http://dewaynenet.wordpress.com/2014/04/29/re-netflix-inks-deal-with-verizon-wont-talk-to-small-isps/ As for Mr. Woodcock's point regarding a lack of http://lariat.net/peering existing, https://www.netflix.com/openconnect/locations doesn't seem to do what I'd expect, either, although I did finally find the link to http://www.peeringdb.com/view.php?asn=2906 . To Mr. Glass' point, I'm not seeing any way the listed PoPs could feasibly be less than 900 wire-miles from Laramie -- to be fair, cutting across open land is a bad joke at best. Life is rough in these fly-over states (in which I would include my current state of residence); the closest IXes of which I'm aware are in Denver and SLC (with only ~19 and 9 peers, respectively). Either of those would be a hard sell for Netflix, no doubt about it. I guess I'm just glad that my home ISP can justify anteing up for a pipe to SIX, resources for hosting OpenConnect nodes, and, for that matter, an ASN. Indeed, not everyone can. Jima I’m always surprised that folks at smaller exchanges don’t form consortiums to build a mutually beneficial transit AS that connects to a larger remote exchange. For example, if your 19 peers in Denver formed a consortium to get a circuit into one (or more) of the larger exchanges in Dallas, Los Angeles, SF Bay Area, or Seattle with an ASN and a router at each end, the share cost of that link an infrastructure would actually be fairly low per peer. Owen
Re: Verizon Public Policy on Netflix
Matt, They're providing DSL, cable modem, BWA, or FTTx access to residential and business customers. They belong to various service provider associations and they're generally the only ISPs in the areas they serve. They're ISPs by every definition including the FCC's. Having an ASN does _not_ make you an ISP as most of the organizations that have one are not, nor would they class themselves that way. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 2:55 PM, Matthew Petach mpet...@netflight.com wrote: Sure. We call those companies resellers. Or, if they actually do bring some additional value to the table, they're VARs. Not ISPs. Matt On Jul 11, 2014 10:37 AM, Scott Helms khe...@zcorum.com wrote: Matt, That's simply not true, if it were then several million US subscribers wouldn't have access to the Internet at all. There are _lots_ of small providers that serve rural America (and Canada) that have gotten their IPs from their transit provider rather than ARIN, are single homed, and have never considered getting an ASN because it doesn't do anything for them. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 12:31 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jul 10, 2014 at 8:46 PM, Jima na...@jima.us wrote: [...] I guess I'm just glad that my home ISP can justify anteing up for a pipe to SIX, resources for hosting OpenConnect nodes, and, for that matter, an ASN. Indeed, not everyone can. Jima I'm sorry. If your ISP doesn't have an ASN, it's not an ISP. Full stop. There *are* some fundamental basics that are necessary to function as an ISP; having an AS number and being able to speak BGP are pretty much at the top of the list. If you cannot manage to obtain and support an AS number as an ISP, it is probably time to consider closing up shop and finding another line of work. Matt
Re: Verizon Public Policy on Netflix
Matt, No one said anything of the sort and now you're trying to redirect. You said, There *are* some fundamental basics that are necessary to function as an ISP; having an AS number and being able to speak BGP are pretty much at the top of the list. This is false, that's all I said nothing less and nothing more. I never made any statement about this list nor do you hear very many of the folks who work at those companies on here. My company has several ASNs for both historical and operational reasons, all I am pointing out is that you're taking a more limited view of what an ISP is in an eyeball network context and that view is inaccurate. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 3:42 PM, Matthew Petach mpet...@netflight.com wrote: I'm sorry. This is a networking mailing list, not a feel-good-about-yourself mailing list. From the perspective of the internet routing table, if you don't have your own AS number, you are completely indistinguishable from your upstream. Period. As far as BGP is concerned, you don't exist. Only the upstream ISP exists. Matt On Jul 11, 2014 12:33 PM, Scott Helms khe...@zcorum.com wrote: Matt, They're providing DSL, cable modem, BWA, or FTTx access to residential and business customers. They belong to various service provider associations and they're generally the only ISPs in the areas they serve. They're ISPs by every definition including the FCC's. Having an ASN does _not_ make you an ISP as most of the organizations that have one are not, nor would they class themselves that way. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 2:55 PM, Matthew Petach mpet...@netflight.com wrote: Sure. We call those companies resellers. Or, if they actually do bring some additional value to the table, they're VARs. Not ISPs. Matt On Jul 11, 2014 10:37 AM, Scott Helms khe...@zcorum.com wrote: Matt, That's simply not true, if it were then several million US subscribers wouldn't have access to the Internet at all. There are _lots_ of small providers that serve rural America (and Canada) that have gotten their IPs from their transit provider rather than ARIN, are single homed, and have never considered getting an ASN because it doesn't do anything for them. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Jul 11, 2014 at 12:31 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jul 10, 2014 at 8:46 PM, Jima na...@jima.us wrote: [...] I guess I'm just glad that my home ISP can justify anteing up for a pipe to SIX, resources for hosting OpenConnect nodes, and, for that matter, an ASN. Indeed, not everyone can. Jima I'm sorry. If your ISP doesn't have an ASN, it's not an ISP. Full stop. There *are* some fundamental basics that are necessary to function as an ISP; having an AS number and being able to speak BGP are pretty much at the top of the list. If you cannot manage to obtain and support an AS number as an ISP, it is probably time to consider closing up shop and finding another line of work. Matt
Re: No topic -- Photo in its context might be interesting...
--- larryshel...@cox.net wrote: http://media.englishrussia.com/022013/icebcomm/icebreakercommunicationsystems001-37.jpg In an article titled Do they have Internet on the Icebreaker? --- I get: 403 Forbidden nginx/1.0.15 -- http://englishrussia.com/wp-content/plugins/ttftitles/cache/3682a941fcfa4ee69e6f5e5e9729de4e.png not much there. -- http://englishrussia.com/2014/07/07/do-they-have-internet-connection-on-the-arctic-icebreaker/ -- works These prices are low if it's INMARSAT. We pay ~$7/minute. If they have their own Ku-band (hopefully not as 12-18Ghz has a lot of rain fade) that seems high. C-band (4-8Ghz) on ships is much better. Not a lot of perks for being bored out at sea for long periods of time. scott
Re: No topic -- Photo in its context might be interesting...
--- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com 3mbps on a ship at 5:1 tdma oversubscribed is about 16k a month on c band --- There're 43200 minutes in a month. Just to be fast, the article said 1.5Mbps link, so I used 1/2 of your $16K. Divide the $8K by 43200 and I get 18 cents per minute. Also, I completely missed that there was a page 2. It looks like they use Iridium. Here is some pricing. Just the first thing I found: http://www.sattransusa.com/irprpl.html Plan Monthly AmountMonthly Allowance Cost per 1000 Bytes Plan SBD 0 $27.000 Bytes $1.15 Plan SBD 12 $35.10 10,000 Bytes $1.05 Plan LBS 8* $28.788,000 Bytes $1.78 scott
