Fw: new message
Hey! New message, please read <http://documation.greatapes.com/likely.php?x> Wayne E. Bouchard
Re: Ear protection
So I intended to provide a few short comments on this but got on a roll. The below may be of more or less use to you but this is the way I look at things. Listening to music isn't all that bad a means of dealing with noise for shorter periods such as the odd onsite engineers have to do because either you're out of techs or it's a really complicated or delecate job and it requires more care than the average datacenter tech or (heaven forbid) remote hands can provide (because they don't normally do that stuff), especially if you're either using ear buds or full cup over the hear headphones because the mere fact of wearing these will probably cut 5-10db off the ambient. (I have a pair I use for mixing and production use that do much better than that even.) Second, the presence of music, as long as it ain't overly loud itself, tends to also not merely cover but it gets the ear doing different things so it's no longer focusing on the particular frequency set of the fans. If you're a datacenter or field tech, noise canceling headphones are basically a must. If that's not your bag and you don't need to be on the phone (I strongly advocate electronic means of communication such as google chat, SMS, irc, or otherwise just because it's more certain and doesn't require you to shout or listen to very loud background noise), then go with foam ear plugs. Carry a small package of them in your bag. They also tend to irritate your ears less than platic ear plugs and ear buds because the form to the ear, not force tissue around. On noise standards, accuracy of the meter isn't really important (as long as it isn't useless) because it's more of a "I should be thinking about it" threshold. But make absolutely sure you are measuring the A weighted noise curve, not the C weighted or your not measuring the noise that will most impact your hearing. You should also not rely on your employer providing ear protection. You should take it on yourself to guard against tinitis. (No fun. I have a touch of it in my left ear but not from music or concerts. From randomness. Overly loud music or sharp noises can set it off and it'll annoy me for at least a couple of hours until it drops back down to easily ignorable levels.) I just had to do 6 hours of wiring and cable management in some racks I've been helping assemble, meaning my head and hands were not in the middle of the aisle, but right behind the machines. It was only when I stepped away from the racks after the first hour or so to get supplies that I realized, "MAN, that's loud!" So if you're routinely in that environment, make ear protection a habit. You can buy a better set of headphones. You can't buy a better set of ears. Note also that in the last 15 years, fan speeds and drive speeds have increased as equipment has gotten more and more dense and as a result manufacturers have had to up the air velocity in order to cool the gear and that has generally meant small, steeply pitched, very fast fans. (This is especially true of servers built to be densely rack mounted and yet provide capacilities to house lots and lots of drives in that small footprint. Look at your average 1U crammed with these small drives. Have to get air through there somehow.) This has caused a shift in frequency as well as an increase in intensity. So the characteristics of the noise has changed. That's important because the current noise is closer to the center of our range of hearing and don't forget the harmonics. So not only has the noise gotten louder, it is now in a range where our ears are more sensitive to it and therefore it is more important to take measures to guard against. I happen to have a measurement mic and a decent spectrum analyzer plugin. I may take some measurements just to illustrate the makeup at various points. May even be worth a paper if I can get some equipment and colo vendors to cooperate and feed me data. -Wayne On Wed, Sep 23, 2015 at 12:13:08PM -0400, Lamar Owen wrote: > On 09/23/2015 10:09 AM, Keith Stokes wrote: > >Since I???m in our colo facility this morning, I decided to put some > >numbers on it in my little isolated corner with lots of blowers running. > > > >According to my iPhone SPL meter, average SPL is 81 - 82 dB with peaks 88 > >- 89 dB. > > > > > With SPL that close to the recommended maximum, the accuracy of the SPL > measurement is rather critical. I would not trust my smartphone's mic > to have sufficient accuracy to protect my hearing unless it is > calibrated to a known source SPL using pink noise of a particular > weight. The calibration SLM should be a 'real' SLM, such as a Bruel & > Kjaer Type 2250 or similar with proper transducers. (Yes, I know, a B > 2250 will set you back nearly $4K, but, just what is your hearing > worth? A pair of hearing aids will set you (or your insurance company > at least) back $4K too). I used a vintage B transducer with a > custom-built SLM-rated spec-an years ago at a local manufacturer's sound >
Re: Ear protection
If you go the "molded to my ear" route, do not forget that your ears will tend to change over time and these must be replaced periodically or they'll become uncomfortable and less effective. (I forget what the recommendation is but I think every 1-2 years at the outside.) On Wed, Sep 23, 2015 at 10:29:25AM -0400, David Hubbard wrote: > I wear one of two things: > > 1) The 3M Peltor 105 ear muffs which offer 30db reduction. > I keep them in my car because I also use them for the gun > range, they fit snug but not annoying. They're only $18 > on amazon: http://tinyurl.com/peltor105 > There's also a behind the head bar if you don't like the over > the top kind. > > 2) A lot more expensive, but with a side benefit; I have > a custom set of ear plugs that I use for go kart racing so > I can have radio communication. You can get them online > or at most race tracks on a race day. Someone, or DIY at > home, will use a big syringe to squirt the mold liquid in > your ear, it sits for 60 seconds, then they pull it out and > send it off to have the ear plugs made. They're very good > at eliminating noise but have the side benefit of a > headphone plug so you can still use your phone, ipod, etc. > while you're in the data center. :-) > > David > > > -Original Message- > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of > > Nick Hilliard > > Sent: Wednesday, September 23, 2015 5:34 AM > > To: nanog@nanog.org > > Subject: Ear protection > > > > What are people using for ear protection for datacenters > > these days? I'm down to my last couple of corded 3M 1110: > > > > http://www.shop3m.com/3m-corded-earplugs-hearing-conservation- > > 1110.html > > > > These work reasonably well in practice, with a rated nominal > > noise reduction rate of 29dB. Some people find them > > uncomfortable, but they work well for me. > > > > There are other ear plugs with rated NRR of up to 32-33dB. > > Anyone have any opinions on what brands work well for them? > > > > Nick > > > > --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Zayo/AboveNet
ASNumber: 701 - 705 ASName: UUNET ASHandle: AS701 RegDate:1990-08-03 Updated:2012-03-20 Ref:http://whois.arin.net/rest/asn/AS701 Although not having been updated yet makes it one of the older registry entries, having just passed 25 years.. On Mon, Aug 10, 2015 at 09:08:16AM -0500, Blair Trosper wrote: UUNet would have been 40% funnier. (I rounded up from 39.975%) On Mon, Aug 10, 2015 at 8:57 AM, Bill Woodcock wo...@pch.net wrote: On Aug 10, 2015, at 8:45 AM, Blair Trosper blair.tros...@gmail.com wrote: Anyone know why Zayo still hasn't renamed the BGP AS network names for all the AboveNet ASNs? They don???t want to disrupt their Alternet peering sessions. -Bill --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: How our young colleagues are being educated....
On Mon, Jan 05, 2015 at 08:40:52AM -0600, John Kristoff wrote: On Thu, 25 Dec 2014 19:21:34 -0500 Miles Fidelman mfidel...@meetinghouse.net wrote: Cisco as the basis of networking material? Does nobody use Comer, Stallings, or Tannenbaum as basic texts anymore? I currently use a Comer book. I've also used a Tannenbaum book in the past, but not recently. My favorite book, when I've used it was Radia Perlman's. Increasingly I'm seeing a trend away from actually relying on books if even requiring them to be read anymore. This is both a trend with faculty and students. I frequently get asked if the book is required, even when the course page clearly says it is. Students and often faculty often I find rely too heavily on Wikipedia pages, which I've found myself going to update since they lead to wrong assumptions and answers in questions I've assigned. I like to augment, as many faculty do, classic or timely research papers into assignments so that students are at least forced to look at something other than vendor white papers and blog posts found in search engines. John Then again, no course on networking can be complete without a presentation involving ways in which things are not being used as originally designed because someone had an idea of how they could do it differently, for better or worse. (Ala the contradiction in terms that is HTTP streaming. Routers two continents away crashing as a result of eBGP packets for interprovider VPNs is another good one.) Nor can you call a course complete without a case study of where things do not work as intended and either very large pFail is the result or where a more complicated hack fix is needed as a workaround. Especially relevant with interoperability concerns when multiple vendors are involved. Those sorts of things you likewise do not often find in text books or white papers and probably not on Wikipedia either but they are at the core of what engineering and operations has contend with day by day. (Too often people conflate engineering with architecture and while they are very much related, they are not one and the same.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Cogent admits to QoSing down streaming
I agree. There's nothing wrong with it at all unless you claim you're not doing that and then do it secretly in order to forward an agenda. On Thu, Nov 06, 2014 at 12:12:43PM -0600, Blake Hudson wrote: If I were a Cogent customer I would like to have seen more transparency (an announcement at least). However, I don't see anything wrong with their practice of giving some customers Silver service and others Bronze service while reserving Gold for themselves. Even if applications like VoIP do not function well with a Bronze service level. Now, a customer that was under the impression they were receiving equal treatment with other customers may not be happy to know they were receiving a lower class of service than expected. This is not a net neutrality matter, it's a matter of expectations and possibly false or deceptive advertising. I would much rather see an environment where the customer gets to choose Gold, Silver, and Bronze levels of service for his or her traffic as opposed to an environment where the provider chooses fast/slow lane applications at their own discretion. --Blake Patrick W. Gilmore wrote on 11/6/2014 10:12 AM: http://blog.streamingmedia.com/2014/11/cogent-now-admits-slowed-netflixs-traffic-creating-fast-lane-slow-lane.html This is interesting. And it will be detrimental to network neutrality supporters. Cogent admits that while they were publicly complaining about other networks congesting links, they were using QoS to make the problem look worse. One of the problems in tech is most people do not realize tone is important, not just substance. There was - still is! - congestion in many places where consumers have one or at most two choice of providers. Even in places where there are two providers, both are frequently congested. Instead of discussing the fact there is no functioning market, no choice for the average end user, and how to fix it, we will now spend a ton of time arguing whether anything is wrong at all because Cogent did this. Wouldn't you rather be discussing whether 4 Mbps is really broadband? (Anyone else have flashbacks to 640K is enough for anyone!?) Or how many people have more than one choice at 25 Mbps? Or whether a company with a terminating access monopoly can intentionally congest its edge to charge monopoly rents on the content providers their paying customers are trying to access? I know I would. Instead, we'll be talking about how things are not really bad, Cogent just made it look bad on purpose. The subtlety of it _IS_ bad, Cogent just shifted some of the burden from VoIP to streaming is not something that plays well in a 30 second sound bite, or at congressional hearings. It's enough to make one consider giving up the idea of having a functioning, useful Internet. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Marriott wifi blocking
On Fri, Oct 03, 2014 at 02:23:46PM -0700, Keenan Tims wrote: The question here is what is authorized and what is not. Was this to protect their network from rogues, or protect revenue from captive customers. I can't imagine that any 'AP-squashing' packets are ever authorized, outside of a lab. The wireless spectrum is shared by all, regardless of physical locality. Because it's your building doesn't mean you own the spectrum. I think that depends on the terms of your lease agreement. Could not a hotel or conference center operate reserve the right to employ active devices to disable any unauthorized wireless systems? Perhaps because they want to charge to provide that service, because they don't want errant signals leaking from their building, a rogue device could be considered an intruder and represent a risk to the network, or because they don't want someone setting up a system that would interfere with their wireless gear and take down other clients who are on premesis... Would not such an active device be quite appropriate there? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
My take here is that I'd rather the FCC just leave it alone and see if the market doesn't work it out in some reasonable way. That is, to not even address it in rules, whether accept or prohibit. Just step back and make sure that all you see is dust rising and not smoke. These things take a while to resolve. This issue has been building for a while but hasn't really reached its pinnacle yet so who is to say what things will look like in five years from a business standpoint? To codify something pretty well means you want it to look a particular way or you are accepting a way of being that may or may not be in the interests of those concerned and pretty well ending discussion, negotiation, and experimentation regarding that point. The problem is that all the RBOCs/ILECs/Cable groups seem to be headed in the same direction (and most of them are trying to run their own CDN and force their customers to use it instead of a third party--and running them badly to boot. Sound familiar?) If that were not the case, such a scheme would not be viable since there would always be someone undermining it. (Like OPEC... The price they want is never what they get because some country or another is always selling more than they say they're going to because they want more money, meaning supply is greater than it should be and prices adjust accordingly.) It only takes one or two holdouts to upset the plans of all the rest. *shrug* I'll have to see how these changes are implemented and how things are interpreted before we know what this is going to do to competitveness. -Wayne On Thu, Apr 24, 2014 at 04:42:42PM -0500, Jack Bates wrote: On 4/24/2014 9:59 AM, Patrick W. Gilmore wrote: I think you and I disagree on the definition of anti-competitive. But that's fine. There is more than one problem to solve. I just figured the FCC thing was timely and operational. I agree with you, Patrick. Double digit/meg pricing needs to die. I'm not sure that the change really alters backbone policy, but it would definitely open the doors for bad things in the access networks. That being said, only the largest networks could put enough pressure to benefit from it, and some do that currently. I also don't see this as any different than the business model some streaming sites enforce where the ISP must pay for stream access based on their subscribers instead of interested subscribers just paying for an individual account. Fair is fair, and some of the streamers have been hitting ISPs longer. Once again, only the largest streamers can hope to get away with it, and only the largest ISPs can get the low priced deals. In both cases, it's the small ISPs and small content providers that suffer. I don't see the FCC stopping megacorp bullying anytime in the near future. Jack --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Level 3 blames Internet slowdowns on Technica
On Fri, Mar 21, 2014 at 02:30:45PM +, Sholes, Joshua wrote: http://www.newnetworks.com/ShortSCANDALSummary.htm This boooklet is now maybe ~5-10 years old so it doesn't reflect more recent developments. We *let* the monopolies (er, duopolies in some cases) get away with the regulatory and legislative manipulation that led to the current outcome, That's definitely its own set of problems completely outside of where one stands on any idea in the space or on the regulation vs. competition debate in general. Regulation does no good unless it's enforced, and competition can't exist meaningfully in an environment where unfair business practices are allowed to exist. Which are both permitted and perpetuated in large part by the regulatory environment we are made to operate under. Monopolies usually require some sort of government support in order to survive. Don't forget that it is the old companies (regardless of their current name) making life difficult for the content carriers. They don't want to adapt so they are lobbying to enact policies which make it easier for them to sit there and be stagnant dinosaurs while the rest of the world moves on. It's the same thing the record companies are doing on with a different flavor. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: competition (was: Level 3 blames Internet slowdowns on Technica)
The impact of competition was extensively questioned and researched with respect to U.S. Government contracting rules in the early '80s. This led to the Competition in Contracting Act of 1984. Since then there's been the routine grumble about the lowest quality bidder and the periodic scandal involving a no-bid contract but no serious question about whether competition reduces cost and improves options. Unless the data starts to suggest otherwise, it's basically a settled matter. And that, of course, is that the government doesn't have to care about profit and loss nor quality of workmanship. If they don't like it, they just throw more money at it. A private entity, on the other hand, may cease to be a going concern if they don't weigh carefully who does work for them and how it is done. They also learn very quickly that lowest cost is not necessarily lowest cost because of the problem of compensating for shoddy work. Government doesn't have to learn this lesson, especially when palms are getting greased and spoils are being distributed. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: L6-20P - L6-30R
The whole point behind the locking connectors (like the IEC connectors) is to prevent you from plugging the wrong connectors together. Not only are the different dimensions, but the prongs are keyed differently as well. If you put a L6-20P device into a L6-30R, then it was done by physically replacing the plug on the PDU, not by making it work. I have had to do this at times but it is not strictly allowed by codes and not at all recommended. -Wayne On Tue, Mar 18, 2014 at 03:46:26PM -0700, Mike Hale wrote: They're different. You can't force them. On Tue, Mar 18, 2014 at 12:24 PM, Randy a...@djlab.com wrote: I have a situation where a 208v/20A PDU (L6-20P) is supposedly hooked to a 208v/30A circuit (L6-30R). Before I order the correct PDU's and whip cords...sanity check...are connectors 'similar' enough that this is possible (with force) or am I going to find we've actually got L6-20R's on the provider side? -- ~Randy -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: L6-20P - L6-30R
On Tue, Mar 18, 2014 at 09:39:46PM -0400, William Herrin wrote: There just aren't a whole lot of failure modes here that result in fire short of one or the other breaker failing. And that results in fire regardless of the amperage mismatch. This, by the way, is why you're allowed to plug that 22 gauge Christmas light wire into a 15 amp receptacle even though it can't handle 15 amps: the 3 amp fuse will blow if there's a short. Just don't plug in anything with lower-rated wire that doesn't have its own breaker or fuse. Regards, Bill Herrin And that is the result of the way things have been set down. The electrical code (as well as just general common sense) requires that there are multiple levels of protection specifically to try to avoid weird failure modes. So what we end up with is wire that is overrated for the current it is supposed to carry, multiple fusable links inbetween point A and point B and a grounding system that is supposed to safely direct voltage away from people in the event that everything else fails. So back to what I said before, I don't like doing stuff like that and don't advocate it if for no other reason that it makes good sense not to put yourself into a potentially problematic situation. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: US to relinquish control of Internet
On Sat, Mar 15, 2014 at 08:08:47PM -0400, John R. Levine wrote: The ITU is an agency of the United Nations.Which is an organization created by treaty, of which various nations' governments are members. Actually, the ITU is more than twice as old as the UN, and merged with the UN in 1947. As noted in a previous message, the ITU has both government and non-government members, more of the later than the former, which arguably makes it a multi-stakeholder entity. I entirely believe that NTIA doesn't want the ITU involved with ICANN, but the ITU has made it abundantly clear over the years that it wants a seat at the table, preferably its own table. I listened to the ICANN press conference this morning, the gist of which was don't worry, nothing will change, but once the NTIA opens up the ICANN management contract (or whatever it's called these days) to other parties, keeping the ITU out will be a challenge. R's, John Yes, the ITU is a very old agreement. It's also been more or less painless to us on the low end of the ladder even though of late they are doing their best to screw it up. Personally, I'm not too terribly worried about ICANN. Granted, the politicians have gotten markedly more efficient at converting gold into sh** in recent years but I think it will take them quite a while to royally fk up the internet, especially if they are relying on going through ICANN to do it. What's the worst they can do at this point? Make .bobtodd and .bubbagump TLDs? This is different from some of the crap we've got now in what way?? -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: new DNS forwarder vulnerability
Have we ascertained if there is a typical configuration adjustment that can be made to reduce or eliminate the likelihood of impact? (From the description it sounds as though this is not possible but it doesn't hurt to ask.) On Fri, Mar 14, 2014 at 09:05:00AM -0700, Merike Kaeo wrote: On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote: On Fri, Mar 14, 2014 at 01:59:27PM +, Nick Hilliard n...@foobar.org wrote a message of 10 lines which said: did you characterise what dns servers / embedded kit were vulnerable? He said We have not been able to nail this vulnerability down to a single box or manufacturer so it seems the answer is No. It is my understanding that many CPEs work off of same reference implementation(s). I haven't had any cycles for this but with all the CPE issues out there it would be interesting to have a matrix of which CPEs utilize which reference implementation. That may start giving some clues. Has someone / is someone doing this? - merike --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ddos attack blog
On Thu, Feb 13, 2014 at 08:01:27PM -0500, Jared Mauch wrote: I would actually like to ask for those folks to un-block NTP so there is proper data on the number of hosts for those researching this. The right thing to do is reconfigure them. I've seen a good trend line in NTP servers being fixed, and hope we will see more of that in the next few weeks. A slight exception to that statement, if I may... The right thing to do is for people to not permit services to operate on hosts they do not intend to operate on and not to be visible to those they do not intend to use them. In other words, to properly manage their networks. If that means blocking all access to potentially faulty implementations, then that's the right thing to do. In short, companies should do what is right for their companies and nevermind anyone else. Never forget that researches are just part of the public and should never consider that their usage of the internet is any more or less valid to the average third party than the next guy. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Why are we fixated on Multimode fiber for high bandwidth communication?
Basic economics. MM optics come with looser tolerances and are therefore easier to produce. The wider core of the fiber and higher dispersion allowances also mean that the fiber is easier to make. The fiber, though, is the small end of this equation. The optics are the big one. For those who are buying two or three optics a year, a $150 price difference is no big deal. For those who buy two or three hundred optics every other month, this really makes a difference and those are the ones driving the MM development. -Wayne On Tue, Dec 31, 2013 at 02:08:36PM -0500, Jared Mauch wrote: On Dec 31, 2013, at 2:00 PM, eric clark cabe...@gmail.com wrote: Anyone know why the industry has their head stuck on MultiMode? at 10G the optics costs are about 1/3 that of SMF (SR vs LR). We tend to keep things SMF, but within many older datacenters MMF is broadly available and does meet the needs at a lower cost. There seems to be a shifting trend as well in UPC vs APC connectors. I think much of this problem is clearly articulated here: http://xkcd.com/927/ Everyones needs are a bit different. - Jared --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: What routers do folks use these days?
Brocade MLXe with the XMR cards is a good choice, yes, but -1 for What do you mean that this feature isn't fully implemented yet?? It's been in common use among other vendors for better than 10 years! They're a lot better than they were but still a bit lagging. -Wayne On Tue, Dec 10, 2013 at 10:15:10AM +, James Braunegg wrote: +2 for Brocade MLXe we use them globally now for almost 3 years and are very happy with them !! Brocade Rocks !! period !! Kindest Regards James Braunegg P:? 1300 769 972? |? M:? 0488 997 207 |? D:? (03) 9751 7616 E:?? james.braun...@micron21.com? |? ABN:? 12 109 977 666?? W:??www.micron21.com/ip-transitT:?@micron21 This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer. -Original Message- From: Elliot Finley [mailto:efinley.li...@gmail.com] Sent: Tuesday, December 10, 2013 9:29 AM Cc: nanog list Subject: Re: What routers do folks use these days? +1 for Brocade MLXe. Good Price. Good stuff. Good TAC. On Fri, Nov 29, 2013 at 1:19 AM, Fredy Kuenzler kuenz...@init7.net wrote: Am 29.11.2013 06:37, schrieb Jawaid Desktop: We're a service provider, and we have a network full of Cat6509's. We are finding that we are outgrowing them from the standpoint of their ability to handle lots of large routing tables. Obviously their switching capability is still superb but one of them with 20 peers is starting to groan a bit and RAM is going to be an issue soon. What do people use these days? Our backbone needs in the next 2-3 years are going to be sub-100Gbps. Check the Brocade MLXe series. We (Init7 / AS13030) are using them and the previous XMR series for years and are happy with it. CLI is Cisco-look-and-feel, the software tree has a clear structure (unlike Cisco with hundreds of versions) and the TAC is willing to ssh into your gear to assist. -- Fredy Kuenzler Init7 (Switzerland) Ltd. AS13030 St. Georgen-Strasse 70 CH-8400 Winterthur Twitter: @init7 / @kuenzler http://www.init7.net/ --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: If you're on LinkedIn, and you use a smart phone...
There's a reason I use an email alias if I sign up to places like that and why I do not place much information on these sites... There's a reason I maintain somewhere approaching 20 passwords in my head too and why the password I use for accessing my own systems will never be the password I use to access a system neither I nor my employer control. It's just common sense. Remember, the greatest threat to your privacy and security is YOU! How many of us go about detailing every aspect of our lives on facebook or twitter or something and, if someone is of a mind to comb through it, in the process self-disclose everything necessary for someone to basically become us? The hackers/corporate scrapers don't even really *HAVE* to try to thieve information anymore. We give it to them all without them even asking! -Wayne On Sat, Oct 26, 2013 at 02:16:05AM -0400, Jason Hellenthal wrote: Well said -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Oct 26, 2013, at 2:06, Jimmy Hess mysi...@gmail.com wrote: On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley hartl...@gmail.com wrote: Anyone who has access to logs for their email infrastructure ought probably to check for authentications to user accounts from linkedin's servers. [snip] Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and Webmail access to your corporate mail server from all of LinkedIn's IP space to a Honeypot that will simply log usernames/credentials attempted. The list of valid credentials, can then be used to dispatch a warning to the offender, and force a password change. This could be a useful proactive countermeasure against the UIT (Unintentional Insider Threat); of employees inappropriately entering corporate e-mail credentials into a known third party service with outside of organizational control. Seeing as Linkedin almost certainly is not providing signed NDAs and privacy SLAs; it seems reasonable that most organizations who understand what is going on, would not approve of use of the service with their internal business email accounts. -- -JH --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: abha ahuja
I met her briefly at the Phoenix NANOG back when. (I want to say she was speaking with Guy Tal at the time and that's who introduced me but not sure.) I was shocked to hear that she passed not all that long afterwards. She was bright and full of energy and not someone you would expect to see an obituary on just two or three years later. On Sun, Oct 20, 2013 at 01:36:13AM +0300, Randy Bush wrote: abha ahuja, researcher and operator, died this day in 2001 at a tragically early age. if you did not know her, search a bit. she did a lot, and with an open mind and heart. randy --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Cogent 100M DIA in Denver
It's worth pointing out that many IPv6 networks are unavailable from insert provider here. Hardly something to hold against them until the rest of us can all get our own houses in order... On Mon, Oct 14, 2013 at 01:41:48PM -0700, Constantine A. Murenin wrote: On 14 October 2013 12:57, Tri Tran trit...@cox.net wrote: They're lit in the bulding and have a much faster installation interval. How reliable are they? Tri Tran It's worth pointing out that many IPv6 networks are unavailable from Cogent; so, effectively, in 2013, you still can't get IPv6 connectivity from Cogent. C. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty
It's a good point to consider however that omits the probabilty that Canada is doing exactly the same thing as the U.S. and thus this may free you from certain legalities but does not actually ensure privacy. The other fact of this is that we are well aware that the NSA's database is being accessed freely by (at the very least) England and Australia (I think that's who I read) I believe with reciprical agreements and I'd be shocked if Canada isn't in there too. What are the ramifications of that? Do we even know? Points to ponder... -Wayne On Sat, Sep 07, 2013 at 02:08:31PM -0700, Paul Ferguson wrote: A Canadian ISP colleague of mine suggested that the NANOG constituency might be interested in this, given some recent 'revelations', so I forward it here for you perusal. Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ?boomerang routing? whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. Canadian originated transmissions that travel to a Canadian destination via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities ? a violation of Canadian network sovereignty. http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html Cheers, - ferg -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID -- Connect and Collaborate -- www.internetidentity.com --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: If you thought you had wire management issues in your facilities...
*shrug* Enh.. Looks pretty much like any colo site I've ever been in that's been maintained by nothing but remote hands for the previous 4 years... (equinix, are you paying attention?) -Wayne On Wed, Jun 19, 2013 at 01:04:17PM -0400, Tom Morris wrote: Radio Free Asia, Washington DC. https://www.facebook.com/photo.php?fbid=485799631503312set=gm.536342003094118type=1 Just remember, you're probably in better shape than them. If you look carefully on the right side you can see where some cables were left abandoned in place because they'd become unremovable from that giant set of dreadlocks. -- -- Tom Morris, KG4CYX Mad Scientist For Hire Chairman, South Florida Tropical Hamboree / Miami Hamfest Engineer, WRGP Radiate FM, Florida International University 786-228-7087 151.820 Megacycles --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: net neutrality and peering wars continue
On Wed, Jun 19, 2013 at 07:44:15PM -0400, Dorian Kim wrote: On Wed, Jun 19, 2013 at 06:39:48PM -0500, Leo Bicknell wrote: On Jun 19, 2013, at 6:03 PM, Randy Bush ra...@psg.com wrote: as someone who does not really buy the balanced traffic story, some are eyeballs and some are eye candy and that's just life, seems like a lot of words to justify various attempts at control, higgenbottom's point. I agree with Randy, but will go one further. Requiring a balanced ratio is extremely bad business because it incentivizes your competitors to compete in your home market. You're a content provider who can't meet ratio requirements? You go into the eyeball space, perhaps by purchasing an eyeball provider, or creating one. Google Fiber, anyone? Having a requirement that's basically you must compete with me on all the products I sell is a really dumb peering policy, but that's how the big guys use ratio. At the end of the day though, this comes down to a clash of business models and the reason why it's a public spectacle, and of public policy interest is due to the wide spread legacy of monopoly driven public investment in the last mile infrastructure. -dorian At the risk of inflaming passions, I'll share my opinion on this whole topic and then disappear back into my cubicle. For my part, peering ratios never made sense anyway except in the pure transit world. I mean, content providers are being punished by eyeball networks because the traffic is one way. Well, DUH! But everyone overlooks two simple facts: 1) Web pages don't generate traffic, users do. Content sits there taking up disk space until a user comes to grab it. (Not quite the case with data miners such as Google, but you get the idea.) 2) Users would not generate traffic unless there were content they want to access. Whether that is web pages, commerce pages such as Amazon or ebay, streams, or peer-to-peer game traffic, if there's nothing interesting, there's nothing happening. So both sides have an equal claim to it's all your fault and one seeking to punish the other is completely moronic. Traffic interchange is good. Period. It puts the users closer to the content and the content closer to the user and everyone wins. So I never once understood why everyone was all fired up about ratios. It just never made any sense to me from the get-go. To have government get into this will certainly not help the problem, it will just make it a hundred times worse. Remember the old saying that the eight most terrifying words in the English language are, I'm from the government. I'm here to help. and boy will they try to help. You'll be lucky if you as a company can keep still your doors open after they get done helping you. Anyhow, just my two bits. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: PRISM: NSA/FBI Internet data mining project
On Mon, Jun 10, 2013 at 04:36:32PM -0700, Scott Weeks wrote: NSA claims know-how to ensure no illegal spying: http://thegardenisland.com/news/state-and-regional/nsa-claims-know-how-to-ensure-no-illegal-spying/article_ec623964-d23a-53c6-aeb0-14bf325a7f3c.html scott We're the government. Trust us! --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: PRISM: NSA/FBI Internet data mining project
You can keep a hacker out, true, but you cannot keep the government out. When the force of law can be used to compell you to act against your wishes or your own best interests, all bets are of. Hackers sneak in through the back door. The govt just breaks the front door down and demands entry and that is what appears to have happened here. Remember that part of the issue is the fact that, thanks to the Patriot Act and FISA, not only can you be given a warrant that does not proceed through normal channels, you are forbidden from even acknowledging its very existence or risk prison. That's ideal conspiracy fodder. Add to that the ignorance of the common man combined with the fact that no one here should have any doubt that the NSA is capable of things you and I haven't even imagined yet, and what are you likely to end up with when a snooping story breaks? Nothing short of the NSA being remained to the National Surveilance Administration. My gripe is that they should not have this sort of power to begin with. Power will be abused, pure and simple. The only way to prevent the abuse of power by government entities is to deny them that power in the first place. So I don't buy the whole thing because as an engineer, I know it's a lot more difficult than people think but, as an engineer, I also know the value of the right technology in just the right place. Do I believe they're snooping my waves and watching my keyboard? No, but with access to the right point (email servers and proxies near the eyeballs) they really don't have to. Besides, if they *DID* want to monitor someone that closely, we all know how easy it is for a somewhat more skilled hacker to get access to a desktop. So I'm up for about half of what is out there with just a touch of skepticism. Even without the whole kit and kaboodle, the information they have access to already is pretty frightening. With it, you can reverse engineer and acquire much more information through indirect means when the right search parameters are used and the right correlations made. Ever made a campaign contribution or a donation to a group like the NRA or CATO? Membership information is not private when they can just go back and look for the credit/debit transaction and compile the list that way. How often do you phone your congresscritter? Easy to identify the politically active by seeing who is placing/receiving calls from a given group. This whole system is just ripe for abuse. The statement the president made on this issue, as I heard it, really boils down to 5 words: We're the government. Trust us. *shudder* -Wayne On Fri, Jun 07, 2013 at 06:20:28PM -0700, Owen DeLong wrote: Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's
Re: De-funding the ITU
I'm of the camp that says that, in large measure, the only beneficial elements of international telecommunications agreements have been to define an international band plan for the radio spectrum. That was, afterall, the principal reason these treaties were signed, to prevent chaos within the spectrum. (That was also the genesis of the FCC. Too bad it didn't confine itself to that.) I'm sure there have been other useful things to come about but the have been abd continue to be considerably overshadowed by the detrimental effects of excessive meddling. -Wayne On Mon, Jan 14, 2013 at 04:14:56PM +, Nick Hilliard wrote: On 14/01/2013 15:27, John Levine wrote: The Internet does what it does surprisingly well, but it's not the same kind of network as the phone system. We all know of the abuses that can come with mandatory interconnection and settlements, but the solution is not to cut off the poor countries. less well developed countries often have their telecoms requirements serviced by an incumbent monopoly, often involving government ownership and usually involving little or no functional regulation. 20 years ago, the ISP that I worked for was paying about $20,000/meg/month for IP transit. It didn't drop to where it is now because of ITU regulations, interconnection settlements or by maintaining the government-owned monopoly of the time. I'm struggling to understand why people view these things as solutions to a problem, rather than the root cause. Nick --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On Mon, Dec 24, 2012 at 07:53:26AM -0500, valdis.kletni...@vt.edu wrote: On Sat, 22 Dec 2012 18:07:16 -0700, Wayne E Bouchard said: They serve quite well until I get to a switch that some douchebag mounted rear facing on the front posts of the rack with servers above and below and I just stand there cursing for a while as I scratch my head trying to figure out how the hell to even get to the tab in the first place... Has anybody ever seen this with a switch that's 2U or thicker? I've only seen it perpetrated with 1U switches, a situation that usually results in my lapsing into Russian 2U seems possible (can't say for certain) but larger, seems like you'd have a fair chance of being able to make something work since you can at least get your hands where they need to be... unless you can't find a ladder. (For the record, my knowledge of Russian is limited to those words that Latvian carpenters reserve for hammers that aim at thumbs. :) An appropriate quote: Profanity is the one language all programmers know. Works well for engineers too. :-) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On Sat, Dec 22, 2012 at 12:50:52AM -0600, Jimmy Hess wrote: On 12/21/12, Naslund, Steve snasl...@medline.com wrote: I have noticed that too. However it is not the RJ-45 connector's fault. It is the morons that insist on recessing connectors in places where you can't get your finger on the tab. I like the patch cords that have the Likely any connector with a latching retention mechanism requiring a manual release will have this kind of problem in space-constrained situations.A small flat edge screwdriver, spudger, or similar instrument can work wonders, since they are much longer than fingers. Usually car keys are what are most readily at hand for me. :) They serve quite well until I get to a switch that some douchebag mounted rear facing on the front posts of the rack with servers above and below and I just stand there cursing for a while as I scratch my head trying to figure out how the hell to even get to the tab in the first place... -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On Fri, Dec 21, 2012 at 03:48:04PM -0600, Jason Baugher wrote: On Fri, Dec 21, 2012 at 2:37 PM, Naslund, Steve snasl...@medline.comwrote: I have noticed that too. However it is not the RJ-45 connector's fault. It is the morons that insist on recessing connectors in places where you can't get your finger on the tab. I like the patch cords that have the kind of loop/spring thing for a tab that does not catch on everything and that way you don't need the boot over the tab. Another pet peeve of mine is connector boots that harden up over time so it is nearly impossible to flex the tab to remove the cable. Also, how about the 48 port 6500 blades and trying to remove the cables near the blade extraction tabs. G. Yes, the tabs you refer to are the best. I have never done business with this company, but that have a good picture for reference. http://www.computercablestore.com/10_FT_Booted_Cat5e_Networ_PID49403.aspx The full boots can be so thick that they won't fit into a high-density switch. If you're in a cold environment they go from difficult to compress to damn near impossible. More than once I've used a knife to cut a hardened boot off a cable so it's usable again. Jason And that's the main reason I never order cables with boots on them. They're mostly just unnecessary headaches. (BTW, you forgot to mention them slipping loose and just pulling away from the connector or the tab slipping out from under the rubber and making the cable all the more difficult to remove.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
There is also the factor that cat5 is the principle desktop to network connection. That being the case, there's very strong motivation for ensuring that construction of that cable can be done very easily by barely trained folks. Otherwise, laying out an office or cube farm becomes considerably more difficult and expensive. RJ45 is and always has been a very easy termination as long as you can tell one color from another. How many people here have gotten good enough that they can cut a cable and pop connectors on each end in under 3 minutes? How many have gotten good enough that the failure rate for *hand made* cables is sub 1:1000? Show me another connector type where that will be true. Really, it will remain that way until the bandwidth needs from the desktop begin to push the GE threshold. Until then, why bother changing anything? When that does happen, it'll pretty well deal with itself. -Wayne On Thu, Dec 20, 2012 at 10:28:52AM -0800, Michael Loftis wrote: It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Announcing APNIC IP's in ARIN region
It presents no technical problem but has always been considered politically inadvisable. I mean, there are multiple registries for a reason that goes beyond mere oranization and load sharing. Increasingly, governments are trying to take more control over packets (there is ever the push for geographic maping mechanisms and so on) and that may introduce potential legal problems in the future, depending on the nation you're in and how paranoid they become. So in short, do what you need to do. Just be aware of sub-optimal. -Wayne On Tue, Sep 25, 2012 at 10:30:59AM +0200, Jeroen Massar wrote: On 2012-09-21 01:57, Brandon Wade wrote: Hello, I was wondering if there are any problems originating APNIC IP's in the ARIN region through transit providers? I have a Singapore-based prospect who would like to do business with us, but I'm not sure if I'll run into problems originating their IP's in the US - which were assigned to them from APNIC. As this Internet thing is a global thing, why would that be an issue? (unless it is a spammer outfit of course ;) Greets, Jeroen --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Verizon's New Repair Method: Plastic Garbage Bags
To be fair, this sort of thing does happen from time to time in perfectly legitimate situations. In some cases, parts need to be acquired or maintenance schedules need to be arranged in order to do a propper repair. So just because you see these, don't immediately think it is bad techs rather than a temporary, keep it working until you can do it right. That said, I've seen more jury-rigging in my time than I care to think about. Nothing like a temporary fix that is still in place five years later. On Mon, Aug 20, 2012 at 03:33:59PM -0400, Joel Esler wrote: Can we all just agree that the whole pole needs to be restrung? That's horrible! On Aug 20, 2012, at 3:25 PM, Harry Hoffman hhoff...@ip-solutions.net wrote: What? That's totally legit. Look! There's even bubble wrap there for cushioning! ;-) On 08/20/2012 03:09 PM, Eric Wieling wrote: For a while we have had a customer with some lines which go down every time it rains. We put in the trouble ticket, a couple of days later Verizon says the issue is resolved...until the next time it rains. The customer sent us some pictures today of the pole outside their office. The repair appears to be wrapping some plastic bags around something up on the pole. Here is link to the pictures the customer sent us, in case anyone in the mood for a good scare. http://rock.nyigc.net/verizon/ --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: CVV numbers
On Sat, Jun 09, 2012 at 02:18:15PM -0400, Alexandre Carmel-Veilleux wrote: On 2012-06-09, at 10:56, Owen DeLong o...@delong.com wrote: How does having the CVV number prove the card is in my possession? It doesn't, it merely proves you must have handled the card physically at some point since storing that value in a database is forbidden. Verified by Visa and the MasterCard equivalent actually prove that you are the rightful card holder. Unlike CVV numbers, they actually exempt the merchant from chargebacks (or did circa 2003). Alex Before the days of online transactions, how many people even knew a portion of their CC let alone the verification tag? The main weakness of CVV2 these days is form history in browsers. (auto complete). Now, if someone can get ont your PC, they not only get the credit card number (which there are myriad different ways to get) but the CVV as well so that mechanism is, now, all but useless. Add to that the fact online merchants don't even have to appear in the same country, let alone region, and the location of purchase relative to the home residence of the user doesn't mean much either so can't act as an effective secondary if the information were to be captured. Just like all other forms of security and fraud protection that we in the online community try to enable, eventually something comes along that makes the job a lot harder. Having these mechanisms is better than not having them but there will never be a perfect system. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Common operational misconceptions
Or more to the point, it is a misconception that traffic is symetrical (the path out and the path back are the same) whereas in the present network, symetrical paths are the exception rather than the rule, especially as your radius increases. On Wed, Feb 15, 2012 at 07:17:57PM -0500, Lee wrote: traceroute shows _a_ path. Your packets might have taken a different path. ( the return traffic yet another) --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: LX sfp minimum range
On Thu, Jan 26, 2012 at 10:48:05PM +, Gary Buhrmaster wrote: On Thu, Jan 26, 2012 at 13:47, David Storandt dstora...@teljet.com wrote: You can put a 3dB or 5dB optical pad on the link if the receiver can't handle zero-distance optical power. As I recall, the problem may not only be the power (which can cause receiver saturation), but issue that fibre paths shorter than (around) 2-10m do not properly condition the light(*), which can result in some issues at the receiver. Gary (*) My memory says modal distribution issues. While 'single mode' fibre only supports one mode of transmission, it takes a short distance for the fibre to really be single mode. You can use a mode filter to address the problem, or just use fibres that are at least a few meters. When optics started to become scarce at various times, I've done a number of back-to-back connections using SM fiber and have had zero issues. I wouldn't even worry about it. Remember, many carriers won't even touch MM and they aren't chronically reporting issues or going to lengths to work around them. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Steve Jobs has died
On Wed, Oct 05, 2011 at 08:15:02PM -0400, Alex Rubenstein wrote: Not entirely on-list-topic, but still relevant. http://news.cnet.com/8301-13579_3-20116336-37/apple-co-founder-chairman-steve-jobs-dies/?tag=cnetRiver In some circles, he's being compared to Thomas Edison. Apply your own opinion there whether you feel that's accurate or not. I'll just state this: Both men were pasionate about what they did. They each changed the world and left it better than they found it. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: iCloud - Is it going to hurt access providers?
On Sun, Sep 04, 2011 at 12:56:25PM +0200, Florian Weimer wrote: * Wayne E. Bouchard: the users will screw themselves by flooding their uplinks in which case they will know what they've done to themselves and will largely accept the problems for the durration With shared media networks (or insufficient backhaul capacities), congestion affects more than just the customer causing it. Okay, so to state the obvious for those who missed the point... The congestion will either be directly in front of user because they're flooding their uplink or towards the destination (beit a single central network or a set of storage clusters housed at, say, 6 different locations off 3 different providers.) It is very hard, in my experience, for something like this to congest the general network. The congestion occurs where either bandwidth drops off--such as with the edge dialup, DSL, or cable modem link--or traffic concentrates. Just like someone broadcasting a concert. Either you as a user can't receive the feed because your pipe isn't big enough for the stream or the network/servers sourcing the traffic get bogged down and, generally, the rest of the folks out there not watching the feed don't know there's a problem. If you're not participating in that traffic, the likelihood that you'll be impacted by it drops off dramatically. Yes, the PTP model will behave a little differently but in that case, you're more likely to see individual users having issues (either hosts or clients) rather than everyone as a whole and it *still* won't impact the broader network. The more central clusters you add, the more the traffic pattern will start to behave like the PTP scenario and the lower the probabilty of broad impact. My point was simply that if you think it through, there really isn't any reason to be concerned about it. (It can't be any worse than the Jackson verdict or the Pope and, as far as I recall, since we're all still here, I don't believe the world ended when those events happened.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: iCloud - Is it going to hurt access providers?
If you're worried about the problem of tens of thousands of users simultaneously trying to upload files to a central point then I'm not the slightest bit concerned about the network as a whole. In this circumstance, one of two things will happen and possibly both, depending: either a) the users will screw themselves by flooding their uplinks in which case they will know what they've done to themselves and will largely accept the problems for the durration or b) (and far more likely) the links apple is using will become flooded or the systems overloaded in some way or another in which case the customers will say, MAN, this *SUCKS* and likely whine at apple. Because the nature of the traffic isn't much different than, say, a windows patch release, the traffic won't be *all of a sudden* but will be spread out over hours and days. The probability of it causing disruptions anywhere but at the immediate source or within the near vicinity of the desination is low, as I see it. IMO, the only ones who really need be concerned are Apple's bandwidth prodivers because traffic will be concentrating within their networks and especially in the nodes apple connects to. -Wayne On Sat, Sep 03, 2011 at 11:20:13AM +, Skeeve Stevens wrote: Hey all, I've been thinking about the impact that iCloud (by Apple) will have on the Internet. My guess is that 99% of consumer internet access is Asymmetrical (DSL, Cable, wireless, etc) and iCloud when launched will 'upload' obscene amounts of gigs of music, tv, backups, email, photos, documents/data and so on to their data centres. Now, don't misunderstand me, I love the concept of iCloud, as I do DropBox, but from an Access Providers perspective, I'm thinking this might be a 'bad thing'. From what I can see there are some key issues: * Users with plans that count upload and download together. * The speed of Asymmetric tail technology such as DSL * The design of access provider backhaul (from DSLAM to core) metrics * The design of some transit metrics So basically the potential issue is that a large residential provider could have thousands of users connect to iCloud, their connections slowed because of uploading data, burning their included bandwidth caps, slowing down the backhaul segment of the network, and as residential providers are mostly download, some purchase transit from their upstreams in an symmetric fashion. This post is really just to prompt discussion if people think there is anything to actually worry about, or there are other implications that I've not really thought of yet. ?Skeeve -- Skeeve Stevens, CEO - eintellego Pty Ltd - The Networking Specialists ske...@eintellego.netmailto:ske...@eintellego.net ; www.eintellego.net Phone: 1300 753 383 ; Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego or eintell...@facebook.commailto:eintell...@facebook.com twitter.com/networkceoau ; www.linkedin.com/in/skeeve PO Box 7726, Baulkham Hills, NSW 1755 Australia -- eintellego - The Experts that the Experts call - Juniper - HP Networking - Cisco - Brocade --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Level 3 Agrees to Purchase Global Crossing
On Mon, Apr 11, 2011 at 08:55:05AM -0700, George Bonser wrote: Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra I don't think it means so much that prices will go up, just that it will slow the decline. Oh, trust me. I fully believe it will make prices go up. Anytime you take a major competitor out of the ball game, the negotiations shift towards center mass. That's just the way things go. The only saving grace may be that it opens the door for one of the little guys to get a bit bigger and start drawing cash away from the behemoths out there. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Connectivity status for Egypt
On Fri, Jan 28, 2011 at 02:07:51PM -0800, Bill Stewart wrote: On 1/28/11, andrew.wallace andrew.wall...@rocketmail.com wrote: We should be asking the Egyptians to stagger the return of services so that infrastructure isn't affected, when connectivity is deemed to be allowed to come back online. Well, yeah, it has to be done carefully, otherwise the first guy to turn on an E1 line that announces routes for the entire country is going to have his router overheat and the blue smoke get out If we're lucky, the Army won't damage too much as they either win or lose. It depends on what remains functional after the fact. If there is no demand for traffic, then routes will be stable and the session will stay active. If the link fills, the session bounces as packets get dropped. It also depends on whether the person turning up that first E1 actually has much behind them and whether those people have much connectivity that doesn't require shrapnel removal. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: 5.7/5.8 GHz 802.11n dual polarity MIMO through office building glass, 1.5 km distance
Codes are usually defined in one of two ways... Either cannot be above the building parapet or cannot be visible from the street below (which allows you to position a stant at the center of the roof so you can clear the parapet) but when talking to building management, it can very easily be, can't put anything on the roof So to be certain we're not missing an opportunity, do you know that you don't actually have the second of those definitions as an option? In my area, neighboring jurisdictions adopt either the first or the second with building management usually adopting the first and making my life difficult. (IE, can do it in one place but not on the companion building.) On Tue, Dec 28, 2010 at 09:51:48PM -0800, Joel Jaeggli wrote: On 12/28/10 8:48 PM, Anonymous List User wrote: For architectural and building management reasons we cannot mount our antennas in a rooftop or outdoor location at either end. The distance between two buildings is 1.5 km, and the fresnel zone is clear. Antennas need to be located indoors at both ends and will be placed on small speaker stand tripod pointing at windows. This has been done successfully before with 2.4 GHz 802.11g equipment and a link from an office in the Westin to a nearby apartment building, but I am unsure of what effect glass will have on 5 GHz. Has anyone tried this? glazed windows (which is tin in general) are a problem... when most of your radiation as being thrown right back at you that is a challange. The goal of this link is to achieve a 10 Mbps+ full duple bridge to a building which is only serviced by ADSL2+ Telus service in a Western Canadian city. Telus' upstream speed offering do not exceed 1 Mbps. Equipment. These have been used successfully for MCS13/MCS14 50 Mbps+ bridges at 11 km distance between towers. http://ubnt.com/nanobridge http://www.ubnt.com/downloads/nb5_datasheet.pdf --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Dutch Hotels Must Register As ISPs
Okay, if we go down that road, that makes Starbucks, Borders, a number of restaurants, and any other place that offers publically accessible wifi (free or otherwise) an ISP. If they start to increase the burden on these businesses, expect to see wifi hotspots diminish. IMO, that classification would be a bad thing. On Wed, Oct 13, 2010 at 11:04:19AM +0200, Henk Uijterwaal wrote: On 13/10/2010 10:41, Jeroen Massar wrote: On 2010-10-13 10:25, Hank Nussbacher wrote: http://yro.slashdot.org/story/10/10/13/0044233/Dutch-Hotels-Must-Register-As -ISPs I don't see the problem here, they are generally already outsourcing the ISP part anyway to a company, and that company is generally already a ISP. If I read the various links in the articles (most of them in Dutch), then one of the questions is if reselling services from an ISP, makes the reseller itself an ISP. The telecom regulatory body (OPTA) says yes, the association of hotel owners (KHN) says no. There are legal arguments either way. Henk -- -- Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.xs4all.nl/~henku P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The NetherlandsThe NetherlandsMobile: +31.6.55861746 -- I confirm today what I denied yesterday.Anonymous Politician. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: US hunters shoot down Google fibre
On Tue, Sep 21, 2010 at 02:45:11PM -0400, valdis.kletni...@vt.edu wrote: What I have to wonder about is how often hunter-inflicted damage is intentional and located at the insulator (which makes for a good story) and how often it's a totally accidental stray bullet nicking the cable many yards from the nearest pole (which makes for a poor story). I'd expect that since the fiber is usually hung much closer to the ground, it would get hit a lot more than the power cables higher up. Also, you're less likely to notice a 1mm divot taken out of a (usually thicker and sturdier and essentially single fat conductor) power cable than a 1mm divot out of a 48 pair. What I want to know is, even if the story is bogus, why is anyone surprised by the prospect? It's been my experience that when Bubba goes out into the woods that anything manmade becomes a target. Microwave reflectors, telephone poles, road signs, water towers, windmills you name it and some low-brow will shoot at it. That and leave shell casings and shotgun hulls all over the place when he's done. Gives all us responsible folks a bad name... Now I just have one more good reason to loathe that behavior. (and we're now drifting well off topic so this thread should probably die pretty quickly.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: FreeAxez raised flooring?
On Fri, Mar 05, 2010 at 01:41:42PM -0500, William Herrin wrote: On Fri, Mar 5, 2010 at 12:54 PM, Owen DeLong o...@delong.com wrote: Not sure about the purpose of a raised floor if it doesn't create a plenum, but, the step forward from raised-floor plenum is hot-aisle/cold-aisle which requires a good bit more discipline in your datacenter, but, is substantially more efficient. Hi Owen, Hot-aisle/cold-aisle is a separate issue from a raised floor plenum. They're mutually supportive but not mutually dependent. Raised floor has pros and cons which make it good or bad depending on the environment. If you haven't yet started implementing hot aisle/cold aisle, on the other hand, you're already the better part of a decade out of date and your equipment is suffering for it. For the original question: Non-plenum short raised floor can be useful if you want to separate your power and data wiring. Other than that, I can't see any advantage versus a solid floor and either snake tray or other overhead wiring systems. Yeah, it made it easier to feed power by running whips instead of conduit and also got the power away from the data lines. The problem with running any wiring under the floor is it always becomes a place to hide the bodies. (Ever looked under a floor that's been there for 20 years?) If you also used it as a cold air plenum, bad wiring and so on also interferes with airflow and people removing tiles or having to cut tiles to get around this or that affects your static pressure and throws your AC off. So these days, I personally favor nothing but air under the floor and strict policies regarding movement of floor tiles. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: FreeAxez raised flooring?
On Sat, Mar 06, 2010 at 02:54:42AM +0800, Owen DeLong wrote: On Mar 6, 2010, at 2:41 AM, William Herrin wrote: On Fri, Mar 5, 2010 at 12:54 PM, Owen DeLong o...@delong.com wrote: Not sure about the purpose of a raised floor if it doesn't create a plenum, but, the step forward from raised-floor plenum is hot-aisle/cold-aisle which requires a good bit more discipline in your datacenter, but, is substantially more efficient. Hi Owen, Hot-aisle/cold-aisle is a separate issue from a raised floor plenum. They're mutually supportive but not mutually dependent. I've never seen anyone do hot asile/cold aisle using raised floor. Overhead cabling has become the norm in most modern installations and once you go to hot aisle/cold aisle, you no longer need the lower plenum, so, while they can be mutually supportive, neither requires the other, and, in practical modern usage, hot-aisle/cold-aisle usually precludes the need for the additional expense of raised floor. Absent the need for the expense of the raised floor, it's rarely installed in my experience, thus making them mutually exclusive for most practical terms. Owen Actually, my experience has been that most of the newer installations (last 5-7 years) that I have been able to see where raised floor is employed are also doing hot/cold rows. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ISP customer assignments
On Mon, Oct 05, 2009 at 08:18:23PM +0200, Jens Link wrote: Brian Johnson bjohn...@drtel.com writes: So a customer with a single PC hooked up to their broad-band connection would be given 2^64 addresses? I realize that this is future proofing, but OMG! That?s the IPv4 Internet^2 for a single device! Most people will have more than one device. And there is no NAT as you know it from IPv4 (and hopefully there never will be. I had to troubleshoot a NAT related problem today and it wasn't fun.[1]) And I want more than one network I want to have a firewall between my fridge and my file server. Am I still seeing/reading/understanding this correctly? RFC 3177 suggest a /48. Forget about IPv4 when assigning IPv6 Networks to customers. Think big an take a one size fits all(most) customers approach. Assign a /48 or /56 to your customers and they will never ask you about additional IPs again. This make Documentation relay easy. ;-) cheers Jens Am I the only one that finds this problematic? I mean, the whole point of moving to a 128 bit address was to ensure that we would never again have a problem of address depletion. Now I'm not saying that this puts us anywhere in that boat (yet) but isn't saying oh, lets just put a /64 on every interface pretty well ignoring the lessons of the last 20 years? Surely a /96 or even a /112 would have been just as good. Lets think longer term... IPv4 is several decades old now and still in use. If IPv6 lasts another 50 years before someone decides that it needs a redo, with current practices, what will things look like? Consider the population at that point and consider the number of interfaces as more and more devices become IP enabled. wireless devices have their own issues to content with (spectrum being perhaps the biggest limiter) so wired devices will always be around. That means physical interfaces and probably multiple LANs in each residence. I can see where each device may want its own LAN and will talk to components of itself using IP internally, perhaps even having a valid reason for having these individual components publically addressable. Like I said, I'm not necessarily saying we're going to find ourselves in that boat again but it does seem as though more thought is required. (And yes, I fully realize the magnitude of 2^64. I also fully realize how quickly inexhaustable resources become rationable.) -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Dutch ISPs to collaborate and take responsibility for bottedclients
On Mon, Oct 05, 2009 at 03:55:02PM -0700, Owen DeLong wrote: On Oct 5, 2009, at 11:23 AM, Barry Shein wrote: Perhaps someone has said this but a potential implementation problem in the US are anti-trust regulations. Sure, they may come around to seeing it your way since the intent is so good but then again we all decided to get together and blacklist customers who... is not a great elevator pitch to an attorney-general no matter how good the intent. That's not what is being discussed from my understanding. From my understanding, the intent is to share names of known abusers and data necessary to help in tracking DDOS. I don't believe that any ISP is expected to necessarily take any particular action determined by the group with respect to the list of names they are given. I do think that it is reasonable to have an agreement among an industry organization or collaboration which states that ISPs which determine that abuse is being sourced from one of their customers (either through their own processes or by notification from another participant) should be expected to take the necessary steps to mitigate that abuse from exiting said ISPs autonomous system. In a way, this is kind of like stores keeping a list of bad check writers. The whole information sharing thing can get more than a little touchy from a legal perspective. Then again, an independant database could also be viewed as a sort of internet credit agency. Stuff in a name, get a score back and certain flags and make your judgement based on that. I'm sorry, I can't give you an email account. Your internet-karma rating came back below our minimum levels. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Repeated Blacklisting / IP reputation
On Tue, Sep 08, 2009 at 10:16:33AM -0500, Ronald Cotoni wrote: Tom Pipes wrote: Greetings, We obtained a direct assigned IP block 69.197.64.0/18 from ARIN in 2008. This block has been cursed (for lack of a better word) since we obtained it. It seems like every customer we have added has had repeated issues with being blacklisted by DUL and the cable carriers. (AOL, ATT, Charter, etc). I understand there is a process to getting removed, but it seems as if these IPs had been used and abused by the previous owner. We have done our best to ensure these blocks conform to RFC standards, including the proper use of reverse DNS pointers. I can resolve the issue very easily by moving these customers over to our other direct assigned 66.254.192.0/19 block. In the last year I have done this numerous times and have had no further issues with them. My question: Is there some way to clear the reputation of these blocks up, or start over to prevent the amount of time we are spending with each customer troubleshooting unnecessary RBL and reputation blacklisting? I have used every opportunity to use the automated removal links from the SMTP rejections, and worked with the RBL operators directly. Most of what I get are cynical responses and promises that it will be fixed. If there is any question, we perform inbound and outbound scanning of all e-mail, even though we know that this appears to be something more relating to the block itself. Does anyone have any suggestions as to how we can clear this issue up? Comments on or off list welcome. Thanks, --- Tom Pipes T6 Broadband/ Essex Telcom Inc tom.pi...@t6mail.com Unfortunately, there is no real good way to get yourself completely delisted. We are experiencing that with a /18 we got from ARIN recently and it is basically the RBL's not updating or perhaps they are not checking the ownership of the ip's as compared to before. On some RBL's, we have IP addresses that have been listed since before the company I work for even existed. Amazing right? This is not actually a new problem. ISPs have been fighting this for some time. When a dud customer spams from a given IP range and gets it placed in various RBLs, when that customer is booted or otherwise removed, that block will probably get reissued. The new customer then calls up and says, my email isn't getting through. All it takes is a little investigation and the cause becomes clear. In my experience, there is absolutely no way to deal with this other than contacting the companies your customer is trying to email one by one. Not all of them will respond to you but when they are slow or do not act at all, quite often if the recipient on the other end calls them up and says, WTF? it generates more action. Sadly, I do not foresee this problem getting any easier. Best practices for the public or subscription RBLs should be to place a TTL on the entry of no more than, say, 90 days or thereabouts. Best practices for manual entry should be to either keep a list of what and when or periodically to simply blow the whole list away and start anew to get rid of stale entries. Of course, that is probably an unreal expectation. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Quick question about inbound route-selection
On Thu, Jul 16, 2009 at 06:32:32PM -0400, Deepak Jain wrote: As for trying to determine where your inbound traffic is coming from by looking at natural bgp, this is absolutely impossible to do correctly. First off, your inbound is someone else's outbound, and the person sending the traffic outbound is in complete and total control. The vast majority of the traffic on the Internet is being picked by local-prefs based on policies like what does this make/cost me monetarily or which major networks can I grab in a simple as-path regexp to balance some traffic. But even if you ignore all of that, the natural path selection is based on criteria which is specific to the other network or even to a specific session which you can't possibly know about remotely (e.g. their router id). I would actually disagree with that and go one step further. Look at content providers. They're not concerned about best path. They're not even concerned about shortest path. Since bandwidth consuming services are what they provide, they're interested in cheapest path as much as they are the shortest path. Another way to say what Richard is getting at (which was full of good information) is: Just because you aren't modifying what your BGP process sees, at this stage of the Internet's maturity, it is safe to assume almost everyone else is. Therefore, rather than pray for BGP to make a logical selection, even though its *probably* being fed prefs based on other people's engineering, you should take charge of the parts you can. Take the traffic shaping products. They completely override the normal BGP mechanisms and force traffic out a given circuit. So as long as there is a usable route down that interface, it will get used whether the neighbor wants it or not. The long and short of it is that via MEDS, prepending, and your neighbor's community policies, you can *hint* where you want traffic to come in but ultimately you may have very little say in the matter. (Community exchanges are probably the best mechanism since the existance of them in your peer's network means they will be most likely to honor your hints.) As Deepak indicated, don't rely on the originally the protocol's best effort. Take control of your own world wherever you can. It's the only way to ensure a good measure of predictability. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ftc shuts down a colo and ip provider
On Fri, Jun 05, 2009 at 01:44:53AM -0400, Deepak Jain wrote: What does it say about these providers AUP that the FTC needed to go to court to turn them off? The AUP standard is usually written much, much lower. Deepak It says revenue trumps ethics in far too many instances. Virtually every company out there, regardless of size, has their share of those that some would rather do without but who stick around often because someone with authority is willing to look the other way. Why does this happen? Money. Simple as that. If they're willing to buy, someone is willing to sell. To put any real teeth behind the concept of an AUP and those that are supposedly charged with enforcing these, in a lot of firms, will take some sort of landmark criminal or civil case that effectively says, You knew about these complaints and chose to ignore them, therefore you are complicit in what they did. Now fork over. It is unfortunate that this is probably going to be necessary, but thats the way I see things. Until companies are scared of the repercussions of weak or unenforced AUPs, this situation will not change. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Minnesota Sends List of Blacklisted Gambling Sites to ISPs, Telcos
Lets see... so that list of domain names and IP addresses will be out of date, what, 3 weeks ago? I don't see how something so terribly arbitary can be long lived. On Wed, May 06, 2009 at 11:41:55AM -0400, Jeremy L. Gaddis wrote: With regard to the recent discussion... Late last month the Minnesota Department of Public Safety announced it would require ISPs and telcos to block computers located in the state from accessing gambling sites, and said non-compliant companies would be referred to the FCC. Now, the state has sent each ISP and telco the enclosed blacklist of sites and URLs. http://www.govtech.com/gt/articles/656645 -- Jeremy L. Gaddis --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Slightly OT: Calculating HVAC requirements for server rooms
While all the below is true, I would put forward that many of us networking types, especially those who operate their own datacenters, generally know how to do an approximation. Afterall, if you don't have an idea of magnitude, if you haven't done your homework, your conversation with that professional will not go well. So it is appropriate for someone being tasked with researching cooling for a datacenter to learn how to do these approximations. My $0.73. (inflations's a bear.) -Wayne On Fri, May 01, 2009 at 09:22:24PM -0700, Seth Mattinen wrote: Ricky Beam wrote: On Fri, 01 May 2009 21:32:19 -0400, William Warren hescomins...@emmanuelcomputerconsulting.com wrote: Specifically, I am using the guide posted at: http://www.openxtra.co.uk/articles/calculating-heat-load Before you decide on an air conditioning unit you should commission an audit from a suitably qualified air conditioning equipment specialist or installer. Translation: Hire a f***ing professional. And that's exactly what you need to do. Qualified HVAC installers (with specific data center experience) will know far more than us network types will ever want to know about cooling. They do this for a living, and thus, know all the tiny details and odd edge cases to look for. (like looking above the drop ceiling -- that's what it's called, btw -- and seeing what's up there long before pencil meets paper (not that anyone uses paper anymore.)) You also have to take into account the environment surrounding the data room. At my wife's work The ceiling above is only separated with a false ceiling to the metal roof above but the rest of hte spaces surrounding the room are climate controled. They [had] to significantly upsize to account for the heat load of that ceiling. Unless you are pulling air through the plenum (that space above the drop ceiling), the air up there shouldn't matter much -- there should be plenum returns up there to begin with venting the air to the surrounding plenum(s) (i.e. the rest of the office, hallway, neighboring office, etc.) However, I've seen more than enough office setups where the engineers planning the space completely ignore the plenum. In my current office building the static pressure pushes the bathroom doors open by almost 2. And they placed our server room directly under the building air handlers -- meaning all the air on the 3rd floor eventually passes through the plenum above my servers. (also, the sprinkler system riser room is in there.) The space above the drop ceiling is only a plenum if it's used as air handling space opposed to ducting the returns everywhere. If it's not an air handling space, it's not a plenum, it's just where spiders might be. It's easier to throw grated panels in all over the place for returns in large systems. Now, back on topic, plus nifty graphics explaining the difference: http://en.wikipedia.org/wiki/Plenum_cable Bottom line, again, ask a professional. NANOG is a bunch of network geeks (in theory.) I'd be surprised if there's even one licensed HVAC geek on the list. ('tho I'm sure many may *know* an HVAC engineer.) But yes, please, don't learn how to make your own system from what we say here. HVAC systems are their own world. You wouldn't want an HVAC guy designing your network just because he's seen a lot of server rooms, would you? ~Seth --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: L.A Area network Issues the past few days?
I can't speak to specific upper level issues but I can confirm that there was a slightly insane piece of network equipment yesterday AM. We sat it down and had a good conversation about manners and behavior in public and it shaped up. -Wayne On Wed, Apr 22, 2009 at 01:52:35PM -0700, Ray Sanders wrote: Has anyone seen any network issues the past few days? Yesterday we had some content delivery issues in the l.a area. Not getting any sort of response from our CDN, Limelight. Thanks in advance -- Prediction is very difficult, especially about the future. Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344 --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: attacks on MPLS?
Meh... Sure, it rehashes what we pretty well already know, If a bad guy can get access to your network or your management tools, you're boned. It's still worth reminding folks that they need to take appropriate measures to defend and monitor these devices. Too many networks and servers get hacked not because the attacker was good, but because the administrators (some of whom tend to be good security guys) became complacent and stopped doing routine upkeep. So in that sense, a little fear can be a good thing. -Wayne On Thu, Apr 09, 2009 at 10:14:39AM -0700, Charles Wyble wrote: Well if we pull apart the article a bit Quote 1) Network infrastructure security has been in the limelight lately, with researchers uncovering big vulnerabilities in the Domain Name System (DNS), the Border Gateway Protocol (BGP), TCP, and in Cisco routers. Wasn't aware of any big vulns in BGP (are they referring to the defcon talk that rehashed ages old bgp trust exploitation?). Cisco vulns (I realize cisco released several patches recently but not aware of any signifcant vulns). Quote 2) own set of switches and management infrastructures, and their own set of surrounding technologies, he says, and the average attacker could not get his hands on that equipment. H. Really? http://www.gns3-labs.com/2009/01/23/mpls-vpn-and-traffic-engineering/ + torrent the appropriate IOS images. That seems like it would be enough to build a lab environment for exploit development. Seems like the article is a lot of fear mongering. Steven M. Bellovin wrote: http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?articleID=216403220 --Steve Bellovin, http://www.cs.columbia.edu/~smb --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Shady areas of TCP window autotuning?
On Mon, Mar 16, 2009 at 09:09:35AM -0500, Leo Bicknell wrote: The result is that if the vendor targeted 100ms of buffer you now have 400ms of buffer, and really bad lag. Well, this is one of the reasons why I hate the fact that we're effectively stuck in a 1500 MTU world. My customers are vastly concerned with the quantity of data they can transmit per unit of latency. You may be more familiar with this termed as through-put. Customers beat us operators and engineers up over it every day. TCP window tuning does help that if you can manage the side effects. A larger default layer 2 MTU (why we didn't change this when GE came out, I will never understand) would help even more by reducing the total number of frames necessary to transmit a packet across a give wire. As network operators we have to get out of the mind set that packet drops are bad Well, thats easier said than done and arguably not realistic. I got started in this business when 1-3% packet loss was normal and expected. As the network has grown, the expectation for 0% loss in all cases has grown with it. You have to remember that in the early days, the network itself was expected to guarentee data delivery. (ie X.25) Then the network improved and that burdon was cast on the host devices. Well, technology has continued to improve to the point where you litterally can expect 0% packet loss in relatively confined areas. (Say, Provider X in Los Angeles to user Y in San Jose.) But as you go further afield, such as from LAX to Israel, expectations have to change. Today, that mindset is not always there. As you illude to, this has also bred applications that are almost entirely intollerant of packet loss and extremely sensitive to jitter. (VOIP people, are you listening?) Real time gaming is a great example. Back in the days when 99% of us were on modems, any loss or varying delay between the client and the user made the difference between an enjoyable session and nothing but frustration and it was often hit and miss. A congested or dirty link in the middle of the path destroyed the user's experience. This is further compounded by the ever increasingly international participation in some of these services which means that 24x7 requirements render the customers and their users more and more sensitive to maintenance activities. (There can be areas where there is no after hours in which to do this stuff.) Add to this that as media companies expand their use of the network that customers have forced providers to write into their SLAs performance based metrics that, rather than simple uptime, now require often arbitrary guarentees of latency and data loss and you've got a real problem for operations and engineering. Techniques that can help improve network integrity are worth exploring. The difficulty is in proving these techniques under a wide array of circumstances, getting them properly adopted, and not having vendors or customers arbitrarily break them because of improper understanding, poor implementations, or bad configs (PMTUD, anyone?) Going forward, this sort of thing is going to be more and more important and harder and harder to get right. I'm actually glad to see this particular thread appear and will be quite interested in what people have to say on the matter. -Wayne --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Happy 1234567890 everyone!
You haven't lived until you've lived through an epoch. On Fri, Feb 13, 2009 at 06:54:54PM -0500, Ravi Pina wrote: On Fri, Feb 13, 2009 at 06:49:49PM -0500, Steve Church wrote: Just in case you missed it. date -d Fri Feb 13 23:31:30 UTC 2009 +%s It's like a really geeky y2k without the potential cataclysm. :) Steve Yes... that is more like the y2k38 problem on 03:14:07 UTC 2038-01-19... ...by then I can only hope I am out of this profession. :) -r --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: ISP Unbundling circuits
On Thu, Jan 29, 2009 at 03:31:40PM +0200, Colin Alston wrote: Circuits seems worse, but they also don't seem to track their CPE at all. We have boxes full of various teleco CPE, including some Cisco 800 and 1600 routers. I guess it costs more than it's worth to recover it, but the irritating thing is we have to hold it incase they ever ask for it. Well, SOME of that is a deliberate decision. I mean, equipment is expected to have a useful life and then either fail or be obsolete. Some custsomers can carry a contract 4 or 5 years. At that point, the equipment they had may well not be in use anywhere else on the network. There's not much point in reclaiming equipment you can't use and can't get a decent value for through the various disposal channels. But yeah, ISPs and telcos as well are generally horrible about reclaiming property. --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Inauguration streaming traffic
Yes, pretty well everyone else. :-) On Tue, Jan 20, 2009 at 09:20:40AM -0800, Jay Hennigan wrote: We're a regional ISP, about 80% SMB 20% residential. We're seeing almost double our normal downstream traffic right now. Anyone else? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: Telecom Collapse?
That the old ILECs are having problems due to the fact that few if any of them know how to run a decent business is not exactly news. IMO, it might be best if some of them were finaly placed in the position of figuring out how to come into the 21st century and actually compete for business. But I agree with Alex... If we have another poorly run group of businesses pleading for tax payer money, I think I'm gonna have to go somewhere and lose my mind for a few days. -Wayne On Wed, Dec 03, 2008 at 10:59:00PM -0800, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I deliberated for a while on whether to send this, or not, but I figure it might be of interest to this community: http://techliberation.com/2008/12/04/telecom-collapse/ - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJN3+vq1pz9mNUZTMRApD5AKCQZPe5Nctn2OkE4kVWiZ7y7rJ4qwCgsQn6 nCNVbqAfPfALdEtbU2p1fg0= =/pUF -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/
Re: Internet partitioning event regulations (was: RE: Sending vs requesting. Was: Re: Sprint / Cogent)
On Wed, Nov 05, 2008 at 11:59:09AM -0500, Lamar Owen wrote: You're very welcome. My previous career was as a broadcast chief operator. Knowing 47 CFR Parts 1, 2, 73, 74, and 101 was part of that job (and a part I do not miss). Radio (both amateur and professional) used to be, prior to the late 1920's, an unregulated free-for-all similar to the current state of the Internet; but that proved to be unworkable, eventually producing the Communications Act of 1934, which established the Federal Communications Commission with real authority to regulate radio. Yeah, and we're all just thrilled at how the FCC has conducted itself over the past 20 years, aren't we? (Speaking as one who grew around the technical side of broadcasting.) :-/ I'm undecided wether such regulation is a good thing or not. I agree that the current state of affairs is ultimately unworkable but government's role is to provide necessary restraints to protect the ability of new competitors to enter into the market place and to enable fair competition, not to regulate for the sake of regulating. With yesterday's results, I do not believe this is quite the right time to be persuing such actions since there is now a worrisome imbalance in the system. See, thing is, if tier 1 becomes regulated, tier 2 will almost certainly follow. Probably much more open, but regulation will still follow. (Open doors are hard to close.) When you get right down to it, this discussion really sounds like a request for something along the lines of Telecom '96. Not sure I like that thought or not. I'm still undecided as to wether that was a good or a bad thing but leaning towards good. -Wayne --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/
Re: Internet partitioning event regulations (was: RE: Sendingvs requesting. Was: Re: Sprint / Cogent)
To add to Michael's point, I will say that while US Laws cannot apply to a company globally, it is perfectly reasonable for the US govt to say If you wish to do business in this country, your operations within the USA will follow these rules. This is how every other industry is regulated. Just because the internet is less tangible doesn't make this particular sort of regulation any less valid. It just has to restrict itself in scope to interactions within US goverened territory. (Wherever the physical equipment is, thats the country you're in and those are the rules you follow. That has already been established.So if something were desired, there is no reason it cannot be deemed enforcable. -Wayne On Wed, Nov 05, 2008 at 11:03:51PM -, [EMAIL PROTECTED] wrote: Are you saying that if any part of a network touches US soil it can be regulated by the US govt over the entirety of the network? For my part, this is not an attempt to change the subject or divert the argument (red herring). It is a valid question with operational impact. That's not how companies work. What you see as a single company operating a single worldwide network, is actually a web of companies with interlocking directorships and share structures. In each country they will probably have 3 or 4 corporate entities. One owns the network assets, one employs all the people in Sales, another employs the network ops people, and 4th one mops up the other employees and is a holding company for the other three. None of them do any billing because that is all done by subsidiary companies in Luxembourg and Ireland. Etc, etc. This is done for a variety of reasons but regulation is definitely one of them. In most countries you need a licence to operate telecom networks, and the licence holder will be the local operating company, not the head office company that consolidates the ownership underneath a share symbol traded on your favorite stock exchange. Spend some time hanging out with finance and legal people in a big company. You may find it almost as fascinating as designing networks. An additional point is that when one company acquires another and it gets reviewed for potential antitrust issues, this often impacts the company structure because a local regulator wants to see that the local corporate entity is not 100% controlled by a foreign corporation. This makes it easier for the government to target regulations at the domestic entity. --Michael Dillon --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/
Re: 143.228.0.0/16 and house.gov
Pretty much no matter who you use, this can easily be done in an hour or so if people really want it to and the right techs are available. If there's a pre-existing agreement, this can go to mere minutes. The setup doesn't take long. it's usually the business stuff that drags it out. On Thu, Oct 02, 2008 at 04:20:01PM -0500, Brandon Galbraith wrote: On 10/2/08, Jean-Fran??ois Mezei [EMAIL PROTECTED] wrote: snip Question: Is it possible to setup an akamai feed in hours once you know your website is to be swamped ? Obviously, the system managers there might not have been warned in advance that the politicians would place a huge load on their servers. But once they realised it, is it conceivable that they quickly setup an akamai feed ? Or is that something which takes weeks to setup ? I'm not sure about Akamai, but I believe Amazon is about to roll out CDN services as well (and I would assume they're as flexible as their other cloud offerings). As always, hindsight is 20/20. http://www.amazon.com/gp/html-forms-controller/aws-content-delivery-service -brandon --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/
Re: Avg. Packet Size - Again?
This is about what I would expect but as others haev noted does not include jumbos. This says that the majority of packets are session control and open/close sequences on the one side and big, fat, WRED eligible data packets on the other side. This is consistant with the trends of youtube, high resolution video streams, mp3 type traffic, and web pages that just can't seem to understand that a 150k jpeg looks just as good on an index as a 2 meg jpeg. I don't think these figures are likely to change signifcantly in the near future until we start seeing jumbo frames available from user to server, not simply somewhere inbetween. It might be interesting to see what of the other sizes are the final packet in a data transfer before close vs other types of data. -Wayne On Tue, Jul 15, 2008 at 05:10:27PM -0700, Darryl Dunkin wrote: This is all from netflow. The results are from two different routers. IP packet size distribution (43046M total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .382 .077 .043 .022 .012 .011 .006 .007 .004 .004 .005 .003 .003 .003 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .005 .002 .007 .021 .375 .000 .000 .000 .000 .000 .000 IP packet size distribution (54192M total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .001 .418 .052 .034 .017 .008 .045 .006 .010 .004 .003 .005 .003 .004 .005 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .013 .003 .011 .036 .311 .000 .000 .000 .000 .000 .000 -Original Message- From: Sean Hafeez [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2008 16:45 To: nanog Subject: Avg. Packet Size - Again? Most of the data and studies I have found on this topic are a bit out of date. I would be interested in find out what the average packet size people are seeing on their backbones is at this point and time? Also for those in the DC space what is average packet size you are seeing for web farm traffic (outbound)? Yes I know there are 1000's of answers and different possibilities in setups so please no, this is a dumb question. I am well aware of all the variables involved in this. I am just looking for some data points that come from a wide degree of sources. Is this data even something that you track and if so why? Thanks! Sean --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/
Re: Cable Colors
Oppinions vary. There really is no standard. Most important is picking something meaningful to you. Here, I use: yellowgeneral ethernet green serial connection blue long distance ethernet (ie, going to another row) black crossover red T1s, etc white permenant drops to cabinets, lashed down and brown cat3 for POTs lines Some people use like dark blue for the first ethernet connection to a machine and light blue for the second connection. It really just depends on what you want to accomplish. Just pick something tha tworks for you and stick with it. On Mon, Jun 16, 2008 at 06:41:22PM -0400, Glenn Sieb wrote: JoeSox wrote: Hello Newbie here (hopefully I have the correct list), I was just wondering if anyone knows of a website with recommended colors for cables for a new datacenter? I have written some things down but I don't want to get stuck saying 'darn, I wish I would have bought this color for this type, now I am stuck'. What standard color to use if voice and data on same interface etc. Thanks. Hmm. I've always done blue for safe or internal connections, red for machines on the DMZ or outside. Perhaps Blue for internal data, Yellow for internal voice, Green for data/voice? Don't know if there's a website on this, but you can definitely read about it in Tom Limoncelli's The Practice of System and Network Administration book. Best, --Glenn -- ...destination is merely a byproduct of the journey --Eric Hansen --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/