Re: Recommended wireless AP for 400 users office
I have had this same behavior at my UniFi pilot site. What I discovered in my case was a combination of bad behaviors in both the UniFi unit and Android. Long story short Android really wants to hang on to a WiFi signal as long as it can and does not seemingly scan for other signals when connected. If it sees even the slightest bit of a signal from the access point it's connected to it doesn't give it up. I can replicate this behavior on every Android device I have where I can walk across a building and pass through 2-3 other cells, even others on the same channel, and still see my device connected to the AP I started on in the UniFi control panel until it completely loses signal. This behavior then interacts poorly with UniFi in that it seems to be very willing to keep trying to get the data through to the distant client and queues up everything else until it either succeeds or possibly times out. Presumably if ZHR worked this would effectively work around the issue, but as already noted it has its own issues that reduce its utility in a crowded environment. Our solution has been to stop using the Long Range units and install more small cells to minimize the impacted area if this does occur, plus ensure that any Android devices are set to sleep their WiFi when the display is off (this is often set by default). The customer we were testing with had a few tablets that needed to be on most of the time, but they switched to Windows devices for unrelated reasons and basically eliminated the problem. There is apparently some way to have the APs drop clients that are below a certain signal threshold now, but I haven't looked in to it in a while as it hasn't really been an issue. --- Overall my experience with UniFi is positive, if you have relatively simple needs they'll usually get the job done. You'll probably need a few more access points than you would with another solution, but they're generally a fraction of the price so it still often works out. If you need your wireless to get fancy or handle a high number of clients on a single AP look elsewhere. Needing to work on 5GHz also changes the value equation as those units are significantly more expensive than the plain 2.4GHz 802.11n units. On Thu, Jan 29, 2015 at 10:53 AM, Mike Hammett na...@ics-il.net wrote: Did you figure out why it was dropping out? All of it dropping out? Just some APs dropping? Just some users dropping? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Paul Stewart p...@paulstewart.org To: Mike Hammett na...@ics-il.net, nanog@nanog.org Sent: Thursday, January 29, 2015 8:34:46 AM Subject: RE: Recommended wireless AP for 400 users office I had a bad experience with it one time at a tradeshow environment. 6 access points setup for public wifi. The radio levels were quite good in various areas of the tradeshow however traffic would keep dropping out at random intervals as soon as about 300 users were online. It wasn't my idea to use UBNT but it definitely turned me off of their product after digging into their gear... Again as someone pointed out, for residential and perhaps SOHO applications it can probably work well - and in my opinion it's priced for that market. Paul -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett Sent: Thursday, January 29, 2015 8:23 AM To: nanog@nanog.org Subject: Re: Recommended wireless AP for 400 users office What problems have you had with UBNT? It's zero hand-off doesn't work on unsecured networks, but that's about the extent of the issues I've heard of other than stadium density environments. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Manuel MarĂn m...@transtelco.net To: nanog@nanog.org Sent: Wednesday, January 28, 2015 11:06:39 PM Subject: Recommended wireless AP for 400 users office Dear nanog community I was wondering if you can recommend or share your experience with APs that you can use in locations that have 300-500 users. I friend recommended me Ruckus Wireless, it would be great if you can share your experience with Ruckus or with a similar vendor. My experience with ubiquity for this type of requirement was not that good. Thank you and have a great day
Re: Detection of Rogue Access Points
On Mon, Oct 15, 2012 at 12:00 PM, Joe Hamelin j...@nethead.com wrote: Maybe because he has 130 sites and 130 truck rolls is not cheap. Also company policy says no. You are correct that deploying to a number of sites isn't cheap, but the actual relevant question is how does this cost compare to the cost of the original request to detect these things. In this case almost all forms of detection/prevention except possibly looking at TTL will require new equipment to be deployed at the site(s) anyways based on the information we have, negating much of the extra cost. Any active detection on the RF side of things is generally done using WAPs in a managed network or standalone devices that are pretty much repurposed WAP hardware anyways, but cost a lot more. Both of those costs must then be compared to the cost of doing nothing. What happens if a user takes things in to their own hands and either leaves the AP open or uses some useless form of security (MAC filtering, WEP, WPA2 w/ WDS, WPA2 w/ weak password and a common SSID, etc.) allowing an attacker in to the network? If company policy says no, maybe company policy should be re-evaluated if enforcing said policy would cost more than the other options. Policy isn't supposed to be written in stone, it should adapt to the realities of the world as they change. Obviously this depends on the situation. Small business that uses mostly cloud services and doesn't have much if any local content to secure? Probably not worth doing anything. Three-letter agency? Worth every penny to detect and lock out unauthorized devices. Most will be somewhere in between, you have to evaluate the actual choices and decide the best path.
Re: Detection of Rogue Access Points
On Mon, Oct 15, 2012 at 7:31 PM, Joe Hamelin j...@nethead.com wrote: Jonathan stated that they have health data on the network and only company issued devices are allowed. I would suggest to him that he inventory the equipment via MAC address (I'm guessing that it's mostly standard issue stuff that would be easy to recognize) and then lock down unused ports and setup up monitoring. If a new MAC appears on the network, then it better have been sent there by IT. I won't argue with that. When no official wireless network is involved, a MAC whitelist can be very effective. It'll catch any casual user attempting to homebrew a WiFi setup and significantly increase the odds of detecting an actual attacker. Even if the switches are at the lowest end of smart and only expose a web interface it's not too hard to rig up a screen scraper to list the connected devices on a regular basis and alert if anything new is seen. I'd expect that there are probably at least a dozen commercial and/or open source tools that already exist for the purpose, actually.
Re: Detection of Rogue Access Points
On Mon, Oct 15, 2012 at 8:44 PM, George Herbert george.herb...@gmail.comwrote: This solution - the don't care solution - almost fails the negligence test for certain security regimes including PCI (credit cards) and possibly SOX for retail data locations (and HIPPA for hospitals / medical locations, etc). Of course, and this is where the situational judgement comes in to play. The low-security environments I was envisioning are those more like my own office, where the only on-site server is basically a homebrew NAS storing music/movies for slow days. We've jumped head first in to the Google Apps system so all files, mail, etc. are there. Payments and any other customer-facing services are on servers hosted in a proper datacenter, never coming close to the office LAN, so our actual risk is basically the same as that of a home user. The boss using his laptop on public WiFi worries me a lot more than someone gaining access to our network. If you take payments on-premise and transmit them over the network, it's obviously another story entirely.
Re: Big Temporary Networks
On Sep 19, 2012, at 04:25, Masataka Ohta wrote: As I already stated, DHCP discover/request from STA to AP is unicast. This didn't sound right, so I decided to test. With the three clients available to me (laptop running OS X 10.7.4, phone running Android 4.0, and iPod running iOS 4.1.2) all client-server DHCP was broadcast, as well as server-client NACKs. Server-client offers and ACKs were unicast. --- Sean Harlow s...@seanharlow.info
Re: HXXP browser protocol
On Sep 13, 2012, at 12:34, Matthew Black wrote: Checking if anyone else has heard of this protocol. It seems to be a method of bypassing security filtering software. The reason I ask is that we received a security alert with a link hxxp://pastebin.com/###. Seems very suspicious and want to know if anyone can shed light. Is this a new phishing/malware methodology? Using hxxp is a common method to prevent auto-linking by various email/IM clients and/or forum software to then require the user to actively copy/paste the URL to get the content. In the case of a security alert, I could see it being used if the destination is in fact an example of an attack site to prevent someone from inadvertently clicking the link and getting infected. --- Sean Harlow s...@seanharlow.info
Re: HXXP browser protocol
On Sep 13, 2012, at 17:21, Landon Stewart wrote: All true and commonly used but it's worth mentioning that putting a space before the dot TLD is a better way to prevent auto linking in email/IM clients since most of them detect the formation URLs by other means rather than rely on the exitence of http://. Certainly true, the machine I'm currently responding on runs Apple Mail 5.2 and does turn it in to a link, but since hxxp is an invalid protocol it doesn't do anything useful with it. Clicking the link just gives a no associated application error, so the practical result is the same. --- Sean Harlow s...@seanharlow.info
Re: HXXP browser protocol
Fur further reference, wiki gives the following reasons for hxxp or other similar methods of URL obfuscation: Some of the uses of this method include: * to avoid passing the HTTP referrer header which would reveal the referring web site to the target. * avoiding automated web crawlers from following the links. While effective, legitimate web crawlers can be avoided through the use of a robots exclusion standard on the target web site. To avoid advancing the search engine rank of the target web site, nofollow attributes can be used instead. * to bypass overzealous link spam protection in, for example, blog comments. * for making sure that a user doesn't accidentally click on a potentially harmful link, in applications that automatically recognize links in plain text. Examples of this include not safe for work links. * to avoid an application from downloading unwanted files, like advertisements or a malware. The method is directly change all 'http' to 'hxxp' in specific uncompressed .exe or .swf files with a hex editor. --- Sean Harlow s...@seanharlow.info
Re: The End-To-End Internet (was Re: Blocking MX query)
On Sep 5, 2012, at 11:11, Izaac wrote: This is why tcp port 25 filtering is totally effective and will remain so forever. Definitely worth breaking basic function principles of a global communications network over which trillions of dollars of commerce occur. Two things to note: 1. Restricting outbound port 25 is nothing new. It's been in use since before SPF or DKIM were under development, yet it hasn't been defeated/bypassed. Henry didn't specify whether the DKIM-valid messages he received were forged or if they just came from a random spam domain. If the latter, of course that's trivial for spammers to make appear legitimate because the only goal of such systems is to verify that the sender controls or is approved by the domain the message claims to be from. 2. The reason port 25 blocks remain effective is that there really isn't a bypass. If you want to spam, at some point you must establish a TCP connection to port 25 on the destination mail server. You can either do this from your own machines (where a good hosting provider will cut you off in a hurry) or by using someone else's illegitimately. Servers tend to be located in datacenters where again a good provider will take action, so botted end-user machines are obviously a huge thing to spammers. Eliminate the ability for the majority of those bots to make said port 25 connections, you've now forced them in to a much smaller operating area where they're more likely to be found. The only bypass is to go back to using their own machines or compromised equipment on higher-grade connections. --- Sean Harlow s...@seanharlow.info
Re: The End-To-End Internet (was Re: Blocking MX query)
On Sep 5, 2012, at 11:46, Greg Ihnen wrote: But as someone pointed out further back on this thread people who want to have their mail servers available to people who are on the other side of port 25 filtering just use the alternate ports. So then what does filtering port 25 accomplish? The alternate port 587 is for users of that mail server to send mail through it, presumably authenticated, not for receipt of random mail from the internet. This allows those users to relay email through their server unaffected while behind a port 25 block. Configuring it to accept all messages on that port would defeat the purpose. --- Sean Harlow s...@seanharlow.info
Re: The End-To-End Internet (was Re: Blocking MX query)
On Sep 5, 2012, at 19:07, John Levine wrote: Not really. Large mail system like Gmail and Yahoo have a pretty good map of the IPv4 address space. If you're sending from a residential DSL or cable modem range, they'll likely reject any mail you send directly no matter what you do. While I've clearly been on the side of don't expect this to work, why do you have your laptop set up like that?, and defending the default-blocking behavior on outbound, this is not true at least for Gmail. I have a test Asterisk box which I've been really lazy about setting up properly that successfully sends status messages from my home cable modem to my Gmail-hosted personal domain every day, even getting through with a completely bogus source address. It's never even been flagged as possible spam. Maybe Gmail does more detailed analysis of some kind and sees that I'm also checking my email from the same IP that's sending these messages, I don't know, but they are not just blocking anything coming in from a random cable IP. I'll bet it raises the spam likelihood or whatever as it probably should, but it's not a total block. --- Sean Harlow s...@seanharlow.info
Re: The End-To-End Internet (was Re: Blocking MX query)
On Sep 4, 2012, at 14:22, Jay Ashworth wrote: I find these conflicting reports very conflicting. Either the end-to-end principle *is* the Prime Directive... or it is *not*. Just because something is of extremely high importance does not mean it still can't be overridden when there's good enough reason. In this case, in the majority of random computer on the internet IP blocks the ratio of spambots to legitimate mail senders is so far off balance that a whitelisting approach to allowing outbound port 25 traffic is not unreasonable. Unlike the bad kinds of NAT, this doesn't also indiscriminately block thousands of other uses, it exclusively affects email traffic in a way which is trivial for the legitimate user to work around while stopping the random infected hosts in their tracks. Many providers also block traffic on ports like 137 (NetBIOS) on consumer space for similar reasons, the malicious or unwanted uses vastly outweigh the legitimate ones. The reason bad NATs get dumped on is because there are better solutions both known and available on the market. If you have an idea for a way to allow your laptop to send messages directly while still stopping or minimizing the ability of the thousands of zombies sharing an ISP with you from doing the same the world would love to hear it. --- Sean Harlow s...@seanharlow.info
Re: Fair Use Policy
On Aug 22, 2012, at 17:06, Bacon Zombie wrote: An ISP with a 5GB cap that is charging the end user more then 5$ total {including line rental} a month should not be allow to operate. I agree entirely. The US is not exactly known for great broadband access, particularly where I live in the midwest (unless one is in a lucky pocket with FiOS, Google Fiber, or the like), yet I could easily host 200 512kbit/sec subscribers off my residential cable connection without even thinking about caps much less throttling on top of caps. It'd be oversubscribed, sure, but most users don't max out the line regularly so I don't think I'd have a problem. My mobile phone is through Sprint, known for being the slowest of the national 3G carriers, yet I can exceed 1mbit/sec in the middle of a corn field miles from anything resembling civilization and again do not have any monthly cap. A 5GB cap on 512kbit/sec service could be blown through in under a single day. That's absurd. If a 256k user maxed out their line all month, they'd have transferred just short of 80GB. Why in the world would it make sense to limit someone to 1/16th of that just for the privilege of double speed which is still so slow it's beaten by any 3G service? Wired internet providers should not even be thinking about caps below the 250GB/mo point. Neither of these example speeds can even reach that level, so if you feel the need to cap you are doing it wrong and should rethink your business model. Wireless carriers get a bit more leeway due to spectrum limitations, but even there a 5GB cap is barely reasonable for an entry level offering. --- Sean Harlow s...@seanharlow.info
Re: Fair Use Policy
On Aug 22, 2012, at 17:35, Owen DeLong wrote: Well...sort of. To be fair, the T-Mo version of unlimited is unlimited up to a certain amount (that you paid for) and then all-you-can-sip at incredibly low speed thereafter. The new plans being brought out are supposedly true unlimited, but are not allowed to tether. The previous unlimited but throttled to 2G after X amount of transfer plans remain available for those who tether. --- Sean Harlow s...@seanharlow.info
Re: Fair Use Policy
On Aug 22, 2012, at 21:25, William Herrin wrote: Works for the electric company, the gas company, the water company, etc. Metering I mean, not a use cap. The notion of a cap is pretty broken. The difference is that gas, water, and electricity are all resources that have actual costs relevant to consumer and SMB-level users. A fiber-optic line costs the same to operate regardless of if it is carrying no data or entirely maxed out. Higher-capacity optics at each end of course cost money, but they're fixed cost items which are deployed once and don't often need replacement during their useful life (especially given the growth rate of network traffic). Longer runs obviously need repeaters capable of handling the data rates in use, but the same applies. As far as I can tell, the actual cost of the bits being transferred is so minuscule as to be practically irrelevant for anyone who's not at the scale to be dealing directly with Tier 1 carriers. Capacity costs money, but once it's there utilization is nothing. --- Sean Harlow s...@seanharlow.info
Re: Communications Committee volunteers [was: The Cidr Report]
On Jul 13, 2012, at 16:02, Grant Ridder wrote: The admins say they are working on a content filter system. All you really should have to do if do keyword filtering in mailman. I have this setup on a maillist that i manage. How well would that actually work against what seems to be a bored individual with nothing better to do but send this stuff here? Any keyword filters can be easily circumvented in the same way spammers have done for years. We'll just be seeing these stories with lots of pen1s or similar quick edits.
Re: Cisco Update
On Jul 5, 2012, at 12:08, Hank Nussbacher wrote: For those of us who have not kept up with every latest feature that Cisco rolls out across all its platforms, can someone explain this new service? Is it like Windows update, where Cisco will auto-update your router s/w and thereby brick it? If I don't register my router with Cisco, what do I lose? I can't update it manually? Long story short, the affected routers (newer Cisco [former Linksys] consumer products) received an automatic firmware update which basically disables the device's onboard web UI and forces you to use Cisco's cloud management system. The biggest issue with this is that apparently it has some function, possibly for web filtering, which sends network traffic information of some sort to Cisco's service. They also state that regardless of the auto-update setting a device may be updated anyways if Cisco says so. One article I found says it affects the E2700, E3500, and E4500 models.
Re: Cisco Update
On Jul 5, 2012, at 11:24, Joe Greco wrote: And what happens when your *cough* router isn't actually on the Internet? How can it be managed and upgraded on a regular old network? If there is no internet connection, you get a very limited page that's apparently only really good to get you back online.
Re: Cisco Update
On Jul 5, 2012, at 12:42, Jon Lewis wrote: Routers are sometimes used on networks that don't have internet connectivity [by design]. This seems amazingly short-sighted for a company that's been around selling routing gear as long as cisco. Not to defend Cisco's idiotic decision, but in this case the devices in question are extremely unlikely to be used in such a situation as they are consumer/SOHO products. The vast, overwhelming majority of these will be installed as the primary and/or only piece of network hardware other than the modem. I'd imagine that anyone who knows enough to care about a non-connected situation was never considering these devices in the first place. Frankly for the Joe Sixpack market I can't argue against the autoupdate idea itself, as outdated consumer routers probably account for a large percentage of the exploitable Linux systems out there, but the cloud tie in and privacy issues are clearly not well thought out.
Re: LinkedIn password database compromised
On Jun 7, 2012, at 19:24, Randy Bush wrote: this is a feature, not a bug. you should be explaining to them why they should never type passwords on another's keyboard, log on to anything from an internet cafe, ... And this is where you lose the user. It doesn't matter that you're entirely right about the security risks of doing so, but real-world security is all about finding a balance with usability. Situations where the data really does need to be secure are great for mandating public key authentication, as you point out it raises a significant technical barrier to the unskilled user preventing them from even attempting to access it from anywhere they shouldn't. That said, I doubt anyone but the most insane of security geeks are using it for their personal email. If the value to the person of being able to access their data from $random_computer exceeds the perceived risk, they'll do it if they can. --- Sean Harlow s...@seanharlow.info
Re: VoIP vs POTS (was Re: Operation Ghost Click)
On May 3, 2012, at 12:26, Mike Hale wrote: Don't cell companies already provide over-ride codes to various federal agencies to obtain emergency priority access to cell service? That would be the Nationwide Wireless Priority Service. Authorized users can dial *272destination to get priority on supported wireless networks. If the landline networks are also backed up, they can make the call to (710) NCS-GETS which is the gateway number for the Government Emergency Telecommunications System which provides the same priority on POTS lines. http://en.wikipedia.org/wiki/Nationwide_Wireless_Priority_Service http://en.wikipedia.org/wiki/Government_Emergency_Telecommunications_Service --- Sean Harlow s...@seanharlow.info
Re: VoIP vs POTS (was Re: Operation Ghost Click)
On May 3, 2012, at 14:19, Jay Ashworth wrote: {citation-needed} I don't have any numbers to offer, but given the near universality of cellular phones these days among the adult population I could easily see a majority going for cellular. Car accidents, house fires, and a lot of other types of 911 call are probably almost entirely from mobile. Car accidents and anything else 911-worthy near a busy probably contribute a ton of calls about the same incident (not worthwhile calls, but calls nonetheless). There are also many people, myself included, who do not have a traditional landline. If they don't have VoIP or it's not working for some reason, everything becomes a mobile call. Again not arguing one side or another, just that there's enough mobile usage that it would seem reasonable either way. --- Sean Harlow s...@seanharlow.info
Re: Operation Ghost Click
Then you'll be happy to know that most VoIP phones default to and good VoIP providers gladly support G.711, the exact same codec used in all digital trunks in the POTS network. Also, an on-the-ball VoIP carrier will be pushing G.722 HD Voice devices which offer about double the audio bandwidth in the same data bandwidth (64kbit/sec/stream) as G.711. If your carrier is forcing G.729 or GSM, they're a joke. --- Sean Harlow s...@seanharlow.info On May 2, 2012, at 15:52, Eric Wieling wrote: I doubt the g729 or GSM codecs used by VoIP and Cell phones can compare to a POTS line. -Original Message- From: Christopher Morrow [mailto:morrowc.li...@gmail.com] Sent: Wednesday, May 02, 2012 3:43 PM To: Jeroen van Aart Cc: NANOG list Subject: Re: Operation Ghost Click wow, 1990 much? are you actually just trolling today perhaps?
VoIP/Mobile Codecs (was Re: Operation Ghost Click)
On May 2, 2012, at 16:10, Jeroen van Aart wrote: Technical specs aside I believe you are mistaken with regards to the actual every day reality. My experience (and anyone else I talked to) calling to and from mobile phones has been 100% a bad one with regards to audio quality. I know the bandwidth allows for better quality, but carriers don't do it, they do the opposite. Why else would a mobile phone carrier feel the need to advertise an HD (shouldn't it be HIFI?) quality line (i.e. a quality that's standard with every land line and already suboptimal): http://www.pcmag.com/article2/0,2817,2402598,00.asp Sprint Brings HD Voice Calls to U.S. Originally, you said VoIP and cellular used bad codecs. I responded that any decent VoIP provider supports codecs equaling or beating landlines. I didn't say anything about cellular. A G.711 call over a solid internet connection will sound entirely identical to any landline telephone call that leaves the local analog facilities and a G.722 call will make G.711 and thus landlines sound like cellular by comparison. The cellular world works with less bandwidth and more loss than the VoIP world usually deals with, so while us VoIP guys sometimes use their codecs (GSM for example) they don't tend to bother with ours. That said, the article you link is talking about the same sort of improvements by doubling the sampling rate, so the end result is similar. --- Sean Harlow s...@seanharlow.info
Re: XBOX 720: possible digital download mass service.
It doesn't have to. Look at Steam on the PC, where digital distribution has been the norm for years (I literally can't remember the last physical copy PC game I purchased). Preorder a game and it gets preloaded in an encrypted form days to weeks in advance of release. On release day, the content is simply activated, you get the key, your PC decrypts it, and you go play. On a well designed digital distribution system the release second traffic spike should be a lot less than you'd think. -- Sean Harlow s...@seanharlow.info On Jan 27, 2012, at 5:35 AM, Tei wrote: The question is: Can internet in USA support that? Call of Duty 15 releases may 2014 and 30 million gamers start downloading a 20 GB files. Would the internet collapse like a house of cards?.
Re: XBOX 720: possible digital download mass service.
I don't know if the box uses any different settings, but using the Windows client on my PC with quality maxed just now I saw a consistent 5.35mbit/sec during action sequences and fast-paced cutscenes, much less of course in menus and such. -- Sean Harlow s...@seanharlow.info On Jan 27, 2012, at 9:24 AM, Eric Tykwinski wrote: Which would be on-topic, though. If anyone knows of an OnLive box just to check out the bandwidth usage, I would be interested.
Re: Trouble accessing www.nanog.org
I was seeing the same problem, but it seems to be working now. On Jan 4, 2012, at 11:09 AM, Andrew D Kirch wrote: works for me
Re: Speed Test Results
Basically it's a CYA statement on the part of Ookla/speedtest.net, since their test sites are of varying quality. The Radnor, OH test site sometimes can't even properly test a 10mbit SOHO broadband connection, where the Toledo site is consistently able to flood every available bit of capacity on my 50/5 home connection. It's just another tool that needs to be used intelligently. If I'm testing out a new ISP or a new speed level I've never had before, I wouldn't immediately complain if I didn't get the expected result on a public speed test site as it may be something outside of my ISP's control. On the other hand if things start dragging on my home connection or anywhere else that I know I can expect a certain result speedtest.net is usually my first stop. -- Sean Harlow s...@seanharlow.info On Dec 25, 2011, at 9:43 PM, Grant Ridder wrote: Even though the faq's say they are only good for residential usage, i have had no problems with it at school. My college has 2x 100 Mb circuits from TW. When i run speed tests (I use speedtest.net) with the campus empty, i can get around 95Mb up. The bottleneck is the school's 100Mb switches. When the campus is filled (during the week) i can normally get close to 40 Mb down on a test. -Grant
Re: On Working Remotely
I can not agree with this more. I have been working from home for two years now and unfortunately live in a small apartment where I do not have a dedicated space to assign for work. My workstation is also my gaming machine and my servers sit right next to my game consoles. It's impossible to get entirely in to a work mindset when your bed is literally two feet from where you sit. This one's hard to solve when you don't have the space, I can certainly say there's a reason I have the most time put in to Skyrim out of all of my friends. Another thing you might not think about is how much it can interfere with anything you consider part of a morning routine. Where you used to get up at 8, shower, eat breakfast, get dressed, etc. before heading in to start work at 9 it doesn't take long before you realize you can instead wake up at 8:59, put on whatever pants might be within arm's reach, and sit down at your chair. Next thing you know it's 6 PM and you haven't eaten or showered yet. I've started setting an alarm and trying to work out in the morning to counter this and it works pretty well, but it took some effort. tl;dr version: Working in an office provides structure that you may depend on without realizing it. Be prepared to replicate as much of that structure as needed to remain productive and not turn in to a slob. -- Sean Harlow s...@seanharlow.info On Dec 5, 2011, at 10:09 AM, David Radcliffe wrote: I do have to say to anyone planning to work from home, make sure you have a proper work space. I have a computer room. It contains a dozen systems, electronics gear and parts (I used to have time for that hobby), and comfortable and ergonomic work spaces. There is no TV. No reason for one because this is the work room. The mind set should be I am now in the work room, so I am at work. Really works for me.
Re: Anyone seen this kind of problem? SIP traffic not getting to destination but traceroute does
I can't say I have a specific answer to your question, but yesterday I was seeing major packet loss on outbound audio from all my VoIP customers using Qwest and going in to servers on L3. It's entirely possible that SIP was also being lost, just the audio was the more notable and pressing issue. It seems to be resolved at this point, but we have not yet heard from Qwest what the actual problem was. This was with sites in Northeast Ohio and the Chicago area connecting to servers in New York and LA for what it's worth. -- Sean Harlow s...@seanharlow.info On Nov 9, 2011, at 1:47 PM, Jay Nakamura wrote: We ran into a strange situation yesterday that I am still trying to figure out. We have many VoIP customers but yesterday suddenly select few of them couldn't reach the SIP provider's network from our network. I could traceroute to the SIP providers server from the affected clients' IP just fine. I confirmed that the SIP traffic was leaving our network out the interface to the upstream provider and the SIP provider says they couldn't see the SIP traffic come into their border router. SIP traffic coming from SIP provider to the affected customer came through fine. It's just Us - SIP server was a problem. I thought there may be some strange BGP issue going on but we had other customers within the same /24 as the affected customers and they were connecting fine. The traffic at the time traversed Our network - Qwest/century link - Level 3 - SIP provider I changed the routing around so it would go through our other upstream, ATT, and it started working. With ATT, the route was Our network - ATT - Level 3 - SIP provider So my questions is, is it possible there is some kind of filter at Qwest or Level 3 that is dropping traffic only for udp 5060 for select few IPs? That's the only explanation I can come up with other than the whole Juniper BGP issue 2 days ago left something in between in a strange state? I read the post about XO doing filtering on transit traffic, I haven't seen anyone say Level 3 or Qwest is doing the same.
Re: Anyone seen this kind of problem? SIP traffic not getting to destination but traceroute does
I saw the problems starting around 09:30 Eastern and continuing past 17:00. Looking through ticket notes I had missed when writing my previous reply it seems that a fix was confirmed around 22:30 which involved a faulty piece of equipment being replaced. I do not have specifics on what went wrong and when it was actually fixed though. -- Sean Harlow s...@seanharlow.info On Nov 9, 2011, at 2:04 PM, Preston Parcell wrote: What was the timeframe for your issues? Just curious since we saw some strangeness last night. Preston -Original Message- From: Sean Harlow [mailto:s...@seanharlow.info] Sent: Wednesday, November 09, 2011 12:00 PM To: Jay Nakamura Cc: NANOG Subject: Re: Anyone seen this kind of problem? SIP traffic not getting to destination but traceroute does I can't say I have a specific answer to your question, but yesterday I was seeing major packet loss on outbound audio from all my VoIP customers using Qwest and going in to servers on L3. It's entirely possible that SIP was also being lost, just the audio was the more notable and pressing issue. It seems to be resolved at this point, but we have not yet heard from Qwest what the actual problem was. This was with sites in Northeast Ohio and the Chicago area connecting to servers in New York and LA for what it's worth. -- Sean Harlow s...@seanharlow.info On Nov 9, 2011, at 1:47 PM, Jay Nakamura wrote: We ran into a strange situation yesterday that I am still trying to figure out. We have many VoIP customers but yesterday suddenly select few of them couldn't reach the SIP provider's network from our network. I could traceroute to the SIP providers server from the affected clients' IP just fine. I confirmed that the SIP traffic was leaving our network out the interface to the upstream provider and the SIP provider says they couldn't see the SIP traffic come into their border router. SIP traffic coming from SIP provider to the affected customer came through fine. It's just Us - SIP server was a problem. I thought there may be some strange BGP issue going on but we had other customers within the same /24 as the affected customers and they were connecting fine. The traffic at the time traversed Our network - Qwest/century link - Level 3 - SIP provider I changed the routing around so it would go through our other upstream, ATT, and it started working. With ATT, the route was Our network - ATT - Level 3 - SIP provider So my questions is, is it possible there is some kind of filter at Qwest or Level 3 that is dropping traffic only for udp 5060 for select few IPs? That's the only explanation I can come up with other than the whole Juniper BGP issue 2 days ago left something in between in a strange state? I read the post about XO doing filtering on transit traffic, I haven't seen anyone say Level 3 or Qwest is doing the same.