Re: [uknof] GeoIP - Sky/Apple/Google

[David Freedman]

Hi Mark,

> Pushing a test workstation over on to cloud flares 1.1.1.1 doesn’t seem to 
> have made a difference

Silly thought perhaps, but how about asking them to use the DNS resolvers 
provided by their ISP? 

Dave.
 

Re: [uknof] Dark Fibre providers in London

[David Freedman]

On 08/02/2019 14:21, Mehmet Akcin wrote:
> i highly doubt level3/cl would sell DF
   
  >  Actually, even as recently as 2017 they've been open to selling 'metro'
  >  DF. CL seemed to relax over the "no DF" stance that L3 held.

The problem is, that in the UK,  L3 had acquired Global Crossing, who in turn 
had acquired combines like Fibernet / TANet , and they had been selling DF for 
a long time (both in the metro, and out) and continued to do so. 

 > I'm looking for some dark fibre around London

Don't forget to factor in your business rates based on the combined route 
distance.

Dave.

Re: [uknof] Is the PI cupboard bare ?

[David Freedman]

For general interest, I've been graphing the transfer listing service for the 
last few years, 

http://www.convergence.cx/cgi-bin/v4sd.cgi

Data is in individual addresses (in thousands and millions given the sizes of 
blocks available) both supplied and in demand.

Dave.


> There are currently 25x /21s offered for transfer on the RIPE transfer
> listing service:
>
> 
https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/listing

 

Re: [uknof] PPPoE Server Options

[David Freedman]

 >   Overkill for what you're looking for at the moment probably but will
   > allow you to scale - Cisco ASR 1k
 
Or its virtual companion, the CSR1KV, which should be far cheaper for this 
volume of traffic / subs .

Dave.

Re: [uknof] Strange DSL problem, anyone using this combination?

[David Freedman]

On 30/03/2016, 12:46, "uknof on behalf of David Derrick" 
 wrote:

>I'm a bit stumped here

Is there any multilink going on here? 

What is the end to end latency on these lines? does it vary? 

Are packets actually being lost? or are they just being misordered?

Dave.

Re: [uknof] BGP configuration best practices from ANSSI and others

[David Freedman]

Just a quick word, to say that MANRS (http://www.routingmanifesto.org/) , are 
planning on publishing some material shortly of practises (and associated 
configuration examples) used by MANRS participants,  to support the principles 
in the MANRS manifesto document, though, I don't think you'll find anything 
unusual in here (that hasn't been said by other practise document / BCoPs) 

Dave. 

Re: [uknof] AS Path Filters and Regex

[David Freedman]

>
>If there's junk in the as path of one form or another - e.g. weird confed
>stuff, private intermediate ASNs, upstream monopoly providers doing strange
>things with customer ASNs, asn typos, as23456, etc - does this make a
>meaningful statement about the legitimacy of the prefix?  

Obligatory mention of the Kapela Pilosov attack, despite it being an edge-case. 

https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf


The attack is concealed from the mid-points because they automatically discard 
updates with 
their own ASN in the path, because the RFC suggests they don't accept these 
(RFC4271 9.3)
but does not go as far as to mandate such. 

Some people turn off this filtering (I.e "allow-as in" in IOS) for legitimate 
reasons
(knowing that they have other mechanisms of loop protection) and thus are not 
hoodwinked
by K-P updates and may even accept them, revealing a K-P attack.

IF you do accept your own ASN in the path (and this is the point of my mail),
then make sure you know where you expect it to be, making good use of the
as-path filtering regular expressions to anchor it suitably. 

Dave. 

Re: [uknof] TCP Trainee

[David Freedman]

A quick Google Doc's spreadsheet on-the-fly calculator for TCP
throughput using RWIN size and delay is not bringing back the results
I would expect, located here [3]. I want to be able to reasonably
accurately calculate expected throughput however a few tests are
showing completely different results to what the spreadsheet would
have me expect.

When entering my RTT and RWIN sizes into the “expected RWIN” tab on
the spreadsheet it tells me I should be getting a higher throughput
than I actually am, the observed RWIN tab shows more or less what I
did get when I enter my RTT and observed RWIN (I seem to be using 2x
MSS of 1460 for RWIN which is 2920 bytes).


Right, but what about CWIN and the whole host of other stuff which makes
you perform differently from how you expect because it is specific to the
stack and client machine?

The TCP stack of modern machines is a complicated thing, where innovation
now transcends the most popular printed material  



I have downloaded a 100MB test file on my colo box from another box in
the US which climbed to just over 100Mbps before the end of the file
was reached. I have uploaded the first 100 packets of the capture I
made during this transfer also, here [2].

Looking at the packet capture from my home download the Win 7 laptop
is offering an RWIN of 17520 bytes but it’s sending an ACK after every
two TCP segments received from the server (much less than the RWIN has
been received) – why has that happened?

This is the classic delayed ACK behaviour (ack every second segment)
and is defined in RFC1122 (s.4.2.3.2), yes, it is old, but there is 
a reason the client is doing this. Perhaps related to the latency. 



So my main focus is the spreadsheet and trying to get the calculations
correct, if the hosts were acting as expected. Are the calculations
just plain wrong and I’m a fucking trumpet, or is this an unreliable
calculation because host do all sorts of crazy jazz that is OS/TCP
stack dependant? Ideally if I can get the calculations correct that is
what I want, host settings can be adjusted (hoepfully!).


As above, take the crazy jazz explanation, all you can do if you 
are modelling is try to predict the best and worst outcomes with the
data (bw, latency, jitter etc..) you have.

Dave. 

Re: [uknof] CE-PE IGP

[David Freedman]

Have examples of larger customers requiring to speak EIGRP/OSPF, in our case, 
we handle re-distribution on the CE and maintain a common design for PE-CE 
using BGP across different access media.

So I take it you've never come across (or never sold to) a customer who needs 
OSPF interaction with your network between sites (I.e, they want you to do 
layer 3 services, and participate in / bridge their backbone area, because they 
have a mix of yours and their own circuits)? .

Dave.

Re: [uknof] The operator's operator

[David Freedman]

My employer currently provides mybroadband at home (it's a BT Business
FTTC service), but in their infinite wisdom they've decided to cut that
particular benefit! (So no more emergency changes in the middle of the
night from home says I!)

I seem to hear more and more of this (employers removing broadband
benefits) because of a lack of understanding of the tax position*

* FTTC or equivalent speeds (I'm in a London suburb, so Virgin are in the
street and fibre is to the cabinent, but not, alas, to the premises)
* Native IPv6 definitely a plus, if not now, then soonest
* Not behind a CGN



As with the others chirping in, aside from the IPv6, the provision of FTTC
'or equivalent speeds' and lack of CGN is pretty common.

With regards to my employer, we offer all of the above.

Dave. 

* See http://www.hmrc.gov.uk/manuals/eimanual/EIM01475.htm

[uknof] Number routing

[David Freedman]

Hi All,

Is there anybody here who can verify if (and possibly how) some UK PSTN
number blocks are routed?

If you can, please drop me a mail off-list, I have a favour to ask.

Thanks, 

Dave.

Re: [uknof] Generate an RRD from nfdump

[David Freedman]

I know nfsen can't generate historic shadow profiles which produces RRDs
for its graphs, so it must be doable somehow but I can't figure it out!

You mean Œcan¹ here, surely? nfdump can generate RRDs for a shadow profile
(which is an nfdump filter applied to historical data)

I would like to be able to generate an RRD from a given nfdump filter


Well, making an assumption that you have an RRD pre-created with a single
DS taken to accept the bps given from a particular nfdump filter at any
point in time I.e:

$ rrdtool create foo.rrd DS:bps:COUNTER:600:U:1250
RRA:AVERAGE:0.5:1:600 RRA:MAX:0.5:1:600

you could do something like this every five minutes:

$ rrdtool update test.rrd N:`nfdump -q -N -M
/usr/local/nfsen/profiles/live/8426  -T  -r nfcapd.201501042240 -n 10 -s
srcip/bytes 'host 8.8.8.8' | awk '{ print $11 }'`

(in this example, the summarised bps from all traffic sourced from 8.8.8.8
would be added to the RRD with the current timestamp)

Dave.

Re: [uknof] UK IPv6 Taskforce

[David Freedman]

. but it's a good start
rather than going out and paying ~£10 ex VAT per IP address on a /22
above the /22 you get as an LIR (buying a failing ISP may be cheaper
for  /22 at the moment). But saying that, there are still plenty IPv4

/22 ?

http://www.ripe.net/ripe/policies/proposals/2014-01

Re: [uknof] ilford... connectivity.

[David Freedman]

**Warning, useless information follows**

Hah, Ilford, I had a similar problem myself almost many years ago, and solved 
it by running an ethernet cable out the window of a local ISP*

There is a large BT exchange building there (Mill House), which used to be an 
important part of 20CN (and is probably still quite useful to them, but perhaps 
not to you unless you can get radio P2P to there)

Dave.

* https://web.archive.org/web/19990208014449/http://www.leonet.co.uk/ , now 
defunct I think.

From: Richard Porter 
richard.por...@rapidtechnologies.co.ukmailto:richard.por...@rapidtechnologies.co.uk
Date: Thursday, 31 July 2014 09:42
To: Dr Adam Beaumont 
adam.beaum...@uk.aql.commailto:adam.beaum...@uk.aql.com, 
uknof@lists.uknof.org.ukmailto:uknof@lists.uknof.org.uk 
uknof@lists.uknof.org.ukmailto:uknof@lists.uknof.org.uk
Subject: Re: [uknof] ilford... connectivity.

Hi Adam,

I may be able to assist you with connectivity into the Ilford area.  Feel free 
to give me a call on 07879 631156.

Best regards,
Richard

Richard Porter
Business Development Consultant
Rapid Technologies
Mob :   07879 631156

From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Dr Adam 
Beaumont
Sent: 30 July 2014 23:27
To: uknof@lists.uknof.org.ukmailto:uknof@lists.uknof.org.uk
Subject: [uknof] ilford... connectivity.


Hey Folks,

Pick your brains ? - i need to get a site online in Ilford. Are there any 
friendly wireless ISP's or regional operators with network ? - would rather 
spend the money with a regional operator if i can !

cheers


Adam Beaumont
CEO  Founder

Text/Call: 01133 202 202 | Office: 01133 20 30 40

[cid:image001.png@01CFACA3.B7046900]

An ISO27001 and HMG Infosec accredited company. Subject to our standard terms. 
Registered in England and Wales 3663860.
No contract may be concluded on behalf of aql by means of email communication.


No virus found in this message.
Checked by AVG - www.avg.comhttp://www.avg.com
Version: 2014.0.4716 / Virus Database: 3986/7949 - Release Date: 07/30/14


t: 0151 282 1800
f: 0151 282 1832
Video Conferencing ISDN: 0151 494 3234
Video Conferencing IP: vc.rapid.co.uk

www.rapid.co.uk

This message is intended only for the use of the individual or entity to which 
it is addressed and may contain information that is privileged, confidential 
and/or exempt from disclosure. If the reader of this message is not the 
intended recipient, or an employee or agent responsible for delivering the 
message to the intended recipient, you are hereby notified that any 
dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this communication in error, please delete the 
message and any copies of it and telephone the sender or e-mail them by return. 
Although Rapid Computers Ltd believes that this message and any attachments are 
free of any viruses or other defects which may affect a computer, it is the 
responsibility of the recipient to ensure that it is free of viruses and other 
defects. Rapid Computers Ltd does not accept any responsibility for any loss or 
damage arising in any way from its receipt or use.

Rapid Computers Limited and Rapidnet Limited, trade as Rapid Technologies.
Rapid Computers Limited is a limited liability company incorporated in England 
(registered number 1524516) whose registered office is at Unit 10, Skyhawk 
Avenue, Off Banks Road, Liverpool, L19 2QR.
Rapidnet Limited is a limited liability company incorporated in England 
(registered number 3163731) whose registered office is at Unit 10, Skyhawk 
Avenue, Off Banks Road, Liverpool, L19 2QR.

 Please consider the Environment before printing this email

Re: [uknof] Possible Prefix Hijack - BGPmon alert - what to do?

[David Freedman]

https://twitter.com/bgpmon/status/451453051409154048

On 2 Apr 2014, at 21:41, Gavin Henry 
ghe...@suretec.co.ukmailto:ghe...@suretec.co.uk wrote:

Hi all,

Looking for some tips. What can I do about this? First time I've seen one.

Thanks.


-- Forwarded message --
From: BGPmon Alert i...@bgpmon.netmailto:i...@bgpmon.net
Date: 2 April 2014 21:31
Subject: BGPmon.nethttp://BGPmon.net Notification
To: ghe...@suretecsystems.commailto:ghe...@suretecsystems.com


You received this email because you are subscribed to 
BGPmon.nethttp://BGPmon.net.
For more details about these updates please visit:
https://portal.bgpmon.net/myalerts.php


Possible Prefix Hijack (Code: 10)

Your prefix:  185.8.92.0/22:
Prefix Description:   Suretec Systems Limited.
Update time:  2014-04-02 20:07 (UTC)
Detected by #peers:   1
Detected prefix:  185.8.92.0/22
Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
Provider,ID)
Upstream AS:  AS4651 (THAI-GATEWAY The Communications
Authority of Thailand(CAT),TH)
ASpath:   18356 9931 4651 4761
Alert details:
https://portal.bgpmon.net/alerts.php?detailsalert_id=41669474
Mark as false alert:  https://portal.bgpmon.net/fp.php?aid=41669474


--
*for questions regarding the change code or other question, please see:
https://portal.bgpmon.net/faq.php


Latest BGPmon news: http://bgpmon.net/blog/
 * Turkey Hijacking IP addresses for popular Global DNS providers
 * Looking at the spamhaus DDOS from a BGP perspective
 * Accidentally stealing the Internet

--
Kind Regards,

Gavin Henry.

Re: [uknof] lonap / ispa bash

[David Freedman]

I think you want

https://www.eventbrite.co.uk/event/7884672267

From: Trefor Davies 
trefor.dav...@timico.co.ukmailto:trefor.dav...@timico.co.uk
Date: Wednesday, 4 September 2013 11:21
To: uknof@lists.uknof.org.ukmailto:uknof@lists.uknof.org.uk 
uknof@lists.uknof.org.ukmailto:uknof@lists.uknof.org.uk
Subject: [uknof] lonap / ispa bash

Yo all
Lonap is having a joint bash with ISPA and you are invited. You don’t have to 
be a member of either (though the chances are you may well be a member of one 
of them). You just have to be in the industry.

Link here for more info

https://www.eventbrite.co.uk/createinvite?eid=7884672267

atb

tref

This e-mail is sent on behalf of Timico Limited, a company registered in 
England and Wales, registered number 04841830, registered office Beacon Hill 
Park, Newark, Nottinghamshire, NG24 2TN and regulated by Ofcom. The information 
in this e-mail is confidential and is intended solely for the use of that 
individual or entity to which it is addressed. Unauthorised use, dissemination, 
distribution, publication or copying of this communication is strictly 
prohibited. If you receive this in error, please notify us by email to 
priv...@timico.co.ukmailto:priv...@timico.co.uk and delete any copies. For 
information about how we process data and monitor communications please see our 
privacy 
statementhttp://www.timico.co.uk/downloads/terms/Privacy_Statement.pdf.

Re: [uknof] First one of these I've received...

[David Freedman]

On 17/04/2013 09:42, Simon Green si...@wirehive.net wrote:

Came through this morning:

Snip

I get them all the time, there is far more demand than supply right now,
I've been collecting stats from the RIPE NCC IPv4 transfer listing
service* and graphing them here:

http://www.convergence.cx/cgi-bin/v4sd.cgi




Dave. 


* Stats from the listings are made public by the NCC, the listings
themselves are only available to members.

Re: [uknof] Fwd: [swinog] IP address are now personal data

[David Freedman]

Fail.

I can see where the judge may be coming from when a residential/consumer has
a static address (and it becomes in their mind like their personal phone
number) but what about for business?

Dave.
 


On 08/09/2010 13:15, Thomas Mangin tho...@mangin.com wrote:

 FYI
 
 Begin forwarded message:
 
 From: Pascal Gloor pascal.gl...@spale.com
 Date: 8 September 2010 11:25:18 GMT+01:00
 To: swi...@swinog.ch swi...@swinog.ch
 Subject: [swinog] IP address are now personal data
 
 Dear community,
 
 something important for us happened today that may have some impact on our
 daily business.
 
 Our Federal Court just decided that IP addresses are personal data and the
 federal law about data protection must also be followed also for IP
 addresses. Collecting IP adresses for private (corporate) investigation is
 not legal. Companies like Logistep have to stop their activities
 immédiately!
 
 As ISP be carefull not to publish traffic information containing IP
 addresses.
 
 see you,
 Pascal
 ___
 swinog mailing list
 swi...@lists.swinog.ch
 http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
 
 
 
 
 

--

David Freedman
Group Network Engineering

david.freed...@uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from Claranet
Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer

Re: [uknof] Fwd: [swinog] IP address are now personal data

[David Freedman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The article at
http://www.bger.ch/index/press/press-inherit-template/press-mitteilungen.htm?id=tf1
in translation reads:


In its recommendation of 9 January 2008 held the FDPIC, the question
Aktiengesellschaft (AG) search using the software developed by the
peer-to-peer networks to illegally offer copyrighted works. When you
download these works were different transmission data recorded and
stored in a database. The data thus collected would then be passed on to
the copyright owners and used by them to identify the owner of the
Internet connection. To this end, the copyright holder filed a criminal
complaint against, among other things unknown and procured the identity
data in the inspection law. This data could then be used to assert
claims against the suspected copyright infringers. The FDPIC has
concluded that this action violated the Privacy Act and recommended the
immediate cessation of data processing. After the AG had rejected the
FDPIC came to the Federal Administrative Court, which dismissed his
action, however.

So an agent acting on behalf of a content copyright owner who used the
IP address of an alleged infringer to contact their ISP was deemed to be
in violation of the Swiss privacy act?

Madness.

Dave.


Thomas Mangin wrote:
 Hi Dave,
 
 Until I see some clearer explanation of the court decision and its 
 consequence, I will refrain from commenting, hence why I sent the message 
 untouched.
 This is however clearly something to watch closely and quite a different 
 stance that what we have been used to see.
 
 Thomas
 
 On 8 Sep 2010, at 11:25, David Freedman wrote:
 
 Fail.

 I can see where the judge may be coming from when a residential/consumer has
 a static address (and it becomes in their mind like their personal phone
 number) but what about for business?

 Dave.



 On 08/09/2010 13:15, Thomas Mangin tho...@mangin.com wrote:

 FYI

 Begin forwarded message:

 From: Pascal Gloor pascal.gl...@spale.com
 Date: 8 September 2010 11:25:18 GMT+01:00
 To: swi...@swinog.ch swi...@swinog.ch
 Subject: [swinog] IP address are now personal data

 Dear community,

 something important for us happened today that may have some impact on our
 daily business.

 Our Federal Court just decided that IP addresses are personal data and the
 federal law about data protection must also be followed also for IP
 addresses. Collecting IP adresses for private (corporate) investigation is
 not legal. Companies like Logistep have to stop their activities
 immédiately!

 As ISP be carefull not to publish traffic information containing IP
 addresses.

 see you,
 Pascal
 ___
 swinog mailing list
 swi...@lists.swinog.ch
 http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog



 --

 David Freedman
 Group Network Engineering

 david.freed...@uk.clara.net
 Tel +44 (0) 20 7685 8000

 Claranet Group
 21 Southampton Row
 London - WC1B 5HA - UK
 http://www.claranet.com

 Company Registration: 3152737 - Place of registration: England

 All the information contained within this electronic message from Claranet
 Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer


 
 


- --

David Freedman
Group Network Engineering

david.freed...@uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from
Claranet Ltd is covered by the disclaimer at
http://www.claranet.co.uk/disclaimer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyHjjgACgkQtFWeqpgEZrLWAACdFYPCiSnF42vTlBriuIEDAcFP
204An26CpgOEupPGpH9OTbRZ9DqsSYnS
=BOg2
-END PGP SIGNATURE-