Re: CPE/NID options

[Shawn L via NANOG]

I believe RAD makes a device similar to the Accedian.  There's also the Metro 
Nid line from Accedian, but while they do a lot, they're pretty spendy.
 
Shawn
 

-Original Message-
From: "Tim Burke" 
Sent: Thursday, November 23, 2023 12:38am
To: "Ross Tajvar" 
Cc: "North American Network Operators' Group" 
Subject: Re: CPE/NID options



We are using EX2300-C’s, they do the trick very well. Fanless, flexible 
mounting options, dual 10G feeds, and a nice price point. 

Sent from my iPhone

> On Nov 22, 2023, at 22:44, Ross Tajvar  wrote:
> 
> 
> I'm evaluating CPEs for one of my clients, a regional ISP. Currently, we're 
> terminating the customer's service (L3) on our upstream equipment and 
> extending it over our own fiber to the customer's premise, where it lands in 
> a Juniper EX2200 or EX2300.
> 
> At a previous job, I used Accedian's ANTs on the customer prem side. I like 
> the ANT because it has a small footprint with only 2 ports, it's passively 
> cooled, it's very simple to operate, it's controlled centrally, etc. 
> Unfortunately, when I reached out to Accedian, they insisted that the 
> controller (which is required) started at $30k, which is a non-starter for us.
> 
> I'm not aware of any other products like this. Does anyone have a 
> recommendation for a simple L2* device to deploy to customer premises? Not 
> necessarily the exact same thing, but something similarly-featured would be 
> ideal.
> 
> *I'm not sure if the ANT is exactly "layer 2", but I don't know what else to 
> call it.

Strange IPSEC traffic

[Shawn L via NANOG]

Is anyone else seeing a lot of 'strange' IPSEC traffic?  We started seeing logs 
of IPSEC with invalid spi on Friday.  We're seeing it on pretty much all of our 
PE routers, none of which are setup to do anything VPN related.  Most are just 
routing local customer traffic.
 
decaps: rec'd IPSEC packet has invalid spi for destaddr=X.X.X.X, prot=50, 
spi=0x9D2D(2636972032), srcaddr=211.112.195.167, input 
interface=TenGigabitEthernet0/0/11
 
decaps: rec'd IPSEC packet has invalid spi for destaddr=Y.Y.Y.Y, prot=50, 
spi=0x1469(342425600), srcaddr=74.116.56.244, input 
interface=TenGigabitEthernet0/0/5
 
The destination address is always one of our customer's ip addresses.  The 
source seems to be all over the place, mostly Russia, Korea, China or south 
east asia.  It's not really impacting anything at the moment, just rather 
annoying.
 
Thanks
 
Shawn

RE: .US Harbors Prolific Malicious Link Shortening Service

[Shawn L via NANOG]

I personally own a .us domain name -- while it's a personal domain and doesn't 
do a lot of traffic, it's still a legitimate domain.


-Original Message-
From: "goemon--- via NANOG" 
Sent: Thursday, November 2, 2023 4:30pm
To: "NANOG list" 
Subject: .US Harbors Prolific Malicious Link Shortening Service



https://krebsonsecurity.com/2023/10/us-harbors-prolific-malicious-link-shortening-service/

"The NTIA recently published a proposal that would allow registrars to 
redact all registrant data from WHOIS registration records for .US 
domains. A broad array of industry groups have filed comments opposing the 
proposed changes, saying they threaten to remove the last vestiges of 
accountability for a top-level domain that is already overrun with 
cybercrime activity."

What hope is there when registrars are actively aiding and abeting criminal 
enterprises?

Are there any legitimate services running solely on .us domain names?

-Dan

Re: Spectrum networks IPv6 access issue

[Shawn L via NANOG]

We know the feeling well. Try porting from them…..


> On May 2, 2023, at 4:41 PM, Daniel Marks via NANOG  wrote:
> 
> My issue was just trying to convince Spectrum to look into the problem in 
> the first place, I brought the Atlas probe receipts because it’s such a 
> helpful tool, but wasn’t able to get through to anyone helpful (acct mgr, noc 
> email, even the escalation list) until I started lighting fires filing FCC 
> complaints and using social media (which thankfully worked).
> 
> Not sure how accurate it is (I hope it isn’t), but some of the techs I spoke 
> to said a lot of the internal tooling for troubleshooting is incapable of 
> dealing with IPv6, so they weren’t able to do things like run traceroutes to 
> confirm what I was seeing. My guess is that this issue was caught in a 
> catch-22 where they needed impossible to obtain proof on their end to 
> escalate to a team who can actually deal with the issue.
> 
> Sucks for us folk who went all in on v6 only to find out not even the ISP can 
> help us. 
> 
> -Daniel Marks
> 
>> On May 2, 2023, at 15:36, Jared Mauch  wrote:
>> 
>> 
>> 
 On May 2, 2023, at 2:43 PM, Daniel Marks via NANOG  wrote:
>>> 
>>> This has been “resolved", I finally got through to some awesome engineer at 
>>> Spectrum who has rerouted traffic while they work with their hardware 
>>> vendor (thanks Jake):
>> 
>> 
>> One of the tools that I’ve used in the past is the RIPE Atlas service to 
>> measure these things.  It’s helped me isolate IP space reachability issues 
>> for new announcements, because you can get enough of a random sample of 
>> hosts to isolate things, and enough data about that endpoint to launch 
>> follow-up measurements.
>> 
>> - Jared

RE: Can I do this in EVPN? (Multihome to more different CEs)

[Shawn L via NANOG]

You should be able to setup a VPLS between 3 (or more) devices.  Something like 
this --
 
Example: VFI on a PE Device
The following example shows a virtual forwarding instance (VFI) configuration:
Device(config)# l2 vfi vfi110 manual
Device(config-vfi)# vpn id 110
Device(config-vfi)# neighbor 172.16.10.2 4 encapsulation mpls
Device(config-vfi)# neighbor 10.16.33.33 encapsulation mpls
Device(config-vfi)# neighbor 198.51.100.44 encapsulation mpls
Device(config-vfi)# bridge-domain 100
Device(config-vfi)# end
 
The following example shows a VFI configuration for a hub-and-spoke 
configuration:
Device(config)# l2 vfi VPLSA manual
Device(config-vfi)# vpn id 110
Device(config-vfi)# neighbor 10.9.9.9 encapsulation mpls
Device(config-vfi)# neighbor 192.0.2.12 encapsulation mpls
Device(config-vfi)# neighbor 203.0.113.4 encapsulation mpls no-split-horizon
Device(config-vfi)# bridge-domain 100
Device(config-vfi)# end
 
-Original Message-
From: "Simon Lockhart" 
Sent: Thursday, February 9, 2023 2:47am
To: nanog@nanog.org
Subject: Can I do this in EVPN? (Multihome to more different CEs)



All,

I have a bit of a networking design challenge, and I thing EVPN is the right
answer, but despite spending the last week reading loads of resources about
it, I can't quite get my head around one aspect.

I'm trying to genericise the design a bit here, but what I've got is...

I have multiple layer two broadcast domains that I need to link together 
over a layer 3 network. The broadcast domains consist of multiple switches
carrying multiple vlans spanning multiple locations (think of it like a 
customer campus network).

I need to interconnect with each broadcast domain in two different locations.
(so two PEs to two CEs), and link it back to a datacentre in another city.

In the simple case, using EVPN, I see that I can run active-standby 
multihoming, configuring one ESI for the customer campus network. If one of my
PEs fails, or one of the customer CEs fails, then EVPN will fail over to the
other link.

However, the failure scenario I need to deal with is if a layer two link fails
between two locations within the customer campus, the two halves of the now
split broadcast domain still need to be able to communicate with the 
datacentre (but do not need to be able to communicate with each other).

Every example I can see for EVPN shows multihoming to a single CE, and I 
can't find anywhere an example which deals with a "split" ES.

Is there a solution to this problem?

Many thanks in advance,

Simon

Re: Spectrum (legacy TWC) Infrastructure - Contact Off List

[Shawn L via NANOG]

All i can say is good luck.  We see the 'trash-bag mod' on a lot of AT aerial 
boots and PEDs, as well as Charter/Spectrum/TWC gear.  A lot of times, they 
don't even get that.  Unless you know how to get in contact with a local tech, 
they will most likely not respond until the customer complains about their 
service being out.  In which case, the same tech that ran the 'low-level' drop 
between PEDs will likely come back and do it again.
 


-Original Message-
From: "Andy Brezinsky" 
Sent: Tuesday, January 31, 2023 5:27pm
To: nanog@nanog.org
Subject: Re: Spectrum (legacy TWC) Infrastructure - Contact Off List



Access to the right-of-way in most areas is granted through a CATV Franchise 
agreement with your municipality.  This agreement will include a contact for 
disputes.  As another avenue, contact the local government and ask them to deal 
with the safety issue in the public right of way and let them escalate with 
their contacts.
 
On 1/31/23 15:33, Gabriel Kuri via NANOG wrote:

Could someone from Spectrum who deals with the HFC infrastructure in Southern 
California, specifically the legacy Time Warner Cable area, contact me off list 
?
Apparently the local infrastructure crew thinks it's OK to leave cable running 
between two cans in a residential neighborhood since at least July 2022. But 
it's OK, because they've cautioned them off with orange cones, right ?
Multiple calls to regular customer service fall on deaf ears about a coax trunk 
cable run above ground on a street and sidewalk in the middle of a residential 
neighborhood.
Customer service says, "We don't know what you're talking about, we don't have 
cables running on the street". Can't seem to get a hold of the right people to 
come out and get it buried and get rid of the eyesore and safety hazard ...


Thanks,
Gabe

Re: Random shower thought: GBIC with LC connector...

[Shawn L via NANOG]

Those are Twin Gig Converter Modules.  They went in the 3560 series (and 
probably others).  You could either insert a 10 gig module, or the converter 
module and get 2 1-gig sfp slots.
 

-Original Message-
From: "Matt Erculiani" 
Sent: Tuesday, November 15, 2022 11:26am
To: "Mel Beckman" 
Cc: "North American Network Operators' Group" 
Subject: Re: Random shower thought: GBIC with LC connector...



I feel like I've seen GBIC sleeves that accept SFP modules very similar to 
QSFP+ CVRs, but I can't seem to find any evidence of these ever existing, so 
perhaps I'm misremembering. 
-Matt


On Tue, Nov 15, 2022 at 9:23 AM Mel Beckman <[ m...@beckman.org ]( 
mailto:m...@beckman.org )> wrote:Oh. And it’s not “OCD”. It’s “CDO”, with 
letters in ascending sequence. :)

 -mel via cell

 > On Nov 15, 2022, at 8:18 AM, Mel Beckman <[ m...@beckman.org ]( 
 > mailto:m...@beckman.org )> wrote:
 > 
 > No. GBIC stands for Great Big Inserted Cartridge. LC stands for Little 
 > Connector. Thus they are not compatible. 
 > 
 > -mel via cell
 > 
 >> On Nov 15, 2022, at 7:59 AM, Warren Kumari <[ war...@kumari.net ]( 
 >> mailto:war...@kumari.net )> wrote:
 >> 
 >> 
 >> Hi there all,
 >> 
 >> While looking through my big box of random optics I suddenly realized that 
 >> I'd never seen a GBIC with an LC connector, and I started wondering if 
 >> anyone else had / if such a thing actually exists.
 >> 
 >> Yes, I realize that this would be a fairly niche device - if you arrived 
 >> somewhere with a device that took GBICs and there was existing fiber with 
 >> LC connectors you could just replace the patch cable or use an LC-SC 
 >> convertor, but that doesn't really satisfy my curiosity.
 >> 
 >> A quick look through the GBIC MSA / SFF documentation implies that such a 
 >> thing *could* probably exist (there is a defined value for the 'LC' 
 >> connector), but I wasn't able to actually find any. It might not actually 
 >> be compliant with the specs (the document I found only lists SC fiber or 
 >> copper (coax with BNC, TNC or DB-9?!)), but that doesn't mean that no-one 
 >> made them.
 >> 
 >> So, has anyone seen a regular (30mm/1.2") GBIC with LC connectors? And, if 
 >> so, "pics or it didn't happen"... :-)
 >> 
 >> Obviously I don't have an actual use for this, it's just to satisfy my 
 >> (OCD) curiosity...
 >> W
 >> 
 >> 
-- 


Matt Erculiani
ERCUL-ARIN

RE: cogent - Sales practices

[Shawn L via NANOG]

I think they call me around once a week right now.  Even after I've told them 
we're not interested.  Every once in a while they switch the numbers they're 
calling from, just to keep things interesting.
 
Shawn


-Original Message-
From: "Dennis Burgess" 
Sent: Friday, August 5, 2022 4:20pm
To: "NANOG" 
Subject: cogent - Sales practices




So we just got an email from cogent, we have told them time and time again to 
stop calling and stop emailing.  We tell them are good on bandwidth and we 
don’t need any of their services.. They then sent us a e-mail stating that they 
saw us coming though one of their customers networks from us, and figured we 
would want to buy direct instead of going though one of their customers. Yes 
COGENT stated this; well at least one of their sales reps.  Sounds underhanded, 
shady, and unethical to me.Just figured I would post about it; see if I am 
making a mountain out of a mole hill 
 
Here is the e-mail:
 
"Hey (redacted) ,
Maybe there is a misunderstanding. (ISP’s name removed) is a cogent customer 
who we provide upstream to.
My initial inquiry was to see if it makes sense for Link Technologies to be 
utilizing our network instead of through (ISP’s name removed). That way we 
could be a direct network for you.
Would that be at all something that interests you?
 
Eric Gogerty | Global Account Manager | AS 174
Cogent Communications | Minneapolis, MN (United States Of America)| 
www.cogentco.com
Contact: 612-217-5506| email: egoge...@cogentco.com
The Internet, Unleashed!"
 
 
 
 

Dennis Burgess

 Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, 
Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, 
Enterprise Wireless Engineer
Hurricane Electric: IPv6 Sage Level
Cambium: ePMP 
 
Author of "Learn RouterOS- Second Edition” 
Link Technologies, Inc -- Mikrotik & WISP Support Services 
Office: 314-735-0270  Website: [ http://www.linktechs.net ]( 
http://www.linktechs.net/ )
Create Wireless Coverage’s with [ www.towercoverage.com ]( 
www.towercoverage.com )
Need MikroTik Cloud Management: [ https://cloud.linktechs.net ]( 
https://cloud.linktechs.net ) 
How did we do today?
[  ]( 
https://app.customerthermometer.com/?template=log_feedback=5badbac1_data=dGVtcGVyYXR1cmVfaWQ9MSZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ===Anonymous=Dennis=Burgess===
 )[  ]( 
https://app.customerthermometer.com/?template=log_feedback=675abe04_data=dGVtcGVyYXR1cmVfaWQ9MiZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ===Anonymous=Dennis=Burgess===
 )[  ]( 
https://app.customerthermometer.com/?template=log_feedback=e42b48a5_data=dGVtcGVyYXR1cmVfaWQ9MyZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ===Anonymous=Dennis=Burgess===
 )[  ]( 
https://app.customerthermometer.com/?template=log_feedback=ecaadcd3_data=dGVtcGVyYXR1cmVfaWQ9NCZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ===Anonymous=Dennis=Burgess===
 )
 

RE: Serious Juniper Hardware EoL Announcements

[Shawn L via NANOG]

With the current shortages and lead times, I almost feel like I did back in the 
beginning of my career --- 
 
Then it was "what can we do with what we can afford" now it's more like  "What 
can we do with what we have (or can actually get)"?
 
Shawn

-Original Message-
From: "Adam Thompson" 
Sent: Tuesday, June 14, 2022 12:36pm
To: "Mark Tinka" , "nanog@nanog.org" 
Subject: RE: Serious Juniper Hardware EoL Announcements



[Not specific to the Juniper EoLs...]

I sort of agree with Mark:

I've been sampling a fairly wide variety of sources in various parts of the 
global supply chain, and my synthesis of what they're saying is that we 
probably won't *consistently* have the ready availability of "stuff" (both 
electronic and not) we had pre-pandemic, for the rest of my career (10-15yrs), 
and maybe not in the lifetimes of anyone reading this today, either.

Whether those sources are accurate, their interpretation is accurate, my 
synthesis is accurate, whether I'm listening to the right people in the first 
place... all debatable. I sure hope the above conclusion is wrong.

One possible upside: it might slow down the incessant upgrade hamster-wheel 
we're all running on? Imagine having enough time to do your job thoroughly and 
properly... Yes, I know I'm dreaming :-).


Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
https://www.merlin.mb.ca
Chat with me on Teams: athomp...@merlin.mb.ca

> -Original Message-
> From: NANOG  On Behalf
> Of Mark Tinka
> Sent: Tuesday, June 14, 2022 11:19 AM
> To: nanog@nanog.org
> Subject: Re: Serious Juniper Hardware EoL Announcements
> 
> 
> 
> On 6/14/22 18:06, JASON BOTHE via NANOG wrote:
> 
> > Saw this coming a mile away. With chips and technology progressing
> despite ability to manufacture, I’m certain many are going to do this.
> 
> All this will do is keep these boxes off the open market, which will
> simply bump up open market prices, with no incentive for the majority
> of
> folk to buy directly from the OEM.
> 
> I suspect supply chain will improve within the next 12 months, but
> then
> regress and hit a massive crunch from around Q4'23 onward. How long
> for,
> I can't say...
> 
> Mark.

Geolocation data management practices?

[Shawn]

Aloha NANOG,

What is the best practice (or peoples preferred methods) to
update/correct/maintain geolocation data?
Do most people start with description field info in route/route6 objects?


Also, thoughts and considerations on using IPv4 space from one RIR in
countries belonging to another RIR?

With IPv4 exhaustion and inter-RIR IPv4 transfers, and geolocation data, it
seems less applicable than it had been (a decade ago).  The IP's will be
used for CDN, not by end-users/subscribers.
Context: trying to work through an administrative "challenge" with LACNIC
regarding an IPv4 transfer, considering transferring to ARIN and then using
in LACNIC (then once resolved, transfer from ARIN to LACNIC).  Or just using
existing ARIN space in Brazil.
LACNIC is making things more difficult than they need to be.  I know this is
NANOG... but seeking advice, working on a global network, US HQ, currently
no active "registration" in LACNIC (except Brazil), but we operate in 5
countries in the region (data center/colo).  We would use Brazil, but very
hesitant to use their NIC (nic.br); LACNIC is saying we cannot maintain our
relationship with them using our Brazil organization (our only formal
subsidiary in the region).  LACNIC does not really define the "entity"
operating in their region well. We use our US entity with RIPE and APNIC,
simply showing documentation (contracts) that we operate in their region.
Maybe I am not using the magic word?

Re: Copper Termination Blocks

[Shawn L via NANOG]

I'd still go with telect-style blocks.  Wire-wrap on the front and amphenol on 
the back/bottom depending you application.  Way less space than 66 or 110.  

-Original Message-
From: "Dave Phelps" 
Sent: Thursday, April 14, 2022 4:27pm
To: "Mike Hammett" 
Cc: "NANOG" 
Subject: Re: Copper Termination Blocks




Hi Mike. I used Krone blocks back in the mid 90s. I really liked them.
I'm afraid now your long-term options now are probably straight old 66 or 110 
blocks. 66 blocks give some added flexibility. 110s are more efficient as far 
as space consumed compared to 66 blocks. Krone and 110s have a very similar 
profile. 
Depending on how much copper you're terminating, you may want to plan the frame 
layout for cross-connect field space before building the frame. You don't want 
to end up with too much cross-connect wire volume in too small an area. That 
can get troublesome. 
Happy to discuss specifics. Just ping me off-list.


On Thu, Apr 14, 2022 at 3:13 PM Mike Hammett <[ na...@ics-il.net ]( 
mailto:na...@ics-il.net )> wrote:I know I'm discussing what some consider 
ancient technology. I counter that it meets or exceeds the needs of many, many 
people.

 Currently, we use 100-pr Telect-style termination blocks. They don't offer 
much in terms of ease of use for testing and don't organize well on a 19" or 
23" rack.

 I was recommended to look at Krone blocks. They look just great. Easy to break 
into for testing with their "look both ways" plug as well as their 
preterminated blocks looked much easier to rack-mount.

 Well, Krone was bought by ADC. ADC was bought by Tyco Electronics. TE was 
bought by Commscope. Commscope discontinued everything I found interesting with 
no replacements.


 Some of the stuff is on eBay (even NIB), some not.

 Any recommendations for places to get old telco blocks, testers, mounts, etc.?

 Any recommendations for alternatives that are easier to source?




 -
 Mike Hammett
 Intelligent Computing Solutions
[ http://www.ics-il.com ]( http://www.ics-il.com )

 Midwest-IX
[ http://www.midwest-ix.com ]( http://www.midwest-ix.com )

Re: Any engineers from HE on the list?

[Shawn L via NANOG]

Thanks for all who've responded.  I was able to reach a very helpful engineer @ 
HE.
 
Shawn


-Original Message-
From: "Owen DeLong" 
Sent: Tuesday, March 22, 2022 2:15pm
To: "Shawn L" 
Subject: Re: Any engineers from HE on the list?


FWIW, [ supp...@he.net ]( mailto:supp...@he.net ) is usually fairly responsive.
Owen


On Mar 22, 2022, at 05:54, Shawn L via NANOG <[ nanog@nanog.org ]( 
mailto:nanog@nanog.org )> wrote:

Wondering if there are any engineers from HE (Hurricane Electric) on the list 
that could help with a strange traffic issue through your network
 
If so, please contact me off-list
 
Thanks
Shawn

Any engineers from HE on the list?

[Shawn L via NANOG]

Wondering if there are any engineers from HE (Hurricane Electric) on the list 
that could help with a strange traffic issue through your network
 
If so, please contact me off-list
 
Thanks

Shawn

Re: VPN recommendations?

[Shawn L via NANOG]

Meraki MX series?
 
I don't like the way they do their licensing (your license runs out, the box is 
a paper-weight) but they do really well at establishing site-to-site VPNs in 
some pretty challenging scenarios.  Dynamic IPs and NATs don't really cause 
them a problem.  Some CGNats do (AT I'm looking at you).
 
 
Shawn
 
-Original Message-
From: "Keith Stokes" 
Sent: Thursday, February 10, 2022 1:11pm
To: "William Herrin" 
Cc: "nanog@nanog.org" 
Subject: Re: VPN recommendations?


Pfsense on Netgate appliances?
I’ve used several of them, while not for this exact purpose they have done the 
roles but maybe not the amount of VPN traffic. 


--
Keith Stokes
SalonBiz, Inc

 On Feb 10, 2022, at 12:02 PM, William Herrin <[ b...@herrin.us ]( 
mailto:b...@herrin.us )> wrote:




Hi folks,
Do you have any recommendations for VPN appliances? Specifically: I need to 
build a site to site VPNs at speeds between 100mpbs and 1 gbit where all but 
one of the sites are behind an IPv4 NAT gateway with dynamic public IP 
addresses.
Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my 
customer insists on a network appliance. Site to site VPNs using IPSec and 
static IP addresses on the plaintext side are a dime a dozen but traversing NAT 
and dynamic IP addresses (and automatically re-establishing when the service 
goes out and comes back up with different addresses) is a hard requirement.
Thanks in advance,
Bill Herrin
 -- 







William Herrin
[ b...@herrin.us ]( mailto:b...@herrin.us )[ 
 ]( https://bill.herrin.us/ )
[ https://bill.herrin.us/ ]( https://bill.herrin.us/ )

Re: home router battery backup

[Shawn L via NANOG]

Yes.  In our scenario the ONT is basically an ethernet bridge and provides a 
SIP end-point for calls.  There are models that have the router built-into them 
as well, but we've chosen not to use them at this point.
 
The battery we install is designed to run the voice portion for ~ 8 hours 
(customers are offered a longer run-time battery for an additional fee).  
There's some sensor wires from the ONT to the UPS so that we know when power is 
out, the battery is low or needs to be replaced, etc.  It also tells the ONT to 
turn off ethernet services when the power is out to preserve battery for the 
phone portion.  Though that behavior can be changed in software.
 
 
 
-Original Message-
From: "Michael Thomas" 
Sent: Wednesday, January 12, 2022 2:48pm
To: nanog@nanog.org
Subject: Re: home router battery backup



 
On 1/12/22 10:54 AM, Shawn L via NANOG wrote:
In $dayjob I work for a telco that deploys fiber to the home.  If we are 
providing voice services over fiber a battery backup is installed (we maintain) 
that powers the customer's phone in the event of a power outage.  It does not 
power their router, etc.  99% of the customers do not install a UPS for their 
router, etc.  We try to explain that to customers, but we still get calls that 
they can't get on the Internet when their power is out.
So your voice is part of the modem which isn't a router? I assume it uses IP 
for voice. 

Mike

RE: home router battery backup

[Shawn L via NANOG]

In $dayjob I work for a telco that deploys fiber to the home.  If we are 
providing voice services over fiber a battery backup is installed (we maintain) 
that powers the customer's phone in the event of a power outage.  It does not 
power their router, etc.  99% of the customers do not install a UPS for their 
router, etc.  We try to explain that to customers, but we still get calls that 
they can't get on the Internet when their power is out.
 

-Original Message-
From: "Scott T Anderson via NANOG" 
Sent: Wednesday, January 12, 2022 12:35pm
To: "nanog@nanog.org" 
Subject: home router battery backup




Hi NANOG mailing list,
 
I am a graduate student, currently conducting research on how power outages 
affect home Internet users. I know that the FCC has a regulation since 2015 (47 
CFR Section 9.20) requiring ISPs to provide an option to voice customers to 
purchase a battery backup for emergency voice services during power outages. As 
this is only an option and only applies to customers who subscribe to voice 
services, I was wondering if anyone had any insights on the prevalence of 
battery backup for home modem/routers? I.e., what percentage of home users 
actually install a battery backup in their home modem/router or use an external 
UPS?
 
Thanks.
Scott
 
Reference for 47 CFR Section 9.20: [  
https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-9/subpart-H/section-9.20
 ]( 
https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-9/subpart-H/section-9.20
 )
 

ROA mirror to IRR?

[Shawn]

Curious if any IRR databases are mirroring/importing ROA data - creating
route|6 objects from ROA?

LACNIC requires a route object to be created when creating a ROA.
APNIC you create a route object, then may generate a ROA during that
process.
Other RIR's, curious if anything tries to bring the two together?

Applicable for networks that only use IRR data (do not yet validate RPKI),
they could benefit.

IRR questions:
How do most large networks maintain (automate) their IRR records?
Is it standard practice to accept more specifics (append IPv4 "le /24" and
IPv6 "le /48")?
 Or is it expected to have one IRR route per BGP announcement?

RE: Anyone else getting the 'spam' bomb threat?

[Shawn L via NANOG]

we received it as well

-Original Message-
From: "Matt Hoppes" 
Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" 
Subject: Anyone else getting the 'spam' bomb threat?



I've now heard from several operators - our selves included - about 
getting an e-mail bomb threat to our datacenters asking for $5,000 USD 
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or 
am I just unlucky to know like 6 other data center folks who have also 
gotten this e-mail?

 It seems like a very odd/bizarre spam/threat campaign which would 
carry significant jail time.

Re: Rack rails on network equipment

[Shawn L via NANOG]

Why about thinks like the Cisco 4500 switch series that are almost as long as a 
1u server.  But yet only has mounts for a relay type rack. 

As far as boot times, try a Asr920.  Wait 15 minutes and decide if it’s time to 
power cycle again or wait 5 more minutes 

Sent from my iPhone

> On Sep 25, 2021, at 5:22 PM, Michael Thomas  wrote:
> 
> 
>> On 9/25/21 2:08 PM, Jay Hennigan wrote:
>>> On 9/25/21 13:55, Baldur Norddahl wrote:
>>> 
>>> My personal itch is how new equipment seems to have even worse boot time 
>>> than previous generations. I am currently installing juniper acx710 and 
>>> while they are nice, they also make me wait 15 minutes to boot. This is a 
>>> tremendous waste of time during installation. I can not leave the site 
>>> without verification and typically I also have some tasks to do after boot.
>>> 
>>> Besides if you have a crash or power interruption, the customers are not 
>>> happy to wait additionally 15 minutes to get online again.
>> 
>> Switches in particular have a lot of ASICs that need to be loaded on boot. 
>> This takes time and they're really not optimized for speed on a process that 
>> occurs once.
> 
> It doesn't seem like it would take too many reboots to really mess with your 
> reliability numbers for uptime. And what on earth are the developers doing 
> with that kind of debug cycle time?
> 
> Mike
> 

Re: Fiber Network Equipment Commercial Norms

[Shawn L via NANOG]

This one is always a bit tricky. 
 
For example, if you have an apartment building with say 8 apartments, the 
provider can install a larger MDU in a centralized location and potentially 
utilized existing internal cabling in the building to get to each apartment 
that would like service.  It's a fairly quick and easy install.  Though someone 
(building owner usually) has to provide the power for the MDU.
 
In the same building, if you cannot install a large MDU somewhere, the provider 
needs to figure out how to get a fiber to each apartment that wants service.  
In most cases it's a pain.  In others, it's not possible or prohibitively 
expensive.  The customer doesn't want to pay that much for installation, 
because they only rent an apartment and could move out at any time.  The 
building owner doesn't want to pay it either.
 
In most cases, the owner is willing to provide a little power to be able to say 
"apartments in my building all have fiber Internet".  And potentially charge a 
little more in the rent.
 
Shawn


-Original Message-
From: "Grant Taylor via NANOG" 
Sent: Wednesday, September 22, 2021 1:01pm
To: nanog@nanog.org
Subject: Re: Fiber Network Equipment Commercial Norms



On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
> Half-penny pinching “mah powah” landlords are especially annoying in a 
> cosmic sense

I know someone who had a bit of a different experience.

Someone, purportedly the telco but I'm not sure who, had telco equipment 
in a building and the batteries hadn't been serviced in the better part 
of a decade and there was a strong smell of battery acid in the room.

I heard that building management put a hard line of something like 36 
hours for the equipment owner to address the problem, or at least 
respond with an acceptable time line, lest the building electrician 
would remove the batteries as a health and safety concern.

The equipment owner materialized and removed the batteries within 72 
hours. The bulk of the equipment was removed the following month.



-- 
Grant. . . .
unix || die

Anyone from an ISP that is part of ACAM / ACAM II ?

[Shawn L via NANOG]

Is there anyone on the list that's from an ISP that's participating in the ACAM 
or ACAM II programs?  If so, I'd like to ask a couple of questions (off-list) 
specifically about the speed testing requirements.
 

Thanks
 
Shawn
 

RE: Email and Web Hosting

[Shawn L via NANOG]

There's also Rackspace.  They have e-mail and web hosting, etc.


-Original Message-
From: "Ryan Finnesey via NANOG" 
Sent: Thursday, July 8, 2021 10:56pm
To: "Steve Saner" , "nanog@nanog.org" 
Subject: RE: Email and Web Hosting




If the client base wants to stick with basic IMAP/POP3 email Tucows/OpenSRS has 
a good platform.  Also a few years ago my company migrated business email 
accounts and domains from an ISP and moved them to Office 365 and did a revenue 
share with the ISP.  They where happy still got a bit of revenue  but did not 
have to support it.
 
Ryan
 
 

From: NANOG  On Behalf Of 
Steve Saner
Sent: Tuesday, July 6, 2021 10:42 AM
To: nanog@nanog.org
Subject: Email and Web Hosting
 
I hope this isn't too far off topic for this list.

 
We acquired a small ISP a couple years ago that has its roots in the "local 
ISPs" of the 90s. This ISP is still hosting email and web services for 
customers both on company domains as well as customer domains. There is some 
decent revenue coming from these services, but cost of maintenance is becoming 
a challenge. We are looking at migrating to another platform or completely 
discontinuing those services.

 
I'm wondering if others here have gone through that process and have any advice 
as to how to go about it. 

 
--
Steve Saner | Senior Network Engineer
ideatek INTERNET FREEDOM FOR ALL
Cell: 620-860-9433 | 111 Old Mill Lane, Buhler, KS 67522 | [ ideatek.com ]( 
http://www.ideatek.com/ )
This email transmission and any documents, files or previous email messages 
attached to it may contain confidential information. If the reader of this 
message is not the intended recipient or the employee or agent responsible for 
delivering the message to the intended recipient, you are hereby notified that 
any dissemination, distribution or copying of this communication is strictly 
prohibited. If you are not or believe you may not be the intended recipient, 
please advise the sender immediately by return email or by calling 
620.543.5026. Then, please take all steps necessary to permanently delete the 
email and all attachments from your computer system. No trees were affected by 
this transmission – though a few billion photons were mildly inconvenienced.

RE: New minimum speed for US broadband connections

[Shawn L via NANOG]

2.4 gbps down, 1.2 up.  So yes, you could 

-Original Message-
From: aar...@gvtc.com
Sent: Tuesday, June 1, 2021 12:18pm
To: "'Mark Tinka'" , nanog@nanog.org
Subject: RE: New minimum speed for US broadband connections



Yeah I thought gpon was 2.4 ghz down and 1.2 ghz up... so you could only 
honestly sell (1) 1 gbps symm service via that gpon interface correct? (without 
oversubscription)

I think ng-pon(2), xgs-pon and other variants allow for much more.

-Aaron

Re: New minimum speed for US broadband connections

[Shawn L via NANOG]

From the ISP side, I can tell you that when a customer signs up for service and 
you offer them a couple of choices of wireless routers, they almost always pick 
the cheapest one. 
 
If you give them a reasonable / good router when you hook-up their service, 
some will still put their old 15-year old netgear back in place after the 
install crew leaves because they 'like it better' or they think it's faster.
 


-Original Message-
From: "Mark Tinka" 
Sent: Tuesday, June 1, 2021 12:45am
To: nanog@nanog.org
Subject: Re: New minimum speed for US broadband connections




On 6/1/21 02:19, Eric Kuhnke wrote:

>
> d) may be using badly configured wifi things that stomp on each other, 
> sometimes provided by the ISP

Many times provided by the ISP.

Between turning up new customers everyday, and fixing problems with 
pre-existing ones, ISP's tend to do the absolute minimum with the 
AP's/routers they supply.

Mark.

RE: MPLS/MEF Switches and NIDs

[Shawn L via NANOG]

The Accedian boxes are nice, as long as you remember they're not switches or 
routers.  We've used them for specific use cases, but have to remember that 
there's things you just can't do on them.  Though things may have changed on 
them since we used them.
 
 
 
-Original Message-
From: aar...@gvtc.com
Sent: Friday, May 28, 2021 1:31pm
To: "'Colton Conor'" , "'NANOG'" 
Subject: RE: MPLS/MEF Switches and NIDs




Wow, ciena has the means to implement SR and MPLS services?  I mean they run 
the underlying LS IGP to signal those SID’s ??  I didn’t know that.  I may look 
at them in the future then.  I thought Ciena just did some sort of static 
mpls-tp or something…
 
We use Accedian as NID’s with SkyLight director for PAA (SLA stuff)…and uplink 
those into our network at (yester-year, Cisco ME3600’s and ASR9000’s), but now, 
ACX5048 and MX204
 
-Aaron


 

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[Shawn L via NANOG]

Agreed.  Don't fix what isn't broken.


-Original Message-
From: "Mark Tinka" 
Sent: Saturday, March 20, 2021 4:33pm
To: "Randy Bush" , "Rod Beck" 
Cc: "North American Network Operators' Group" 
Subject: Re: Perhaps it's time to think about enhancements to the NANOG list...?




On 3/20/21 20:06, Randy Bush wrote:

> i do not find the volume or diversity on the nanog list problematic.
> in fact, i suspect its diversity and openness are major factors in
> it being the de facto global anything-ops list. perhaps we do not
> need to fix that.

Simple. As. That.

Mark.

Re: Famous operational issues

[Shawn L via NANOG]

That brings back memoriesI had a similar experience.  First month on the 
job, large Sun raid array storing ~ 5k of mailboxes dies in the middle of the 
afternoon.  So, I start troubleshooting and determine it's most likely a bad 
disk.  The CEO walked into the server room right about the time I had 20 disks 
laid out on a table.  He had a fit and called the desktop support guy to come 
and 'show me how to fix a pc'.
 
Never mind the fact that we had a 90% ready to go replacement box sitting at 
another site, and just needed to either go get it, or bring the disks to 
it. So we sat there until the desktop who was 30 minutes away guy got 
there.  He took one look at it and said 'never touched that thing before, looks 
like he knows what he's doing' and pointed to me.  4 hours later we were 
driving the new server to the data center strapped down in the back of a 
pickup.  Fun times.
 
 
-Original Message-
From: "Justin Streiner" 
Sent: Tuesday, February 23, 2021 5:11pm
To: "John Kristoff" 
Cc: "NANOG" 
Subject: Re: Famous operational issues



Beyond the widespread outages, I have so many personal war stories that it's 
hard to pick a favorite.
My first job out of college in the mid-late 90s was at an ISP in Pittsburgh 
that I joined pretty early in its existence, and everyone did a bit of 
everything. I was hired to do sysadmin stuff, networking, pretty much whatever 
was needed. About a year after I started, we brought up a new mail system with 
an external RAID enclosure for the mail store itself.  One day, we saw 
indications that one of the disks in the RAID enclosure was starting to fail, 
so I scheduled a maintenance window to replace the disk and let the controller 
rebuild the data and integrate it back into the RAID set.  No big worries, 
right?
It's Tuesday at about 2 AM.
Well, the kernel on the RAID controller itself decided that when I pulled the 
failing drive would be a fine time to panic, and more or less turn itself into 
a bit-blender, and take all the mailstore down with it.  After a few hours of 
watching fsck make no progress on anything, in terms of trying to un-fsck the 
mailstore, we made the decision in consultation with the CEO to pull the plug 
on trying to bring the old RAID enclosure back to life, and focus on finding 
suitable replacement hardware and rebuild from scratch.  We also discovered 
that the most recent backups of the mailstore were over a month old :(
I think our CEO ended up driving several hours to procure a suitable enclosure. 
 By the time we got the enclosure installed, filesystems built, and got 
whatever tape backups we had restored, and tested the integrity of the system, 
it was now Thursday around 8 AM. Coincidentally, that was the same day the 
company hosted a big VIP gathering (the mayor was there, along with lots of 
investors and other bigwigs), so I had to come back and put on a suit to hobnob 
with the VIPs after getting a total of 6 hours of sleep in about the previous 3 
days.  I still don't know how I got home that night without wrapping my vehicle 
around a utility pole (due to being over-tired, not due to alcohol).
Many painful lessons learned over that stretch of days, as often the case as a 
company grows from startup mode and builds more robust technology and business 
processes as a consequence of growth.
jms


On Tue, Feb 16, 2021 at 2:37 PM John Kristoff <[ j...@dataplane.org ]( 
mailto:j...@dataplane.org )> wrote:Friends,

 I'd like to start a thread about the most famous and widespread Internet
 operational issues, outages or implementation incompatibilities you
 have seen.

 Which examples would make up your top three?

 To get things started, I'd suggest the AS 7007 event is perhaps  the
 most notorious and likely to top many lists including mine.  So if
 that is one for you I'm asking for just two more.

 I'm particularly interested in this as the first step in developing a
 future NANOG session.  I'd be particularly interested in any issues
 that also identify key individuals that might still be around and
 interested in participating in a retrospective.  I already have someone
 that is willing to talk about AS 7007, which shouldn't be hard to guess
 who.

 Thanks in advance for your suggestions,

 John

Re: Cogent Layer 2

[Shawn L via NANOG]

When I last spoke to them, it sounded like they were using a bunch of LAG 
groups based on ip address because they _really_ wanted to know how many ip 
addresses we had and what kind of traffic we would be expecting (eyeball 
networks, big data transport, etc).


-Original Message-
From: "David Hubbard" 
Sent: Wednesday, October 14, 2020 1:46pm
To: "nanog@nanog.org" 
Subject: Re: Cogent Layer 2




I had a discussion with them about a point to point circuit last year and ran 
into some weirdness around how burstable it would be for specific IP to IP 
streams as our use case was cheap circuit / high speed data replication between 
given endpoints.  The sales rep was suggesting to me that I’d see specific 
source/destination IP pairs capped at 2gbps regardless of circuit speed, which 
suggested to me it was not actually a point to point wave but some type of 
encapsulated service.  We didn’t get into whether it was usable for non-IP, etc.
 
 
 

From: NANOG  on behalf 
of Mike Hammett 
Date: Wednesday, October 14, 2020 at 1:38 PM
To: "nanog@nanog.org" 
Subject: Cogent Layer 2

 


Are any legitimate beefs with Cogent limited to their IP policies, BGP session 
charges, and peering disputes? Meaning, would using them for layer 2 be 
reasonable?
 



 -
 Mike Hammett
[ Intelligent Computing Solutions ]( http://www.ics-il.com/ )
[  ]( https://www.facebook.com/ICSIL )[  ]( 
https://plus.google.com/+IntelligentComputingSolutionsDeKalb )[  ]( 
https://www.linkedin.com/company/intelligent-computing-solutions )[  ]( 
https://twitter.com/ICSIL )
[ Midwest Internet Exchange ]( http://www.midwest-ix.com/ )
[  ]( https://www.facebook.com/mdwestix )[  ]( 
https://www.linkedin.com/company/midwest-internet-exchange )[  ]( 
https://twitter.com/mdwestix )
[ The Brothers WISP ]( http://www.thebrotherswisp.com/ )
[  ]( https://www.facebook.com/thebrotherswisp )[  ]( 
https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg )

Re: Centurylink having a bad morning?

[Shawn L via NANOG]

We once moved a 3u server 30 miles between data centers this way.  Plug 
redundant psu into a ups and 2 people carried it out and put them in a vehicle. 
 


Sent from my iPhone

> On Sep 1, 2020, at 11:58 PM, Christopher Morrow  
> wrote:
> 
> On Tue, Sep 1, 2020 at 11:53 PM Alain Hebert  wrote:
>> 
>>As a coincidence...  I was *thinking* of moving a 90TB SAN (with 
>> mechanical's) to another rack that way...  skateboard, long fibers and long 
>> power cords =D
>> 
> 
> well, what you REALLY need is one of these:
>  https://www.cru-inc.com/products/wiebetech/hotplug_field_kit_product/
> 
> and 2-3 UPS... swap to the UPS, then just roll the stack over, plug to
> utility and done. (minus network transfer)

Re: questions asked during network engineer interview

[Shawn L via NANOG]

I completely agree.  One of the people I used to do interviews with would look 
through the resume, etc. and then say something like "this all looks good. Tell 
me about something you've done".  And we'd move on to talk about projects and 
how they tackled it, etc. 
 
We didn't give tests, just questions like  "if we asked you to do this, on 
something you haven't seen or used before, how would you go about it".   Or 
pretend I'm the customer.  I want to do this.  How would you go about it?  it 
wasn't about getting a 'correct' answer, it was about how they went about 
solving the problem.

-Original Message-
From: "Owen DeLong" 
Sent: Tuesday, July 14, 2020 1:33pm
To: "Michael Thomas" 
Cc: nanog@nanog.org
Subject: Re: questions asked during network engineer interview




On Jul 14, 2020, at 10:20 , Michael Thomas <[ m...@mtcc.com ]( 
mailto:m...@mtcc.com )> wrote:


 
On 7/13/20 8:16 PM, Greg Skinner via NANOG wrote:If you ever decide to revisit 
this subject, I recall it was covered here in [ this thread started by Bill 
Herrin ]( https://mailman.nanog.org/pipermail/nanog/2012-July/149687.html ).
My general feelings on the subject of tech interviews are summarized in the 
“interview anti-loop” section of [ this article by Steve Yegge ]( 
http://steve-yegge.blogspot.com/2008/03/get-that-job-at-google.html ).   
Although it is targeted to people seeking software engineering jobs at FANG 
(and FANG-like) companies, IMO the general tone is applicable to other tech 
careers, even network engineering.  I have seen numerous articles (and 
subsequent discussions) on this subject on forums such as Quora, Medium, and 
Hacker News.
 
That blog post is everything that is wrong with software interviews. It's fine 
to ask intricate algorithm questions for somebody fresh out of school because 
what else are you going to ask them? But for somebody who's years out of school 
and has lots of experience, the intricate details of various algorithms fade 
especially ones that you don't use very often, or are embedded in library 
routines you'd be fired for if you tried to reinvent them. Telling people they 
have to go back to school for stuff they won't be using on the job is 
offensive.I once failed a network engineering interview because I couldn’t 
recite the OSPF LSA types by number from memory. It was fine, the fact that was 
a key question in the interview convinced me that I had no more desire to work 
there than they had to hire me.



My personal method is to devise a problem and actually work with them... 
because that's what I (or others) are going to be doing. How well can they get 
the requirements? How do they zero in on how to solve it? You can take this as 
deep or shallow as you like. Often I'd give it as a homework assignment if I 
liked them.I prefer this approach as well. Depending on the level of 
interviewee, I like to pull up a real world scenario from my past and see how 
they approach it. I’m not nearly as concerned if they get to the right solution 
as I want to see how they go about identifying and solving the problem. Do they 
ask questions that narrow their focus and identify the issue, or do they start 
trying random things hoping to stumble across a solution without understanding 
the problem?
The former moves on to the next steps towards employment. The latter is dropped 
from consideration.



My personal theory is software interviewing is basically a hazing ritual where 
the interviewers are trying to fluff their own privates, and it's almost to a 
one male. I wrote this post a while ago:
[ http://rip-van-webble.blogspot.com/2013/07/interviews-as-hazing-rituals.html 
]( http://rip-van-webble.blogspot.com/2013/07/interviews-as-hazing-rituals.html 
)
MikeNot being a developer (at least not for the last 25+ years), I haven’t done 
many “software” interviews, but I’ve been through network and sysadmin 
interviews that ran the gamut. Frankly, the ones that seemed to be more about 
fluffing privates were the companies I put less focus on going forward. The 
interviewers that seemed to match my style and wanted to see me do real-world 
things like troubleshooting or solving design problems or identifying 
architectural flaws in a proposed solution usually resulted in mutual respect 
and I usually moved forward through the interview processes. On the few 
occasions where I got a job out of a fluffing interview, it almost universally 
turned out to be one I wished I hadn’t taken.
Owen

Re: Router Suggestions

[Shawn L via NANOG]

We _always_ have at least one spare, or something that could be (relatively) 
easily pressed into service as one. 
 
Even in the Midwest, we've had times where 'guaranteed next day replacement' is 
more like 2nd or third day due to weather conditions, the carrier routing it 
weird, or just plain the plane didn't come today issues.  We generally laugh 
when they try to offer us 4 hour contracts -- we know there's 0 chance they can 
meet them, and they never want to refund you when you need it and they can't.
 


-Original Message-
From: "Warren Kumari" 
Sent: Wednesday, June 17, 2020 6:50pm
To: "Owen DeLong" 
Cc: nanog@nanog.org
Subject: Re: Router Suggestions






On Tue, Jun 16, 2020 at 5:28 PM Owen DeLong <[ o...@delong.com ]( 
mailto:o...@delong.com )> wrote:

 > On Jun 16, 2020, at 1:51 PM, Mark Tinka <[ mark.ti...@seacom.mu ]( 
 > mailto:mark.ti...@seacom.mu )> wrote:
 > 
 > 
 > 
 > On 16/Jun/20 22:43, Owen DeLong wrote:
 > 
 >> Covering them all under vendor contract doesn’t necessarily guarantee that
 >> the vendor does, either. In general, if you can cover 10% of your hardware
 >> failing in the same 3-day period, you’re probably not going to do much 
 >> better
 >> with vendor support.
 > 
 > In my experience, our vendors have been able to abide by their
 > obligations when we've had successive failures in a short period of
 > time, as long as our subscription is up-to-date.
 > 
 > I am yet to be disappointed.
 > 

 Count your blessings… I once faced a situation where a vendor had shipped a 
batch of defective power supplies (10s of thousands of them). It wasn’t just my 
network facing successive failures
 in this case, but widespread across their entire customer base… By day 2, all 
of their depots were depleted and day 3 involved mapping out “how non-redundant 
can we make the power in our
 routers to cover the outages that we’re seeing without causing more outages 
than we solve?”

 It was a genuine nightmare.
Huh, was this in the early to mid 1990’s?
I had an incident in NYC area where one of the large (at the time) 
datacenter/IXPs had a power outage, and their transfer switch failed to switch 
over. Customers were annoyed, so they promised another test, which also failed, 
dropping power to the facility again... now customers were hopping mad...
The next test was *just* of the generator, but with all of the work they had 
done they had (somehow) gotten the transfer switch *really* confused / 
hardwired into an odd state. This resulted in the facility being powered by 
both the street power and the generator (at least for a few seconds until the 
generator went “Nope!”)
 These were of course not synchronized, and so 120V equipment saw 0V, then 
240V, then some weird harmonic, then other surprising values. .. most supplies 
kind of dealt with this OK, but one of the really common models of router, from 
the largest vendor upped and died. This resulted in a few hundred dead routers 
and way exceeded the vendors spares strategies.
A number of customers (myself included) had 4 hour replacement contracts, which 
the vendor really could not meet - so we agreed to take a new, much 
larger/better model as a replacement.
W

 I’ve had other situations involving early failures of just released line cards 
and such as well.

 As I said, YMMV, but I’m betting your vendor doesn’t stock a second copy of 
every piece of covered equipment in the local depot. They’re playing the 
statistical probabilities just
 like anyone else stocking their own spares pool. The biggest difference is 
that they’re
 spreading the risk across a (potentially) much wider sample size which may 
better normalize
 the numbers.

 Owen

-- 

I don't think the execution is relevant when it was obviously a bad idea in the 
first place.
This is like putting rabid weasels in your pants, and later expressing regret 
at having chosen those particular rabid weasels and that pair of pants.
   ---maf

Re: alternative to voip gateways

[Shawn L via NANOG]

Innomedia is decent as well, but again it all depends on loop lengths.
 
Might want to look at more of a carrier system.  Something like a Calix E7, E5 
or C7 line.  You could probably pick up a C7 chassis on the used market and 
fill it up with ADSL or VDSL cards that will push dial-tone at least 2x as far 
as they will push DSL.  At least in the 10 mile rage.  Although at some point, 
when you're out past DSL range things like old-school load coils will help with 
call quality.
 


-Original Message-
From: "Tarko Tikan" 
Sent: Saturday, May 2, 2020 3:48am
To: nanog@nanog.org
Subject: Re: alternative to voip gateways



hey,

> But this all results in a sh1te load of 48 port gateways (power is not
> a concern), but wondering if there is another solution that is more
> cost effective? Seems the regular NEC's Siemens and so on might have
> an option but I can imagine it will be far more expensive than a bunch
> of individual gateways.

Huawei was already suggested and Nokia ISAM also works very well for 
your application

https://www.nokia.com/networks/products/intelligent-services-access-manager-isam-voice/#overview

Majority of the small consumer gateways (including the 48p ones) will 
not work on long loops, they are ment to be used inside a building etc.


-- 
tarko

Re: Best way to get foreign ISPs to shut down DDoS reflectors?

[Shawn L via NANOG]

This brings up an interesting question -- what is "good DDoS protection" on an 
ISP scale?  Apart from having enough bandwidth to weather the attack and having 
upstream providers attempt to filter it for you/
 


-Original Message-
From: "Bottiger" 
Sent: Thursday, April 23, 2020 5:30pm
To: "Siyuan Miao" 
Cc: "North American Network Operators' Group" 
Subject: Re: Best way to get foreign ISPs to shut down DDoS reflectors?



We are unable to upgrade our bandwidth in those areas. There are no providers 
within our budget there at the moment. Surely there must be some way to get 
them to respond.


On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <[ avel...@misaka.io ]( 
mailto:avel...@misaka.io )> wrote:
It won't work.
Get a good DDoS protection and forget about it.


On Fri, Apr 24, 2020 at 5:17 AM Bottiger <[ bottige...@gmail.com ]( 
mailto:bottige...@gmail.com )> wrote:
Is there a guide on how to get foreign ISPs to shut down reflectors used in 
DDoS attacks?
I've tried sending emails listed under abuse contacts for their regional 
registries. Either there is none listed, the email is full, email does not 
exist, or they do not reply. Same results when sending to whatever other email 
they have listed.
Example Networks:
CLARO S.A.
Telefonica
China Telecom
Korea Telecom

Re: Pilot Fiber, Chicago Area: Impressions?

[Shawn Ritchie]

Thank you, good to hear a Chicago-specific impression of their routing and 
support. 

-- 
Shawn

On Tue, Mar 31, 2020, at 10:16 PM, Josh Hoppes wrote:
> Employer has been using them for transit in Chicago for a while now.
> There was a case where they had a weird detour path through a router
> on the east coast for a prefix ultimately destined for the west coast,
> but once we notified them they quickly (same day) got it resolved.
> Been pretty happy with them so far.
> 
> On Tue, Mar 31, 2020 at 9:42 AM Shawn Ritchie  wrote:
> >
> > Pricing looks good, considering them for cheap backhaul as a tertiary path. 
> > Anybody have experience with them for just IP transit?
> >
> > --
> > Shawn
>

Pilot Fiber, Chicago Area: Impressions?

[Shawn Ritchie]

Pricing looks good, considering them for cheap backhaul as a tertiary path. 
Anybody have experience with them for just IP transit? 

-- 
Shawn

Re: rack rails

[Shawn L via NANOG]

That's a tough one.  In the telco space, the common sizes are 19" and 23".  19" 
for gear, 23" for fiber patch panels, etc.  There are also some 25" floating 
around (Nortel, I'm looking at you). 
 
Unfortunately, 19" gear fits in 19" racks.  It fits in 23" sometimes -- if the 
manufacture makes both size ears, or you have to use an adapter plate, which 
can be a pain, and expensive (for 25" you may as well find a local machine shop 
to make them for you, or it's cheaper to remove them and start over). 
 
Sometimes you can do 19" gear and 23" cable management in a 23" rack, which is 
nice.  There is also the telco proclivity to attach stand-offs on the back side 
of the rack for vertical cabling, which can take up even more space.
 
The one thing you really can't do is take servers, etc. designed for a cabinet 
or 4-post style rack and put them in a 2-post neatly.  There's adapters and 
things, but they're a pain as well.  At least with a 4-post square-hole rack 
you can get 80% of what you want to fit.  

-Original Message-
From: "Coy Hile" 
Sent: Monday, March 30, 2020 5:31pm
To: "Karsten Elfenbein" 
Cc: "NANOG" 
Subject: Re: rack rails




> On Mar 30, 2020, at 5:24 PM, Karsten Elfenbein  
> wrote:
> 
> Hi,
> 
> something like https://www.opencompute.org/projects/rack-and-power
> comes into my mind for that.
> Mounting on 4 posts should be the default. It is insane what some
> vendors want to mount on 2 posts only.
> 

That brings up an interesting question. As I understand it, the penchant for 
two-post mounts come from what are at least colloquially termed telco racks 
that are or were common when you had tons of modem banks and such. Are such 
mounts — much like DC power — still quite common in the service provider space, 
or do most use more or less normal racks? (That said, the 750mm wide (29.5in) 
racks that actually have room for high density cables inside the rack seem much 
more useful for a networking application than the 600mm wide version.)



--
Coy Hile
coy.h...@coyhile.com

Re: [EXT] Shining a light on ambulance chasers - Noction

[Shawn L via NANOG]

And here I actually went to their website (not Cogent -- they still call me all 
the time as well) to see what they sell.
 
 


-Original Message-
From: "Kaiser, Erich" 
Sent: Wednesday, March 25, 2020 5:50pm
To: "NANOG list" 
Subject: Re: [EXT] Shining a light on ambulance chasers - Noction




Cogent calls me about 2-3 times a week.  TIme to start re-routing their calls 
back to them..





Erich Kaiser

On Wed, Mar 25, 2020 at 3:29 PM Chuck Anderson <[ c...@wpi.edu ]( 
mailto:c...@wpi.edu )> wrote:Someone should tell them what happened to Cogent 
for scraping ARIN WHOIS.

 On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
 > Under the heading of sales spam from our community that is in even poorer 
 > taste, and sucks:
 > 
 > 
 > Begin forwarded message:
 > 
 > > From: Josh Ankin <[ jan...@noction.com ]( mailto:jan...@noction.com )>
 > > Subject: BGP Management
 > > Date: March 25, 2020 at 3:39:02 PM EDT
 > > To: [ rjo...@centergate.com ]( mailto:rjo...@centergate.com )
 > > Reply-To: [ jan...@noction.com ]( mailto:jan...@noction.com )
 > > 
 > > Hello Rodney,
 > >  
 > > I know things are pretty hectic right now with COVID-19 precautions being 
 > > taken everywhere. I hope it's not affecting your team too much, and most 
 > > importantly, I hope everyone is safe.
 > >  
 > > In recent months, I've been trying to bring your attention to BGP 
 > > optimization. However, our solution's other notable features can be of 
 > > utmost value at these uncertain times as the Internet traffic volumes and 
 > > patterns change
 > 
 > Etc Etc

Re: Backup over 4G/LTE

[Shawn Ritchie]

Yes, the 510 has LTE options for both North American and Asian frequencies 
(separate boxes).

They can hold 2 SIMs but only one can be active at a time. 

--
Shawn




On Wed, Jan 29, 2020, at 8:44 PM, Colton Conor wrote:
> Does Velcloud make an actual LTE box? 
> 
> On Wed, Jan 29, 2020 at 6:44 AM K. Scott Helms  wrote:
>> There are lots of options to solve that problem. 
>> 
>> Peplink, 128T, Viptela (Cisco), Velocloud (VMWare), etc.
>> 
>> Scott Helms
>> 
>> 
>> On Tue, Jan 28, 2020 at 6:31 PM K MEKKAOUI  wrote:
>>> Dear NANOG Community,

>>> __ __

>>> Can anyone help with any device information that provides redundancy for 
>>> business internet access? In other words when the internet provided through 
>>> the cable modem fails the 4G/LTE takes over automatically to provide 
>>> internet access to the client.

>>> __ __

>>> Thank you

>>> __ __

>>> KARIM M.

>>> __ __

Re: Backup over 4G/LTE

[Shawn Ritchie]

I do this with Accelerated devices tied to Juniper SRXes as well as Velocloud 
VCEs depending on the customer's other needs. Increasingly common application.

--
Shawn




On Wed, Jan 29, 2020, at 8:08 AM, Alain Hebert wrote:
>  Juniper SRX and any reliable consumer LTE router =D.
> 
> -
Alain Hebertaheb...@pubnix.net   
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443
> 
> On 2020-01-28 18:30, K MEKKAOUI wrote:
>> Dear NANOG Community,

>> 

>> Can anyone help with any device information that provides redundancy for 
>> business internet access? In other words when the internet provided through 
>> the cable modem fails the 4G/LTE takes over automatically to provide 
>> internet access to the client.

>> 

>> Thank you

>> 

>> KARIM M.

>> 

Re: DSLAMs

[Shawn L via NANOG]

That's a tough one.  48 port dslams with internal splitters are easy.  When 
you're looking for more density you're almost always looking at external 
splitter shelves.  Could also look at the calix c7 platform -- tons around on 
the used market -- but then again, no splitters.
 

-Original Message-
From: "Dennis Lundström" 
Sent: Tuesday, December 31, 2019 12:32pm
To: "Nick Edwards" 
Cc: "NANOG" 
Subject: Re: DSLAMs




Found this one:

[ ftp://ftp2.dlink.com/SUPPORT/End_of_Life_Product_List_091519.pdf ]( 
ftp://ftp2.dlink.com/SUPPORT/End_of_Life_Product_List_091519.pdf )
Stating EOL 2015-04-14 for HW revision A1.
—Dennis



On Tue, Dec 31, 2019 at 10:27 Nick Edwards <[ nick.z.edwa...@gmail.com ]( 
mailto:nick.z.edwa...@gmail.com )> wrote:Howdy y'all

 Chasing some info, does dlink still sell DAS4672 - 672 port adsl2+ dslams?

 after simple IP based  units with pppoe pass through.
 We could buy a bunch of planet 48 ports, which we used before, but we
 hoping someone still puts out high capacity (320 plus port) units with
 inbuilt pots splitters

 thanks

Re: Elephant in the room - Akamai

[Shawn L via NANOG]

Same -- we had an Akamai cache for 15+ years.  Then we were notified that it 
was done and were sent boxes to pack our stuff up and send it back.
 
 
-Original Message-
From: "Jared Mauch" 
Sent: Saturday, December 7, 2019 2:05pm
To: "Seth Mattinen" 
Cc: nanog@nanog.org
Subject: Re: Elephant in the room - Akamai




> On Dec 7, 2019, at 12:06 PM, Seth Mattinen  wrote:
> 
> On 12/6/19 06:46, Fawcett, Nick via NANOG wrote:
>> We had three onsite Akamai caches a few months ago. They called us up and 
>> said they are removing that service and sent us boxes to pack up the 
>> hardware and ship back. We’ve had quite the increase in DIA traffic as a 
>> result of it.
> 
> 
> Same here, removed last month, and no more Akamai traffic over peering since.

This last part doesn’t sound right.

Can you send me details in private?

Thanks,

- Jared

Re: Cogent sales reps who actually respond

[Shawn L via NANOG]

I have one who calls me bi-weekly even though we have declined to purchase 
service from them at this time.  I'd be happy to provide contact details 
off-line.
 


-Original Message-
From: "Jon Sands" 
Sent: Monday, September 16, 2019 9:30am
To: nanog@nanog.org
Subject: Re: Cogent sales reps who actually respond



The last time I dealt with them, it took a little over 3 months to get 
them to turn up basic BGP service. To top it off the sales rep was fired 
in the middle of our deployment. Cogent seems to have higher rep 
turnover than anything else I've dealt with. Buckle up and have fun!

On 9/15/2019 4:13 PM, n...@as37662.com n...@as37662.com wrote:
>
> Hi fellow network operators,
>
> Do any orgs here have experience with a good Cogent rep? The rep we 
> got via Cogent's website is unresponsive to even basic questions. It 
> feels like we are dealing with a bot and copy-pasted replies.
>
> Thanks
> Ruldu
>

-- 
Jon Sands
MFI Labs
https://fohdeesha.com/

Re: Estimated LTE Data Utilization in Failover Scenario

[Shawn Ritchie]

> On Jul 31, 2019, at 11:03 AM, Blake Hudson  wrote:
> 
> Matt Harris wrote on 7/31/2019 9:46 AM:
>> On Wed, Jul 31, 2019 at 9:21 AM Shaun Dombrosky > <mailto:sdombro...@blackfoot.com>> wrote:
>> Good Morning,
>> 
>> First time NANOG poster, apologies if I breach etiquette.
>> 
>> Does anyone have any first-hand data on how much data a small-medium 
>> business (SMB) can expect to consume in a failover scenario over a 4G/LTE 
>> connection?  Retail, under 50 head count, using PoS, maybe cloud accounting 
>> software, general internet activity, 8 hour time period.  Wonder if anyone 
>> is using a Cradlepoint or SD-WAN solution that could pull a few quick 
>> numbers from a dashboard for me.  I haven’t had much luck in my searches.
>> 
>> Appreciate any info anyone can provide.
>> 
>> Thanks,
>> 
>> 
>> Hey Shaun,
>> I'd recommend pulling that data from the device normally facing their 
>> internet connection. Does it support netflow or even just basic snmp 
>> statistics that you could graph? Ostensibly the traffic level would be the 
>> same regardless of whether using an LTE backup connection or the primary 
>> internet connection unless you somehow prohibited certain traffic when on 
>> LTE. Ultimately though, your best bet is going to be to get real stats over 
>> the course of a couple of weeks and then you'll understand better the 
>> traffic patterns based on time of day, day of the week, etc, as well, as 
>> this is likely relevant. 
>> 
>> Good luck! 
>> 
> 100% agree with Matt. Something also to keep in mind is the SMB's peak data 
> rates. The primary (I assume ethernet) uplink may have a sub 10ms latency and 
> 100Mbps or greater data rate while the LTE connection is probably several 
> times slower in terms of bandwidth and latency. If designing a failover 
> connection, customer expectations may need to be managed: internet access may 
> be up, but will be noticeably degraded when on LTE. A backup cable connection 
> may be better for VoIP or other latency/jitter sensitive applications and of 
> course anything that relies on a static IP (server, vpn, etc) will probably 
> break if the primary connection is down. Would be a good idea to test the 
> failover connection during a few different time periods to gauge employee 
> experience.
> 
> —Blake

Yep. We sell solutions, both Cradlepoint and SD-WAN-based, and a big part of it 
is going over with the customer “you can’t just fail over all your regular 
traffic; pick biz-critical functions and deny everything else or you’re going 
to a) be very unhappy with speeds/performance and b) be EVEN MORE unhappy with 
the overage bill”. 

Get some data over a regular work week or so of their traffic, preferably with 
some flow data so you know what kinds of traffic/apps are consuming the 
bandwidth. Have the customer ID which of those flows would be critical if the 
primary connectivity died; size the cell plan appropriately or, if that can’t 
be done due to data caps, make sure needed tunnels for backoffice-type stuff 
will even work over your particular solution, etc... help them figure out what 
else can be dropped in an emergency. 

Other thing to consider is that almost all US cell plans have a pretty small 
data cap, even “unlimited”, and our testing shows that just backend Cradlepoint 
or SD-WAN chatter can add up to a GB or 2 a billing cycle; need to make sure 
your configs explicitly block any cellular usage unless the primary connection 
has gone completely down.

— 
Shawn

Re: DNS Qtypes and class values are a social construct

[Shawn Ritchie]

Nick Morrison wrote on 4/4/2019 3:31 PM:

On Mon, 1 Apr 2019 at 18:09, Alfie Pates  wrote:


I think this is pretty tone-deaf, in my opinion. 



Completely agree, Alfie.

(And hi, nanog, I'm Nick. Do we do introduction rounds here?)

Nick
I'll third this. And to note that that use of "triggered" is a good way 
to figure out that a person should just be ignored overall. Childish and 
lacking in empathy. "Ha ha, you CARE about something!" Christ. Grow up.


--
Shawn

Re: IP Dslams

[Shawn L via NANOG]

The "newer" replacement for the 42xx series was the bitstorm 
(Bitstorm-RP2-152-AC), and they came in AC as well and 48 ports -- in a 1.5 U I 
think .
 

-Original Message-
From: "Blake Hudson" 
Sent: Friday, January 4, 2019 12:47pm
To: nanog@nanog.org
Subject: Re: IP Dslams


I was thinking the same thing. They're a few years out of support, but the 
Zhone 42xx IP DSLAM provides a 1Gbps ethernet uplink and 24 ADSL2+ DSL user 
ports per 1U chassis (stackable to achieve 192 ports total). Wish they were 
available in AC for non-telco use.
 [ http://support.zhone.com/support/manuals/docs/42/4200-A2-GN21-40.pdf ]( 
http://support.zhone.com/support/manuals/docs/42/4200-A2-GN21-40.pdf )

 You could pair these with a pfSense appliance (or an x86 PC running the free 
software) to provide DHCP, DNS, etc - or use the built in pfSense captive 
portal to provide additional authentication and accounting per user. pfSense 
can provide NAT and FW if needed, or these features can be disabled to use 
globally routable IP4/IP6 addresses.

 As far as support goes, backup your pfsense and DLSAM configs when you finish 
the project and the subscriber accounts and DSL modems could be maintained by a 
local admin through the pfSense web interface with no need to touch the DSLAMs 
or anything CLI.

 --Blake


Shawn L via NANOG wrote on 1/4/2019 8:59 AM:
Might want to look for old Zhone ip bitstorm dslams.  There should be a bunch 
on the used market.  They do all of the ATM conversions internally so you just 
need to feed them with ethernet.
 

 -Original Message-
 From: "Nick Edwards" [  ]( 
mailto:nick.z.edwa...@gmail.com )
 Sent: Friday, January 4, 2019 9:36am
 To: "Brandon Martin" [  ]( 
mailto:lists.na...@monmotha.net )
 Cc: "NANOG" [  ]( mailto:nanog@nanog.org )
 Subject: Re: IP Dslams




They don't have a large budget and although I'm yet to get prices on adtran's 
(understandable, holidays 'n all) I doubt it will fit within their budget, it's 
looking more like getting a few planet dslams and configuring a linux box as 
the bng, been 10 years since I've had to do that kind of setup, memories hazy, 
but I know it worked, and well, so thanks to all for suggestions but the 
adtrans and nokias are not for those on shoe string budgets, which wouldnt even 
allow me to include an asr1k for the bng, and although it would allow for, I'd 
rather not grab an ebay 7200/7300 :)


On Wed, Jan 2, 2019 at 10:52 PM Brandon Martin <[ lists.na...@monmotha.net ]( 
mailto:lists.na...@monmotha.net )> wrote:On 1/2/19 6:47 AM, Nick Edwards wrote:
 > There are 260 villas, and no coax.

 Is there a logical way to distribute the termination?  You might be able 
 to get better performance (not that you perhaps care, in this case) at 
 minimal additional cost if you can do building-local termination of each 
 customer circuit and then backhaul on e.g. bonded VDSL2 or G.FAST over 
 shorter distances (perhaps hopping building to building).

 I'm assuming there's no data grade copper or fiber if there's no coax. 
 Obviously if you've got those, distributed termination makes even more 
 sense.

 If you do want a centralized solution, an Adtran TA5006 (the small 
 chassis) with 6x 48 port VDSL2 combo modules (with or without vectoring, 
 depending on your needs) would do the job (though it fills the chassis 
 and doesn't allow for expansion, so the full-size TA5000 may be 
 desirable).  I've played (and am playing with) the same system but with 
 GPON termination and have been happy with it so far.
 -- 
 Brandon Martin

Re: IP Dslams

[Shawn L via NANOG]

Might want to look for old Zhone ip bitstorm dslams.  There should be a bunch 
on the used market.  They do all of the ATM conversions internally so you just 
need to feed them with ethernet.
 

-Original Message-
From: "Nick Edwards" 
Sent: Friday, January 4, 2019 9:36am
To: "Brandon Martin" 
Cc: "NANOG" 
Subject: Re: IP Dslams




They don't have a large budget and although I'm yet to get prices on adtran's 
(understandable, holidays 'n all) I doubt it will fit within their budget, it's 
looking more like getting a few planet dslams and configuring a linux box as 
the bng, been 10 years since I've had to do that kind of setup, memories hazy, 
but I know it worked, and well, so thanks to all for suggestions but the 
adtrans and nokias are not for those on shoe string budgets, which wouldnt even 
allow me to include an asr1k for the bng, and although it would allow for, I'd 
rather not grab an ebay 7200/7300 :)


On Wed, Jan 2, 2019 at 10:52 PM Brandon Martin <[ lists.na...@monmotha.net ]( 
mailto:lists.na...@monmotha.net )> wrote:On 1/2/19 6:47 AM, Nick Edwards wrote:
 > There are 260 villas, and no coax.

 Is there a logical way to distribute the termination?  You might be able 
 to get better performance (not that you perhaps care, in this case) at 
 minimal additional cost if you can do building-local termination of each 
 customer circuit and then backhaul on e.g. bonded VDSL2 or G.FAST over 
 shorter distances (perhaps hopping building to building).

 I'm assuming there's no data grade copper or fiber if there's no coax. 
 Obviously if you've got those, distributed termination makes even more 
 sense.

 If you do want a centralized solution, an Adtran TA5006 (the small 
 chassis) with 6x 48 port VDSL2 combo modules (with or without vectoring, 
 depending on your needs) would do the job (though it fills the chassis 
 and doesn't allow for expansion, so the full-size TA5000 may be 
 desirable).  I've played (and am playing with) the same system but with 
 GPON termination and have been happy with it so far.
 -- 
 Brandon Martin

Re: Cleveland/Cincinnati Co-location

[Shawn Ritchie]

 On Jan 3, 2019, at 9:50 AM, Allen McKinley Kitchen (gmail) 
 wrote:
> 
> +1 for Expedient. Not a current customer but a VERY satisfied former 
> customer. (Decision to leave them was a foul case of penny-pincher 
> mismanagement, above my pay grade and over my objections.)
> 
> ..Allen
> 
>> On Jan 3, 2019, at 01:00, Justin M. Streiner  wrote:
>> 
>>> On Tue, 1 Jan 2019, Mitchell Lewis wrote:
>>> 
>>> I am working on project that may involve building points of presence in 
>>> Cleveland & Cincinnati. Any suggestions as to which colocation facility in 
>>> each city to build in? The prime factor of consideration for this project 
>>> is access to waves to places like Chicago, New York & Ashburn. It would be 
>>> nice to have multiple wave provider options to choose from.
>>> 
>>> I have been looking at Cyrus One-7thStreet in Cincinnati & Databank in 
>>> Cleveland.
>> 
>> Expedient has two facilities in Cleveland that might be worth looking at.
>> 
>> Thank you
>> jms

I’m in Expedient’s Cleveland DC and will second that they’re decent.

—
Shawn

Re: CenturyLink

[Shawn L via NANOG]

Speaking of GPS-enabled NTP appliances, etc. wondering what hardware people are 
using for this.
 
thanks
 

-Original Message-
From: "Raymond Burkholder" 
Sent: Saturday, December 29, 2018 12:01pm
To: "Matthew Huff" , "l...@satchell.net" , 
"nanog@nanog.org" 
Subject: Re: CenturyLink



On 2018-12-29 7:51 a.m., Matthew Huff wrote:
> We have two stratum-1 servers synced with GPS and a PTP feed from a provider 
> that also provides PTP to market data systems, but we still have to monitor 
> drift between system time and NIST time. Don't ask for the logic behind it, 
> it's a regulation, not a technical requirement.
>
On one occasion, due to bad firmware or a configuration issue, I have 
seen GPS stratum 1 diverge from NTP.  It was somewhat eye brow raising 
to the company.  My NTP monitored servers were shown to be diverging 
their GPS/NTP, but after looking at twice or thrice, it was the other 
way around.

Re: Extending network over a dry pair

[Shawn L via NANOG]

Actellis also makes some ethernet over dry pair gear.  The only issue is that 
they require repeaters like a T1 (different spacing though).  I'm guessing if 
you're doing T1 at that distance you already have repeater housings in the 
field at least.
 
 


-Original Message-
From: "Alfie Pates" 
Sent: Wednesday, December 12, 2018 4:42pm
To: nanog@nanog.org
Subject: Re: Extending network over a dry pair



Six miles is probably pushing it, but Proscend make some interesting Long-Range 
Ethernet SFP transciever which are VDSL based. They're horrendously documented 
and they draw *way* more power than the SFP specification allows.
They also make a version which is design to terminate VDSL broadband circuits - 
A couple of those found their way to my desk recently and it turns out that 
despite the horrendous documentation and sightly scary heat output (they come 
with a little paper note in the box which says something along the lines of 
"WARNING! MODULE GETS HOT - DO NOT TOUCH DURING OPERATION."), they do generally 
Just Work!
~a
On Wed, Dec 12, 2018, at 9:25 PM, Nick Bogle wrote:
A quick question for you guys; 
If you had a single dry pair (pair of copper wires originally for phones) to a 
remote site that was around 6 miles away, what would you use? We currently are 
just extending a T1 line to this site, but 1.5Mbps isn't cutting it anymore. 
Unfortunately it's a research site on a federally protected wildlife preserve 
so we can't run any new infrastructure (fiber etc) and it isn't in a 
geographical place where point to point wireless is practical. We were thinking 
there is some sort of network extender that uses some form of DSL for higher 
bandwidth capacity. 
Any suggestions?

Re: Feedback - SBC Vendors.

[Shawn Ritchie]

I second what's been said about ACME Packet; loved them when we first got
them, phasing them out now in favor of Ribbon due to what a pain Oracle has
been to deal with.

We're all hardware on the Ribbon side, using both the 5k line and some
premise 1k SBC's. They've been fine so far.

On Thu, Aug 9, 2018 at 9:26 AM Ryan Finnesey  wrote:

> Thanks I will post there as well
>
>
>
>
>
>
>
> 
> From: Hiers, David 
> Sent: Thursday, August 9, 2018 10:11:33 AM
> To: James Milko; Ryan Finnesey
> Cc: nanog@nanog.org
> Subject: RE: Feedback - SBC Vendors.
>
> You might want to drop this question on the VoiceOps list:
>
> voice...@voiceops.org
>
> It runs at a good signal-to-noise ratio, so you'll get some useful
> responses.
>
>
> David
>
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+david.hiers=cdk@nanog.org] On
> Behalf Of James Milko
> Sent: Thursday, August 09, 2018 7:06 AM
> To: Ryan Finnesey 
> Cc: nanog@nanog.org
> Subject: Re: Feedback - SBC Vendors.
>
>  Which Ribbon product are you looking at?  There are quite a few now and
> they have different code bases/features.
>
> JM
>
> On Wed, Aug 8, 2018 at 7:56 PM, Ryan Finnesey  wrote:
>
> > I am going to have to install a series of SBCs for a  voice offering
> > connected to Microsoft Teams.  We are going to pass the SIP traffic
> > off to a larger number of SIP providers.  I would like  to get some
> > feedback from the group on SBC vendors.  I have two options for
> > vendors Ribbon or AudioCodes.  I am leaning towards a software based SBC
> over an appliance.
> >
> > Would be helpful to get the other members feedback on Ribbon or
> > AudioCodes deployments within their networks.
> >
> > Cheers
> > Ryan
> >
> >
>
> --
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, notify the sender immediately by
> return email and delete the message and any attachments from your system.
>


-- 
Shawn

Re: 3rd party QSFP-100G-LR4-S for Cisco

[Shawn Ritchie]

I can second OSI, been using them for years for Juni and Cisco-compatible
optics and they've been absolutely fine.

On Wed, Jun 6, 2018 at 9:31 AM Andrey Khomyakov 
wrote:

> We've been quite happy with https://www.osihardware.com
> The customer service is outstanding.
>
>
> --Andrey
>
> On Wed, Jun 6, 2018 at 1:04 PM, Tom Hill  wrote:
>
> > On 2018-05-29 13:48, Ryugo Kikuchi wrote:
> >
> >> Does anyone have a recommended model of 3rd party's "QSFP-100G-LR4-S"
> for
> >> Cisco ASR and Nexus?
> >>
> >> Cisco's original 100G SFP costs us an arm and a leg, so we want to try
> to
> >> use 3rd party 100g SFP.
> >> But we are not sure which manufacturer's SFP is reliable or has good
> >> performance.
> >>
> >
> >
> > FlexOptix (.net) are an excellent third-party provider for your first
> > foray into non-vendor optics.
> >
> > Tom
> >
>


-- 
Shawn

RE: Are any of you starting to get AI robocalls?

[Shawn L via NANOG]

Honestly, most carriers I've talked to are fed up as well, and just want to 
find a way to make it stop.  As some one said, it's exactly like BCP38 ---  the 
carriers that care keep their clients from spoofing caller id, etc.  The ones 
that don't make everyone else look bad.

-Original Message-
From: "Keith Medcalf" 
Sent: Wednesday, April 4, 2018 7:04pm
To: "nanog@nanog.org" 
Subject: RE: Are any of you starting to get AI robocalls?



Why would the carriers want to do anything? They are making money from call 
termination fees.


---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sean
>Pedersen
>Sent: Wednesday, 4 April, 2018 08:45
>To: nanog@nanog.org
>Subject: RE: Are any of you starting to get AI robocalls?
>
>Yep. Add it to the list of IRS scams, fake arrest warrants, credit
>repair, free vacations, etc. The rate of calls has increased
>dramatically in the past year, especially with the "neighborhood
>scam" where they spoof their CLID to a local area code and prefix +
> through  and blast you with calls, trying to trick you into
>thinking it's someone local and thus important or legitimate.
>
>I have a second phone I use for work and on-call, so that goes on DND
>from 6PM to 6AM with a VIP list of people/numbers that can ring
>through. No problems there, and somehow that number isn't (yet) on
>anyone's list, so I don't get many calls.
>
>On my personal cell, I started to use an app called Hiya that has
>been pretty successful. It's available for both iPhone and Android.
>It powers a lot of the carrier-specific apps like AT Call Protect,
>but unlike them, it doesn't suck. It's a giant database of reports
>that rate calling numbers and classify them as fraud, scam,
>neighborhood spoofing, etc. and you can flag them or route them right
>to voicemail. The only time it doesn’t work is when it hasn't updated
>its list in a little while and a few sneak through. They just
>realized a premium version that added some features. I haven't
>explored it yet.
>
>Went from about 20 calls a week to almost nothing.
>
>Carriers seem to be either uncapable or unwilling to address the
>issue other than the occasional lip-service reply about "taking
>customer's $variable seriously."
>
>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of William
>Herrin
>Sent: Tuesday, April 3, 2018 3:32 PM
>To: nanog@nanog.org
>Subject: Are any of you starting to get AI robocalls?
>
>Howdy.
>
>Have any of you started to get AI robocalls? I've had a couple of
>calls recently where I get the connect silence of a predictive dialer
>followed by a woman speaking with call center background noise. She
>gives her name and asks how I'm doing. The first time it happened it
>seemed off for reasons I can't quite articulate, so I asked: "Are you
>a robot or a person?" She responded "yes" and then launched in to a
>sales pitch. The next time I asked, "where can I direct your call?"
>She responded "that's good" and launched in to her pitch.
>
>Regards,
>Bill Herrin
>
>
>--
>William Herrin  her...@dirtside.com b...@herrin.us
>Dirtside Systems . Web: 

Re: DSL CPE

[Shawn L via NANOG]

Sorry -- this got lost in the shuffle.
 
We were specifically comparing Comtrend AR5381u vs Zyxel 660HN being fed with 
either Calix ADSL 2+ or  Paradyne/Zhone Bitstorm ADSL2+.  All use the broadcom 
chipset but seem to interop slightly differently.  From our limited testing we 
determined that for the best speeds / quality on long loops order was like this
 
Zhone Bitstorm -> Zyxel 660HN
Zhone Bitstorm -> Comtrend AR5381u
Calix ADSL 2+ -> Zyxel 660HN
Calix ADSL 2+ -> Comtrend AR5381u
 
 

-Original Message-
From: "Mike Hammett" <na...@ics-il.net>
Sent: Sunday, January 14, 2018 9:48pm
To: "Shawn L" <sha...@up.net>
Cc: "NANOG" <nanog@nanog.org>
Subject: Re: DSL CPE



Any particular Zyxel models or just Zyxel in general perform better at longer 
lengths?


From: "Shawn L" <sha...@up.net>
To: "Mike Hammett" <na...@ics-il.net>
Cc: "NANOG" <nanog@nanog.org>
Sent: Tuesday, January 9, 2018 8:22:07 AM
Subject: RE: DSL CPE


At $dayjob we use both Comtrend and Zyxel modems.  Both have a 1-port modem 
that can be deployed in bridged mode. They both seem to work well with Calix 
gear.  We've found the Zyxel modems tend to work a little better at longer loop 
lengths.  But, for us at least, it's very easy to get custom firmware created 
and pre-deployed to comtrend modems at the factory / distributor. So we haven't 
completely decided between one brand and the other.  We started looking at 
Zyxel for increased speed at longer loop lengths and better wifi support.
 
There's a company a few exchanges over from us that has deployed the caix giga 
family and really likes it.  We haven't deployed them yet because they only 
work on the Calix E7 series (E7-2 and E7-20) and we still have a lot of C7 
series dslams in the network.
 
Shawn
 


-Original Message-
From: "Mike Hammett" <na...@ics-il.net>
Sent: Tuesday, January 9, 2018 8:50am
To: "NANOG" <nanog@nanog.org>
Subject: DSL CPE



After a few off-list responses (and a couple on) encouraging me to use NANOG, 
here we go... 


I've recently walked in to a voice\DSL CLEC that has basically been left to 
entropy for the last ten years. A lot of the core systems just work, but a lot 
of things aren't exactly managed the best. They run a Calix\Occam ADSL2+\VDSL 
infrastructure. For those of you doing DSL, what CPE are you using? I'm looking 
at one that's just a basic modem where I have a more sophisticated router (or 
ATA\voice gateway) behind it and then one more generic for residential settings 
with WiFi and all that jazz. We're kinda debating whether we go just dumb Wi-Fi 
or something more advanced\powerful. I've heard a lot of good about the Calix 
GigaFamily in that regard. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

RE: DSL CPE

[Shawn L via NANOG]

At $dayjob we use both Comtrend and Zyxel modems.  Both have a 1-port modem 
that can be deployed in bridged mode. They both seem to work well with Calix 
gear.  We've found the Zyxel modems tend to work a little better at longer loop 
lengths.  But, for us at least, it's very easy to get custom firmware created 
and pre-deployed to comtrend modems at the factory / distributor. So we haven't 
completely decided between one brand and the other.  We started looking at 
Zyxel for increased speed at longer loop lengths and better wifi support.
 
There's a company a few exchanges over from us that has deployed the caix giga 
family and really likes it.  We haven't deployed them yet because they only 
work on the Calix E7 series (E7-2 and E7-20) and we still have a lot of C7 
series dslams in the network.
 
Shawn



-Original Message-
From: "Mike Hammett" <na...@ics-il.net>
Sent: Tuesday, January 9, 2018 8:50am
To: "NANOG" <nanog@nanog.org>
Subject: DSL CPE



After a few off-list responses (and a couple on) encouraging me to use NANOG, 
here we go... 


I've recently walked in to a voice\DSL CLEC that has basically been left to 
entropy for the last ten years. A lot of the core systems just work, but a lot 
of things aren't exactly managed the best. They run a Calix\Occam ADSL2+\VDSL 
infrastructure. For those of you doing DSL, what CPE are you using? I'm looking 
at one that's just a basic modem where I have a more sophisticated router (or 
ATA\voice gateway) behind it and then one more generic for residential settings 
with WiFi and all that jazz. We're kinda debating whether we go just dumb Wi-Fi 
or something more advanced\powerful. I've heard a lot of good about the Calix 
GigaFamily in that regard. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

RE: Broadcast television in an IP world

[shawn wilson]

Besides Netflix, does anyone else offer CDN boxes for their services?

I'm also guessing that most content won't benefit from multicast to homes
too much?

I can see where multicast benefits sports and news (and probably catching
commercials for people). But in a world where I'm more than happy to pay
Amazon $25-40 a show/season to avoid commercials, I'm guessing
live/broadcast TV will get even less popular (I get news via YouTube - so
that's not even live for me anymore).

On Nov 17, 2017 18:03, "Luke Guillory"  wrote:

> This use to be the case.
>
> While it might lower OPX that surely won't result in lower retrans, will
> just be more profit for them.
>
> We're down as well on video subs, this is 99% due to rising prices.
>
> This is where it's heading for sure, in the end it will cost more as well
> since each will be charging more than the per sub rates we're getting
> charge. They'll have to in order to keep revenue the same.
>
> When ESPN offers an OTT product I have no doubt it will be near the $20
> per month, for 5 channels or so?
>
>
>
> Luke Guillory
> Vice President – Technology and Innovation
>
> Tel:985.536.1212
> Fax:985.536.0300
> Email:  lguill...@reservetele.com
>
> Reserve Telecommunications
> 100 RTC Dr
> Reserve, LA 70084
>
> 
> _
>
> Disclaimer:
> The information transmitted, including attachments, is intended only for
> the person(s) or entity to which it is addressed and may contain
> confidential and/or privileged material which should not disseminate,
> distribute or be copied. Please notify Luke Guillory immediately by e-mail
> if you have received this e-mail by mistake and delete this e-mail from
> your system. E-mail transmission cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. Luke Guillory therefore does
> not accept liability for any errors or omissions in the contents of this
> message, which arise as a result of e-mail transmission. .
>
>

Re: RFC2544 Testing Equipment

[Shawn L via NANOG]

JDSU make some nice ones that we use to qualify cell tower back haul.  Not 
cheap though
 


-Original Message-
From: "Jeremy Austin" 
Sent: Tuesday, May 30, 2017 11:29am
To: "James Breeden" , "n...@flhsi.com" , 
"nanog@nanog.org" 
Subject: Re: RFC2544 Testing Equipment



JW, have you moved on to EtherSAM? That's what I'd be looking for myself.
On Tue, May 30, 2017 at 7:28 AM James Breeden  wrote:

> When we had to do this once in a blue moon, we just bought a pair of old
> Agilent Framescopes off ebay. They worked great but we had issues getting
> reporting out of them. They had RJ45 and SFP on them.
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+james=arenalgroup...@nanog.org] On
> Behalf Of Nick Olsen
> Sent: Tuesday, May 30, 2017 10:23 AM
> To: nanog@nanog.org
> Subject: RFC2544 Testing Equipment
>
> Greetings all,
>
> Looking for a good test set. Primary use will be testing L2 circuits
> (It'll technically be VPLS, But the test set will just see L2). Being able
> to test routed L3 would also be useful. Most of the sets I've seen are two
> sided, A "reflector" at the remote side, And the test set in hand run by
> the technician.
>
> Looking to test up to 1Gb/s at various packet sizes, Measure Packet loss,
> Jitter..etc. Primarily Copper, But if it had some form of optical port, I
> wouldn't complain. Outputting a report that we can provide to the customer
> would be useful, But isn't mandatory. Doesn't need anything fancy, Like
> MPLS awareness, VLAN ID's..etc.
>
>
> Nick Olsen
> Sr. Network Engineer
> Florida High Speed Internet
> (321) 205-1100 x106
>
>
>
>
>
>
>
>

RE: SoCal FIOS outage(?) / static IP readdressing

[Shawn L]

Depending on the area and conditions (rock, etc).  We're seeing
 
$4 /foot Aerial
$5-$7 /foot direct bury
$10 - $14 /foot directional bore
 
These are not including the fiber cable itself.
 


-Original Message-
From: "Luke Guillory" 
Sent: Wednesday, January 4, 2017 8:50am
To: "Jared Mauch" , "Baldur Norddahl" 

Cc: "nanog@nanog.org" 
Subject: RE: SoCal FIOS outage(?) / static IP readdressing



Our model is 15k a mile all in, this is for aerial not underground for our 
HFC/Coax builds. A partner of ours models their underground fiber builds at 30k 
a mile.

This is in south Louisiana so your market may vary as always.






Luke Guillory
Network Operations Manager

Tel: 985.536.1212
Fax: 985.536.0300
Email: lguill...@reservetele.com

Reserve Telecommunications
100 RTC Dr
Reserve, LA 70084

_

Disclaimer:
The information transmitted, including attachments, is intended only for the 
person(s) or entity to which it is addressed and may contain confidential 
and/or privileged material which should not disseminate, distribute or be 
copied. Please notify Luke Guillory immediately by e-mail if you have received 
this e-mail by mistake and delete this e-mail from your system. E-mail 
transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or 
contain viruses. Luke Guillory therefore does not accept liability for any 
errors or omissions in the contents of this message, which arise as a result of 
e-mail transmission. .

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jared Mauch
Sent: Wednesday, January 04, 2017 7:37 AM
To: Baldur Norddahl
Cc: nanog@nanog.org
Subject: Re: SoCal FIOS outage(?) / static IP readdressing


> On Jan 4, 2017, at 7:54 AM, Baldur Norddahl  wrote:
>
> I solved this issue by making my own ISP.

I’ve been thinking of the same in my underserved area. Labor is $5/foot here 
and despite friends and colleagues telling me to move, it seems I have a sub-60 
month ROI (and sub-year for some areas I’ve modeled with modest uptake rates of 
15-20% where the other options are fixed wireless, Cellular data or dial).

Hope is to do a presentation in the fall or next year with progress. We have 
areas around here where Comcast, (AT or Frontier) don’t even serve. The 
municipality is off getting bids to build due to market failure by the 
incumbents to invest. municipal fiber is nigh on illegal here in Michigan but 
with no incumbent it is feasible and my hope is will lock out people who are 
unwilling to invest despite their market cap.

- Jared

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

[shawn wilson]

Cpan? Cpan minus? Or just download [1] and there's probably a Make::Maker
or similar Build.PL to build a makefile or just install it for you -
there's a #perl channel on freenode if you need more and Google doesn't get
you set.

1.
http://search.cpan.org/~chromatic/Modern-Perl-1.20161005/lib/Modern/Perl.pm

On Oct 12, 2016 8:02 PM, "Lee"  wrote:

> On 10/12/16, Jason Hellenthal  wrote:
> > Give these a shot. https://github.com/jlmcgraw/networkUtilities
> >
> > I know J could use a little feedback on those as well but all in all they
> > are pretty solid.
>
> Where does one get Modern/Perl.pm ?
>
> Can't locate Modern/Perl.pm in @INC (you may need to install the
> Modern::Perl module) (@INC contains: /tmp/local/lib/perl5
> /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int
> /usr/lib/perl5/site_perl/5.22
> /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int
> /usr/lib/perl5/vendor_perl/5.22
> /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .)
> at /tmp/iosToHtml.pl line 87.
> BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
>
> Lee
>
>
>
> >
> >> On Oct 11, 2016, at 08:48, Lee  wrote:
> >>
> >> On 10/10/16, Jay Hennigan  wrote:
> >>> On 10/6/16 1:26 PM, Jesse McGraw wrote:
>  Nanog,
> 
> (This is me scratching an itch of my own and hoping that sharing it
>  might be useful to others on this list.  Apologies if it isn't)
> 
>   When I'm trying to comprehend a new or complicated Cisco router,
>  switch or firewall configuration an old pet-peeve of mine is how
>  needlessly difficult it is to follow deeply nested logic in
> route-maps,
>  ACLs, QoS policy-maps etc etc
> 
>  To make this a bit simpler I’ve been working on a perl script to
>  convert
>  these text-based configuration files into HTML with links between the
>  different elements (e.g. To an access-list from the interface where
>  it’s
>  applied, from policy-maps to class-maps etc), hopefully making it
>  easier
>  to to follow the chain of logic via clicking links and using the
>  forward
>  and back buttons in your browser to go back and forth between command
>  and referenced list.
> >>>
> >>> Way cool. Now to hook it into RANCID
> >>
> >> It looks like what I did in 2.3.8 should still work - control_rancid
> >> puts the diff output into $TMP.diff so add this bit:
> >> grep "^Index: " $TMP.diff | awk '/^Index: configs/{
> >> if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; }
> >> printf("%s ", $2)
> >> }
> >> END{ printf("\n") }
> >> ' >$TMP.doit
> >> /bin/sh $TMP.doit >$TMP.out
> >> if [ -s $TMP.out ] ; then
> >>   .. send mail / whatever
> >> rm $TMP.doit $TMP.out
> >> fi
> >>
> >> Regards,
> >> Lee
> >
> >
> > --
> >  Jason Hellenthal
> >  JJH48-ARIN
>

RE: AS4233852001 advertising 192.0.0.0/2?

[Shawn L]

Looks like they're announcing quite a bit
 


-Original Message-
From: "Adam Greene" 
Sent: Monday, September 26, 2016 8:52am
To: nanog@nanog.org
Subject: AS4233852001 advertising 192.0.0.0/2?



We were alerted to this by https://radar.qrator.net.



This seems wrong from a number of angles .



Adam

Manage Outage Notifications?

[Shawn L]

What are people using to manage / send their outage notifications?  We're 
currently using a mostly manual process to identify customers that need to be 
aware of an outage and send out e-mail at $dayjob.  Looking for a way to 
automate it more.  I'd prefer something open source, but that's not a 
requirement.
 
Thanks

Re: automated site to site vpn recommendations

[Shawn L]

I believe they fixed this -- when I've spoken to tech support recently, I had 
to give them a tech support key so that they could access the devices I had 
questions about.
 


-Original Message-
From: "Paul Nash" 
Sent: Wednesday, June 29, 2016 8:55am
To: "Untitled 3" 
Subject: Re: automated site to site vpn recommendations



My biggest issue with Meraki is that their tech staff can run tcpdump on the 
wired or wireless interface of your Meraki box without having to leave their 
desk. I have no reason to believe that they are malicious, or in the pay of the 
NSA, but I am too paranoid to allow their equipment anywhere near me.

Yes, they work well and the cloud control panel makes remote support a breeze; 
you have to decide how you feel about the insecurity.

 paul

> On Jun 27, 2016, at 6:28 PM, Dan Stralka  wrote:
> 
> I would second Meraki for the situation you describe. I don't feel that
> they are the most capable platform, they're expensive, and don't always
> present you with all the information you'd need for troubleshooting.
> However, the VPN offers great dynamic tunneling, instant-on performance,
> and are by far the simplest platform to offer a field person. They're also
> tenacious - I've had them connect to the cloud management platform and
> build a VPN under some trying circumstances.
> 
> From a security standpoint, they will offer features that will impress for
> the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN
> tunnel control), and we've found they punch above their weight and their
> APs perform fantastically.
> 
> We deploy them worldwide many times per year in similar use cases,
> sometimes with 150 users on the LAN. If your routing is simple, you can
> define your security policies, and don't need crazy throughput on your VPN,
> Meraki is the way to go. Be careful though: they have to be continually
> licensed to work and can get pretty expensive if you go for the higher end
> gear. Thus far, we've been able to stick to the cheaper stuff and
> accomplish our goals.
> 
> Dan
> 
> (end)
> On Jun 27, 2016 6:01 PM, "Karl Auer"  wrote:
> 
>> On Mon, 2016-06-27 at 13:08 -0700, c b wrote:
>>> In some cases...
>> 
>> The words "in some cases" are a problem with any supposedly plug and
>> play solution.
>> 
>>> We really could use a simple solution that you
>>> just flip on, it calls home, and works...
>> 
>> ...but still requiring someone to enter credentials of some sort,
>> right? Otherwise you have a device wandering about that provides look
>> -mum-no-hands access to your corporate network.
>> 
>> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB
>> for a wireless dongle or storage, and has a highly-scriptable operating
>> system. Not a bad platform.
>> 
>> Regards, K.
>> 
>> --
>> ~~~
>> Karl Auer (ka...@biplane.com.au)
>> http://www.biplane.com.au/kauer
>> http://twitter.com/kauer389
>> 
>> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>> 
>> 
>> 
>> 

RE: automated site to site vpn recommendations

[Shawn L]

We use the Meraki series -- MX @ the main office, and Z1 for the remote, or 
just 2 Z1 units if it's a small network and they work great.  
 
We've even gone so far as to utilize Avaya ip phones over the link so the 
teleworker's extension works wherever they are.  I have to say, compared to a 
PIX or ASA, etc. they are about the simplest VPN setup you'll ever come across. 
 We've even had cases where the Z1 was behind a fairly restrictive NAT, and it 
was able to establish a session and work great. 
 
Definitely not the cheapest, but if you can get by with just a couple of Z1s 
the cost isn't too bad.

Shawn
 
 
-Original Message-
From: "c b" <bz_siege...@hotmail.com>
Sent: Monday, June 27, 2016 4:08pm
To: "nanog@nanog.org" <nanog@nanog.org>
Subject: automated site to site vpn recommendations



Situation: We have salespeople/engineers holding temporary 
seminars/training/demonstrations in hotel meeting rooms.
Requirements: 
field people need a very plug-n-play, simple, reliable vpn back to corporate 
offices to present videos/slides/demonstrations. The materials are not 
accessible via the internet directly, they are in a contained environment at 
corporate HQ locations but not necessarily on the corp network.the solution 
should be able to provide wireless to attendees. In some cases, guest login 
will be fine but in some cases the attendees will have registered and provided 
login creds prior to the event, and these creds will need to be checked before 
providing accessthe solution should have the option to split tunnel internet 
traffic out, but in some cases they need all traffic tunneled and internet will 
be via our corporate offices (NDA/legal, don't ask, it's just a requirement 
provided)
Nice-to-have:
 field person should be able to not only access the presentation materials (in 
their contained network) but also the corporate network. Some early attempts 
required a user-vpn connection by the field person over the S2S VPN, but it 
made it clunky to switch back and forth. This isn't mandatory, but it would be 
nice to provide one solution providing dual-level access: restricted to 
attendees, less-restricted to field people
Tried this in the past with basic router/switch/wireless and captive portals 
because we had some inventory available... it was workable but not quick or 
easy. We really could use a simple solution that you just flip on, it calls 
home, and works... or as close to that as possible.
Have been looking at Meraki and a couple other low-touch solutions and they may 
do the trick, but we are hoping there are lower cost options that people have 
used successfully? We don't mind dealing with some off brands and even some 
custom coding (within reason) as long as the end result is a low-touch, 
reliable solution.
Thanks in advance.

Re: CALEA

[shawn wilson]

The OP is also asking someone to register a throwaway email, subscribe, and
respond "yes" so that the owner can't be tracked to their employer. That's
kind of a steep ask for something that's almost moot.
On May 9, 2016 23:16, "Greg Sowell"  wrote:

I haven't had a request in ages...back then all of the links worked.
On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:

> On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:
>
> > What is the community hearing about CALEA?
> >
>
> Crickets?
>
>
> --
> Jeremy Austin
>
> (907) 895-2311
> (907) 803-5422
> jhaus...@gmail.com
>
> Heritage NetWorks
> Whitestone Power & Communications
> Vertical Broadband, LLC
>
> Schedule a meeting: http://doodle.com/jermudgeon
>

Re: Patch panel solutions for 4x10GE breakout

[Shawn Morris]

It's the Corning Edge8 line [
https://www.corning.com/worldwide/en/products/communication-networks/applications/data-center/edge8.html
]

On Thu, May 5, 2016 at 9:45 AM, Jared Mauch  wrote:

> There is a nice Corning panel our facilities team is using now. I can find
> the link and send it to the list when not at my phone.
>
> Jared Mauch
>
> > On May 5, 2016, at 10:28 AM, Phil Bedard  wrote:
> >
> > So the newer equipment we are looking at uses QSFP+/MTP with 4x10GE
> breakouts to deliver 10G.  We are not wiring these up to things in the same
> rack, they will be going to patch panels and then elsewhere in a facility.
> It could potentially get messy with the panels we have today so we are
> looking at other solutions.  These are all SM LR connections using LC.
> There are a lot of SM MTP to LC options since that’s the way most panels
> are wired, but they typically have 6 duplex LC connectors per MTP and not 4
> which isn’t very efficient in this use case.  I’ve seen others just use an
> intermediate LC to LC panel and just wire the breakouts to those and then
> jumper the other side elsewhere.
> >
> > Anything else others have used?  The point of the solution is to keep
> the wiring mess in front of or near the device to a minimum.
> >
> > Thanks,
> >
> > Phil
> >
>
>

RE: mrtg alternative

[Shawn L]

We use observium.  It has most of what you're looking for.   Used to use cacti 
but switched a couple of months ago


-Original Message-
From: "Baldur Norddahl" 
Sent: Friday, February 26, 2016 6:18pm
To: "nanog@nanog.org" 
Subject: mrtg alternative



Hi

I am currently using MRTG and RRD to make traffic graphs. I am searching
for more modern alternatives that allows the user to dynamically zoom and
scroll the timeline.

Bonus points if the user can customize the graphs directly in the
webbrowse. For example he might be able to add or remove individual peers
from the graph by simply clicking a checkbox.

What is the 2016 tool for this?

Regards,

Baldur

Re: Low density Juniper (or alternative) Edge

[Shawn L]

We use the Accedian Metro Nid in places.  They work well, but are layer 2 only 
-- at least the ones we got.  
 
 
-Original Message-
From: "Colton Conor" 
Sent: Wednesday, February 3, 2016 9:34am
To: "Nick Hilliard" 
Cc: "NANOG" 
Subject: Re: Low density Juniper (or alternative) Edge



I see Cisco and Juniper mentioned here, but what about all the smart NID
companies out there? I found these of MEF list:

Accedian, Altera, BTI Systems, Ciena (Nasdaq: CIEN
), Cisco (Nasdaq: CSCO
), Cyan, FibroLAN, Huawei,
Infinera (Nasdaq: INFN ),
Juniper Networks (NYSE: JNPR
), MRV, Omnitron,
Overture, PT Inovacao, Pulsecom, RAD Data Communications, Telco Systems,
Tellabs (Nasdaq: TLAB ),
Transition Networks and Transmode.

Some of these guys focus what seems like exclusively on ethernet NID
devices, and most all are MEF certified. Does anyone use the above vendors
NIDs?



On Wed, Feb 3, 2016 at 1:58 AM, Nick Hilliard  wrote:

> David Bass wrote:
> > Looking to see what others are using out there as an alternative to a
> > Cisco ME3600X? Also, what other vendors out there are playing in this
> > space?
> >
> > Need a full MPLS stack.
>
> Before choosing a box, you need to figure out:
>
> - how many ports you need, and of what speed
> - how much you're prepared to pay
> - how much rack real estate you're ok about dedicating per box
> - what sort of mpls features you need (vpls / l2vpn-pw / l3vpn / 6pe /
> 6vpe, etc)
> - whether rich qos is a requirement
> - whether you're ever going to need good quality LAG / ECMP support on
> the platform
> - what vendor software you're happy to work with
> - whether you're ok with per port licensing
>
> Typically the features that fall by the wayside first are: reasonable
> port buffers, qos knobs and decent lag/ecmp hashing support for mpls
> packets. The qos/port buffers tend to be more of a problem on the 10G
> platforms, but you didn't state whether you were interested in 1G or
> 10G, or how many ports you were looking for per box.
>
> E.g. the production evolution for the me3600 is the asr920, which is
> better is most aspects except for shared buffer space. This means that
> the me3600 has better qos support, if deeper buffers are what's
> important. OTOH, if you need to do fine-grained qos based on ACLs or
> ports, then this platform isn't for you.
>
> Most smaller mpls boxes don't load balance well over LAGs or ECMP
> because they lack the ability to inspect deep into the packet to get
> enough flow-aware entropy together to build a reasonable hash. If all
> your PE devices support flow-aware transport (rfc6391), you're fine, but
> very few smaller mpls boxes support this feature.
>
> If 10G is a requirement, then you need to make a choice between one of
> the merchant chipsets (e.g. broadcom trident range) and vendor specific
> chipsets. Many of the larger vendors support the merchant chipsets
> these days for 10G access, but feature support can be varied. E.g. some
> devices don't support vpls and never will. Some are a bit behind on
> product development and don't yet support features like l3vpn or 6PE or
> 6VPE, even though they are roadmapped.
>
> Nick
>

RE: Lawful Intercept Trusted 3rd Party

[Shawn L]

We're currently using Vantage Point out of North Dakota.  Haven't had to 
actually put anything into production as of yet though.
 
 
-Original Message-
From: "Crier, Brent" 
Sent: Tuesday, January 19, 2016 10:04am
To: "nanog@nanog.org" 
Subject: Lawful Intercept Trusted 3rd Party



Just wondering if anyone has had success with trusted 3rd party vendors for 
ISP/Telco CALEA compliance? If so any recommendations?

Thanks,
-Brent

Re: Favorite GPON Vendor?

[Shawn L]

We like Calix's gpon gear, especially the E7 series.  Though it's on the higher 
side price-wise than others.  Manageable through their CMS software, the web, 
or command line.  We tend to use their CMS software for most things, but the 
CLI is decent, and gives you access to anything you'd want.
 

-Original Message-
From: "Art Plato" 
Sent: Monday, November 9, 2015 2:38pm
To: 
Cc: nanog@nanog.org
Subject: Re: Favorite GPON Vendor?



Brian,
How complex is the troubleshooting side of the Adtran? We Use the Enablence 
Wave7 and getting any useful information from the CPE via the CLI is like 
pulling hens teeth. I have yet to see a way to view the actual throughput on 
the ethernet interfaces, only total bits passed, or the light levels at the CPE 
fiber interface. A bit annoying actually. It means a truck roll to get light 
levels at the CPE.

Art.

- Original Message -
From: "Brian R" 
To: "Eric Rogers" , "Jay Patel" 
Cc: nanog@nanog.org
Sent: Monday, November 9, 2015 2:25:44 PM
Subject: Re: Favorite GPON Vendor?

We use the Adtran ONT solutions. We are using AE (Active Ethernet) not GPON but 
the solutions are similar for Adtran. We are providing IP and Analog this way. 
If used in the specified scope only there have been very little problems. 
Adtran is constantly updating their firmware, this can be a positive and 
negative at times. LoL

The configuration is Adtran TA5000 with an Active Ethernet 24-Port Module 
(1187562F1) feeding an ONT TA324E (1287737G2) at the customer premise.
For power we are using the Cyber Power CSN27U12v-NA3 units.
The clam shell we are using to put the ONT in is TA350 ONT NID HSG SPLICE 
(1187770G1)
All of these part numbers should be available on Adtrans website to look up.

We are also testing some iPhotonix ONTs but have not gotten to the point we are 
sure we want to deploy them.

Brian

PS I will post this in voiceops as well (it may be more relevant there)


From: NANOG  on behalf of Eric Rogers 

Sent: Monday, November 9, 2015 10:09 AM
To: Jay Patel; nanog@nanog.org
Subject: RE: Favorite GPON Vendor?

I Personally would like to know as well. We are just getting into GPON and the 
equipment we have been evaluating is clunky at best... It came highly 
recommended and supposed to be stable.

Eric Rogers
PDS Connect
www.pdsconnect.me
(317) 831-3000 x200


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jay Patel
Sent: Monday, November 9, 2015 9:50 AM
To: nanog@nanog.org
Subject: Favorite GPON Vendor?

Who is your favorite GPON OLT/ONU Vendor? Why? I am looking for
recommendations

I apologize in advance , if you feel my question is inappropriate for this 
mailing list ( feel free to point me to right forum/mailing list).

Regards,
Jay.

Re: improved NANOG filtering

[shawn wilson]

AFAIK (IDK how either) this hasn't been a big issue in the past few years.
Is it really worth worrying about? I notified the MARC admin and it was
removed there within a few hours too - a dozen easily tracked messages in a
few hours and a few hours after that, it's done (or more like, filteres).

Not sure how much actually happens on the backend to keep this list as
clean as it appears. But if everyone on that end of things decided to grab
a beer at the same time and we have to suffer a little for a badly timed
cold one every few years, I'm good with the status quo.
On Oct 26, 2015 10:58 PM, "Barry Shein"  wrote:

>
> What's needed is 20 (pick a number) trusted volunteer admins with the
> mailman password whose only capacity is to (make a list: put the list
> into moderation mode, disable an acct).
>
> Obviously it would be nice if the software could help with this
> (limited privileges, logging) but it could be done just on trust with
> a small group.
>
> Another list to announce between them ("got it!") would be useful
> also.
>
> --
> -Barry Shein
>
> The World  | b...@theworld.com   |
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR,
> Canada
> Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
>

Fw: new message

[shawn wilson]

Hey!



New message, please read <http://kovvali.org/matter.php?sj44>



shawn wilson



---
Този имейл е проверен за вируси от Avast.
https://www.avast.com/antivirus

Fw: new message

[shawn wilson]

Hey!



New message, please read <http://funezy.com/outside.php?rl5>



shawn wilson



---
Този имейл е проверен за вируси от Avast.
https://www.avast.com/antivirus

Re: inexpensive url-filtering db

[Shawn L]

I've used Dan's Guardian before.  Usually in a K-12 setting


-Original Message-
From: "shawn wilson" <ag4ve...@gmail.com>
Sent: Friday, October 16, 2015 11:10am
To: "MKS" <rekordmeis...@gmail.com>
Cc: "North American Network Operators Group" <nanog@nanog.org>
Subject: Re: inexpensive url-filtering db



On Oct 16, 2015 6:52 AM, "MKS" <rekordmeis...@gmail.com> wrote:

>
> Now I'm looking for an inexpensive url-filtering database, for integration
> into a squid like solution.

> Perhaps there is another mailing-list more relevant for this kind of
issues?

Squid like or squid? I'd ask on the squid list if there's nothing here.

Re: inexpensive url-filtering db

[shawn wilson]

On Oct 16, 2015 6:52 AM, "MKS"  wrote:

>
> Now I'm looking for an inexpensive url-filtering database, for integration
> into a squid like solution.

> Perhaps there is another mailing-list more relevant for this kind of
issues?

Squid like or squid? I'd ask on the squid list if there's nothing here.

Google Apps for ISPs -- Lingering fallout

[Shawn L]

I know there are others on this list who used Google Apps for ISPs and recently 
migrated off (as the service was discontinued).
 
We have had several cases where the user had a YouTube channel or Picasa photo 
albums, etc. that they created with their Google Apps for ISPs credentials.  
Now that the service is gone, those channels and albums still exist but the 
users are unable to login to them or manage them in any way because it tells 
them that their account has been disabled.
 
Of course, Google had been un-responsive to all of our (and the customer's) 
inquiries about how to fix this.
 
Has anyone else run into this and found a way around it?
 
thanks
 
 
Shawn

Re: Debian RWHOIS

[Shawn L]

We ran it for a while, then gave up and just updated the info on Arin.


-Original Message-
From: Josh Luthman j...@imaginenetworksllc.com
Sent: Wednesday, July 8, 2015 3:56pm
To: Dan White dwh...@olp.net
Cc: Josh Moore jmo...@atcnetworks.net, nanog@nanog.org nanog@nanog.org
Subject: Re: Debian RWHOIS



I think this is what you're asking for:

http://projects.arin.net/rwhois

Should be a ./configure  make  make install #per this
http://projects.arin.net/rwhois/docs/installation.html


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 8, 2015 at 3:52 PM, Dan White dwh...@olp.net wrote:

 On 07/08/15 19:38 +, Josh Moore wrote:

 Hello guys,


 What do you use for ARIN resource assignments? I am looking to setup a
 Debian-based RWHOIS server but don't see much information on it.


 As of a couple of years ago when I looked around, there were no recent
 packaged versions of rwhoisd for Debian. We run a compiled version.

 --
 Dan White

Re: Residential VSAT experiences?

[shawn wilson]

On Jun 22, 2015 6:14 PM, William Herrin b...@herrin.us wrote:



 Two-way satellite systems based on SV's in geostationary orbit (like
 the two you're considering) have high latency. 22,000 miles out,
 another 22,000 miles back and do it again for the return packet.

Just a minor nitpick - that's 22,300 miles above the equator at sea level.
You're probably closer to 22,500 miles away from the bird (as could your
uplink). That's just rough math adding the tangent of 1500 miles from the
equator in my head (plus the tangent of the curve distance from that base
line and angle of the bird :) ).

Re: REMINDER: LEAP SECOND

[shawn wilson]

On Jun 23, 2015 6:26 AM, Nick Hilliard n...@foobar.org wrote:



 Blocking NTP at the NTP edge will probably work fine for most situations.
 Bear in mind that your NTP edge is not necessarily the same as your
network
 edge.  E.g. you might have internal GPS / radio sources which could
 unexpectedly inject the leap second.  The larger the network, the more
 likely this is to happen.  Most organisations have network fossils and ntp
 is an excellent source of these.  I.e. systems which work away for years
 without any problems before one day accidentally triggering meltdown
 because some developer didn't understand the subtleties of clock
monotonicity.


NTP causes jumps - not skews, right?

Re: REMINDER: LEAP SECOND

[shawn wilson]

On Mon, Jun 22, 2015, 08:29 Stephane Bortzmeyer bortzme...@nic.fr wrote:

 On Mon, Jun 22, 2015 at 01:15:41PM +0100,
  Tony Finch d...@dotat.at wrote
  a message of 15 lines which said:

  The problems are that UTC is unpredictable,

 That's because the earth rotation is unpredictable. Any time based on
 this buggy planet's movements will be unpredictable. Let's patch it
 now!

 So, what we should do is make clocks move. 9 slower half of the year
(and then speed back up) so that we're really in line with earth's
rotational time. I mean we've got the computers to do it (I think most RTC
only go down to thousandths so it'll still need a little skewing but I'm
sure we'll manage).

Ps - if anyone actually does this, I'm going postal.

Re: REMINDER: LEAP SECOND

[shawn wilson]

On Jun 19, 2015 2:05 PM, Saku Ytti s...@ytti.fi wrote:

 On (2015-06-19 13:06 -0400), Jay Ashworth wrote:

 Hey,

  The IERS will be adding a second to time again on my birthday;
 
  2015-06-30T23:59:60

 Hopefully this is last leap second we'll ever see. Non-monotonic time is
an
 abomination and very very few programs measuring passage of time are
correct.
 Even those which are, usually are not portable, most languages do not even
 offer monotonic time in standard libraries.
 Canada, China, England and Germany, shame on you for opposing
leapsecondless
 UTC.

 Next year hopefully GPSTIME. TAI and UTC are the same thing, with
different
 static offset.


Unlikely but here's hoping. I mean letting computers figure out slower
earth rotation on the fly would seem more accurate than leap seconds
anyway. And then all of us who do earthly things and would like simpler
libraries could live in peace.

Re: REMINDER: LEAP SECOND

[shawn wilson]

On Sat, Jun 20, 2015, 14:16 Harlan Stenn st...@ntp.org wrote:

 shawn wilson writes:
  ... I mean letting computers figure out slower earth rotation on the
  fly would seem more accurate than leap seconds anyway. And then all of
  us who do earthly things and would like simpler libraries could live
  in peace.

 Really?  Have you looked in to those calculations, and I'm only talking
 about the allegedly predictable parts of those calculations, not things
 like the jetstream, the circumpolar currents, or earthquakes.


Ok, forget that point - AFAIK, the only things that matter wrt time is
agreement on interval/counter and epoch, and stability. Right now we only
have agreement on interval.

So while I'd prefer a consistent epoch and counter, I'll live with whatever
as we have access to board agreement and stability (like this doesn't hit
NANOG every time with uh oh).

Re: OPM Data Breach - Whitehouse Petition - Help Wanted

[shawn wilson]

On Jun 17, 2015 8:56 PM, Ronald F. Guilmette r...@tristatelogic.com
wrote:



 *)  The Director of the Office of Personnel Management, Ms. Katherine
 Archueta was warned, repeatedly, and over several years, by her
 own department's Inspector General (IG) that many of OPM's systems
 were insecure and should be taken out of service.  Nontheless, as
 reveled during congressional testimony yesterday, she overruled
 and ignored this advice and kept the systems online.

 Given the above facts, I've just started a new Whitehouse Petition, asking
 that the director of OPM, Ms. Archueta, be fired for gross incompetence.
 I _do_ understand that the likelihood of anyone ever getting fired for
 incompetence anywhere within the Washington D.C. Beltway is very much of
 a long shot, based on history, but I nontheless feel that as a U.S.
 citizen and taxpayer, I at least want to make my opinion of this matter
 known to The Powers That Be.


Idk whether she was wrong or not. They were running COBOL systems - I'm
guessing AS/400 (maybe even newer zSeries) which are probably supporting
some db2 apps. They also mention this is on a flat network. So stopping the
hack once it was found was probably real interesting (I'm kinda impressed
they minimized downtime as much as they did really).

I'm ok saying they were incompetent but not too sure you can do *this* much
to mess up a network in 2 years (her tenure). I'd actually be interested
in a discussion of how much you can possibly improve / degrade on a network
that big from a management position.

If the argument is that she should've shut down the network or parts of it
- I wonder if anyone of you who run Internet providers would even shut down
your email or web servers when, say, heartbleed came out - those services
aren't even a main part of your business. One could argue that it would've
been illegal for her to shut some of that stuff down without an act of
Congress.

I'm not saying you're dead wrong. Just that I don't have enough information
to say you're right (and if you are, she's probably not the only head you
should call for).

Re: OPM Data Breach - Whitehouse Petition - Help Wanted

[shawn wilson]

On Thu, Jun 18, 2015 at 1:15 PM, Nick B n...@pelagiris.org wrote:
 Having worked for several departments like this, I can assure you her
 flustsration was not about her inability to hire competent people or the
 lack of her superiors to prioritize the modernization project.  Unless you
 have worked for the Federal Government it's almost impossible to understand
 the mindset - Politics is job #1, Office Politics is job #2, doing your
 job is not a priority.  The issue here was 100% looking bad - the worst
 possible offense a political appointee can commit.  Firing this one person
 is pointless, she's one of 1,000,000 clones, not a one should be employed.
 I wish I had some simple solution, but I don't, it's going to require years,
 probably decades, of hard work by a motivated and skilled team.  Also, a
 stable of unicorns.


Mmmm, most people (gov or private) do their jobs - the problem seems
to be policy makers and getting money for things that no one is going
to see (security). This has been a well documented issue in the
private but idk anyone has realy said how bad gov is (I'd suspect
worse than public at this point).

My point was that idk you can blame someone for not implementing
security in a place that big w/in 2 years. I'd've liked to have seen a
roadmap, but I don't suppose you want your attackers to know that,
so...

RE: Google contact?

[Shawn L]

Google cancelled their ISP program as of the 8th of June.
 
Feel free to contact me off-list for more info.  They cancelled ours as well.


-Original Message-
From: Christopher Tyler ch...@totalhighspeed.net
Sent: Wednesday, June 17, 2015 9:28am
To: nanog@nanog.org
Subject: Google contact?



Need some help.. Does anyone have an email contact at Google that they are 
willing to pass along?
All of our mowisp.net Apps for ISP accounts were disabled last night at about 
8-9PM without notice and we are now getting swamped with calls. Possibly 
several hundred users affected.

-- 
Christopher Tyler 
MTCRE/MTCNA/MTCTCE/MTCWE 
Total Highspeed Internet Services 
417.851.1107

Re: Google contact?

[Shawn L]

I'm replying on-list since it seems like a lot of people are in the same boat. 
 
Here's a summary of what happened to us.  Please feel free to jump in if you 
had a different experience, or have more information.
 
Google sent us a notice in December that as of June 8 they would be 
discontinuing the Google for ISPs program and that we had to find a different 
e-mail provider.  Unfortunately, they only sent this notice to the account that 
initially created the service, which was un-monitored.I have heard the same 
thing from others.  They did not include a notice about the discontinuation in 
their monthly billing, only in e-mail and only to the account that initiated 
the google service.
 
We actually found out about it some time in February.  I spoke with the Google 
contact listed in the e-mail and was told that they were indeed cancelling the 
service, but wasn't given a reason.  We also asked if it was possible to move 
to a different Google service, Google Apps for Business for example, but was 
told that it would be against their terms or service and would result in a 
cancellation of the service.
 
After a lot of research in Google's forums, it looked like a lot of other 
people were in the same boat we were.  We ended up talking with another e-mail 
provider and migrating all of our mail.  Several weeks ago we asked Google for 
an extension because the migration was taking longer than expected.  We were 
given until the 16th of June and told that no further extensions would be 
given.  I have spoken to one person who was given until the end of June.
 
Here is the original notice we received from google.  I hope this helps others 
in the same boat
 
 
December 10, 2014
 [ your-domain,com ]( http://baragatelephone.com )
 
 Subject: Notice of Non-Renewal of The Google Apps - ISP Partner Edition 
Agreement.
 
 Dear Administrator,
 Thank you for being a Google customer and for using Google Apps Partner 
Edition (collectively, Partner Edition).
 As part of Google's integration plans, we have elected to discontinue 
providing the Partner Edition Services going forward. As provided in the 
Agreement between Google Inc. and [ your-domain.com ]( 
http://baragatelephone.com ), this letter serves as your formal notice that the 
Services will not be renewed, and our Agreement with you will terminate on June 
8, 2015.
 
 Any other Google services you have purchased (or resold, if applicable), in 
addition the Partner Edition product and services, will not be affected by this 
change. Please also note that this notice of non-renewal does not relieve you 
of any payment obligations you may have under the current Agreement and that 
you remain responsible for remitting any such owed payments in full by the 
applicable invoice due date for the Services.
 
 We have prepared an Administrator transition resource website ([ 
https://support.google.com/appstransition/go/admin ]( 
https://support.google.com/appstransition/go/admin )) and an End User resource 
website ([ https://support.google.com/appstransition ]( 
https://support.google.com/appstransition )) to assist you through the 
transition. This resource center presents some of the migration options 
available to you and provides instructions that you can share with your 
customers.
 
 We regret any inconvenience this may cause, and thank you again for your 
business. If you have any questions, please contact your Account Manager below.
 
 Account Manager:  John Coull
 Phone Number: [ 212- 565-3131 ]( tel:212-%20565-3131 )
 Email Address: [ joh...@google.com ]( mailto:joh...@google.com )
 
 Sincerely,
 Omid Kordestani
 Chief Business Officer
 
 
 


-Original Message-
From: Marciano Lopes marciano.lo...@gsurfnet.com
Sent: Wednesday, June 17, 2015 11:48am
To: Shawn L sha...@up.net
Subject: Re: Google contact?




Hello Shawn!
 They cancelled ours as well.

What we can do?
 
Thanks!





 
 
Atenciosamente,
Marciano Lopes
GSURF
Fixo (48) 3254-8700 Ramal 6272
Móvel (48) 9125-5081
Atendimento 24h 0800-644-4833

2015-06-17 12:15 GMT-03:00 Shawn L [ sha...@up.net ]( mailto:sha...@up.net ):

 Google cancelled their ISP program as of the 8th of June.

 Feel free to contact me off-list for more info.  They cancelled ours as well.




 -Original Message-
 From: Christopher Tyler [ ch...@totalhighspeed.net ]( 
mailto:ch...@totalhighspeed.net )
 Sent: Wednesday, June 17, 2015 9:28am
 To: [ nanog@nanog.org ]( mailto:nanog@nanog.org )
 Subject: Google contact?



 Need some help.. Does anyone have an email contact at Google that they are 
willing to pass along?
 All of our [ mowisp.net ]( http://mowisp.net ) Apps for ISP accounts were 
disabled last night at about 8-9PM without notice and we are now getting 
swamped with calls. Possibly several hundred users affected.

 --
 Christopher Tyler
 MTCRE/MTCNA/MTCTCE/MTCWE
 Total Highspeed Internet Services
[ 417.851.1107 ]( tel:417.851.1107 )

Re: eBay is looking for network heavies...

[shawn wilson]

On Jun 11, 2015 7:07 AM, jim deleskie deles...@gmail.com wrote:

 There is a good reason there aren't LOTS of good neteng in the 30-35 or
 under 30 range with lots of experience.  Its call the hell we went though
 for a while after 2000 working in this industry.  Many of us lost jobs and
 couldn't find new ones.  I know talented folks that had to go to
delivering
 pizzas ( not to slag pizza delivery folks) to support themselves and their
 families. Some folks ended up leaving the industry because of it and I'm
 sure lots of people choose to no get into the field seeing no jobs.
This
 type of event causes a whole that takes a long time correct.


So I'm at your early 30s mark too. I've read all y'all on getting in by
helping grow the internet and not thinking these things still exist. Two
thoughts:
1. Heard of IPv6? Wasn't made just to keep us employed.
2. I'd give anything to have replaced my Encarda (sp?) cd with Wikipedia in
middle school. I'd have killed to replace my Motorola with an android or
iPhone in high school. To not have a heavy ass bag of books hurting my hand
and just grip my kindle. And to have had the ability to hook up a phone
line to the 8088 or apple // in elementary school would've been awesome.

I'm sure if you look you'll find similar conversations years earlier about
I got in by helping lay the groundwork for Unix/C/DARPANet. IDK what
future generations will do to get a job at my level. You aren't the
smartest person on the net and not the only person with luck to be in the
right place.

I hear about teachers using Wikipedia and podcasts as teaching aids and I
think they wouldn't even let me cite Wikipedia in college. Feel sorry for
people if you want - I'll help people if I can but never do I think I had
it better.

Re: eBay is looking for network heavies...

[shawn wilson]

On Jun 8, 2015 10:11 PM, Shane Ronan sh...@ronan-online.com wrote:


 Certs have ruined the industry.

Certs have made the industry more interesting. After all, without certs,
we'd have less stupid to point at and laugh (or scream). And HR screeners
would need to know something about the position they're screening.

RE: eBay is looking for network heavies...

[shawn wilson]

On Jun 7, 2015 4:12 AM, Joshua Riesenweber joshua.riesenwe...@outlook.com
wrote:


 (In my experience it takes more time to study a certification track than
to learn just what you need to get a job done.)


Stated different, no job is going to teach you how to pass a cert. And no
cert is going to teach a job. One can help with the other, but different
skills are involved.

Re: eBay is looking for network heavies...

[shawn wilson]

On Jun 7, 2015 10:59 PM, Jay Ashworth j...@baylink.com wrote:


 I don't
 RTFM, I google.  It's often faster, so many of TFMs are online now.


Until Google supports regex and some of the duckduckgo module features,
I'll be faster getting to reference to you will on Google. Notice I said
reference, not an answer - sometimes you care more about the background
than the answer (like if you're filing a bug).

man /perldoc /rdoc /:help /etc is where it's at (and allows me to answer
lots of questions with man foo ¦ grep bar - which is still bad but doesn't
have such a negative feeling that lmgtfy or a Google link does). Also
notice I intentionally left out the failed 'info' pages :)

Point here is that Google is probably the wrong answer here.

Re: eBay is looking for network heavies...

[shawn wilson]

On Jun 8, 2015 1:42 AM, shawn wilson ag4ve...@gmail.com wrote:


 On Jun 7, 2015 10:59 PM, Jay Ashworth j...@baylink.com wrote:
 

  I don't
  RTFM, I google.  It's often faster, so many of TFMs are online now.
 

 Until Google supports regex and some of the duckduckgo module features,
I'll be faster getting to reference to you will on Google. Notice I said
reference, not an answer - sometimes you care more about the background
than the answer (like if you're filing a bug).

 man /perldoc /rdoc /:help /etc is where it's at (and allows me to answer
lots of questions with man foo ¦ grep bar - which is still bad but doesn't
have such a negative feeling that lmgtfy or a Google link does). Also
notice I intentionally left out the failed 'info' pages :)

 Point here is that Google is probably the wrong answer here.

Oh this NANOG and manufacturers have different levels of documentation, so
I guess s/wrong/incomplete/ is more apt.

Re: eBay is looking for network heavies...

[shawn wilson]

On Fri, Jun 5, 2015 at 9:57 PM, James Laszko jam...@mythostech.com wrote:
 I asked one of my guys to tracert in windows for something and he executed 
 pathping.  I have never seen that in 25 years  Go figure!


Yep, I learned something new (though IDK I'll ever use it - I'm
guessing it's useless trivia, esp since I haven't done much with
Windows in ~6 years now). My default traceroute is:

nmap -Pn -p0 --traceroute host

Re: eBay is looking for network heavies...

[shawn wilson]

My first thought on reading that was who the hell cares if a person
knows about internet culture. But than I had to reconsider - it's a
very apt way of telling if someone read the right books :)

I would also add Ritchie, Thompson, and Diffie to that list (since you
ask about Larry, it's only appropriate).

On Sat, Jun 6, 2015 at 6:32 AM, jim deleskie deles...@gmail.com wrote:
 I remember you asking me who Jon was :)  I have since added to my list of
 interview questions... sad but the number of people with clue is declining
 not increasing.


 On Sat, Jun 6, 2015 at 3:13 AM, Joe Hamelin j...@nethead.com wrote:

 Back in 2000 at Amazon, HR somehow decided to have me do the phone
 interviews for neteng.  I'd go through questions on routing and what not,
 then at the end I would ask questions like, Who was Jon Postel?  Who is
 Larry Wall?  Who is Paul Vixie? What are layers 8  9? Explain the RTFM
 protocol.  What is NANOG?  Those answers (or long silences) told me more
 about the candidate than most of the technical questions.

 --
 Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474

Re: eBay is looking for network heavies...

[shawn wilson]

On Sat, Jun 6, 2015 at 8:33 AM, tvest tv...@eyeconomics.com wrote:
 You are such an optimist ;-)

 Sometimes those who can remember the past get to repeat it anyway.


I remember seeing a slide deck for devs saying all new web apps are
recreating mail, write, wall, and finger (the person posted it on FB,
so of course I can't find it for ref)

Re: eBay is looking for network heavies...

[shawn wilson]

On Sat, Jun 6, 2015 at 12:27 PM, Dave Taht dave.t...@gmail.com wrote:
 On Sat, Jun 6, 2015 at 6:53 AM, Brandon Ross br...@pobox.com wrote:
 I also concur.  There is most certainly a negative correlation between certs
 and clue in my experience, having met 10s of certificate holders.

 Oh good. Maybe my total lack of ever pursuing one of these things is actually
 a qualification of sorts?


Meh, certs can be fun. I've never taken one and not learned something.
I don't think someone should put me in charge of designing a SOC
because I have a Security+ or that BestBuy should trust people with
(or w/o) and A+ to fix computers. But I'll bet the journey people took
to get that cert taught them something. Having gained the cert, does
that mean it doesn't belong on a resume? No. If you hire someone with
just a cert to manage your network, does that put you among the
biggest dumbasses to ever hire someone? Absolutely. Further, HR who
look for certs are probably doing themselves a disservice but if it
works for them, who am I to tell them otherwise. If you want to work
for the company, get the cert or don't.

Re: stacking pdu

[shawn wilson]

Well, I was kinda thinking this would turn out to be a dumb question / have
an obvious answer. Apparently not. But it seems I can't go buy a solution
either. I guess there isn't much of a market (though I am just talking
software - maybe someone could make an update :) ).

stacking pdu

[shawn wilson]

Is there a way to stack PDUs? like, with 30A 220, we need more plugs
than power but I'd like them to communicate to make sure we don't over
power the circuit. Do any APC or Triplite systems support this?

Re: Password storage (was Re: gmail security is a joke)

[shawn wilson]

On May 28, 2015 10:11 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:

 On Thu, May 28, 2015 at 5:29 AM, Robert Kisteleki rob...@ripe.net wrote:
 
  Bcrypt or PBKDF2 with random salts per password is really what anyone
  storing passwords should be using today.
 

One thing to remember is the hardware determines number of rounds. So while
my LUKS (PBKDF2) pass on my laptop or servers have a few 10k rounds, that
same pass on a Pi or so would only have 1k rounds (minimum rec).


 I get the feeling that, along with things like 'email address
 verification' in javascript form things, passwd storage and management
 is something done via a few (or a bunch of crappy home-grown) code
 bases.

Not generally passwords per se but session tokens and the like, sure
(almost as bad).


 Seems like 'find the common/most-used' ones and fix them would get
 some mileage? I don't imagine that 'dlink' (for example) is big on
 following rfc stuff for their web-interface programming? (well, at
 least for things like 'how should we store passwds?')

Heh, I started on a fuzzer that'd take a few strings and run them through
recipes (base 32/64, rot, xor 1 or 0, etc) and try to find human strings
along the way. If multiple strings match a recipe, you can generate your
own sessions.

Re: DWDM and EDFA and DCM

[Shawn L]

Remember, distance ratings are just generalizations.  It all comes down to
power budget.  When fiber is laid there are slack loops for potential
future service and for use if a cable is cut,  splice cases -- because it's
hard to work with a fiber spool with more than 5 miles of cable on it,
other connectors, hand holes with slack coils, etc.  If the route is 80km
the actual fiber distance  could be more like 100 or 120km with all of the
slack.  Then you add on DB loss for every splice and connector.  As others
have said, the only way to really know is to shoot it with a power meter
and see what the end to end loss is, and then get the correct optics for
the path you have

On Wed, Apr 22, 2015 at 6:43 PM, Rodrigo 1telecom rodr...@1telecom.com.br
wrote:

 Nothing is wrong with the fiber... Attenuation is good... Gbics specs says
 -23db as a limit of your sensibility ...i have tried to put bidi sfp+ 80km
 on this fiber and have -25dbi on other side( not connect) this module have
 -20dbi sensibility ...
 This scenario have a 4 channels... And i use 2 10gb channels... C21 and
 c22 on side A and c51 and c52 on side B

 Enviado via iPhone 
 Grupo Connectoway

  Em 22/04/2015, às 19:01, Evelio Vila eve...@thousandeyes.com escreveu:
 
  I think the OP is asking about whether it should account for chromatic
 dispersion or not. Intramodal dispersion may very well be a limit on your
 link even the power budget (as presented before) is fine.  As Mikael said,
 I would stick to the specs from the manufacturer for that specific module,
 or rent an OTDR and make the measurements.
 
  --
  Evelio
 
  On Wed, Apr 22, 2015 at 1:51 PM, Baldur Norddahl 
 baldur.nordd...@gmail.com wrote:
  First: buy a power meter. They are really cheap and the only way to know
  for sure how much signal you got. It will also tell you how much launch
  power you have. The fiberstore modules are listed as 0 to +5 dBm launch
  power - if you got lucky it might be +5 and if you got a lower end
 module
  it might be close to 0. Obviously this makes a huge difference for how
 much
  power you get on the other end. Also it is said that the laser will lose
  power over time.
 
  Second you need to think in terms of power budget, not distance. So you
 got
  68 km and the module is rated for 80 km - but not all fiber is not born
  equal. A power meter allows you to measure the true link loss.
 
  Third you did not tell what DWDM multiplexer you are using. A 44 channel
  DWDM multiplexer from Fiberstore can have up to 4.5 dB insertion loss.
 You
  might have two of those on your link for a total of 9 dB loss. Your 80
 km
  module has a 23 dB link budget, so this leaves you with 23-9 = 14 dB
  budget. If your fiber has 0.25 dB loss per km, that is only 56 km.
 
  Regards,
 
  Baldur
 

Re: rack cable length

[shawn wilson]

Ok I've got a few comments offlist too and they all seem to draw the same
conclusion - crimp your own length. Thanks all for the input.
On Apr 17, 2015 4:11 PM, William Herrin b...@herrin.us wrote:

 On Fri, Apr 17, 2015 at 3:17 PM, Joe McLeod jmcl...@musfiber.net wrote:
  Or you build the cable to fit the span.  I must be getting old.

 There's a best of both worlds version of this: buy lots of the
 short-length cables (1 to 6 feet) and cut down longer cables where
 the distance exceeds the short cables I can buy.

 I typically buy 25' cables each of which turns in to a pair of shorter
 cables with one manufactured and one field-terminated end. I end up
 with cables that are just right and well organized.

 Harder to do with power cables but still somewhat functional.

 -Bill



 --
 William Herrin  her...@dirtside.com  b...@herrin.us
 Owner, Dirtside Systems . Web: http://www.dirtside.com/

Re: Historical records of POCs

[shawn wilson]

Asked archive.org?
On Apr 18, 2015 12:03 PM, Roy r.engehau...@gmail.com wrote:


 Is there an archive of POCs for some of the early netblocks (1985 or so)?
 We are trying to figure out some corporate history.

rack cable length

[shawn wilson]

This is probably a stupid question, but

We've got a few racks in a colo. The racks don't have any decent cable
management (square metal holes to attach velcro to). We either order
cable too long and end up with lots of loops which get in the way (no
place to loop lots of excess really) or too short to run along the
side (which is worse). It appears others using the same racks have
figured this out, but...

Do y'all just order 10 of each size per rack in every color you need
or is there a better way to figure this out? I'm guessing something
like 24 inches + 1.75 inchex x Us) + 24 inches and round up to
standard length...?