Re: OK, Google. Time to dial back the AI hype.
has nothing to do with network operations. stick to reddit or slashdot. On Sun, Jun 28, 2015, 20:57 Mel Beckman m...@beckman.org wrote: Because Google is an ISP, it seems to me a legitimate discussion point. Given Google's penchant for crafty customer surveillance, this technology seems like one that Google might try to leverage into a snoopy product. . -mel via cell On Jun 28, 2015, at 10:59 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Sun, Jun 28, 2015 at 9:17 AM, Mel Beckman m...@beckman.org wrote: Don't computer scientists have a responsibility to deal forthrightly with the public on the real state of research in such fields as AI? When an Internet provider like Google makes such outlandish claims, one has to wonder what the real agenda is. don't list users have a responsibility to attempt to stay on topic?
Re: AS4788 Telecom Malaysia major route leak?
keep in mind their target audience with that message is probably local malaysian customers, not the world. On Sun, Jun 14, 2015 at 5:09 PM Mel Beckman m...@beckman.org wrote: SLAs are part of a contract, and thus only apply to the parties of the contract. There are no payments due to other parties. The Internet is a best effort network, with zero guarantees. -mel beckman On Jun 14, 2015, at 4:06 PM, Rafael Possamai raf...@gav.ufsc.brmailto: raf...@gav.ufsc.br wrote: Does anyone know if there's an official ruling as to who gets to pay for the SLA breaches? On Sun, Jun 14, 2015 at 5:56 PM, Mel Beckman m...@beckman.orgmailto: m...@beckman.org wrote: Raymond, But you said A simple 'sorry' would have done. Now you're asking for lots more detail. Why the change? -mel beckman On Jun 14, 2015, at 2:32 PM, Raymond Dijkxhoorn raym...@prolocation.net mailto:raym...@prolocation.net wrote: Hello Mel, Must just be me then. I was most likely expecting a more in depth report. Strange things happened. Perhaps they could post a 'what exactly happened' since this wasnt a average route leak. Thanks, Raymond Dijkxhoorn Op 14 jun. 2015 om 23:27 heeft Mel Beckman m...@beckman.orgmailto: m...@beckman.org het volgende geschreven: Raymond, They provided a simple sorry: We apologise for any inconvenience caused by the service disruption. It doesn't get much more simple than that. -mel beckman On Jun 14, 2015, at 2:21 PM, Raymond Dijkxhoorn raym...@prolocation.netmailto:raym...@prolocation.net wrote: Hai! Mark, mistakes and oopses happen. No problem at all. I understand that completely. There is human faillure and this happenes. A simple 'sorry' would have done. Yet their whole message tells 'they did ok' In my very limited view they did NOT ok. Did i misread? I am also very much looking how level3 is going to prevent things like this. But out of own experience they will not. We have seen before that they implemented filtering based on customer lists. But not a per customer filter. They did this globally. So any l3 customer can announce routes of another l3 customer. While this can be changed this outage tells there is certainly room for improvements. I hope people will learn from what happened and implement proper filtering. Thats even more important then a message from a operator that didnt even understand fully what they caused to the internet globally. Thanks, Raymond Dijkxhoorn Op 14 jun. 2015 om 23:04 heeft Mark Tinka mark.ti...@seacom.mu mailto:mark.ti...@seacom.mu het volgende geschreven: On 14/Jun/15 22:55, Raymond Dijkxhoorn wrote: Hai! Wouw! This is what they came up with?! Hopefully Level3 will take appropriate measures. Its amazing. Really. 'Some internationally routes' Have they any idea what they did at all? Its amazing that with parties like that the internet still works as is tm ... I wouldn't be as hard. Stuff happens - and as they said, during a maintenance activity, they boo-boo'ed. Are Level(3) going to own up and say they should have had filters in place? I certainly hope they do. But more importantly, are Level(3) going to implement the filters against TM's circuit? Are they going to run around the network looking for any additional customer circuits that need plugging? That's my concern... Mark.
Re: eBay is looking for network heavies...
i don't think certs have ruined the industry. bad interviewing and recruiting, maybe... asking encyclopedia-type gotcha questions are the most inane test of someone's ability to perform well at the job. i promise you - you didn't want to work for this person anyways. got a cert? great. but let's whiteboard a real-world problem and see how you do. i won't play you into a trap. On Mon, Jun 8, 2015 at 7:11 PM Shane Ronan sh...@ronan-online.com wrote: When I was asked the default BGP timers across three different vendor platforms as measure of my networking ability during an interview, I replied saying I'd look them up if needed them. I was told I didn't understand BGP in enough detail, despite being able to describe all the steps of BGP session establishment and route exchange. Certs have ruined the industry.
Re: eBay is looking for network heavies...
we're allowed to recruit on nanog?... On Fri, Jun 5, 2015 at 4:19 PM John Fraizer j...@op-sec.us wrote: Hello All, eBay is looking for folks to join our Site Network Engineering team. eBay Site Network Engineering is responsible for the eBay SITE network from ToR to Peering Edge. You won't be bored. You will be challenged. You will have fun! This position is located in San Jose, California @ eBay HQ although exception may be made for extremely well qualified candidates. *Qualifications:* - 7+ years of experience in network design and implementation - 7+ years working at the highest level of technical escalation - Expert level multi-vendor experience in routing switching with Arista, Cisco, Juniper, Nexus platforms - Expert level understanding of IPv4 IPv6. Bonus points if you can tell me about IPv8. (The old guard will get that joke.) - Expert level BGP and OSPF - Understanding of multicast technologies such as PIM-SM and PIM-BiDir - Understanding of QoS and implementation strategies - Experience with L2 technologies such as MLAG and VPC - Experience with cloud architectures and network automation - Experience with SDN technologies such as VXLAN, NVGRE and Open vSwitch - Expert level troubleshooting skills - Functional knowledge of and comfort working in *nix environments - Ability to script in Bash, Perl, or other relevant languages. (Bonus for Python) - Excellent communications and documentation skills Head of line for CCIE / JNCIE but knowledge and experience trumps a piece of paper every time! BSCS or other 4-year degree desired - may be substituted with relevant work experience Translation of the above: Are you considered an expert by your industry peers? We know your family thinks you're a genius. Do your peers in the networking community agree? Do you want work on the bleeding edge of technology, playing with the biggest, baddest and bestest toys? Are you a team player who can also work alone providing creative solutions to complex problems using your out of the box thinking? Are you tired of being the smartest guy in the room when you're at work? Well then, I've got the job you're looking for! The above qualifications are the wish list. That should give you a feel of whether or not you're qualified for this position though. You know your own skill set better than anyone else. Just be advised: Please don't be a buzzword bandit on your CV. If you list a skill or experience, its fair game to ask you about these - in depth - during your phone screen and any subsequent in-person interviews. Interested and Qualified candidates, please forward your CVs to jfraizer at ebay dot com. eBay, Inc is an Equal Opportunity Employer -- John Fraizer MTS2 - eBay Site Network Engineering
Re: A case against vendor-locking optical modules
there's a reason why cisco introduced service unsupported-transceiver, which still remains an undocumented command. i have arista gear as well. kinda wish they had a similar undocumented command.
Re: Zayo opinions
when zayo acquired abovenet, we shortly thereafter terminated transit with them for various unsatisfactory reasons. abovenet was great. miss them. On Wed, Nov 12, 2014 at 5:08 PM, Daniel Rohan dro...@gmail.com wrote: We've leased several 10G circuits from them and they perform adequately and NOC has been responsive. Pacific Northwest Region. -Dan On Wed, Nov 12, 2014 at 1:33 PM, Ryan Wilkins r...@deadfrog.net wrote: I don’t know the history on Zayo but they acquired Abovenet of which I’m a customer. Quite frankly, I haven’t been impressed. The support went to shit. The last two tickets that I’ve opened with them have had mixed results. The first ticket they called me back 5 days after opening a ticket for a DDoS block request and the second they never called back for another DDoS block request. Next time I call them I’m going to demand to speak with someone immediately. Otherwise, the network seems to be fine. Ryan On Nov 12, 2014, at 4:16 PM, james jones ja...@freedomnet.co.nz wrote: I am current going through some vendor selection for tier 1 providers. I was trying get some opinions on Zayo. I have personally never heard of them. Thoughts?
Re: Equinix Virginia - Ethernet OOB suggestions
just last week i was able to get a /23 from $ISP as part of my transit purchase with them for one location, but you still have to explain and justify your use to $ISP (who in-turn has to explain/justify to ARIN). if you can't do that, it really is just cuz i want it. like someone else said previously, that just doesn't work nowadays. so, due the diligence, or rethink your design. if you can legit justify it, and particularly if you are doing bgp, there's really no reason why any worthwhile transit provider won't give you a /24.
another cogent oddity
you may remember me from the weird cogent route retention / loop problem i brought up last week. it remains unsolved by cogent to date. also remembering i'm a relatively new cogent customer, i recently noticed some packets floating into my network that had cos and ipp markings on them. i figured i'd try to find where they were coming from, so i crafted up something like this and placed it inbound on my two transits (cogent and xo), excluding network control markings. from { dscp [ af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 ef ]; precedence [ 1 2 3 4 5 ]; } all of it is coming in from cogent: COGENT-NOT-BE - 4217788987 XO-NOT-BE - 0 i shifted all traffic to XO just to make sure. the XO counter doesn't budge. seems like one transit is remarking everything to best effort before sending to me (which is preferred), and the other is not. am i odd to think that this is... odd? i also get a remarkable amount of hits against these destinations coming in on the cogent side, whereas i get none on the XO side. show policy-options prefix-list PUBLIC-BAD-NETS 10.0.0.0/8; 169.254.0.0/16; 172.16.0.0/12; 192.168.0.0/16; 224.0.0.0/4; ryan
Re: another cogent oddity
i retract the blurb about the bad destinations coming in from cogent, as that obviously doesn't make a lot of sense. the spoofed traffic is actually arriving on my connection into an ix fabric. thx to john frazier for tickling my brain on that one. the upped markings, however, are definitely coming in from cogent.
Re: [outages] GApps admin = rogered
i confirm this issue is apparent for us as well.
Re: cogent update suppression, and routing loops
circling back on this, i guess my case with cogent has been escalated to vp engineering, and i've had a few people reply on and off list citing the same problems. i encourage you to open up cases to help demonstrate further examples (ie: it's not just me!) thx everyone. ryan On Thu, Oct 2, 2014 at 9:03 AM, ryanL ryan.lan...@gmail.com wrote: hi. relatively new cogent customer. is what i've stated in my subject line kinda standard fare with them? i've discovered that when i advertise a /24 from inside a larger /22 to XO, (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. example: http://ryry.foursquare.com/image/0e0K1K0t0W2M it's been a bit of a frustrating experience talking to their noc to demonstrate it, but i'm able to duplicate it on demand. even pushing routes using their communities to offload the circuit takes forever to propagate even on their own looking-glasses. thx ryan
cogent update suppression, and routing loops
hi. relatively new cogent customer. is what i've stated in my subject line kinda standard fare with them? i've discovered that when i advertise a /24 from inside a larger /22 to XO, (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. example: http://ryry.foursquare.com/image/0e0K1K0t0W2M it's been a bit of a frustrating experience talking to their noc to demonstrate it, but i'm able to duplicate it on demand. even pushing routes using their communities to offload the circuit takes forever to propagate even on their own looking-glasses. thx ryan
Re: cogent update suppression, and routing loops
as stated, yep. i was on the phone with them for over three hours yesterday. On Thu, Oct 2, 2014 at 9:08 AM, Paul S. cont...@winterei.se wrote: First time I'm seeing it, and I've been a Cogent client for quite a while. Have you tried getting in touch with their NOC yet? They're one of the most responsive in the industry. On 10/3/2014 午前 01:03, ryanL wrote: hi. relatively new cogent customer. is what i've stated in my subject line kinda standard fare with them? i've discovered that when i advertise a /24 from inside a larger /22 to XO, (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. example: http://ryry.foursquare.com/image/0e0K1K0t0W2M it's been a bit of a frustrating experience talking to their noc to demonstrate it, but i'm able to duplicate it on demand. even pushing routes using their communities to offload the circuit takes forever to propagate even on their own looking-glasses. thx ryan
Re: cogent update suppression, and routing loops
i still advertise the aggregate as a backing route. one reason i might like advertising a /24 is (usually) it's a nice way to gently attract return traffic down a certain path so i can do maintenance on the other side. plenty of other ways to do this, i know (prepending, communities, etc). On Thu, Oct 2, 2014 at 9:17 AM, Peter Persson peter.pers...@bredband2.se wrote: Just a stupid question. Why do you announce a /24 of a /22? Why not announce the whole /22 directly? Regards, Peter 2014-10-02 18:03 GMT+02:00 ryanL ryan.lan...@gmail.com: hi. relatively new cogent customer. is what i've stated in my subject line kinda standard fare with them? i've discovered that when i advertise a /24 from inside a larger /22 to XO, (who peers with cogent), and then pull the /24 some time later, that cogent holds onto the /24 and then bounces packets around in their network a bunch of times for upwards of 8-10 minutes until they finally yank it. this effectively blackholes traffic to my /24 for anyone that is using a path thru cogent. example: http://ryry.foursquare.com/image/0e0K1K0t0W2M it's been a bit of a frustrating experience talking to their noc to demonstrate it, but i'm able to duplicate it on demand. even pushing routes using their communities to offload the circuit takes forever to propagate even on their own looking-glasses. thx ryan
Re: GMail contact - misroute / security issue
https://support.google.com/mail/answer/10313?hl=en On Sun, Sep 28, 2014 at 8:42 PM, Grant Taylor gtay...@tnetconsulting.net wrote: Hi, I'm looking for a GMail contact. My wife is receiving someone else's emails. Specifically she is receiving emails for first namemiddle initiallast name@gmail.com (no dots) when her email address is really same first name.same middle initial.same last name@gmail.com (dots). I don't know if this is a feature or a bug, but either way, it's disquieting my wife. (Unhappy wife = unhappy life.) I view this as both non-RFC compliant behavior -and- a potential security risk. (Registering a GMail account as someonefamous@gmail.com (no dot) to capture email for someone.famous@gmail.com (dot) emails.) Please reply or email me directly at gtaylor (at) tnetconsulting (dot) net for additional details. Thank you and have a nice day. -- Grant. . . . unix || die P.S. Thus far messages to postmas...@gmail.com and ab...@gmail.com have gone unanswered.
Re: Returned mail: see transcript for details
as it so happens, i could still use a decent contact over at AS3209. noc channels are unresponsive. even tried this one listed in radb: n...@adm.arcor.net. they are doing something really funky with their cg-nat setup for mobile subs. like, frag mapping gone wrong, therefore crazy retries or acks never received, etc. for us, it is breaking SSL.
vodafone contact
anyone hanging out from vodafone in europe? or anyone know someone over at vodafone? we are having goofy issues with mobile clients on your LTE network. we're having to dump mtu and advmss a whole bunch to make things work. wondering if you'd be willing to chat offline. appreciated. r
Re: vodafone contact
the common transit point for this problem is vodafone backone: aut-num:AS3209 as-name:VODANET On Tue, Jul 30, 2013 at 2:13 PM, Nick Hilliard n...@foobar.org wrote: On 30/07/2013 18:34, ryanL wrote: anyone hanging out from vodafone in europe? or anyone know someone over at vodafone? we are having goofy issues with mobile clients on your LTE network. we're having to dump mtu and advmss a whole bunch to make things work. wondering if you'd be willing to chat offline. vodafone europe is mostly run on a per country basis. You'll need to specify which asn + country you're talking about Nick
Re: Heads-Up: GoDaddy Broke the Interwebs...
when patrick is referring to taking their word for it, he's referring to a post on outages@ by godaddy's network engineering manager that stated bgp, and more details to follow. i tend to align with patrick's thought. i'm also interested to see the details, which they are really under no obligation to provide. On Tue, Sep 11, 2012 at 1:53 PM, Rubens Kuhl rube...@gmail.com wrote: No large flows reported to the affected NSes, tweets were suspicious at best, other anon-ops denied the attack was them, and GoDaddy admitted internal error. I'm going to take GoDaddy at their word, and give them major kudos for owning up to the mistake - in public. That doesn't mean that their description of the internal error fits what happened. Not to say that there were an attack, just that there can be more internal failures, including processes, to be accounted for. Whether they will publish a root-cause analysis/swiss chesse model/insert your preferred methodology or not is up to them, but to tech-savvy stakeholders I think they are still in debt. Rubens
solid v smart optics
anyone have any opinions on the two subject vendors, with general regard to 10GE transceivers? SR multi-mode data center stuff for my application. appreciate on/off list replies! ryanL
Re: Operation Ghost Click
On Fri, Apr 27, 2012 at 5:35 PM, Ameen Pishdadi apishd...@gmail.com wrote: If the user is stupid enough to be infected for that long I think it's a good thing they get cut off from the net , should be a policy of all ISPs , If your infected then you lose privilege to get online and thus you can't scan and infect other idiots or become a ddos tool for the script kiddies. I for one say turn em off Thanks, Ameen Pishdadi you're obviously lucky, and don't have stupid grandparents.
London UK smart hands recommendations?
i have a bunch of fully-loaded network gear (nexus 7k's, asr 9k's, etc) that needs to be pulled out of racks, moved across a data centre floor, and re-racked. looking for success stories and recommendations for licensed, bonded, insured companies in London that can do it quickly and cost-effectively. so far i've come across technimove. thanks. .ryanL
US .mil blocking in Japan
should i be surprised that this hasn't been discussed much? anyone care to elaborate and/or expand on the real telecom damage done in japan? re: http://on.cnn.com/h8wiYg .rL
Re: BGP route-map options
1) this is probably better posed over at cisco-nsp instead of NANOG. 2) i really hope you aren't using the canadian version of 'neighbor' On Fri, Jan 14, 2011 at 9:59 AM, Greg Whynott greg.whyn...@oicr.on.cawrote: Following a few documents on how to use route-maps to set preference of routes (related to my last thread regarding asymmetrical routing) all the ones I have looked at today (about 6or so) use the below method to apply the route map under the router section: router bgp YOURAS# neighbour x.x.x.x remote-as AS# neighbour x.x.x.x route-map MAPNAME in yet in the last line, route-map is not an option on my router, which is an ASR1004 running the version 15 line of code. is there a new way to do this? don't you love Cisco's consistency? thanks much for your time again, greg -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.