Re: strange scam? email claiming to be from the fbi
On Sat, Nov 13, 2021 at 11:02:49AM -0500, Glenn McGurrin via NANOG wrote: > I had a bit of an odd one this morning, I received two emails through > contacts listed in whois subject: "Urgent: Threat actor in systems" from > "e...@ic.fbi.gov". I was all set to ignore them as an odd bit of spam Private reply. Having had several interactions with the FBI (and a few other TLA), they have confirmed that they never use email for critical communications like these. So you can relax if you get email from the IRS, FBI or most any other government agency. As federal agencies, they use the US Mail. The SBA is an exception; they do use email to request and communicate information.
Re: Rack rails on network equipment
Didn't require any additional time at all when equipment wasn't bulky enough to need rails in the first place I've never been happy about that change. On Fri, Sep 24, 2021 at 09:37:58AM -0700, Andrey Khomyakov wrote: > Hi folks, > Happy Friday! > > Would you, please, share your thoughts on the following matter? > > Back some 5 years ago we pulled the trigger and started phasing out Cisco > and Juniper switching products out of our data centers (reasons for that > are not quite relevant to the topic). We selected Dell switches in part due > to Dell using "quick rails'' (sometimes known as speed rails or toolless > rails). This is where both the switch side rail and the rack side rail > just snap in, thus not requiring a screwdriver and hands of the size no > bigger than a hamster paw to hold those stupid proprietary screws (lookin > at your, cisco) to attach those rails. > We went from taking 16hrs to build a row of compute (from just network > equipment racking pov) to maybe 1hr... (we estimated that on average it > took us 30 min to rack a switch from cut open the box with Juniper switches > to 5 min with Dell switches) > Interesting tidbit is that we actually used to manufacture custom rails for > our Juniper EX4500 switches so the switch can be actually inserted from the > back of the rack (you know, where most of your server ports are...) and not > be blocked by the zero-U PDUs and all the cabling in the rack. Stock rails > didn't work at all for us unless we used wider racks, which then, in turn, > reduced floor capacity. > > As far as I know, Dell is the only switch vendor doing toolless rails so > it's a bit of a hardware lock-in from that point of view. > > *So ultimately my question to you all is how much do you care about the > speed of racking and unracking equipment and do you tell your suppliers > that you care? How much does the time it takes to install or replace a > switch impact you?* > > I was having a conversation with a vendor and was pushing hard on the fact > that their switches will end up being actually costlier for me long term > just because my switch replacement time quadruples at least, thus requiring > me to staff more remote hands. Am I overthinking this and artificially > limiting myself by excluding vendors who don't ship with toolless rails > (which is all of them now except Dell)? > > Thanks for your time in advance! > --Andrey --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: New minimum speed for US broadband connections
I fear there are too many areas that are still limited by *dsl technology so trying to define a certain minimum for upstream transmission rates is problematic. (Also a pet peave of mine since it makes moving video and audio project files areound a PITA.) Personally, I think we're probably best sticking with the current figures until what is widely available as a top end service begins to reflect different figures and I don't see that that has happened yet. -Wayne On Thu, May 27, 2021 at 08:29:08PM -0400, Sean Donelan wrote: > > What should be the new minimum speed for "broadband" in the U.S.? > > > This is the list of past minimum broadband speed definitions by year > > year speed > > 1999 200 kbps in both directions (this was chosen as faster than > dialup/ISDN speeds) > > 2000 200 kbps in at least one direction (changed because too many service > providers had 128 kbps upload) > > 2010 4 mbps down / 1 mbps up > > 2015 25 Mbps down / 3 Mbps up (wired) > 5 Mbps down / 1 Mbps up (wireless) > > 2021 ??? / ??? (some Senators propose 100/100 mbps) > > Not only in major cities, but also rural areas > > Note, the official broadband definition only means service providers can't > advertise it as "broadband" or qualify for subsidies; not that they must > deliver better service. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Parler
On Sun, Jan 10, 2021 at 04:32:29PM +0100, niels=na...@bakker.net wrote: > * sro...@ronan-online.com (sro...@ronan-online.com) [Sun 10 Jan 2021, 14:46 > CET]: > >While Amazon is absolutely within their rights to suspend anyone > >they want for violation of their TOS, it does create an interesting > >problem. Amazon is now in the content moderation business, which > >could potentially open them up to liability if they fail to suspend > >any other customer who hosts objectionable content. > > Didn't that ship sail when they booted WikiLeaks off their platform? > > > -- Niels. Yeah, pretty much. See, the real issue here is AUPs which initially were used to make sure users knew that their services could not be used to facilitate illegal things and then used to keep order on the platforms by restricting abusive behavior. However the definition of "abusive" has now been extended so greatly and with constantly changing rules that it's making the statement, effectively, "if we don't like what you say, or if we don't like you or your business, sucks to be you." Editorializing without labeling it as edititorializing. At some point, that breaks down. It has to. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Parler
Ah, yes... re-enter the experiences of Compuserve. For that, I give you Telecom '96 and section 230 which, they think, makes them exempt from such things. Regardless, there are a whole lot of little triggering pebbles that risk being trodden upon here. From monopolist behaviour to basic discrimination (just because you're a private company, you do not have the right to descriminate in who you are willing to do business with. Wasn't that the whole point of the wedding thing?), there are many things to be careful of here, even though it will probably be a hard sell. Still, damned irresponsible to risk touch that precedent, IMO. It means a whole lot of flak comes around to the rest of us. On Sun, Jan 10, 2021 at 08:42:56AM -0500, sro...@ronan-online.com wrote: > While Amazon is absolutely within their rights to suspend anyone they want > for violation of their TOS, it does create an interesting problem. Amazon is > now in the content moderation business, which could potentially open them up > to liability if they fail to suspend any other customer who hosts > objectionable content. > > When I actively hosted USENET servers, I was repeatedly warned by in-house > and external counsel, not to moderate which groups I hosted based on content, > less I become responsible for moderating all groups, shouldn???t that same > principal apply to platforms like AWS and Twitter? > > Sent from my iPhone > > > On Jan 10, 2021, at 3:24 AM, William Herrin wrote: > > > > ???Anybody looking for a new customer opportunity? It seems Parler is in > > search of a new service provider. Vendors need only provide all the > > proprietary AWS APIs that Parler depends upon to function. > > > > https://www.washingtonpost.com/technology/2021/01/09/amazon-parler-suspension/ > > > > Regards, > > Bill HErrin --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Are the days of the showpiece NOC office display gone forever?
On Wed, Dec 23, 2020 at 02:58:32PM +1000, Robert Brockway wrote: > On Thu, 17 Dec 2020, Tom Beecher wrote: > If the last 50 years has shown us anything it is that humans and computers > working together can achieve far more than either in isolation. > > Cheers, > > Rob And if the last 15 years has shown us anything, it is that when you can't get past the auto-attendant and talk to a real human, and if that person can't talk to you like a person instead of reading scripts at you, your stress levels go way up as does your desire to break things. Automation in customer service (or excessive emphasis on procedures) is a really nice way of taking a five minute problem and turning it into an hour long ordeal. (pet peeve) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: IPv4 Mismanagement
Groups that have such things I can only presume do not do a good job of periodically going through and auditing their IP allocations or, if they do, then they don't do a good enough job of cleaning up all the details. On Fri, Oct 02, 2020 at 05:44:13PM -0400, Justin Streiner wrote: > I suspect many providers don't have good business processes for reclaiming > IP space that was assigned to customers who have either disconnected or > voluntarily returned the space. > > The provider I started out with in the mid/late 90s bootstrapped itself > with IP space from MCI (now, CenturyLink... I think?) and UUNET (now > Verizon Business), but we handed those blocks back when we started getting > provider-independent space from ARIN. No idea what became of that space > after we stopped announcing it. > > jms > > On Fri, Oct 2, 2020 at 3:38 PM Ryan Wilkins wrote: > > > I have the same thing with a service that was disconnected a couple years > > ago. Four IP blocks of /24 size are still swipped to us and we???re > > announcing them. I don???t put any customers on them and just use them for > > temporary things for fear that some day someone will want them back. > > > > On Oct 2, 2020, at 2:50 PM, Matt Brennan wrote: > > > > > > A service I disconnected more than 2 years ago still has a /24 of their > > space SWIPED to me. Their NOC closed the ticket I opened to remove. Unknown > > if it's actually in use for another customer. > > > > I also had a conversation last week with another ISP (we were > > renegotiating our contract) about this. The order form they sent me had > > multiple /28's we had "given back" years ago still listed. Turns out > > they're still being routed to us as well. > > > > I would bet it happens all over the place. > > > > -Matt > > > > On Fri, Oct 2, 2020 at 2:00 PM Matt Hoppes < > > mattli...@rivervalleyinternet.net> wrote: > > > >> I'm sitting here in the office on a Friday performing some IP > >> maintenance and I see that one of our upstreams is still filtering an IP > >> range we haven't used in years. I dig into it a bit more and it turns > >> out a major carrier still has them SWIPed to us. > >> > >> This got me curious and I dug more into IPs from back in our early days > >> and discovered there are two Tier-1 carriers we no longer do business > >> with that still have large blocks of their own IPs SWIPED and allocated > >> to us. > >> > >> This is really confusing and concerning. I know it's not the > >> end-all-be-all, but I wonder how much IPv4 exhaustion is being caused by > >> this type of IPv4 mis-management, where IPs are still shown as > >> "allocated" to a customer who hasn't used them in years. > >> > >> I've seen this behavior from Frontier and CenturyLink to name just a few. > >> > >> Any thoughts on this? > >> > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: questions asked during network engineer interview
On Fri, Jul 24, 2020 at 09:44:36AM +0200, Mark Tinka wrote: > > > On 24/Jul/20 09:32, William Herrin wrote: > > > Choosing not to mash one's fingers with a hammer is not an absence of > > curiosity about carpentry. It's merely an understanding that doing > > carpentry well involves -not- mashing one's fingers with a hammer. > > You mean like not poking your finger into the wall socket, or in the > fire, unless you're 2? > > I'm not sure how to parse your comment. But in case you are wondering, I > am talking about network engineering, which is not common sense. > > Mark. Well, I take the point of his comment to be not being curious to the point of inadvertantly doing damage to something that you were better off leaving alone until you found someone who could clue you in to the particulars. There are plenty of network engineers out there who, in going about their job--and especially when trying out new features, figuratively mashed their figures with that hammer. Curiosity, yes, but also self-discipline. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 60 ms cross-continent
And thus far, no one has mentioned switching speed and other electronic overhead such as the transceivers (that's the big one, IIRC.) I also don't recall if anyone mentioned that the 30ms is as the photon flies, not fiber distance. -Wayne On Sat, Jun 20, 2020 at 05:32:30PM +, Mel Beckman wrote: > An intriguing development in fiber optic media is hollow core optical fiber, > which achieves 99.7% of the speed of light in a vacuum. > > https://www.extremetech.com/computing/151498-researchers-create-fiber-network-that-operates-at-99-7-speed-of-light-smashes-speed-and-latency-records > > -mel > > On Jun 20, 2020, at 10:14 AM, Dave Cohen wrote: > > ??? Doing some rough back of the napkin math, an ultra low-latency path from, > say, the Westin to 1275 K in Seattle will be in the 59 ms range. This is > considerably longer than the I-90 driving distance would suggest because: > - Best case optical distance is more like 5500 km, in part because the path > actually will go Chicago-NJ-WDC and in part because a distance of 5000 km by > right-of-way will be more like 5500 km when you account for things like > maintenance coils, in-building wiring, etc. > - You???ll need (at least) three OEO regens on that distance, since there???s > no value in spending 5x to deploy an optical system that wouldn???t need to > (like the ones that would manage that distance subsea). This is in addition > to ~60 in-line amplification nodes, although that adds significantly less > latency even in aggregate > > Some of that is simply due to cost savings. In theory, you could probably > spend a boatload of money to build a route that cuts off some of the distance > inefficiency and gets you closer to 4500 km optical distance with minimal > slack coil, and maybe no regens, so you get a real-world performance of 46 > ms. But there are no algo trading sites of importance in DC, and for > everybody else there???s not enough money in the difference between 46 and 59 > ms for someone to go invest in that type of deployment. > > Dave Cohen > craetd...@gmail.com > > On Jun 20, 2020, at 12:44 PM, Tim Durack wrote: > > ??? > And of course in your more realistic example: > > 2742 miles = 4412 km ~ 44 ms optical rtt with no OEO in the path > > On Sat, Jun 20, 2020 at 12:36 PM Tim Durack > mailto:tdur...@gmail.com>> wrote: > Speed of light in glass ~200 km/s > > 100 km rtt = 1ms > > Coast-to-coast ~6000 km ~60ms > > Tim:> > > On Sat, Jun 20, 2020 at 12:27 PM William Herrin > mailto:b...@herrin.us>> wrote: > Howdy, > > Why is latency between the east and west coasts so bad? Speed of light > accounts for about 15ms each direction for a 30ms round trip. Where > does the other 30ms come from and why haven't we gotten rid of it? > > c = 186,282 miles/second > 2742 miles from Seattle to Washington DC mainly driving I-90 > > 2742/186282 ~= 0.015 seconds > > Thanks, > Bill Herrin > > -- > William Herrin > b...@herrin.us<mailto:b...@herrin.us> > https://bill.herrin.us/ > > > -- > Tim:> > > > -- > Tim:> --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Huawei on Mount Everest
You're all missing the point... We can now watch cat videos from the top of Everst. C'mon! Shouldn't that rank among the greatest of man's achievements? On Fri, May 01, 2020 at 01:57:42PM -0400, John Levine wrote: > In article > you > write: > >-=-=-=-=-=- > > > >https://telecoms.com/504051/huawei-and-china-mobile-stick-a-5g-base-station-on-mount-everest/ > > > >Why dont we leave the Everest alone? OTOH, we can now have tiktok > >videos and latest instagram posts from the summit. > > Given how dangerous the ascent is, I would think it would be a good > thing for climbers to be able to check in and say whether they are OK. > > I agree it's mostly a publicity stunt, though. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Are underground utility markers essential workers?
It really goes back to what I have maintained in that you can't really say who is essential or not because such declarations never extend the full width and breadth of the supply and distribution chain. For example, someone manufacturing cardboard boxes might not be thought of as essential but when these cardboard boxes are used to package food items so they can be sent around the country, does that mean that they now are? What if they're being used to package medical supplies? Trying to judge "essential" and "non-essential" is always going to be problematic and you're always going to get it wrong. On Tue, Apr 21, 2020 at 02:57:15PM -0400, Sean Donelan wrote: > > Utility markers don't get the recognition they deserve. If they aren't > essential workers, they should be and get hazard pay. > > They help protect everyone's fiber and cables and pipes that go boom. > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Tell me about AS19111
On Thu, Feb 06, 2020 at 04:35:14PM +1100, Mark Andrews wrote: > > > P.S. Remember, out of all of the networking engineers in the entire world, > > by definition, half of them are of below average intelligence. > > Unfortunately there is no basis for that claim as networking engineers are > not uniformly randomly selected from the population as a whole. > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org Well, aside from the fact that I don't like such statements (they just don't feel warm and fuzzy to me), his meaning was pretty clear. So to be pedantic, just tack "WRT other engineers" on the end of that and the statement holds. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Iran cuts 95% of Internet traffic
Though Iran's situation is hardly a new advent, it reminds me that more and more countries seem to be going for the centralized filter/control/kill option and what a sad development that is. It sure seems like this is going to vastly change how inter-nation traffic (or at least inter-continental) is exchanged between providers and even how bandwidth is sold. It feels to me like it won't be too much longer before such things start to become somewhat less a matter of business and more a matter of treaty. -Wayne On Mon, Nov 18, 2019 at 10:09:36AM -0500, Sean Donelan wrote: > > Its very practical for a country to cut 95%+ of its Internet connectivity. > Its not a complete cut-off, there is some limited connectivity. But for > most ordinary individuals, their communication channels are cut-off. > > https://twitter.com/netblocks/status/1196366347938271232 --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Disney+ Streaming
On Tue, Nov 12, 2019 at 04:52:25PM -0500, Brian J. Murrell wrote: > On Tue, 2019-11-12 at 12:53 -0800, Matthew Petach wrote: > > Different target audiences. > > That are already satisfied with existing services, so no new target > audiences. > > > Now the parents can be watching "Good Omens" or "Game of Thrones" on > > Netflix while the kids are streaming "The Lion King" on Disney+ > > streaming. > > But they could watch lots of (Disney even) content on Netflix already. > So I still don't see an increase in consumption just because of > Disney+. > > > Instead of the whole family watching one show together, now we have > > segmentation in the marketplace. > > Disney+ doesn't change "whole family watching one show together" (or > not -- because individuals watching their own streams is already > possible) model from the current model. > > Cheers, > b I agree with this. I mean, it might bring on a few new streaming viewers but these would be those who haven't yet transitioned to streaming video for the majority of their watching habits. So this won't really establish a new audience but it could help siphon more away from cable/sattelite. Its just the equivilant of a new channel coming along. One person can only practically watch one show at a time (maybe doesn't apply to football games...) so if there's a given audience size, all this really does is shuffle the ratings around a bit. As to the "$10-20/mo for eight different services", I tend to think that people are gonna rebel at some point and seek out some sort of a centralized service and we'll kinda be back to where we started, with each source getting payment for the specific program viewed. Hard to tell, but the fragmentation thing will start to come to the forefront before too much longer, IMO. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Weekly Routing Table Report
On Fri, Aug 30, 2019 at 07:15:17PM -0700, Scott Weeks wrote: > > > --- w...@typo.org wrote: > > "WTF, PEOPLE??? CAN'T ANYONE AGGREGATE ANYMORE???" > --- > > > Is that like the NANOG version of "get off my lawn"? :) > > scott > bgp since ~50k Hah! "The internet woulda been perfect, if not for those meddling kids!" --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Weekly Routing Table Report
On Fri, Aug 30, 2019 at 03:09:24PM -0400, Patrick W. Gilmore wrote: > A very long time ago, I commented on this report hitting 250,000 prefixes. It > was a Big F*#@$&! Deal at the time. A quarter million prefixes in the DFZ? > Wow???. > > Then I did it again at 500,000. People commented that I should have waited > for 512,000 - especially since a popular piece of kit was expected to fall > over at 512K prefixes. But I said I liked round numbers. > > This time I waited for 768,000. (Everyone happy now?) No, actually! I came on board when there were about 32,000 prefixes and we were panicked about that. "CIDRize or die", I think Sean Doran said. I remember well the memory and cam struggles to keep up with growth. Its phenomenal, yes, but also, "WTF, PEOPLE??? CAN'T ANYONE AGGREGATE ANYMORE???" :) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Power cut if temps are too high
Time Delay Relays are available with fixed or variable settings. if you're going the mechanical approach vs scripted monitor and SNMP sort of trigger, you can use this to cause a standard relay or SCR to trip to raise the alarm (and hopefully also flash a warning light and/or audibly sound an alert where people are supposed to be) when both sensors read positive and then have the TDR do its thing when the timer expires. Word of caution though... any system like this needs to have some sort of a reset and bypass in case anyone can actually catch it before it goes down and restore environmentals rather than taking the hard outage since that alone does lots of damage to equipment that has been in place for a good while. You also probably ought to make sure that the present state of said system and its pieces are visible so you can make sure you're going to restart correctly. -Wayne On Mon, May 27, 2019 at 06:20:36PM +, Mel Beckman wrote: > We considered this approach, but we wanted to have notifications precede shut > down, and give a remote support person the ability to prevent the shut down. > Our SNMP based system gives us that option. > > -mel > > > On May 27, 2019, at 11:16 AM, Brian Kantor wrote: > > > > A simple air conditioner thermostat wired to the EPO switch. > > For safety, wire two thermostats in series so BOTH have to trip > > before power is shut off. > > > > Note that the EPO rarely does an orderly shutdown, but then this > > is a sort of an emergency. > >- Brian > > > > > >> On Mon, May 27, 2019 at 02:00:39PM -0400, Dovid Bender wrote: > >> Hi, > >> > >> Is anyone aware of a device that will cut the power if the room goes above > >> X > >> degrees? I am looking for something as a just in case. > >> > >> > >> Regards, > >> > >> Dovid > >> --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: It's been 20 years today (Oct 16, UTC). Hard to believe.
Well, simply put, the idea is that you should be able to compensate for a certain amount of deviation from accepted usage as long as its still within what the protocol allows (or can be read to allow) but that you yourself should act with a fairly strict interpretation. In others, don't be the one *causing* the problems... On Tue, Oct 16, 2018 at 11:10:31AM -0700, Brian Kantor wrote: > On Tue, Oct 16, 2018 at 02:01:48PM -0400, Daniel Corbe wrote: > > The one thing I remember about Postel, other than the fact that he had his > > fingers in a lot of DNS pies, is be liberal about what you accept, be > > conservative about what you send. It???s a notion that creates undo burden > > > > on the implementor, because it places the expectation on the that you need > > to account for every conceivable ambiguous corner case and that???s not > > always the best approach when implementing a standard; and it mostly arises > > > > from the lack of adherence to the second part of that statement. > > I think that his aphorism is simply a recognition that NO standard > can cover all cases that might arise when dealing with complex > matters, no matter how much thought went into it. People are > fallible, and the standards they write are inevitably flawed in > some way, so a realistic implementor has to allow some slack or be > continually engaged in finger-pointing when something doesn't work. > - Brian --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: It's been 20 years today (Oct 16, UTC). Hard to believe.
It is a fact that I learned much of what I initially knew about internetworking by reading the protocols outlined in many of the offical RFC documents. You couldn't pick one of these up without seeing the name Postel at the top. I never met him but give due deference and respect to his work and what it ultimately produced. On Mon, Oct 15, 2018 at 10:00:33PM -0400, Rodney Joffe wrote: > At NANOG two weeks ago, we had an interesting discussion at one of the lunch > tables. One of the subjects we discussed was the original IANA, and RFC > Editor, Jon Postel. > > Seven of the ten people at the table had never heard of him. Maybe these days > it no longer matters who he was, and what he meant to where we are today. > > > > For those who care about the history of the Internet, and routing and > addressing. And protocols??? > > https://tools.ietf.org/html/rfc2468 > > Oct 16, 1998. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: (perhaps off topic, but) Microwave Towers
I was going to say... in my experience (I've been to a lot of the Arizona electronics sites, having grown up around broadcasting) that most of the microwave equipment in use was for Bell. That was by far the most populous tower on any mountain top. The broadcasters don't send their signals anywhere but either from downtown to the transmiter or in some cases from the big town to a small town to feed a local low power transmitter (like 5kw VHF as opposed to the normal 100kw). Anything else was Satelite. I know the railroad did some wireless (Sprint's towers were also quite densely packed with directional horns) but a lot of their communication for rail signaling was hardwire as far as I was aware. -Wayne On Sat, Jul 14, 2018 at 12:20:34PM -0500, frnk...@iname.com wrote: > Is it possibly AT's old network? > https://99percentinvisible.org/article/vintage-skynet-atts-abandoned-long-lines-microwave-tower-network/ > http://long-lines.net/places-routes/ > > This network runs through our service territory, too. The horns are > distinctive. > > Frank > > -Original Message- > From: NANOG On Behalf Of Miles Fidelman > Sent: Saturday, July 14, 2018 9:54 AM > To: nanog@nanog.org > Subject: (perhaps off topic, but) Microwave Towers > > Hi Folks, > > I find myself driving down Route 66. On our way through Arizona, I was > surprised by what look like a lot of old-style microwave links. They > pretty much follow the East-West rail line - where I'd expect there's a > lot of fiber buried. > > Struck me as somewhat interesting. > > It also struck me that folks here might have some comments. > > Miles Fidelman > > -- > In theory, there is no difference between theory and practice. > In practice, there is. Yogi Berra > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: is odd number of links in lag group ok
As others have noted, there can be implementation specific issues that you can't necessarily predict but most typically when I hear "odd vs even" discussions, usually the caveat is not a trunk but a redundant connection. Putting three links on router A and two links on router B obviously doesn't work well. On Tue, May 15, 2018 at 10:15:19AM -0500, Aaron Gould wrote: > I have (2) 10 gig links bundled in a lag to my upstream internet provider. > and we need more internet capacity. Is it cool to add a third 10 gig to my > existing 20 gig lag internet connection? > > > > I'm asking since I heard in the past something negative about odd numbers of > lag members. .but I also have heard that it's not a big deal. Let me know > please > > > > -Aaron > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 60 Hudson Woes
Yeah, this is another issue I've been seeing pop up more in the last several years. Apparently there have been a few incidents in the past that caused accountability problems so now any outside vendor is required to have a COI on file to do work in many colos (irespective of colo operator). That can take a bit to do if they're a new contractor. Once on file, a renewal is usually an easy thing but getting the initial paperwork done can take time. After that, they can come and go as they please, so long as access tickets are duly arranged. -Wayne On Sat, Feb 17, 2018 at 04:07:11PM -0600, Brian Knight wrote: > As the engineer working on that Cisco / IBM issue Erik mentioned... ;) > > I was able to get walk-up, same-day access to the building for myself a few > weeks ago (as a customer of DR) and didn???t get my hand slapped for it. DR > just created the access ticket with the building and that was enough. It took > about 20 minutes start to finish. > > But if a vendor tech needs access, they need a COI generated, and that must > be sent to the building ahead of time via DR. Otherwise they will be turned > away. > > The COI was the biggest blocker. A 48 hour lead time for the visit didn???t > seem to be enforced, not by Digital Realty anyway. > > Also, I tried to arrange for permanent building key card access while I was > there. But the key cards must be used at least once every 60 days, otherwise > they are deactivated. I decided just to arrange for access ahead of time > since I don???t visit often. > > -Brian > > > On Feb 16, 2018, at 1:50 PM, Erik Sundberg <esundb...@nitelusa.com> wrote: > > > > We just had an issue where cisco was going to replace a power tray in our > > router at 60 hudson, we are also at telx. Cisco contracts with IBM for > > this. The building is now checking that all 3rd party vendors have an > > existing Certificate of insurance (COI). This take 48 hours to get put in > > there system... > > > > So now we are forced to use telx smarthands if it's under 48 hours or > > weekends > > > > > > > > -Original Message- > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Dovid Bender > > Sent: Friday, February 16, 2018 12:03 PM > > To: NANOG <nanog@nanog.org> > > Subject: 60 Hudson Woes > > > > We have space with Digital Realty (aka TELX) and 60 Hudson and lately it's > > been a nightmare getting in. The real estate management company is having > > us reconsider our options. They are giving us the option to have ID badges > > for our employees but for anyone else that wants access we need to request > > it 48 hours in advance to get approval. So if we plan on having an > > unexpected outage and we need to have a have a vendor come on site (e.g. a > > Dell tech) we will need to let them know in advance. > > > > What are peoples experiences with 111 8th and 165 Halsey? We really like > > the connectivity options at 60 Hudson but at some point the hassle becomes > > not worth it. > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 60 Hudson Woes
Yeah, with the demise of 111 8th as a carrier hotel, Halsey seems to be becoming a default for many. My prediction is that you won't have trouble getting to who you want to there. Thought I would be nice to have another facility outside of Manhattan as an alternate point in which to congregate. On Sun, Feb 18, 2018 at 11:54:28PM -0500, Dovid Bender wrote: > While dealing with DR is not always fun in this case it isn't their fault. > The building management is the one creating the issues. I used to have no > issues and now every time it seems like there are new rules to get in. Over > all it seems that everyone has high praise for 165 Halsey so I will start > there. > > > On Fri, Feb 16, 2018 at 5:17 PM, Mike Hammett <na...@ics-il.net> wrote: > > > I will generally prefer the smaller operators in a market for many > > reasons, but most relevant to this situation is that they simply don't have > > the market power to be jerks. They may want to be nice, but they have to be > > nice, else people go elsewhere. > > > > > > > > > > - > > Mike Hammett > > Intelligent Computing Solutions > > > > Midwest Internet Exchange > > > > The Brothers WISP > > > > - Original Message - > > > > From: "Jim Grady" <jgr...@365datacenters.com> > > To: "Dovid Bender" <do...@telecurve.com> > > Cc: "NANOG" <nanog@nanog.org> > > Sent: Friday, February 16, 2018 12:38:37 PM > > Subject: Re: 60 Hudson Woes > > > > We do not have all of the carriers you can get at 60 Hudson but we do have > > many at 365 Data Centers at 65 Broadway and I can guarantee you won???t have > > the headaches from 60 Hud, and you can probably save money. Let me know if > > you have any interest and we can discuss your requirements so I can get you > > a quote. > > > > Best, > > > > Jim > > > > Sent from my iPhone > > > > > On Feb 16, 2018, at 1:04 PM, Dovid Bender <do...@telecurve.com> wrote: > > > > > > We have space with Digital Realty (aka TELX) and 60 Hudson and lately > > it's > > > been a nightmare getting in. The real estate management company is having > > > us reconsider our options. They are giving us the option to have ID > > badges > > > for our employees but for anyone else that wants access we need to > > request > > > it 48 hours in advance to get approval. So if we plan on having an > > > unexpected outage and we need to have a have a vendor come on site (e.g. > > a > > > Dell tech) we will need to let them know in advance. > > > > > > What are peoples experiences with 111 8th and 165 Halsey? We really like > > > the connectivity options at 60 Hudson but at some point the hassle > > becomes > > > not worth it. > > > > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Broadcast television in an IP world
Where the content is increasingly becoming on-demand, no, multicast isn't going to benefit folks that much. The delivery is going to pretty much remain single-stream based strictly on the time differential from one user's start point to the next even if they are both watching the same episode. So local broadcasters can benefit, yes, but the problem is that content consumption is moving rapidly away from the schedule-based paradigm. On Fri, Nov 17, 2017 at 06:56:38PM -0500, shawn wilson wrote: > Besides Netflix, does anyone else offer CDN boxes for their services? > > I'm also guessing that most content won't benefit from multicast to homes > too much? > > I can see where multicast benefits sports and news (and probably catching > commercials for people). But in a world where I'm more than happy to pay > Amazon $25-40 a show/season to avoid commercials, I'm guessing > live/broadcast TV will get even less popular (I get news via YouTube - so > that's not even live for me anymore). > > On Nov 17, 2017 18:03, "Luke Guillory" <lguill...@reservetele.com> wrote: > > > This use to be the case. > > > > While it might lower OPX that surely won't result in lower retrans, will > > just be more profit for them. > > > > We're down as well on video subs, this is 99% due to rising prices. > > > > This is where it's heading for sure, in the end it will cost more as well > > since each will be charging more than the per sub rates we're getting > > charge. They'll have to in order to keep revenue the same. > > > > When ESPN offers an OTT product I have no doubt it will be near the $20 > > per month, for 5 channels or so? > > > > > > > > Luke Guillory > > Vice President ??? Technology and Innovation > > > > Tel:985.536.1212 > > Fax:985.536.0300 > > Email: lguill...@reservetele.com > > > > Reserve Telecommunications > > 100 RTC Dr > > Reserve, LA 70084 > > > > > > _ > > > > Disclaimer: > > The information transmitted, including attachments, is intended only for > > the person(s) or entity to which it is addressed and may contain > > confidential and/or privileged material which should not disseminate, > > distribute or be copied. Please notify Luke Guillory immediately by e-mail > > if you have received this e-mail by mistake and delete this e-mail from > > your system. E-mail transmission cannot be guaranteed to be secure or > > error-free as information could be intercepted, corrupted, lost, destroyed, > > arrive late or incomplete, or contain viruses. Luke Guillory therefore does > > not accept liability for any errors or omissions in the contents of this > > message, which arise as a result of e-mail transmission. . > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Broadcast television in an IP world
> > And while a small ISP serving Plattsburg NY would have no problem > > peering with the WPTZ server in Plattsburg, would the big guys like > > Comcast/Verizon be amenable to peering with TV stations in small markets? > > This is already the case in many markets. It may not be IP peering, but > there have been several recent instances where a broadcast TV > transmitter is off the air due to some kind of failure and their cable > feed keeps on chugging. Obviously there is some form of connection > between the TV station and the cable company that doesn't rely on OTA. Hell, even STL links these days are often packet based. (It's often a lot simpler and cheaper than trying to operate a microwave feed.) So if you've already done the encoding, the OTA setup is simply one branch among several possible paths. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Puerto Rico: Lack of electricity threatens telephone and internet services
Well, the problem as I understand it is that the infrastructure was not all that great to begin with. Much of it was damaged in the first storm and when this second one came through, what remained basically disappeared. That's why they say that the only thing you can do is start from the middle and slowly extend the tentacles outward. You're almost building the territory from scratch. Assuming that the reports of theft, misapproproation, and other nefarious occurences are correct, that certainly does not help matters. Still, this situation ought to make everyone sit up and think about their own DR capability. On Thu, Oct 19, 2017 at 03:11:37PM -0700, Jeff Shultz wrote: > It does make you wonder about the electrical infrastructure of the island, > and how much work is being done to repair it. With the Texas and Florida > hurricanes you saw fleets of electrical service vehicles (boom trucks and > the like) from other power companies with joint agreements waiting to > deploy into the disaster area as soon as it was safe to do so. > > With PR well, it's not like you can drive to the island, much less > (apparently) around on it. Getting those vehicles and people in, assuming > joint agreements with off island power companies existed in the first > place, would be a case of scheduling and determining priorities. > > And for those crying that the US Federal Gov't ought to do it - where do > you think they're going to find the people? It's not like they have armies > of infrastructure level electricians just sitting around playing cards > until needed for an emergency - these are the sort of people who, by and > large, are already working at jobs - where they are needed as well. > > When it comes to infrastructure it seems like PR has been knocked back to > the "tools to make tools" stage - they need to build the infrastructure to > rebuild their infrastructure, which was apparently in no great shape to > begin with. > > On Thu, Oct 19, 2017 at 12:06 PM, Jean-Francois Mezei < > jfmezei_na...@vaxination.ca> wrote: > > > On 2017-10-19 03:00, Sean Donelan wrote: > > > > > not intended for long-term, continuous use. The generators will need > > > maintenance and likely experience unscheduled failures the longer they're > > > used. > > > > Permanent duty diesel generators exist. Many northern communities in > > Canada run on them as their 7/24 power source. > > > > It *shouldn't* have taken long after Maria for locals to know how much > > damage there had been to electrical grid and that if it's gonna take > > months to fix, you're gonna need constant duty generators. > > > > What isn't clear to me is whether everything still depends on FEMA/army > > help, or whether business is able to function autonomously and get their > > own generators without the army confiscating them to be delieved to a > > hospital instead. > > > > And if you're a telco who is deprived of revenues because almost all > > your customers are without power, do you spend your own money and effort > > to try to get a permanent duty diesel generator to maintain your central > > office, or do you wait for government to install one for you ? > > > > It is one thing to be benevolent and wanting to have your network > > backbone up, but financial realities of the cost of running a business > > without revenues will eventually hit you when the disaster lasts for > > months instead of days. > > > > > > -- > Jeff Shultz > Central Office Technician > SCTC > (503) 769-2125 > Go Big Ask for Gig > > -- > Like us on Social Media for News, Promotions, and other information!! > > <http://www.facebook.com/sctcweb> <http://www.instagram.com/sctc502> > <https://www.yelp.com/biz/sctc-stayton-3> > > > > > > > > This message contains confidential information and is intended only > for the individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and > delete this e-mail from your system. E-mail transmission cannot be > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. > The sender therefore does not accept liability for any errors or omissions > in the contents of this message, which arise as a result of e-mail > transmission. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 4 or smaller digit ASNs
> > I'm curious what your client's rationale is for wanting a low ASN. Dare I say it? Nerds often get overly excited at things that are generally pretty small... ;) --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: replacing compromised biometric authenticators
I agree that multiple levels are best and, for the moment, I'd frankly be hesitant to give anything like finger print data since one can never change that and the harm of it getting loose can not yet be determined. (Not that the data being taken by these scanners is necessarily all that grandiose.) I also would accept a facility that did something like handscan and pin to access the lobby/security desk and keycard or fob to move around once inside along with scan in/scan out enforcement. (No tail gating.) I've never really been keen on relying on biometrics though. The handscanners can be convenient for not having to carry anything around but when all is said and done, they are really not all that much better than just a keycard. -Wayne On Wed, Oct 11, 2017 at 04:10:51PM -0500, Matt Harris wrote: > I would definitely not say that it is current best practice not to deploy > biometrics. As part of a holistic approach, biometric systems can improve > security greatly. As a singular approach, using it as a single factor for > authentication and authorization of access/actions, it's as terrible an > idea as any other. The difficult of passing a high-quality biometric > authentication system, even knowing its success conditions, is > non-trivial. The good ones check for basic signs of life, as well, so > simply cutting off someone's hand and trying to use it would fail, for > example. There are, of course, cheap biometric systems that are not as > good, and ymmv depending on what and how you deploy biometrics. Taking the > specific threat level you're up against is always relevant. > > All of the facilities I have in production have a three factor approach to > access - "something you know, something you have, and something you are." > Biometrics being the latter, plus a badge or dongle, and a four digit > code. None of my production facilities can be access without all three. > > Take care, > Matt > > > On Wed, Oct 11, 2017 at 4:04 PM, Ken Chase <m...@sizone.org> wrote: > > > (forking the thread here..) > > > > Biometrics are still the new hotness out in North America. Cologix whom I > > deal > > with in Canada has a dozen and a half odd POPs in canada/usa and I think > > has > > fingerprinting at all sites. > > > > If the current best operating practice is to avoid biometrics, why are they > > still in use out here? Has anyone gotten the message? Is anyone in North > > America > > ripping them out yet? > > > > Other factors include your country's privacy regulations for storing > > irreplaceable personal information, the burden of which might not be worth > > the security 'benefit'. > > > > /kc > > > > > > On Wed, Oct 11, 2017 at 04:46:02PM -0400, William Herrin said: > > >On Wed, Oct 11, 2017 at 4:32 PM, J??rg Kost <j...@ip-clear.de> wrote: > > > > > >> Do you guys still at least have biometric access control devices at > > your > > >> Level3 dc? They even removed this things at our site, because there > > is no > > >> budget for a successor for the failing unit. And to be consistent, > > they > > >> event want to remove all biometric access devices at least across > > Germany. > > >> > > > > > >Hi J??rg, > > > > > >IMO, biometric was a gimmick in the first place and a bad idea when > > >carefully considered. All authenticators can be compromised. Hence, all > > >authenticators must be replaceable following a compromise. If one of > > your > > >DCs' palm vein databases is lost, what's your plan for replacing that > > hand? > > > > > >Regards, > > >Bill Herrin > > > > > > > > >-- > > >William Herrin her...@dirtside.com b...@herrin.us > > >Dirtside Systems . Web: <http://www.dirtside.com/> > > > > -- > > Ken Chase - m...@sizone.org Guelph Canada > > > > > > -- > Matt Harris - Chief Security Officer > Main: +1 855.696.3834 ext 103 > Mobile: +1 908.590.9472 > Email: m...@netfire.net --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Hurricane Maria: Summary of communication status - and lack of
Please note that there is another looming problem with restoration of services generally (not just telecommunications). The key here is the power grid. >From what I have read, a great deal of the operating infrastructure is operating on backup generator. These generators are not meant for this duty cycle. (Recall that most units are sized such that they will be providing ~70% output if not higher and thus will run hard.) It will not be long before some of them begin to fail. Even if they can keep running for the longer term, they need to be shut down every so many hours for service (oil change, etc.) Depending on the unit, that may be measured in the hundreds of hours. One week is 168 hours. One month is 720 hours. Fail to do this and the unit evntually becomes a big pile of scrap metal. Any facility, beit a pumping station, hospital, airport, cell tower, central office, or sewage plant that must rely on generators for the foreseeable future must consider this. On Tue, Oct 10, 2017 at 12:47:21AM -0400, Sean Donelan wrote: > > The Puerto Rico government has posted threee maps of cellular coverage and > GPS coordinates of Cells on Wheels (COWs) in service. > > http://www.status.pr/Maps/ > > It still looks grim in Puerto Ricofrom a telecommunications perspective. > Its will be an interesting after-action study. Other than "it was a > hurricane," I haven't gotten a good idea why so much of the > telecommunications network failed and backups still aren't working more > than 2 weeks later. > > Claro, the ILEC but second in terms of mobile phone marketshare behind > AT, has started to more fully explain what "restored" means, and that > it doesn't mean everything as before the hurricane. It is minimum > telecommunications. Claro has been more willing to talk about the > situation in Puerto Rico, which is why I've referencing Claro a lot more > than other carriers. > > This is a google translate of an interview from spanish. > > "It is important to clarify that the radio bases put into service to date, > offer the same voice and data services as before the impact of the > Hurricane. In other words, if the base radio is 4GLTE, that is the service > it will offer. The other two components that influence the customer > experience are the voice and data plan and the equipment of each user." > > "The network is also open to third-party customers as part of our > commitment to connect everyone in the country. In fact, over a quarter of > a million customers from other providers have connected daily to the Claro > network. When these customers connect to our network they only have voice > service as stipulated in the roaming agreement with the other providers. > As for the fixed network, this morning the service was restored in the > central offices (OC) of Fajardo and Humacao, whose optical fibers had been > affected by the destruction of Hurricane Maria. In this way already have > fixed voice, internet and long distance services in these municipalities: > Ceiba, Fajardo, Luquillo, Humacao, Naguabo and Yabucoa. Already a total of > 57 municipalities have all 3 services. It is possible that some customers > of Claro served by these OCs do not have internet. This is possible as > there could be cables and posts broken and / or VRADs without AEE > service." > > https://www.metro.pr/pr/noticias/2017/10/06/senal-claro-esta-ya-accesible-34-municipios.html --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Hurricane Maria: Summary of communication status - and lack of
Well, that's why recovery efforts in broad scale events like this have to go from a central point to pushing a perimiter farther and farther out. Create a habital, functional zone where workers can return to both to organize and recouperate and then go back out and push farther afield. First restoring main arteries (whether that is in the form of roads, electrical dstribution, communications, water, or sewer) and then branch out from there. All of that takes time. It does no good, afterall, to repair the services in a neighborhood if the feeds into that neighborhood aren't going to be functional for weeks. And always remember that the first duty is to life and limb. The rest is of far less importance until that situation has been stabilized. On Mon, Oct 02, 2017 at 12:56:56AM -0400, Jean-Francois Mezei wrote: > On 2017-10-02 00:32, Javier J wrote: > > > I hope they do. There doesn't seem to be a shortage of FEMA, Army, etc > > personnel on the ground or a shortage of truck drivers in the US willing to > > help. If 80% of Truck drivers that pick up containers from the ports can't > > make it, then this needs to be supplemented any way possible to get things > > moving. > > > When disaster is in focused area (Like Houston), truck drivers can > easily return to functional cities after delivering goods to the diaster > zone (so not a strain on food/lodging in diaster zone). > > If you bring truck drivers (and telecom, electrical etc) workiers into > Puerto Rico, they can't go home every night, so become a strain on > shelter/food resources. > > And you can't "steal" your local workers if they are busy pickup up > their belongings from collapsed homes, waiting in long queues for food > and caring for their families. > > In 1998 Ice Storm, Bombardier in Montr??al had full power and got a lot > of bad publicity when it threatened to fire employees who didn't show up > for work. Seesm like mamnagement lived in areas that had power and > didn't realise how life changes when you have no power, queue up for > wood provided by city etc. (and that is nothing compared to what people > on Puerto Rico are dealing with). --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Hurricane Maria: Summary of communication status - and lack of
On Tue, Sep 26, 2017 at 12:52:29AM -0400, Sean Donelan wrote: > T-Mobile also mentions while T-Mobile's field engineering crew was at the > Luis Mu??oz Mar??n Airport, they were drafted to help install a generator > for the FAA Control Tower. That's one way to help get your supplies on the > island. You know, that's a really good point. In such situations, the sooner you can get the basic infrastructure operational again and transportation, electrical systems, and fuel distribution (generators have to run on something...) in particular, the faster everything can start coming back together. First and foremost, this means making the place habitable again so you actually have customers to serve. So any time spent doing something like what is related above is extremely worth while and can only serve to facilitate future work for everyone on the island. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Hurricane Harvey - Network Status (FCC)
These held up well in previous examples as well until their batteries ran down. So we'll have to see if they continue to be operational as the water drains away. On Mon, Aug 28, 2017 at 05:47:33PM +, Robert Jacobs wrote: > Large network provider in the middle of this... This event will re-write all > of our DR plans... Telecom and communication systems are holding up extremely > well with high water and multi-county power outages caused by high-water... I > commend all those out in this responding to immediate needs of their fellow > citizens directly and the countless other setting at home in front of their > PC monitoring things and making sure systems and emergences are being dealt > with. Proud to see everyone working together.. That is the way it should be. > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jean-Francois Mezei > Sent: Monday, August 28, 2017 11:51 AM > To: nanog@nanog.org > Subject: Re: Hurricane Harvey - Network Status (FCC) > > On 2017-08-27 20:58, Tim Jackson wrote: > > KHOU's local transmitter (Missouri City I think is where it's at) > > seems to be back on the air, but with all production from WFAA out of > > Dallas. > > > KHOU had a tweet with video showing the water flooding into their > offices/studios and staff having to leave. > > https://twitter.com/sallykhou11/status/901805513905668096 > > I guess this is where disaster tolerance/recovery plans really kick in. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Admiral Hosting in London
We were contacted by Admiral Hosting in London to rent some our unused IP space. While they insist that they're not spammers, we can not find out much about them. Has anyone had any dealings with this company? Legit? Scam? We are not interested in contributing to the Scam/Spam problem and figured I would ask here. As this is not, technically, NA-related, private replies are preferred. I'll summarize to the list.
Re: OSPF vs ISIS - Which do you prefer & why?
This generally supports my own view that it depends on the topology and the real or potential scale/scope. In my experience, IS-IS is just all around better in a flat, highly interconnected environment such as an ISP or other broadly scaled network. If you have a very (almost exclusively) heirarchical structure and pretty good control over IP addressing and can use summarization effectively, then OSPF can make your core networking much simpler. On a small network that doesn't look to grow at leaps and bounds, I'd favor OSPF. On a large, complex network or a network that has the potential to grow without any sort of predefined structure (ie, more demand based), then IS-IS is probably your win. Note that this doesn't factor in multiple IS-IS levels, something I don't have a great deal of experience with. Mostly, networks I've been associated with just run one great big, gigantic level 0, though they did also experiment with other configurations. -Wayne On Thu, Nov 10, 2016 at 07:59:12AM +0200, Mark Tinka wrote: > > > On 9/Nov/16 19:12, Michael Bullut wrote: > > > Greetings Team, > > > > ???While I haven't worked with IS-IS before but the only disadvantage I've > > encountered with OSPF is that it is resource intensive on the router it is > > running on which is why only one instance runs on any PE & P device on an > > ISP network. OSPF is pretty good in handling the core network routing while > > BGP & EGP handle the last-mile routing between PE & CE devices. BGP & EGP > > can run on top of OSPF. I came across this *article* > > <https://routingfreak.wordpress.com/2011/03/05/why-providers-still-prefer-is-is-over-ospf-when-designing-large-flat-topologies/> > > when > > scrolling the web a while back and I still want to find out if am the only > > one who thinks its a matter of choice between the two. Although there isn't > > distinct 1:1 argument, it's good we discuss it here and figure out why one > > prefer one over the other *(consider a huge flat network)**.* What say you > > ladies and gentlemen? > > I've given a talk about this a couple of times since 2008. But our > reasons are to choosing IS-IS are: > > * No requirement to home everything back to Area 0 (Virtual Links are > evil). > > * Integrated IPv4/IPv6 protocol support in a single IGP implementation. > > * Single level (L2) deployment at scale. > > * Scalable TLV structure vs. Options structure for OSPFv2. OSPFv3 > employs a TLV structure, however. > > * Inherent scaling features, e.g., iSPF, PRC, e.t.c. Some of these may > not be available on all vendor implementations. > > If you're interested in reviewing the talk I gave on this, a lot more > details is in there at: > > > http://www.apricot.net/apricot2009/images/lecture_files/isis_deployment.pdf > > Ultimately, router CPU's are way faster now, and I could see a case for > running a single-area OSPFv2. So I'd likely not be religious about > forcing you down the IS-IS path. > > Mark. > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Dyn DDoS this AM?
See, that's the thing... The key to victory here is to defeat the robots. Take away the anonymity of proxies and trojan amplifiers and enforcement gets a lot easier. Sadly, this war doesn't seem likely to be won anytime soon. Especially since there are State entities using (and even deploying) a number of these systems for use against other States and businesses and/or financial mechanisms. So rather than help the community solve the problem (for their own good, no less!), it is in their interests to perpetuate it. -Wayne On Fri, Oct 21, 2016 at 05:37:08PM -0400, Alain Hebert wrote: > Just a FYI, > > That "horrific trend" has been happening since some techie got > dissed on an IRC channel over 20 years ago. > > He used a bunch of hosted putters to ICMP flood the IRC server. > > Whatever the community is behind, until the carriers decide to wise > up this will keep happening, that is without talking about the > industries being developed around DDoSes events. > > Enjoy your weekend. ( I ain't on call anymore anyway =D ) > > - > Alain Hebertaheb...@pubnix.net > PubNIX Inc. > 50 boul. St-Charles > P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 > Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 > > On 10/21/16 11:52, Brian Davies via NANOG wrote: > > +1! > > > > Well said, Patrick. > > > > B > > > > On Friday, October 21, 2016, Patrick W. Gilmore <patr...@ianai.net> wrote: > > > >> I cannot give additional info other than what???s been on ???public > >> media???. > >> > >> However, I would very much like to say that this is a horrific trend on > >> the Internet. The idea that someone can mention a DDoS then get DDoS???ed > >> Can > >> Not Stand. See Krebs??? on the Democratization of Censorship. See lots of > >> other things. > >> > >> To Dyn and everyone else being attacked: > >> The community is behind you. There are problems, but if we stick together, > >> we can beat these miscreants. > >> > >> To the miscreants: > >> You will not succeed. Search "churchill on the beaches???. It???s a bit > >> melodramatic, but it???s how I feel at this moment. > >> > >> To the rest of the community: > >> If you can help, please do. I know a lot of you are thinking ???what can I > >> do?" There is a lot you can do. BCP38 & BCP84 instantly come to mind. Sure, > >> that doesn???t help Mirai, but it still helps. There are many other things > >> you can do as well. > >> > >> But a lot of it is just willingness to help. When someone asks you to help > >> trace an attack, do not let the request sit for a while. Damage is being > >> done. Help your neighbor. When someone???s house is burning, your current > >> project, your lunch break, whatever else you are doing is almost certainly > >> less important. If we stick together and help each other, we can - we WILL > >> - win this war. If we are apathetic, we have already lost. > >> > >> > >> OK, enough motivational speaking for today. But take this to heart. Our > >> biggest problem is people thinking they cannot or do not want to help. > >> > >> -- > >> TTFN, > >> patrick > >> > >>> On Oct 21, 2016, at 10:55 AM, Chris Grundemann <cgrundem...@gmail.com > >> <javascript:;>> wrote: > >>> Does anyone have any additional details? Seems to be over now, but I'm > >> very > >>> curious about the specifics of such a highly impactful attack (and it's > >>> timing following NANOG 68)... > >>> > >>> https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts- > >> twitter-spotify-reddit/ > >>> -- > >>> @ChrisGrundemann > >>> http://chrisgrundemann.com > >> --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: MPLS in the campus Network?
If the reason for L2 transport is purely customer driven and purely ptp, then a L2 VPN solution would be better than directly transporting the frames. If you don't have to bridge it directly, don't. Keep the core at layer 3 wherever possible. L2 can be very hard to debug when there are issues. On Thu, Oct 20, 2016 at 06:58:51PM +0200, Mark Tinka wrote: > > > On 20/Oct/16 18:45, Roland Dobbins wrote: > > > > > Sure - but it's probably worth revisiting the origins of those > > requirements, and whether there are better alternatives. > > Indeed. > > What we've seen is customers who prefer to manage their own IP layer, > and just need transport. These types of customers tend to be split > between EoDWDM and EoMPLS preferences. Whatever the case, their primary > requirement is control of their IP domain. > > What we're not seeing anymore is l3vpn requirements, particularly on the > back of on-premise IT infrastructure moving into the cloud. We see this > driving a lot of regular IP growth. > > Mark. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 18 years ago today - rfc 2468
And for those of you who you don't recognize his name, either you aren't old enough or you haven't read enough RFCs, though his contributions go wayyy beyond that. It is fair to say he is very much one of the cadre of personell who quite literally built the internet that so many of the rest now take for granted. On Sat, Oct 15, 2016 at 09:21:01AM -0400, Patrick W. Gilmore wrote: > We do. > > Thank you for reminding us. And thanks to Dr. Postel for making what we do > possible. > > -- > TTFN, > patrick > > > On Oct 15, 2016, at 9:19 AM, Rodney Joffe <rjo...@centergate.com> wrote: > > > > To be clear - Oct 16. Which has just tolled in the APAC region. For most of > > you it will be tomorrow. But no matter. You get the point. > > > >> On Oct 15, 2016, at 9:08 AM, Rodney Joffe <rjo...@centergate.com> wrote: > >> > >> How time flies > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ISP License in the USA?
Well, now you're talking tax ID or, rather, a general license to operate a commercial enterprise, not a specific license related to ISPs. On Tue, May 31, 2016 at 07:05:29PM +, Dustin Jurman wrote: > Local Business License. > > Dustin > > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Dennis Burgess > Sent: Tuesday, May 31, 2016 2:53 PM > To: North American Network Operators' Group <nanog@nanog.org> > Subject: RE: ISP License in the USA? > > I would suggest getting a new consultant .. :) > > Possible Acronyms > > College of Arts and Letters (Missouri State University; Springfield, MO) > Cartridge Overall Length (shooting) > Client Object Access Layer > Circle of Acro Lovers > Columbus Ohio Area Local > Consolidated Operational Activities List Customer Order Acceptance List > Common Operational Activities List (US Navy) > Chance of a Lifetime (raffle) > > Lol got me! There is nothing that I know of that you have to "license" to > become a ISP in the US of A. . You do have to fill out Form 477 twice a year. > :) > > > www.linktechs.net - 314-735-0270 x103 - dmburg...@linktechs.net > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell Hathcock > Sent: Tuesday, May 31, 2016 1:14 PM > To: 'NANOG list' <nanog@nanog.org> > Subject: ISP License in the USA? > > NANOG: > > > > Our owner has hired a consultant who insists that we should have an ISP > license to operate in the United States. (Like they have in other countries > like Germany and in Africa where he has extensive personal experience.) > > > > I am asking him to tell me which license we should have because I don't know > of a license that we are required to have to route IP traffic to end > customers. > > > > I am familiar with CLEC status filed with our state. But it is not a > requirement to pass traffic. > > > > He is suggesting COALS with which I am completely unfamiliar. > > > > Can anyone tell me if there is a Texas state and/or USA Federal license for a > small operator to pass IP traffic from the internet to end users (commercial > and/or residential). > > > > I am aware that there are some CALEA requirements of ISPs that seem to kick > in once a CALEA request is made, but is that different from a license. > > > > Thanks, > > > > Lorell Hathcock > > > > > > > > > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ISP License in the USA?
+1 Do not confuse a desire from some party you wish to do business saying, "Our own consultants have said that we shouldn't do business with anyone not compliant with these standards," as a requirement for licensure. Bureaucrats simply like certificates and that's all this really boils down to, a way for consultants and/or politicians to meddle in both ends of what has previously been a pretty open process, creating a solution in search of a problem and adding complexity where it's generally not needed. In fine, the only thing you need in the US to be an ISP is a network. The rest is mostly all about trying to get customers from one section or another of business or of the general public. -Wayne On Tue, May 31, 2016 at 11:54:38AM -0700, Eric Flanery (eric) wrote: > There is no such thing as an 'ISP license' in the US. I have a hard time > imagining Texas of all places would have such a requirement. > > Depending on what exactly you are doing, there are various and highly > varied requirements, such as acquiring a SPIN number for E-Rate, filing FCC > 477 if you do broadband, FCC 499 if you do VoIP (CLEC and ETC also apply > there), a FRN if you do pretty much anything FCC-related, various sorts of > licenses for most radio/microwave systems (excepting part 15 stuff), CALEA, > open internet, etc... > > COALS _could_ apply _if_ you are running a cable TV system that also > delivers data services, but it isn't an 'ISP thing'. > > More to the point... > > I wouldn't take US legal advice from any consultant not familiar with US > law, or really any non-lawyer consultant at all. I wouldn't take it from > NANOG either; while it's a tremendous technical resource, it is not your > attorney. > > There are a number of telecommunications focused law firms out there, with > knowledgeable lawyers. It would be a good idea to establish a relationship > with one, if you intend to enter the increasingly complex legal minefield > of being an ISP. > > --Eric > > On Tue, May 31, 2016 at 11:24 AM, Dan White <dwh...@olp.net> wrote: > > > Not familiar with the process, but look at E-rate if you want to provide > > service to schools, libraries and health providers. > > > > > > On 05/31/16 13:14 -0500, Lorell Hathcock wrote: > > > >> NANOG: > >> > >> Our owner has hired a consultant who insists that we should have an ISP > >> license to operate in the United States. (Like they have in other > >> countries > >> like Germany and in Africa where he has extensive personal experience.) > >> > >> I am asking him to tell me which license we should have because I don't > >> know > >> of a license that we are required to have to route IP traffic to end > >> customers. > >> > >> I am familiar with CLEC status filed with our state. But it is not a > >> requirement to pass traffic. > >> > >> He is suggesting COALS with which I am completely unfamiliar. > >> > >> Can anyone tell me if there is a Texas state and/or USA Federal license > >> for > >> a small operator to pass IP traffic from the internet to end users > >> (commercial and/or residential). > >> > >> I am aware that there are some CALEA requirements of ISPs that seem to > >> kick > >> in once a CALEA request is made, but is that different from a license. > >> > > > > -- > > Dan White > > BTC Broadband > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: GeoIP database issues and the real world consequences
On Mon, Apr 11, 2016 at 06:15:08PM -, John Levine wrote: > > >The problem with MaxMind (and other geoip databases I've seen that do > >Lat/Long as well as Country / State / Town) is that the > >data doesn't include uncertainty, so it returns "38.0/-97.0" rather than > >"somewhere in a 3000 mile radius circle centered on > >38.0/-97.0". > > > >Someone should show them RFC 1876 as an example of better practice. > > Oh, heck, you know better than that. You can put in all the flags and > warnings you want, but if it returns an address, nitwits will show up > at the address with guns. > > Bodies of water probably are the least bad alternative. I wonder if > they're going to hydrolocate all of the unknown addresses, or only the > ones where they get publically shamed. I personal favor setting the generic location as a certain set of roundish holes in the ground up in the northern plains. Let the government raid itself for once. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Colocation Server Lifts
In all my time dealing with various colos around the globe, I cannot say that I can ever recall hearing (or seeing) someone refer to using a lift to install or dismount a server. My inclination therefore is that it is not something likely to be common. That it may exist in locations I have had dealings with is possible, of course, but not something that I am expressly aware of at any particular facility. As to use, I believe these would be in the vein of dollys and ladders, available upon request. Except in the most restrictive colos, I would not expect any explicit conditions for operation except to perhaps be questioned whether you know how to use it before letting you wheel it away. One would hope it would be more or less self-explanatory and just a question of reading the labels by the controls. -Wayne On Tue, Mar 29, 2016 at 07:23:41AM -0500, Jason Lee wrote: > Hi NANOG community, > > A few questions I have for the community regarding server lifts at colo > facilities. > > 1. Is a server lift something you would typically expect a colo facility to > provide? > > if yes, > > 2. Do colo facilities typically allow customers to just use them or provide > an operator? > 3. Is it a free offering or something they rent out? > 4. What would be the typical device weight you would lift? > 5. What would be the max device weight you would lift? > > Thanks, > > Jason --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Oh dear, we've all been made redundant...
On Sun, Mar 20, 2016 at 11:00:36PM -0500, Larry Sheldon wrote: > On 3/19/2016 18:16, Warren Kumari wrote: > > Found on Staple's website: > > http://www.staples.com/NetReset-Automated-Power-Cycler-for-Modems-and-Routers/product_1985686 > > > > Fixes all issues, less downtime, less stress... > > etc... > ... > > ...and so forth > > . > ..and so on. > > > Resetting allows equipment to auto-correct issues > > Recalls to mind years ago in the Toll testroom where I work, the > evenings equipment man (charged with and assigned to the task of > repairing equipment that had been "patched out" by the day shift) would, > when he arrived for work each day, retrieve the piece of 2 X 4 from its > hiding place and whack each bay of relay-rich equipment as he walked in > the area. > > Then, after some coffee and a cigarette, he would go through the > trouble-ticket collection, retest the item, mark the ticket "NTF" and > proceed to the next item. I love that! Just goes to show the vast range of technical issues that can be readily righted with little more than a good thump with a hammer. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: remote serial console (IP to Serial)
On Wed, Mar 09, 2016 at 06:40:54AM -0600, Andrew Latham wrote: > +1 on the Lantronix Spider as it is an awesome tool but Lantronix make > devices for very small rollouts also, > http://www.lantronix.com/products/eds1100-eds2100/#tab-features might be I mentioned this to the OP but did not see it mentioned here: That Lantronix above is $214 for one serial port. Money sensitive people might consider an EdgeRouter Lite (used only to get ssh and provide firewalling) coupled with a used Portmaster PM25 off Ebay for under $200 (total) for 25 serial ports.
Re: John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
Keep in mind that he is running for President also.
Fw: new message
Hey! New message, please read <http://documation.greatapes.com/likely.php?x> Wayne E. Bouchard
Re: Ear protection
So I intended to provide a few short comments on this but got on a roll. The below may be of more or less use to you but this is the way I look at things. Listening to music isn't all that bad a means of dealing with noise for shorter periods such as the odd onsite engineers have to do because either you're out of techs or it's a really complicated or delecate job and it requires more care than the average datacenter tech or (heaven forbid) remote hands can provide (because they don't normally do that stuff), especially if you're either using ear buds or full cup over the hear headphones because the mere fact of wearing these will probably cut 5-10db off the ambient. (I have a pair I use for mixing and production use that do much better than that even.) Second, the presence of music, as long as it ain't overly loud itself, tends to also not merely cover but it gets the ear doing different things so it's no longer focusing on the particular frequency set of the fans. If you're a datacenter or field tech, noise canceling headphones are basically a must. If that's not your bag and you don't need to be on the phone (I strongly advocate electronic means of communication such as google chat, SMS, irc, or otherwise just because it's more certain and doesn't require you to shout or listen to very loud background noise), then go with foam ear plugs. Carry a small package of them in your bag. They also tend to irritate your ears less than platic ear plugs and ear buds because the form to the ear, not force tissue around. On noise standards, accuracy of the meter isn't really important (as long as it isn't useless) because it's more of a "I should be thinking about it" threshold. But make absolutely sure you are measuring the A weighted noise curve, not the C weighted or your not measuring the noise that will most impact your hearing. You should also not rely on your employer providing ear protection. You should take it on yourself to guard against tinitis. (No fun. I have a touch of it in my left ear but not from music or concerts. From randomness. Overly loud music or sharp noises can set it off and it'll annoy me for at least a couple of hours until it drops back down to easily ignorable levels.) I just had to do 6 hours of wiring and cable management in some racks I've been helping assemble, meaning my head and hands were not in the middle of the aisle, but right behind the machines. It was only when I stepped away from the racks after the first hour or so to get supplies that I realized, "MAN, that's loud!" So if you're routinely in that environment, make ear protection a habit. You can buy a better set of headphones. You can't buy a better set of ears. Note also that in the last 15 years, fan speeds and drive speeds have increased as equipment has gotten more and more dense and as a result manufacturers have had to up the air velocity in order to cool the gear and that has generally meant small, steeply pitched, very fast fans. (This is especially true of servers built to be densely rack mounted and yet provide capacilities to house lots and lots of drives in that small footprint. Look at your average 1U crammed with these small drives. Have to get air through there somehow.) This has caused a shift in frequency as well as an increase in intensity. So the characteristics of the noise has changed. That's important because the current noise is closer to the center of our range of hearing and don't forget the harmonics. So not only has the noise gotten louder, it is now in a range where our ears are more sensitive to it and therefore it is more important to take measures to guard against. I happen to have a measurement mic and a decent spectrum analyzer plugin. I may take some measurements just to illustrate the makeup at various points. May even be worth a paper if I can get some equipment and colo vendors to cooperate and feed me data. -Wayne On Wed, Sep 23, 2015 at 12:13:08PM -0400, Lamar Owen wrote: > On 09/23/2015 10:09 AM, Keith Stokes wrote: > >Since I???m in our colo facility this morning, I decided to put some > >numbers on it in my little isolated corner with lots of blowers running. > > > >According to my iPhone SPL meter, average SPL is 81 - 82 dB with peaks 88 > >- 89 dB. > > > > > With SPL that close to the recommended maximum, the accuracy of the SPL > measurement is rather critical. I would not trust my smartphone's mic > to have sufficient accuracy to protect my hearing unless it is > calibrated to a known source SPL using pink noise of a particular > weight. The calibration SLM should be a 'real' SLM, such as a Bruel & > Kjaer Type 2250 or similar with proper transducers. (Yes, I know, a B > 2250 will set you back nearly $4K, but, just what is your hearing > worth? A pair of hearing aids will set you (or your insurance company > at least) back $4K too). I used a vintage
Re: Ear protection
If you go the "molded to my ear" route, do not forget that your ears will tend to change over time and these must be replaced periodically or they'll become uncomfortable and less effective. (I forget what the recommendation is but I think every 1-2 years at the outside.) On Wed, Sep 23, 2015 at 10:29:25AM -0400, David Hubbard wrote: > I wear one of two things: > > 1) The 3M Peltor 105 ear muffs which offer 30db reduction. > I keep them in my car because I also use them for the gun > range, they fit snug but not annoying. They're only $18 > on amazon: http://tinyurl.com/peltor105 > There's also a behind the head bar if you don't like the over > the top kind. > > 2) A lot more expensive, but with a side benefit; I have > a custom set of ear plugs that I use for go kart racing so > I can have radio communication. You can get them online > or at most race tracks on a race day. Someone, or DIY at > home, will use a big syringe to squirt the mold liquid in > your ear, it sits for 60 seconds, then they pull it out and > send it off to have the ear plugs made. They're very good > at eliminating noise but have the side benefit of a > headphone plug so you can still use your phone, ipod, etc. > while you're in the data center. :-) > > David > > > -Original Message- > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of > > Nick Hilliard > > Sent: Wednesday, September 23, 2015 5:34 AM > > To: nanog@nanog.org > > Subject: Ear protection > > > > What are people using for ear protection for datacenters > > these days? I'm down to my last couple of corded 3M 1110: > > > > http://www.shop3m.com/3m-corded-earplugs-hearing-conservation- > > 1110.html > > > > These work reasonably well in practice, with a rated nominal > > noise reduction rate of 29dB. Some people find them > > uncomfortable, but they work well for me. > > > > There are other ear plugs with rated NRR of up to 32-33dB. > > Anyone have any opinions on what brands work well for them? > > > > Nick > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Zayo/AboveNet
ASNumber: 701 - 705 ASName: UUNET ASHandle: AS701 RegDate:1990-08-03 Updated:2012-03-20 Ref:http://whois.arin.net/rest/asn/AS701 Although not having been updated yet makes it one of the older registry entries, having just passed 25 years.. On Mon, Aug 10, 2015 at 09:08:16AM -0500, Blair Trosper wrote: UUNet would have been 40% funnier. (I rounded up from 39.975%) On Mon, Aug 10, 2015 at 8:57 AM, Bill Woodcock wo...@pch.net wrote: On Aug 10, 2015, at 8:45 AM, Blair Trosper blair.tros...@gmail.com wrote: Anyone know why Zayo still hasn't renamed the BGP AS network names for all the AboveNet ASNs? They don???t want to disrupt their Alternet peering sessions. -Bill --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: OT - Small DNS appliances for remote offices.
On Wed, Feb 18, 2015 at 06:28:16AM -0800, Ray Van Dolson wrote: Am looking for options to deploy DNS caching resolvers at remote locations where there may only be minimal infrastructure I suspect that this could be done using an ERLite but have not actually tried it.
Re: How our young colleagues are being educated....
On Mon, Jan 05, 2015 at 08:40:52AM -0600, John Kristoff wrote: On Thu, 25 Dec 2014 19:21:34 -0500 Miles Fidelman mfidel...@meetinghouse.net wrote: Cisco as the basis of networking material? Does nobody use Comer, Stallings, or Tannenbaum as basic texts anymore? I currently use a Comer book. I've also used a Tannenbaum book in the past, but not recently. My favorite book, when I've used it was Radia Perlman's. Increasingly I'm seeing a trend away from actually relying on books if even requiring them to be read anymore. This is both a trend with faculty and students. I frequently get asked if the book is required, even when the course page clearly says it is. Students and often faculty often I find rely too heavily on Wikipedia pages, which I've found myself going to update since they lead to wrong assumptions and answers in questions I've assigned. I like to augment, as many faculty do, classic or timely research papers into assignments so that students are at least forced to look at something other than vendor white papers and blog posts found in search engines. John Then again, no course on networking can be complete without a presentation involving ways in which things are not being used as originally designed because someone had an idea of how they could do it differently, for better or worse. (Ala the contradiction in terms that is HTTP streaming. Routers two continents away crashing as a result of eBGP packets for interprovider VPNs is another good one.) Nor can you call a course complete without a case study of where things do not work as intended and either very large pFail is the result or where a more complicated hack fix is needed as a workaround. Especially relevant with interoperability concerns when multiple vendors are involved. Those sorts of things you likewise do not often find in text books or white papers and probably not on Wikipedia either but they are at the core of what engineering and operations has contend with day by day. (Too often people conflate engineering with architecture and while they are very much related, they are not one and the same.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Linux router traffic monitoring, how? netflow?
Hello I've used ntop in the past with great success. ntop.org Regards Wayne On 14 November 2014 02:35, Murat Kaipov mkai...@outlook.com wrote: Hello Eliezer. Netflow will be the best solution to find the host that's generate load. First you need decide what netflow analyzer you'll use. I know about some plugin to Cacti. Than you need install IPT-NETFLOW to your Ubuntu router. Also you have another way, you can monitor (snmp traffic) all ports on switches and then find analyze. B.R. Murat -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eliezer Croitoru Sent: Thursday, November 13, 2014 8:10 PM To: nanog@nanog.org Subject: Linux router traffic monitoring, how? netflow? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, I have a tiny linux router based on ubuntu and sometimes I get a massive load of UDP traffic because of one of the PCs in the network. Usually I handle the situation with a strict block using iptables. The main issue is to find it due to the load. For now I am monitoring the traffic load using MRTG but it won't notify me. I can try to use nagios to monitor traffic load for a period of time but before I start working on it I want another person opinion and options. I have seen netflow in the past but never actually used it. Thanks in advance, Eliezer -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4 cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2 IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM= =gZaZ -END PGP SIGNATURE-
Re: Cogent admits to QoSing down streaming
I agree. There's nothing wrong with it at all unless you claim you're not doing that and then do it secretly in order to forward an agenda. On Thu, Nov 06, 2014 at 12:12:43PM -0600, Blake Hudson wrote: If I were a Cogent customer I would like to have seen more transparency (an announcement at least). However, I don't see anything wrong with their practice of giving some customers Silver service and others Bronze service while reserving Gold for themselves. Even if applications like VoIP do not function well with a Bronze service level. Now, a customer that was under the impression they were receiving equal treatment with other customers may not be happy to know they were receiving a lower class of service than expected. This is not a net neutrality matter, it's a matter of expectations and possibly false or deceptive advertising. I would much rather see an environment where the customer gets to choose Gold, Silver, and Bronze levels of service for his or her traffic as opposed to an environment where the provider chooses fast/slow lane applications at their own discretion. --Blake Patrick W. Gilmore wrote on 11/6/2014 10:12 AM: http://blog.streamingmedia.com/2014/11/cogent-now-admits-slowed-netflixs-traffic-creating-fast-lane-slow-lane.html This is interesting. And it will be detrimental to network neutrality supporters. Cogent admits that while they were publicly complaining about other networks congesting links, they were using QoS to make the problem look worse. One of the problems in tech is most people do not realize tone is important, not just substance. There was - still is! - congestion in many places where consumers have one or at most two choice of providers. Even in places where there are two providers, both are frequently congested. Instead of discussing the fact there is no functioning market, no choice for the average end user, and how to fix it, we will now spend a ton of time arguing whether anything is wrong at all because Cogent did this. Wouldn't you rather be discussing whether 4 Mbps is really broadband? (Anyone else have flashbacks to 640K is enough for anyone!?) Or how many people have more than one choice at 25 Mbps? Or whether a company with a terminating access monopoly can intentionally congest its edge to charge monopoly rents on the content providers their paying customers are trying to access? I know I would. Instead, we'll be talking about how things are not really bad, Cogent just made it look bad on purpose. The subtlety of it _IS_ bad, Cogent just shifted some of the burden from VoIP to streaming is not something that plays well in a 30 second sound bite, or at congressional hearings. It's enough to make one consider giving up the idea of having a functioning, useful Internet. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Marriott wifi blocking
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
My take here is that I'd rather the FCC just leave it alone and see if the market doesn't work it out in some reasonable way. That is, to not even address it in rules, whether accept or prohibit. Just step back and make sure that all you see is dust rising and not smoke. These things take a while to resolve. This issue has been building for a while but hasn't really reached its pinnacle yet so who is to say what things will look like in five years from a business standpoint? To codify something pretty well means you want it to look a particular way or you are accepting a way of being that may or may not be in the interests of those concerned and pretty well ending discussion, negotiation, and experimentation regarding that point. The problem is that all the RBOCs/ILECs/Cable groups seem to be headed in the same direction (and most of them are trying to run their own CDN and force their customers to use it instead of a third party--and running them badly to boot. Sound familiar?) If that were not the case, such a scheme would not be viable since there would always be someone undermining it. (Like OPEC... The price they want is never what they get because some country or another is always selling more than they say they're going to because they want more money, meaning supply is greater than it should be and prices adjust accordingly.) It only takes one or two holdouts to upset the plans of all the rest. *shrug* I'll have to see how these changes are implemented and how things are interpreted before we know what this is going to do to competitveness. -Wayne On Thu, Apr 24, 2014 at 04:42:42PM -0500, Jack Bates wrote: On 4/24/2014 9:59 AM, Patrick W. Gilmore wrote: I think you and I disagree on the definition of anti-competitive. But that's fine. There is more than one problem to solve. I just figured the FCC thing was timely and operational. I agree with you, Patrick. Double digit/meg pricing needs to die. I'm not sure that the change really alters backbone policy, but it would definitely open the doors for bad things in the access networks. That being said, only the largest networks could put enough pressure to benefit from it, and some do that currently. I also don't see this as any different than the business model some streaming sites enforce where the ISP must pay for stream access based on their subscribers instead of interested subscribers just paying for an individual account. Fair is fair, and some of the streamers have been hitting ISPs longer. Once again, only the largest streamers can hope to get away with it, and only the largest ISPs can get the low priced deals. In both cases, it's the small ISPs and small content providers that suffer. I don't see the FCC stopping megacorp bullying anytime in the near future. Jack --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Level 3 blames Internet slowdowns on Technica
On Fri, Mar 21, 2014 at 02:30:45PM +, Sholes, Joshua wrote: http://www.newnetworks.com/ShortSCANDALSummary.htm This boooklet is now maybe ~5-10 years old so it doesn't reflect more recent developments. We *let* the monopolies (er, duopolies in some cases) get away with the regulatory and legislative manipulation that led to the current outcome, That's definitely its own set of problems completely outside of where one stands on any idea in the space or on the regulation vs. competition debate in general. Regulation does no good unless it's enforced, and competition can't exist meaningfully in an environment where unfair business practices are allowed to exist. Which are both permitted and perpetuated in large part by the regulatory environment we are made to operate under. Monopolies usually require some sort of government support in order to survive. Don't forget that it is the old companies (regardless of their current name) making life difficult for the content carriers. They don't want to adapt so they are lobbying to enact policies which make it easier for them to sit there and be stagnant dinosaurs while the rest of the world moves on. It's the same thing the record companies are doing on with a different flavor. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: competition (was: Level 3 blames Internet slowdowns on Technica)
The impact of competition was extensively questioned and researched with respect to U.S. Government contracting rules in the early '80s. This led to the Competition in Contracting Act of 1984. Since then there's been the routine grumble about the lowest quality bidder and the periodic scandal involving a no-bid contract but no serious question about whether competition reduces cost and improves options. Unless the data starts to suggest otherwise, it's basically a settled matter. And that, of course, is that the government doesn't have to care about profit and loss nor quality of workmanship. If they don't like it, they just throw more money at it. A private entity, on the other hand, may cease to be a going concern if they don't weigh carefully who does work for them and how it is done. They also learn very quickly that lowest cost is not necessarily lowest cost because of the problem of compensating for shoddy work. Government doesn't have to learn this lesson, especially when palms are getting greased and spoils are being distributed. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: L6-20P - L6-30R
The whole point behind the locking connectors (like the IEC connectors) is to prevent you from plugging the wrong connectors together. Not only are the different dimensions, but the prongs are keyed differently as well. If you put a L6-20P device into a L6-30R, then it was done by physically replacing the plug on the PDU, not by making it work. I have had to do this at times but it is not strictly allowed by codes and not at all recommended. -Wayne On Tue, Mar 18, 2014 at 03:46:26PM -0700, Mike Hale wrote: They're different. You can't force them. On Tue, Mar 18, 2014 at 12:24 PM, Randy a...@djlab.com wrote: I have a situation where a 208v/20A PDU (L6-20P) is supposedly hooked to a 208v/30A circuit (L6-30R). Before I order the correct PDU's and whip cords...sanity check...are connectors 'similar' enough that this is possible (with force) or am I going to find we've actually got L6-20R's on the provider side? -- ~Randy -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: L6-20P - L6-30R
On Tue, Mar 18, 2014 at 09:39:46PM -0400, William Herrin wrote: There just aren't a whole lot of failure modes here that result in fire short of one or the other breaker failing. And that results in fire regardless of the amperage mismatch. This, by the way, is why you're allowed to plug that 22 gauge Christmas light wire into a 15 amp receptacle even though it can't handle 15 amps: the 3 amp fuse will blow if there's a short. Just don't plug in anything with lower-rated wire that doesn't have its own breaker or fuse. Regards, Bill Herrin And that is the result of the way things have been set down. The electrical code (as well as just general common sense) requires that there are multiple levels of protection specifically to try to avoid weird failure modes. So what we end up with is wire that is overrated for the current it is supposed to carry, multiple fusable links inbetween point A and point B and a grounding system that is supposed to safely direct voltage away from people in the event that everything else fails. So back to what I said before, I don't like doing stuff like that and don't advocate it if for no other reason that it makes good sense not to put yourself into a potentially problematic situation. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: US to relinquish control of Internet
On Sat, Mar 15, 2014 at 08:08:47PM -0400, John R. Levine wrote: The ITU is an agency of the United Nations.Which is an organization created by treaty, of which various nations' governments are members. Actually, the ITU is more than twice as old as the UN, and merged with the UN in 1947. As noted in a previous message, the ITU has both government and non-government members, more of the later than the former, which arguably makes it a multi-stakeholder entity. I entirely believe that NTIA doesn't want the ITU involved with ICANN, but the ITU has made it abundantly clear over the years that it wants a seat at the table, preferably its own table. I listened to the ICANN press conference this morning, the gist of which was don't worry, nothing will change, but once the NTIA opens up the ICANN management contract (or whatever it's called these days) to other parties, keeping the ITU out will be a challenge. R's, John Yes, the ITU is a very old agreement. It's also been more or less painless to us on the low end of the ladder even though of late they are doing their best to screw it up. Personally, I'm not too terribly worried about ICANN. Granted, the politicians have gotten markedly more efficient at converting gold into sh** in recent years but I think it will take them quite a while to royally fk up the internet, especially if they are relying on going through ICANN to do it. What's the worst they can do at this point? Make .bobtodd and .bubbagump TLDs? This is different from some of the crap we've got now in what way?? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: new DNS forwarder vulnerability
Have we ascertained if there is a typical configuration adjustment that can be made to reduce or eliminate the likelihood of impact? (From the description it sounds as though this is not possible but it doesn't hurt to ask.) On Fri, Mar 14, 2014 at 09:05:00AM -0700, Merike Kaeo wrote: On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote: On Fri, Mar 14, 2014 at 01:59:27PM +, Nick Hilliard n...@foobar.org wrote a message of 10 lines which said: did you characterise what dns servers / embedded kit were vulnerable? He said We have not been able to nail this vulnerability down to a single box or manufacturer so it seems the answer is No. It is my understanding that many CPEs work off of same reference implementation(s). I haven't had any cycles for this but with all the CPE issues out there it would be interesting to have a matrix of which CPEs utilize which reference implementation. That may start giving some clues. Has someone / is someone doing this? - merike --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ddos attack blog
On Thu, Feb 13, 2014 at 08:01:27PM -0500, Jared Mauch wrote: I would actually like to ask for those folks to un-block NTP so there is proper data on the number of hosts for those researching this. The right thing to do is reconfigure them. I've seen a good trend line in NTP servers being fixed, and hope we will see more of that in the next few weeks. A slight exception to that statement, if I may... The right thing to do is for people to not permit services to operate on hosts they do not intend to operate on and not to be visible to those they do not intend to use them. In other words, to properly manage their networks. If that means blocking all access to potentially faulty implementations, then that's the right thing to do. In short, companies should do what is right for their companies and nevermind anyone else. Never forget that researches are just part of the public and should never consider that their usage of the internet is any more or less valid to the average third party than the next guy. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Why are we fixated on Multimode fiber for high bandwidth communication?
Basic economics. MM optics come with looser tolerances and are therefore easier to produce. The wider core of the fiber and higher dispersion allowances also mean that the fiber is easier to make. The fiber, though, is the small end of this equation. The optics are the big one. For those who are buying two or three optics a year, a $150 price difference is no big deal. For those who buy two or three hundred optics every other month, this really makes a difference and those are the ones driving the MM development. -Wayne On Tue, Dec 31, 2013 at 02:08:36PM -0500, Jared Mauch wrote: On Dec 31, 2013, at 2:00 PM, eric clark cabe...@gmail.com wrote: Anyone know why the industry has their head stuck on MultiMode? at 10G the optics costs are about 1/3 that of SMF (SR vs LR). We tend to keep things SMF, but within many older datacenters MMF is broadly available and does meet the needs at a lower cost. There seems to be a shifting trend as well in UPC vs APC connectors. I think much of this problem is clearly articulated here: http://xkcd.com/927/ Everyones needs are a bit different. - Jared --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: What routers do folks use these days?
Brocade MLXe with the XMR cards is a good choice, yes, but -1 for What do you mean that this feature isn't fully implemented yet?? It's been in common use among other vendors for better than 10 years! They're a lot better than they were but still a bit lagging. -Wayne On Tue, Dec 10, 2013 at 10:15:10AM +, James Braunegg wrote: +2 for Brocade MLXe we use them globally now for almost 3 years and are very happy with them !! Brocade Rocks !! period !! Kindest Regards James Braunegg P:? 1300 769 972? |? M:? 0488 997 207 |? D:? (03) 9751 7616 E:?? james.braun...@micron21.com? |? ABN:? 12 109 977 666?? W:??www.micron21.com/ip-transitT:?@micron21 This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer. -Original Message- From: Elliot Finley [mailto:efinley.li...@gmail.com] Sent: Tuesday, December 10, 2013 9:29 AM Cc: nanog list Subject: Re: What routers do folks use these days? +1 for Brocade MLXe. Good Price. Good stuff. Good TAC. On Fri, Nov 29, 2013 at 1:19 AM, Fredy Kuenzler kuenz...@init7.net wrote: Am 29.11.2013 06:37, schrieb Jawaid Desktop: We're a service provider, and we have a network full of Cat6509's. We are finding that we are outgrowing them from the standpoint of their ability to handle lots of large routing tables. Obviously their switching capability is still superb but one of them with 20 peers is starting to groan a bit and RAM is going to be an issue soon. What do people use these days? Our backbone needs in the next 2-3 years are going to be sub-100Gbps. Check the Brocade MLXe series. We (Init7 / AS13030) are using them and the previous XMR series for years and are happy with it. CLI is Cisco-look-and-feel, the software tree has a clear structure (unlike Cisco with hundreds of versions) and the TAC is willing to ssh into your gear to assist. -- Fredy Kuenzler Init7 (Switzerland) Ltd. AS13030 St. Georgen-Strasse 70 CH-8400 Winterthur Twitter: @init7 / @kuenzler http://www.init7.net/ --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: If you're on LinkedIn, and you use a smart phone...
There's a reason I use an email alias if I sign up to places like that and why I do not place much information on these sites... There's a reason I maintain somewhere approaching 20 passwords in my head too and why the password I use for accessing my own systems will never be the password I use to access a system neither I nor my employer control. It's just common sense. Remember, the greatest threat to your privacy and security is YOU! How many of us go about detailing every aspect of our lives on facebook or twitter or something and, if someone is of a mind to comb through it, in the process self-disclose everything necessary for someone to basically become us? The hackers/corporate scrapers don't even really *HAVE* to try to thieve information anymore. We give it to them all without them even asking! -Wayne On Sat, Oct 26, 2013 at 02:16:05AM -0400, Jason Hellenthal wrote: Well said -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Oct 26, 2013, at 2:06, Jimmy Hess mysi...@gmail.com wrote: On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley hartl...@gmail.com wrote: Anyone who has access to logs for their email infrastructure ought probably to check for authentications to user accounts from linkedin's servers. [snip] Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and Webmail access to your corporate mail server from all of LinkedIn's IP space to a Honeypot that will simply log usernames/credentials attempted. The list of valid credentials, can then be used to dispatch a warning to the offender, and force a password change. This could be a useful proactive countermeasure against the UIT (Unintentional Insider Threat); of employees inappropriately entering corporate e-mail credentials into a known third party service with outside of organizational control. Seeing as Linkedin almost certainly is not providing signed NDAs and privacy SLAs; it seems reasonable that most organizations who understand what is going on, would not approve of use of the service with their internal business email accounts. -- -JH --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: abha ahuja
I met her briefly at the Phoenix NANOG back when. (I want to say she was speaking with Guy Tal at the time and that's who introduced me but not sure.) I was shocked to hear that she passed not all that long afterwards. She was bright and full of energy and not someone you would expect to see an obituary on just two or three years later. On Sun, Oct 20, 2013 at 01:36:13AM +0300, Randy Bush wrote: abha ahuja, researcher and operator, died this day in 2001 at a tragically early age. if you did not know her, search a bit. she did a lot, and with an open mind and heart. randy --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Cogent 100M DIA in Denver
It's worth pointing out that many IPv6 networks are unavailable from insert provider here. Hardly something to hold against them until the rest of us can all get our own houses in order... On Mon, Oct 14, 2013 at 01:41:48PM -0700, Constantine A. Murenin wrote: On 14 October 2013 12:57, Tri Tran trit...@cox.net wrote: They're lit in the bulding and have a much faster installation interval. How reliable are they? Tri Tran It's worth pointing out that many IPv6 networks are unavailable from Cogent; so, effectively, in 2013, you still can't get IPv6 connectivity from Cogent. C. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty
It's a good point to consider however that omits the probabilty that Canada is doing exactly the same thing as the U.S. and thus this may free you from certain legalities but does not actually ensure privacy. The other fact of this is that we are well aware that the NSA's database is being accessed freely by (at the very least) England and Australia (I think that's who I read) I believe with reciprical agreements and I'd be shocked if Canada isn't in there too. What are the ramifications of that? Do we even know? Points to ponder... -Wayne On Sat, Sep 07, 2013 at 02:08:31PM -0700, Paul Ferguson wrote: A Canadian ISP colleague of mine suggested that the NANOG constituency might be interested in this, given some recent 'revelations', so I forward it here for you perusal. Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ?boomerang routing? whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. Canadian originated transmissions that travel to a Canadian destination via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities ? a violation of Canadian network sovereignty. http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html Cheers, - ferg -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID -- Connect and Collaborate -- www.internetidentity.com --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: How big is the Internet?
According to The IT Crowd... http://vinipsmaker.files.wordpress.com/2012/09/the_internet_it_crowd.gif That big. On Wed, Aug 14, 2013 at 7:32 AM, Sean Donelan s...@donelan.com wrote: Researchers have complained for years about the lack of good statistics about the internet for a couple fo decades, since the end of NSFNET statistics. What are the current estimates about the size of the Internet, all IP networks including managed IP and private IP, and all telecommunications including analog voice, video, sensor data, etc? CAIDA, ITU, Telegeography and some vendors like Cisco have released forecasts and estimates. There are occasional pieces of information stated by companies in their investor documents (SEC 10-K, etc). -- Wayne Wenthin Technology Services Cascade Technology Alliance (CTA North - Multnomah ESD) Office: 503.257.1562 Cell: 360.818.4283
Re: If you thought you had wire management issues in your facilities...
*shrug* Enh.. Looks pretty much like any colo site I've ever been in that's been maintained by nothing but remote hands for the previous 4 years... (equinix, are you paying attention?) -Wayne On Wed, Jun 19, 2013 at 01:04:17PM -0400, Tom Morris wrote: Radio Free Asia, Washington DC. https://www.facebook.com/photo.php?fbid=485799631503312set=gm.536342003094118type=1 Just remember, you're probably in better shape than them. If you look carefully on the right side you can see where some cables were left abandoned in place because they'd become unremovable from that giant set of dreadlocks. -- -- Tom Morris, KG4CYX Mad Scientist For Hire Chairman, South Florida Tropical Hamboree / Miami Hamfest Engineer, WRGP Radiate FM, Florida International University 786-228-7087 151.820 Megacycles --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: net neutrality and peering wars continue
On Wed, Jun 19, 2013 at 07:44:15PM -0400, Dorian Kim wrote: On Wed, Jun 19, 2013 at 06:39:48PM -0500, Leo Bicknell wrote: On Jun 19, 2013, at 6:03 PM, Randy Bush ra...@psg.com wrote: as someone who does not really buy the balanced traffic story, some are eyeballs and some are eye candy and that's just life, seems like a lot of words to justify various attempts at control, higgenbottom's point. I agree with Randy, but will go one further. Requiring a balanced ratio is extremely bad business because it incentivizes your competitors to compete in your home market. You're a content provider who can't meet ratio requirements? You go into the eyeball space, perhaps by purchasing an eyeball provider, or creating one. Google Fiber, anyone? Having a requirement that's basically you must compete with me on all the products I sell is a really dumb peering policy, but that's how the big guys use ratio. At the end of the day though, this comes down to a clash of business models and the reason why it's a public spectacle, and of public policy interest is due to the wide spread legacy of monopoly driven public investment in the last mile infrastructure. -dorian At the risk of inflaming passions, I'll share my opinion on this whole topic and then disappear back into my cubicle. For my part, peering ratios never made sense anyway except in the pure transit world. I mean, content providers are being punished by eyeball networks because the traffic is one way. Well, DUH! But everyone overlooks two simple facts: 1) Web pages don't generate traffic, users do. Content sits there taking up disk space until a user comes to grab it. (Not quite the case with data miners such as Google, but you get the idea.) 2) Users would not generate traffic unless there were content they want to access. Whether that is web pages, commerce pages such as Amazon or ebay, streams, or peer-to-peer game traffic, if there's nothing interesting, there's nothing happening. So both sides have an equal claim to it's all your fault and one seeking to punish the other is completely moronic. Traffic interchange is good. Period. It puts the users closer to the content and the content closer to the user and everyone wins. So I never once understood why everyone was all fired up about ratios. It just never made any sense to me from the get-go. To have government get into this will certainly not help the problem, it will just make it a hundred times worse. Remember the old saying that the eight most terrifying words in the English language are, I'm from the government. I'm here to help. and boy will they try to help. You'll be lucky if you as a company can keep still your doors open after they get done helping you. Anyhow, just my two bits. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: PRISM: NSA/FBI Internet data mining project
On Mon, Jun 10, 2013 at 04:36:32PM -0700, Scott Weeks wrote: NSA claims know-how to ensure no illegal spying: http://thegardenisland.com/news/state-and-regional/nsa-claims-know-how-to-ensure-no-illegal-spying/article_ec623964-d23a-53c6-aeb0-14bf325a7f3c.html scott We're the government. Trust us! --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: PRISM: NSA/FBI Internet data mining project
You can keep a hacker out, true, but you cannot keep the government out. When the force of law can be used to compell you to act against your wishes or your own best interests, all bets are of. Hackers sneak in through the back door. The govt just breaks the front door down and demands entry and that is what appears to have happened here. Remember that part of the issue is the fact that, thanks to the Patriot Act and FISA, not only can you be given a warrant that does not proceed through normal channels, you are forbidden from even acknowledging its very existence or risk prison. That's ideal conspiracy fodder. Add to that the ignorance of the common man combined with the fact that no one here should have any doubt that the NSA is capable of things you and I haven't even imagined yet, and what are you likely to end up with when a snooping story breaks? Nothing short of the NSA being remained to the National Surveilance Administration. My gripe is that they should not have this sort of power to begin with. Power will be abused, pure and simple. The only way to prevent the abuse of power by government entities is to deny them that power in the first place. So I don't buy the whole thing because as an engineer, I know it's a lot more difficult than people think but, as an engineer, I also know the value of the right technology in just the right place. Do I believe they're snooping my waves and watching my keyboard? No, but with access to the right point (email servers and proxies near the eyeballs) they really don't have to. Besides, if they *DID* want to monitor someone that closely, we all know how easy it is for a somewhat more skilled hacker to get access to a desktop. So I'm up for about half of what is out there with just a touch of skepticism. Even without the whole kit and kaboodle, the information they have access to already is pretty frightening. With it, you can reverse engineer and acquire much more information through indirect means when the right search parameters are used and the right correlations made. Ever made a campaign contribution or a donation to a group like the NRA or CATO? Membership information is not private when they can just go back and look for the credit/debit transaction and compile the list that way. How often do you phone your congresscritter? Easy to identify the politically active by seeing who is placing/receiving calls from a given group. This whole system is just ripe for abuse. The statement the president made on this issue, as I heard it, really boils down to 5 words: We're the government. Trust us. *shudder* -Wayne On Fri, Jun 07, 2013 at 06:20:28PM -0700, Owen DeLong wrote: Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's
Re: De-funding the ITU
I'm of the camp that says that, in large measure, the only beneficial elements of international telecommunications agreements have been to define an international band plan for the radio spectrum. That was, afterall, the principal reason these treaties were signed, to prevent chaos within the spectrum. (That was also the genesis of the FCC. Too bad it didn't confine itself to that.) I'm sure there have been other useful things to come about but the have been abd continue to be considerably overshadowed by the detrimental effects of excessive meddling. -Wayne On Mon, Jan 14, 2013 at 04:14:56PM +, Nick Hilliard wrote: On 14/01/2013 15:27, John Levine wrote: The Internet does what it does surprisingly well, but it's not the same kind of network as the phone system. We all know of the abuses that can come with mandatory interconnection and settlements, but the solution is not to cut off the poor countries. less well developed countries often have their telecoms requirements serviced by an incumbent monopoly, often involving government ownership and usually involving little or no functional regulation. 20 years ago, the ISP that I worked for was paying about $20,000/meg/month for IP transit. It didn't drop to where it is now because of ITU regulations, interconnection settlements or by maintaining the government-owned monopoly of the time. I'm struggling to understand why people view these things as solutions to a problem, rather than the root cause. Nick --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On Mon, Dec 24, 2012 at 07:53:26AM -0500, valdis.kletni...@vt.edu wrote: On Sat, 22 Dec 2012 18:07:16 -0700, Wayne E Bouchard said: They serve quite well until I get to a switch that some douchebag mounted rear facing on the front posts of the rack with servers above and below and I just stand there cursing for a while as I scratch my head trying to figure out how the hell to even get to the tab in the first place... Has anybody ever seen this with a switch that's 2U or thicker? I've only seen it perpetrated with 1U switches, a situation that usually results in my lapsing into Russian 2U seems possible (can't say for certain) but larger, seems like you'd have a fair chance of being able to make something work since you can at least get your hands where they need to be... unless you can't find a ladder. (For the record, my knowledge of Russian is limited to those words that Latvian carpenters reserve for hammers that aim at thumbs. :) An appropriate quote: Profanity is the one language all programmers know. Works well for engineers too. :-) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On Sat, Dec 22, 2012 at 12:50:52AM -0600, Jimmy Hess wrote: On 12/21/12, Naslund, Steve snasl...@medline.com wrote: I have noticed that too. However it is not the RJ-45 connector's fault. It is the morons that insist on recessing connectors in places where you can't get your finger on the tab. I like the patch cords that have the Likely any connector with a latching retention mechanism requiring a manual release will have this kind of problem in space-constrained situations.A small flat edge screwdriver, spudger, or similar instrument can work wonders, since they are much longer than fingers. Usually car keys are what are most readily at hand for me. :) They serve quite well until I get to a switch that some douchebag mounted rear facing on the front posts of the rack with servers above and below and I just stand there cursing for a while as I scratch my head trying to figure out how the hell to even get to the tab in the first place... -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On Fri, Dec 21, 2012 at 03:48:04PM -0600, Jason Baugher wrote: On Fri, Dec 21, 2012 at 2:37 PM, Naslund, Steve snasl...@medline.comwrote: I have noticed that too. However it is not the RJ-45 connector's fault. It is the morons that insist on recessing connectors in places where you can't get your finger on the tab. I like the patch cords that have the kind of loop/spring thing for a tab that does not catch on everything and that way you don't need the boot over the tab. Another pet peeve of mine is connector boots that harden up over time so it is nearly impossible to flex the tab to remove the cable. Also, how about the 48 port 6500 blades and trying to remove the cables near the blade extraction tabs. G. Yes, the tabs you refer to are the best. I have never done business with this company, but that have a good picture for reference. http://www.computercablestore.com/10_FT_Booted_Cat5e_Networ_PID49403.aspx The full boots can be so thick that they won't fit into a high-density switch. If you're in a cold environment they go from difficult to compress to damn near impossible. More than once I've used a knife to cut a hardened boot off a cable so it's usable again. Jason And that's the main reason I never order cables with boots on them. They're mostly just unnecessary headaches. (BTW, you forgot to mention them slipping loose and just pulling away from the connector or the tab slipping out from under the rubber and making the cable all the more difficult to remove.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
There is also the factor that cat5 is the principle desktop to network connection. That being the case, there's very strong motivation for ensuring that construction of that cable can be done very easily by barely trained folks. Otherwise, laying out an office or cube farm becomes considerably more difficult and expensive. RJ45 is and always has been a very easy termination as long as you can tell one color from another. How many people here have gotten good enough that they can cut a cable and pop connectors on each end in under 3 minutes? How many have gotten good enough that the failure rate for *hand made* cables is sub 1:1000? Show me another connector type where that will be true. Really, it will remain that way until the bandwidth needs from the desktop begin to push the GE threshold. Until then, why bother changing anything? When that does happen, it'll pretty well deal with itself. -Wayne On Thu, Dec 20, 2012 at 10:28:52AM -0800, Michael Loftis wrote: It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Announcing APNIC IP's in ARIN region
It presents no technical problem but has always been considered politically inadvisable. I mean, there are multiple registries for a reason that goes beyond mere oranization and load sharing. Increasingly, governments are trying to take more control over packets (there is ever the push for geographic maping mechanisms and so on) and that may introduce potential legal problems in the future, depending on the nation you're in and how paranoid they become. So in short, do what you need to do. Just be aware of sub-optimal. -Wayne On Tue, Sep 25, 2012 at 10:30:59AM +0200, Jeroen Massar wrote: On 2012-09-21 01:57, Brandon Wade wrote: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. As this Internet thing is a global thing, why would that be an issue? (unless it is a spammer outfit of course ;) Greets, Jeroen --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Verizon's New Repair Method: Plastic Garbage Bags
To be fair, this sort of thing does happen from time to time in perfectly legitimate situations. In some cases, parts need to be acquired or maintenance schedules need to be arranged in order to do a propper repair. So just because you see these, don't immediately think it is bad techs rather than a temporary, keep it working until you can do it right. That said, I've seen more jury-rigging in my time than I care to think about. Nothing like a temporary fix that is still in place five years later. On Mon, Aug 20, 2012 at 03:33:59PM -0400, Joel Esler wrote: Can we all just agree that the whole pole needs to be restrung? That's horrible! On Aug 20, 2012, at 3:25 PM, Harry Hoffman hhoff...@ip-solutions.net wrote: What? That's totally legit. Look! There's even bubble wrap there for cushioning! ;-) On 08/20/2012 03:09 PM, Eric Wieling wrote: For a while we have had a customer with some lines which go down every time it rains. We put in the trouble ticket, a couple of days later Verizon says the issue is resolved...until the next time it rains. The customer sent us some pictures today of the pole outside their office. The repair appears to be wrapping some plastic bags around something up on the pole. Here is link to the pictures the customer sent us, in case anyone in the mood for a good scare. http://rock.nyigc.net/verizon/ --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: EBAY and AMAZON
On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better. There is an inherent advantage for anything based upon *BSD. It was developed in an evironment where in order to continue to operate it was required to defend itself against many users who wished to exploit the O/S. Windows, being designed for a single-user environment, made a number of design decisions which directly conflict with security. Having spoken to MS security about this, there is no interest on their part in disturbing the user experience in exchange for drastic security improvements. Rather, they continue to gradually evolve their existing model to increase security which, in fact, has been improved, however slowly. It is important to understand that there is nothing inherent in the Windows experience which prohibits security. Rather, it is a deliberate design choice on the part of MS.
Re: CVV numbers
On Sat, Jun 09, 2012 at 02:18:15PM -0400, Alexandre Carmel-Veilleux wrote: On 2012-06-09, at 10:56, Owen DeLong o...@delong.com wrote: How does having the CVV number prove the card is in my possession? It doesn't, it merely proves you must have handled the card physically at some point since storing that value in a database is forbidden. Verified by Visa and the MasterCard equivalent actually prove that you are the rightful card holder. Unlike CVV numbers, they actually exempt the merchant from chargebacks (or did circa 2003). Alex Before the days of online transactions, how many people even knew a portion of their CC let alone the verification tag? The main weakness of CVV2 these days is form history in browsers. (auto complete). Now, if someone can get ont your PC, they not only get the credit card number (which there are myriad different ways to get) but the CVV as well so that mechanism is, now, all but useless. Add to that the fact online merchants don't even have to appear in the same country, let alone region, and the location of purchase relative to the home residence of the user doesn't mean much either so can't act as an effective secondary if the information were to be captured. Just like all other forms of security and fraud protection that we in the online community try to enable, eventually something comes along that makes the job a lot harder. Having these mechanisms is better than not having them but there will never be a perfect system. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: BGP ORF in practice
On Thu, May 31, 2012 at 10:59 AM, Rob Shakir r...@rob.sh wrote: It has some potential to be difficult to manage where implementations begin to experience complexities in building UPDATE message replication groups (where peers have a dynamic advertisement (egress) policy due to ORF, then this may mean that the number of peers with common UPDATE policies reduces, and hence concepts like policy-driven UPDATE groups become less efficient). This may impact the scaling of your BGP speakers in ways that are not easy to model - and hence may be undesirable on PE/border devices where control-plane CPU is a concern. Makes sense - ORF would reduce the net amount of processing required, but puts more of it on the advertising side. In an inter-domain context, I have seen some discussion of ORF as a means by which an L3VPN customer may choose to receive only a subset of their routing information at particular low feature sites - but the inter-operability issues mentioned above resulted in this not being deployed. Do you have a similar deployment case? My deployment case is as an end user of multiple ISPs. At previous jobs (at service providers) I got used to the flexibility provided by multiple full tables, but at this job I don't have the budget for hardware that's really designed to handle that. Without ORF, my choices are: 1.) default prefixes only Way too little control for my taste. I'm stuck either letting it pick one best 0/0 to use or tweaking the config so that I can do ECMP (which freaks out support staff when their traceroute bounces around). 2.) default + subset (such as customer routes) Better than #1, but less flexible if I want to steer a prefix anywhere other than to a service provider which is advertising it to me. 3.) default + full Flexible in that I can filter what I accept and still rely on the 0/0 prefix for full reachability. The control plane on my routers can handle that many prefixes in memory, but it bogs them down a bit and I have to be careful of how many prefixes I let into the forwarding table. Thanks for the input. It sounds like ORF could be viable, but only if the service provider is amenable and the equipment is compatible. :w
BGP ORF in practice
What's the general consensus (hah! ;) regarding the use of RFC5291 BGP outbound route filtering? It's worked well for me in the lab, but I have yet to use it in a live environment (and I don't know that most service providers would know what I was talking about if I asked for it). Does it work great or does it end up being more pain than it's worth? Thanks :w
Re: pbx recco
Randy, Greets from 105/102! Now that I've said that I have had some luck with Trixbox. His fun will be getting the Cisco phones talking sip and liking it. Wayne On Tue, May 15, 2012 at 10:00 AM, Randy Bush ra...@psg.com wrote: have a friend who is a penguinista and wants to run a simple soft pbx. support of soft phones, 7960s, connect to a commercial sip gate, ... reccos for a packaged solution. i run a raw asterisk and would not wish it on my worst enemy. randy
Re: Common operational misconceptions
Or more to the point, it is a misconception that traffic is symetrical (the path out and the path back are the same) whereas in the present network, symetrical paths are the exception rather than the rule, especially as your radius increases. On Wed, Feb 15, 2012 at 07:17:57PM -0500, Lee wrote: traceroute shows _a_ path. Your packets might have taken a different path. ( the return traffic yet another) --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: LX sfp minimum range
On Thu, Jan 26, 2012 at 10:48:05PM +, Gary Buhrmaster wrote: On Thu, Jan 26, 2012 at 13:47, David Storandt dstora...@teljet.com wrote: You can put a 3dB or 5dB optical pad on the link if the receiver can't handle zero-distance optical power. As I recall, the problem may not only be the power (which can cause receiver saturation), but issue that fibre paths shorter than (around) 2-10m do not properly condition the light(*), which can result in some issues at the receiver. Gary (*) My memory says modal distribution issues. While 'single mode' fibre only supports one mode of transmission, it takes a short distance for the fibre to really be single mode. You can use a mode filter to address the problem, or just use fibres that are at least a few meters. When optics started to become scarce at various times, I've done a number of back-to-back connections using SM fiber and have had zero issues. I wouldn't even worry about it. Remember, many carriers won't even touch MM and they aren't chronically reporting issues or going to lengths to work around them. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
RE: Inaccessible network from Verizon, accessible elsewhere.
Yes www.speedtest.net www.gotomypc are also inaccessible or very slow along with many other sites. Experiencing these problems in Nassau and Westchester County on consumer fios. -Original Message- From: Brandon Kim [mailto:brandon@brandontek.com] Sent: Monday, December 12, 2011 11:02 AM To: nanog group Subject: RE: Inaccessible network from Verizon, accessible elsewhere. Yes I am in Rockland. I failed to mentioned that I was having issues with consumer FIOS. Is anyone with Verizon on this list? This morning www.cisco.com and www.nfl.com works now. They didn't last night. There are still some websites that won't load or slow to load From: mh...@ox.com To: maill...@webjogger.net; nanog@nanog.org Date: Mon, 12 Dec 2011 08:44:56 -0500 Subject: RE: Inaccessible network from Verizon, accessible elsewhere. DSLReports Verizon forum reports routing issues in Westchester, Rockland and Nassau. I tried a few traceroutes this morning. Some went through fine, others died at the first hop within Verizon. People are reporting mixed results calling Verizon. Some techs are saying it's a known issues, others are going through the standard script (reboot router, reboot ONT, check settings on browser, i.e. clueless, even to the point of saying that the person's router is bad and they would send them a new one). Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff| Fax: 914-460-4139 -Original Message- From: Adam Greene [mailto:maill...@webjogger.net] Sent: Monday, December 12, 2011 1:27 AM To: nanog@nanog.org Subject: Re: Inaccessible network from Verizon, accessible elsewhere. We're having strange issues in NYC metropolitan area. We can trace from Verizon FIOS to some IP addresses of our ASN 11579 block. Others don't work. The IP's that don't work seem to die at 130.81.107.228 on the Verizon network. Something is rotten in Denmark. Or NY. You know what I mean. On 12/12/2011 1:02 AM, Christopher Morrow wrote: On Sun, Dec 11, 2011 at 10:54 PM, Matthew Huffmh...@ox.com wrote: Consumer fios. Verizon forums are full of posts about it. Too tired this evening to worry about it. :( I'll have to do some testing when I get near a consumer fios then... So, they squash all DNS NOT to their complexes, that seems rather dastardly of them... considering they deployed that hateful paxfire/nominum garbage on their recursive servers :( -chris On Dec 11, 2011, at 10:48 PM, Christopher Morrowmorrowc.li...@gmail.com wrote: On Sun, Dec 11, 2011 at 10:28 PM, Matthew Huffmh...@ox.com wrote: I'm seeing the same thing from my home lan via fios. I've run a recursive dns server for years and can't reach the roots. Had to switch to using verizon's dns servers as forwarders. business or consumer fios? 3 G0-9-4-7.WASHDC-LCR-22.verizon-gni.net (130.81.104.180) 6.662 ms 6.739 ms 6.788 ms 4 so-14-0-0-0.RES-BB-RTR2.verizon-gni.net (130.81.22.56) 6.852 ms 15.384 ms 8.184 ms 5 0.ae2.BR1.IAD8.ALTER.NET (152.63.32.158) 12.857 ms 12.927 ms 13.004 ms 6 dcp-brdr-03.inet.qwest.net (63.146.26.105) 12.429 ms 7.847 ms 6.464 ms 7 lap-brdr-03.inet.qwest.net (67.14.22.78) 89.140 ms 88.929 ms 89.032 ms 8 63.146.26.70 (63.146.26.70) 94.879 ms 94.580 ms 93.120 ms 9 sl-crs1-kc-0-0-0-2.sprintlink.net (144.232.18.112) 58.520 ms 58.330 ms 58.186 ms 10 144.232.25.193 (144.232.25.193) 49.950 ms sl-crs1-oma-0-9-2-0.sprintlink.net (144.232.2.177) 49.962 ms sl-crs1-oma-0-8-0-0.sprintlink.net (144.232.8.171) 47.687 ms 11 sl-crs1-oro-0-3-3-0.sprintlink.net (144.232.25.207) 84.416 ms 83.266 ms sl-crs1-oro-0-12-3-0.sprintlink.net (144.232.25.73) 84.667 ms 12 124.215.199.122 (124.215.199.122) 195.590 ms * * all of this seems to point at some kddi.net rouer gobbling packets, no? (since pretty much everyone's got the same terminating hop) - also note that while some folks traverse L3, my route is via qwest... it's interesting that 701 isn't picking their other peer (sprint) here directly, no? Sent from my iPad On Dec 11, 2011, at 8:07 PM, Brandon Kimbrandon@brandontek.com wrote: I too am now experiencing issues. I cannot get to www.cisco.com and various websites. Some websites work lightning quick, some take a long time to load, and some just don't load at all. Date: Mon, 12 Dec 2011 09:55:40 +0900 From: ra...@psg.com To: nanog@nanog.org Subject: Re: Inaccessible network from Verizon, accessible elsewhere. from home lan % traceroute gw-li377.linode.com traceroute to gw-li377.linode.com (106.187.34.1), 64 hops max, 52 byte packets 1 192.168.0.1 (192.168.0.1) 1.471 ms 0.725 ms
IP addresses are now assets
From http://www.detnews.com/article/20111201/BIZ/112010483/1361/Borders-selling-Internet-addresses-for-$786-000 Borders selling Internet addresses for $786,000 Bill Rochelle/ Bloomberg News Borders Group Inc., the liquidated Ann Arbor-based bookseller, will generate $786,000 by selling Internet addresses, thanks to the current shortage. In September, Borders was authorized to sell most of the intellectual property to Barnes Noble Inc. for $13.9 million. Borders' block of 65,536 IPv4 Internet protocol numbers weren't sold. After negotiating with multiple prospective buyers, Cerner Corp. agreed to buy the Internet addresses for $12 each. Other bids were as low as $1.50 each, according to a bankruptcy court filing. The sale to Cerner is scheduled for approval at the Dec. 20 hearing where Borders also hopes the bankruptcy court will confirm the liquidating Chapter 11 plan. The plan distributes assets in the order of priority called for in bankruptcy law. The disclosure statement says unsecured creditors with $812 million to $850 million in claims can expect to recover from 4 percent to 10 percent. The projected recovery doesn't include proceeds from lawsuits. Borders completed liquidating the remaining stores in September and separately sold store leases and intellectual property. Borders had 642 stores on entering bankruptcy in February and was operating 399 when the final liquidations began. It listed assets of $1.28 billion and liabilities totaling $1.29 billion.
Re: Steve Jobs has died
On Wed, Oct 05, 2011 at 08:15:02PM -0400, Alex Rubenstein wrote: Not entirely on-list-topic, but still relevant. http://news.cnet.com/8301-13579_3-20116336-37/apple-co-founder-chairman-steve-jobs-dies/?tag=cnetRiver In some circles, he's being compared to Thomas Edison. Apply your own opinion there whether you feel that's accurate or not. I'll just state this: Both men were pasionate about what they did. They each changed the world and left it better than they found it. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: iCloud - Is it going to hurt access providers?
On Sun, Sep 04, 2011 at 12:56:25PM +0200, Florian Weimer wrote: * Wayne E. Bouchard: the users will screw themselves by flooding their uplinks in which case they will know what they've done to themselves and will largely accept the problems for the durration With shared media networks (or insufficient backhaul capacities), congestion affects more than just the customer causing it. Okay, so to state the obvious for those who missed the point... The congestion will either be directly in front of user because they're flooding their uplink or towards the destination (beit a single central network or a set of storage clusters housed at, say, 6 different locations off 3 different providers.) It is very hard, in my experience, for something like this to congest the general network. The congestion occurs where either bandwidth drops off--such as with the edge dialup, DSL, or cable modem link--or traffic concentrates. Just like someone broadcasting a concert. Either you as a user can't receive the feed because your pipe isn't big enough for the stream or the network/servers sourcing the traffic get bogged down and, generally, the rest of the folks out there not watching the feed don't know there's a problem. If you're not participating in that traffic, the likelihood that you'll be impacted by it drops off dramatically. Yes, the PTP model will behave a little differently but in that case, you're more likely to see individual users having issues (either hosts or clients) rather than everyone as a whole and it *still* won't impact the broader network. The more central clusters you add, the more the traffic pattern will start to behave like the PTP scenario and the lower the probabilty of broad impact. My point was simply that if you think it through, there really isn't any reason to be concerned about it. (It can't be any worse than the Jackson verdict or the Pope and, as far as I recall, since we're all still here, I don't believe the world ended when those events happened.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: iCloud - Is it going to hurt access providers?
If you're worried about the problem of tens of thousands of users simultaneously trying to upload files to a central point then I'm not the slightest bit concerned about the network as a whole. In this circumstance, one of two things will happen and possibly both, depending: either a) the users will screw themselves by flooding their uplinks in which case they will know what they've done to themselves and will largely accept the problems for the durration or b) (and far more likely) the links apple is using will become flooded or the systems overloaded in some way or another in which case the customers will say, MAN, this *SUCKS* and likely whine at apple. Because the nature of the traffic isn't much different than, say, a windows patch release, the traffic won't be *all of a sudden* but will be spread out over hours and days. The probability of it causing disruptions anywhere but at the immediate source or within the near vicinity of the desination is low, as I see it. IMO, the only ones who really need be concerned are Apple's bandwidth prodivers because traffic will be concentrating within their networks and especially in the nodes apple connects to. -Wayne On Sat, Sep 03, 2011 at 11:20:13AM +, Skeeve Stevens wrote: Hey all, I've been thinking about the impact that iCloud (by Apple) will have on the Internet. My guess is that 99% of consumer internet access is Asymmetrical (DSL, Cable, wireless, etc) and iCloud when launched will 'upload' obscene amounts of gigs of music, tv, backups, email, photos, documents/data and so on to their data centres. Now, don't misunderstand me, I love the concept of iCloud, as I do DropBox, but from an Access Providers perspective, I'm thinking this might be a 'bad thing'. From what I can see there are some key issues: * Users with plans that count upload and download together. * The speed of Asymmetric tail technology such as DSL * The design of access provider backhaul (from DSLAM to core) metrics * The design of some transit metrics So basically the potential issue is that a large residential provider could have thousands of users connect to iCloud, their connections slowed because of uploading data, burning their included bandwidth caps, slowing down the backhaul segment of the network, and as residential providers are mostly download, some purchase transit from their upstreams in an symmetric fashion. This post is really just to prompt discussion if people think there is anything to actually worry about, or there are other implications that I've not really thought of yet. ?Skeeve -- Skeeve Stevens, CEO - eintellego Pty Ltd - The Networking Specialists ske...@eintellego.netmailto:ske...@eintellego.net ; www.eintellego.net Phone: 1300 753 383 ; Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego or eintell...@facebook.commailto:eintell...@facebook.com twitter.com/networkceoau ; www.linkedin.com/in/skeeve PO Box 7726, Baulkham Hills, NSW 1755 Australia -- eintellego - The Experts that the Experts call - Juniper - HP Networking - Cisco - Brocade --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: London UK smart hands recommendations?
On Fri, 2011-07-15 at 16:30 +0100, Mark Blackman wrote: In the unlikely event no one else suggests them, I'll point you at NetSumo, http://www.netsumo.com/ +1, lots of clue available at Netsumo. +2 for Netsumo Wayne
Re: Hotmail?
As far as commercial packages go, Surgemail is worth a look. Very affordable and insanely powerful and customizable. The support team is the development team. It's not uncommon for bugs to be fixed in hours to day and even new features requests to be added in days to weeks. Runs on practically any major OS you prefer... -Vinny +1 for Surgemail Have been running it for years and it's rock solid. Wayne
Re: 365x24x7
Rotating shifts between daytime and nighttime is a horrible thing to do to your workers, both for their health and their attention span. One of the places I worked had the following pattern. It was horrible 2 days/shifts of 6am till 6pm 2 days/shifts of 6pm till 6am 4 days off Wayne
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, Apr 11, 2011 at 08:55:05AM -0700, George Bonser wrote: Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra I don't think it means so much that prices will go up, just that it will slow the decline. Oh, trust me. I fully believe it will make prices go up. Anytime you take a major competitor out of the ball game, the negotiations shift towards center mass. That's just the way things go. The only saving grace may be that it opens the door for one of the little guys to get a bit bigger and start drawing cash away from the behemoths out there. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Connectivity status for Egypt
On Fri, Jan 28, 2011 at 02:07:51PM -0800, Bill Stewart wrote: On 1/28/11, andrew.wallace andrew.wall...@rocketmail.com wrote: We should be asking the Egyptians to stagger the return of services so that infrastructure isn't affected, when connectivity is deemed to be allowed to come back online. Well, yeah, it has to be done carefully, otherwise the first guy to turn on an E1 line that announces routes for the entire country is going to have his router overheat and the blue smoke get out If we're lucky, the Army won't damage too much as they either win or lose. It depends on what remains functional after the fact. If there is no demand for traffic, then routes will be stable and the session will stay active. If the link fills, the session bounces as packets get dropped. It also depends on whether the person turning up that first E1 actually has much behind them and whether those people have much connectivity that doesn't require shrapnel removal. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 5.7/5.8 GHz 802.11n dual polarity MIMO through office building glass, 1.5 km distance
Codes are usually defined in one of two ways... Either cannot be above the building parapet or cannot be visible from the street below (which allows you to position a stant at the center of the roof so you can clear the parapet) but when talking to building management, it can very easily be, can't put anything on the roof So to be certain we're not missing an opportunity, do you know that you don't actually have the second of those definitions as an option? In my area, neighboring jurisdictions adopt either the first or the second with building management usually adopting the first and making my life difficult. (IE, can do it in one place but not on the companion building.) On Tue, Dec 28, 2010 at 09:51:48PM -0800, Joel Jaeggli wrote: On 12/28/10 8:48 PM, Anonymous List User wrote: For architectural and building management reasons we cannot mount our antennas in a rooftop or outdoor location at either end. The distance between two buildings is 1.5 km, and the fresnel zone is clear. Antennas need to be located indoors at both ends and will be placed on small speaker stand tripod pointing at windows. This has been done successfully before with 2.4 GHz 802.11g equipment and a link from an office in the Westin to a nearby apartment building, but I am unsure of what effect glass will have on 5 GHz. Has anyone tried this? glazed windows (which is tin in general) are a problem... when most of your radiation as being thrown right back at you that is a challange. The goal of this link is to achieve a 10 Mbps+ full duple bridge to a building which is only serviced by ADSL2+ Telus service in a Western Canadian city. Telus' upstream speed offering do not exceed 1 Mbps. Equipment. These have been used successfully for MCS13/MCS14 50 Mbps+ bridges at 11 km distance between towers. http://ubnt.com/nanobridge http://www.ubnt.com/downloads/nb5_datasheet.pdf --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Abuse@ contacts
How many of you (honestly) actively manage and respond to abuse@ contact details listed in WHOIS? Or have had any luck with abuse@ contacts in the past? Who's good and who isn't? I answer ours, and I've sent a few abuse complaints (sometimes in error...) I haven't kept count, but I'd say I get an answer at least 50% of the time. My support team and I always answer ours. The only mail auto deleted is when the person contacting us actually tried to send us a copy of the virus they received. Damn they got all pissed when the mail was auto dropped. Wayne
Re: How to have open more than 65k concurrent connections?
On 2010-10-14 12:53, Joel Jaeggli wrote: you've only got 64511 ports per ip on the box, to use for outgoing connections. As long as you're not connecting to the same destination IP/port pair, the same source IP/port pair can be reused. So even for outgoing connections there is virtually no limit. I suspect it has more to do with NAT connection tracking on his DSL router. Wayne
Re: Dutch Hotels Must Register As ISPs
Okay, if we go down that road, that makes Starbucks, Borders, a number of restaurants, and any other place that offers publically accessible wifi (free or otherwise) an ISP. If they start to increase the burden on these businesses, expect to see wifi hotspots diminish. IMO, that classification would be a bad thing. On Wed, Oct 13, 2010 at 11:04:19AM +0200, Henk Uijterwaal wrote: On 13/10/2010 10:41, Jeroen Massar wrote: On 2010-10-13 10:25, Hank Nussbacher wrote: http://yro.slashdot.org/story/10/10/13/0044233/Dutch-Hotels-Must-Register-As -ISPs I don't see the problem here, they are generally already outsourcing the ISP part anyway to a company, and that company is generally already a ISP. If I read the various links in the articles (most of them in Dutch), then one of the questions is if reselling services from an ISP, makes the reseller itself an ISP. The telecom regulatory body (OPTA) says yes, the association of hotel owners (KHN) says no. There are legal arguments either way. Henk -- -- Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.xs4all.nl/~henku P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The NetherlandsThe NetherlandsMobile: +31.6.55861746 -- I confirm today what I denied yesterday.Anonymous Politician. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/