RE: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
-Original Message- From: Jeff Kell [mailto:jeff-k...@utc.edu] Sent: Thursday, January 17, 2013 7:30 PM [snip] Not sure about Vonage, but Skype, Xbox, and just about everything else imaginable (other than hosting a server) works just fine over NAT with default-deny inbound here, and we have several thousand students in the dorms that bang the heck out of those services. Most applications have adapted to the SOHO NATing router that is prevalent today on broadband internet. And if it didn't work, believe me, I'd hear about it :) Jeff Really? We get a lot of students complaining about PS3s and Xboxes and giving us documentation for various games indicating that either NAT(PAT) must support UPnP or statically mapped inbound connections, or the game won't work. On the other hand, multi-player games are about the only thing that our users are actually telling us isn't working, we haven't heard any complaints about Skype, Vonage, or other VoIP or IM products. Reference: http://support.xbox.com/en-US/xbox-live/connecting/nat-type-strict -- Toivo Voll Network Engineer Information Technology Communications University of South Florida (Not speaking for my employer.)
RE: What do you do when your Home ISP is down?
Thirded. As an enterprise account customer (with service at my home), I called them up, began to explain what I'm seeing, just to be interrupted with something to the effect of Yeah, I see it. I'll get someone to fix it. Incidentally, how do you like your USR Router, we don’t see many of those? Or, when they called me and said they are seeing a worrying amount of errors on my link and would like to send someone over to troubleshoot before there's an actual failure. (Bad coax cable in the attic). I'm not saying anything about Brighthouse, but the commercial RoadRunner support in Tampa is top notch, and that extends to billing and accounts as well. It's a very dramatic difference to the V** F*** offering, which has better technology but never managed to send me a correct bill during a year of use. You can count bits delivered per dollar, or you can consider some of the less quantifiable aspects of service when picking an ISP. It's also sad that good, competent service is so rare it really stands out. -Toivo -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Thursday, August 18, 2011 18:34 To: NANOG Subject: Re: What do you do when your Home ISP is down? I just want to put in a tip o' the hat here to the BHN/RoadRunner *business* support people who handle Tampa Bay. I have had to call them, oh, 20 or 30 times in the last 5-7 years, mostly on behalf of clients, and their front line is *sharp*. They understand CIDR, they don't freak out about DNS, and they understand MTR -- hell, some of them *use* MTR. And they don't get scared when you know what you're talking about. Huzzah. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
RE: Yahoo and IPv6
Going to http://help.yahoo.com/l/us/yahoo/ipv6/ and hitting Start IPv6 Test I get: Your system will continue to work for you on World IPv6 day. However, we found that your server only supports IPv4 at this time. You'll simply continue to use IPv4 to reach your favorite web sites. Netalyzr (http://n3.netalyzr.icsi.berkeley.edu/analysis) finds no issues with my IPv6 status, but alerts me to the fact (since confirmed by switching to IE) that Google Chrome defaults to IPv4 rather than IPv6, and consequently a lot of the testing tools claim that my IPv6 is broken. Toivo Voll Network Administrator Information Technology Communications University of South Florida -Original Message- From: Brandon Ross [mailto:br...@pobox.com] Sent: Monday, May 09, 2011 12:25 To: Arie Vayner Cc: nanog@nanog.org Subject: Re: Yahoo and IPv6 Even more disturbing than that is that when I run a test from here it says that I have broken v6. But I don't have broken v6 and test-v6.com proves it with a 10/10. This Yahoo tool doesn't seem to even give a hint as to what it thinks is broken. Can anyone from Yahoo shed some light on what this tool is doing and how to get it to tell us what it thinks is broken? -- Brandon Ross AIM: BrandonNRoss ICQ: 2269442 Skype: brandonross Yahoo: BrandonNRoss
RE: SmartNet Alternatives
At least for the FCX line we were told when trying to open a support case that the limited lifetime warranty only applies to hardware and does not make you eligible for any kind of support or software beyond getting hardware replaced. -Original Message- From: George Bonser [mailto:gbon...@seven.com] Sent: Sunday, February 13, 2011 15:59 To: Florian Weimer; Ryan Finnesey Cc: nanog@nanog.org; John Macleod Subject: RE: SmartNet Alternatives * Ryan Finnesey: This is one of the reasons we are starting to look at Juniper for a new network build. It is my understanding we set software updates for life for free. My understanding is that it's free for customers who have a service contract in place. Most downloads are not self-service, and I haven't tested if you can get JTAC to provide images for devices you don't own. Brocade is now offering 5 years (what they consider lifetime) support to the original purchaser of the equipment on some product lines: FastIron SX800, SX1600, CX, WS, and TurboIron that includes software updates. We use a lot of the FCX units.
RE: Best VPN Appliance
You are correct; I should have been more pedantic -- the SA series cannot terminate site-to-site IPsec tunnels, according to the sales engineer, unlike the Cisco 3000 series and ASA. -- Toivo Voll University of South Florida Information Technology Communications -Original Message- From: Stefan Fouant [mailto:sfou...@shortestpathfirst.net] Sent: Monday, March 08, 2010 2:29 PM To: Voll, Toivo; Chris Campbell; Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance Toivo, The SA Series absolutely supports IPsec if you are using Network Connect. It defaults to using IPsec and if that is not supported then it will fall back to SSL. Of course, NC is not as secure as W-SAM, J-SAM, or Core Access in terms of role and resource granularity control but the support for IPsec is absolutely there.
RE: Best VPN Appliance
We're generally happy with our Juniper SA6500s, but they, and a lot of the other SSL VPN vendor appliances will not support IPSec. Cisco's ASA does, but it's less feature-rich in the SSL VPN arena. The Juniper was the most mature and flexible of all the offerings we looked at, but also the most expensive, and it's not perfect either. Having migrated from Cisco's 3000 series appliances, the current SSL VPNs are a totally different mindset and about two orders of magnitude more complicated. Have a very good understanding of exactly what problem you're trying to solve with the product and what kind of policies and requirements you have to meet, or it's going to be a mess. I can answer more specific questions on our experiences and testing off-list. -- Toivo Voll University of South Florida Information Technology Communications -Original Message- From: Chris Campbell [mailto:chris.campb...@nebulassolutions.com] Sent: Friday, March 05, 2010 11:36 AM To: Dawood Iqbal Cc: nanog@nanog.org Subject: Re: Best VPN Appliance The Juniper SA is by far and away the market leader and in my opinion the best end user experience. On 5 Mar 2010, at 15:57, Dawood Iqbal wrote: Hello All, Is it possible to get your ideas on what VPN appliances are good to have in enterprise network? Requirements are; SSL IPSec Client and Web VPN support (Win/MAC/iPhone/Android) If webvpn is used, then when any user connects via webvpn, we should be able to re-direct him to any and ONLY specific application i.e SAP. If 2 boxes are installed then they should replicate data seamlessly. Regards, dI