Re: [uknof] Internet Issues 23/3/2021

[Stuart Henderson]

On 2021/03/24 12:38, Simon Woodhead wrote:
> LINX had some issues on LON1 which caused some sessions to drop for short 
> periods. Many
> providers elected to drop sessions which would have caused re-routing and 
> knock on consequences
> depending on other choices (e.g. adequacy of transit provision).
> 
> Note the dips about to go out of view on https://portal.linx.net

Also an associated rise on https://www.lonap.net/traffic (a new maximum
peak for a short time, but it looks like some more traffic has stayed too,
it will be interesting to see if people move back when there's an all-
clear for the problem affecting LON1).

Re: [uknof] Issues accessing RIPE services on BT

[Stuart Henderson]

On 2020/08/22 15:54, Matt McClatchey wrote:
> Hi all,
> 
> I've been unable to access RIPE NCC services from multiple BT broadband 
> connections from AS2856
> in Belfast today. This includes ripe.net, whois.ripe.net, atlas.ripe.net, 
> stat.ripe.net, which
> all appear to be up from other networks. My Atlas probe apparently 
> disconnected at about 06:45
> this morning - I assume that's around when the issue started.
> 
> Has anyone else been experiencing this, or have any insight?
> 
> Matt

https://www.ripe.net/support/service-announcements/network-outage-affecting-multiple-services

Re: [uknof] Public IPv4 Addresses Required

[Stuart Henderson]

On 2020/05/06 17:31, Paul Bone wrote:
> 
> It is what unique address are for, But it should be done with IPv6 unique 
> addresses.

For a new installation, yes.

Re: [uknof] London Dark Fibre

[Stuart Henderson]

On 2020/05/06 11:19, glen watts wrote:
> Hi All,
> 
> I'm looking for some 10G dark fibre connectivity between THN and LD8 at a 
> decent price, could a
> kind soul point me in the direction of a good supplier or could a good 
> supplier reach out to me
> please?
> 
> Much appreciated,
> 
> Glen

If it's only 10G then you might want to look at using a wavelength on somebody's
wdm system instead rather than dark fibre. There will be many options for this,
to pick one that shows prices: https://www.bogons.net/aboutus/prices.shtml

Re: [uknof] Public IPv4 Addresses Required

[Stuart Henderson]

On 2020/04/27 16:43, Paul Mansfield wrote:
> 
> I'm happy to sell the use of 100.64.44.0/23 at £10/ipv4 address. Just let me 
> know whom to
> invoice.

Only some transit providers will accept the announcements for those though ;)

Re: [uknof] Three hosed. Make it right please!

[Stuart Henderson]

On 2019/10/17 06:05, Paul Mansfield wrote:
> 
> 
> On Thu, 17 Oct 2019, 05:12 Neil J. McRae,  wrote:
> 
> Network has been down for well over 5 hours 
> 
> 
> Who provides the backhaul for Three from cell sites? Do they have a preferred 
> supplier for
> connection to any regional PoPs?

http://www.threemediacentre.co.uk/news/2018/sse-unbundling-announcement.aspx

Re: [uknof] Santander and IPv4 mapped address

[Stuart Henderson]

On 2019/06/07 17:22, Aled Morris wrote:
> I have customers with IPv6 dual stack and they are having intermittent 
> problems (SSL failure)
> connecting to Santander's retail banking portal.
> 
> Is there anyone from Santander (or with a contact in Santander) on this list?
> 
> I'm wondering if the problem is related to this:
> 
> 
> $ host retail.santander.co.uk
> 
> retail.santander.co.uk is an alias for retail.lbi.santander.uk.
> 
> retail.lbi.santander.uk has address 193.127.210.129
> 
> retail.lbi.santander.uk has IPv6 address :::193.127.210.129
> 
> 
> Aled
> 

They have been doing that since at least Oct 2017, probably earlier.
I would have thought "happy eyeballs" in browsers would usually mask the
problem though.

Re: [uknof] defensive domain registration - yes or no?

[Stuart Henderson]

On 2019/04/27 08:27, Greg Choules wrote:
> Hello all.
> This is a straw poll, to see what people think, and why, on whether it is 
> important to register
> multiple domains - say, to protect your brand. Or whether it's chasing the 
> rabbit down the
> hole.

If multiple domains are registered and actually used for anything,
make sure someone is keeping an eye on them - expiring domains can
result in some bad situations.

https://news.netcraft.com/archives/2019/04/15/well-known-uk-bank-vulnerable-to-impersonation-for-five-years.html

Re: [uknof] BT/EE and Vodafone - why the split?

[Stuart Henderson]

On 2019/02/08 01:05, Tom Hill wrote:
> On 07/02/2019 22:26, Gavin Henry wrote:
> > Does anyone have an insight as to why EE kicked Vodafone off their
> > network last Friday at 5pm?
> 
> 
> "kicked [them] off their network" in what context of network?

https://aastatus.net/27798 - this will relate to the EU SIP2SIM cards
which use Vodafone NL.

Re: [uknof] Office fitout - ISP + Ubiquiti wifi/security cams

[Stuart Henderson]

On 2018/12/18 07:37, Andrew Langhorn wrote:
> I have Ubiquiti devices in my flat - can’t fault them. Work a charm.
> 
> They can do DPI etc but remember the more stuff your edge firewall has to do, 
> the more that CPU
> is whirring away and the slower packet delivery might become.
> 
> I’d question the clipboardies and ask them why that’s as valuable as they 
> seem to think it

And the more it's doing (especially things like DPI which involves
more complex packet parsing) the greater the attack surface.

Re: [uknof] Office fitout - ISP + Ubiquiti wifi/security cams

[Stuart Henderson]

75 :)

On 2018/12/06 16:24, Catalin Dominte wrote:
> 37 minutes left before the winner is announced .
> 
>  
> 
>  
> 
>  
> 
> Catalin Dominte
> 
>  
> 
> From: Paul Mansfield 
> Date: Thursday, 6 December 2018 at 16:15
> To: Catalin Dominte , "uknof@lists.uknof.org.uk"
> 
> Subject: Re: [uknof] Office fitout - ISP + Ubiquiti wifi/security cams
> 
>  
> 
>  
> 
> Every single candidate, i.e. impossible to fail.
> 
>  
> 
> On Thu, 6 Dec 2018, 13:23 Catalin Dominte  
> Regarding Sparkies, my brother recently went through the certification to 
> be able to do
> electrical installations as well, and out of 3 classes of 20, anyone 
> cares to guess how
> many ended up with the actual certification? I'll send a pack of beers to 
> the closest
> answer by the end of the day
> 

Re: [uknof] Power Delivery Definitions

[Stuart Henderson]

On 2018/10/17 11:02, Robert Williams wrote:
> 
> We are, by comparison to them, a small operator in terms of size/scale
> - they are in the billions globally, so we honestly just presumed that
> something which is sold using those words (after requesting diversity
> as we did) would definitely not be just two feeds from the same bar.
> Lesson very much learnt…!!

Sounds pretty weird that an operator of that scale would be doing
that as common practice.

Could it just be a simple case of them giving you two distro's off a
single feed by mistake? Are you able to talk to someone actually on
the ground in ops at the DC about it or do they just defer you to
"procedures"?

Re: [uknof] London broadband issue?

[Stuart Henderson]

On 2018/09/26 10:50, Simon Jones wrote:
> Hello folks,
> 
>  
> 
> We’re getting a large influx of calls from our broadband customers all over 
> London – anyone
> notice if something major has broken?

Seems that way.

A: [Minor] Broadband: BT Lines dropped in London area (Open)
Zen: #5226 Routing & Core Network - Nationwide Outage (New)
Entanet: Incident: Columbo DSL

[uknof] fs reliability

[Stuart Henderson]

I've been trying out FS transceivers. Nothing fancy, just 10Gb LR SFP+
for data centre interconnects etc. Out of 8 deployed there have been
2 where the link has failed, then the reported Tx power from DOM has
shown as -40.0 dBm - one shortly after deploying, one after ~2 months.
Worse still it's intermittent, they have come back to life afterwards.
fs support think this is faulty modules rather than a switch problem.

I wondered if anyone else is seeing a similar failure mode, or what
sort of failure rate you're seeing? (FS themselves are claiming <1.5%
but then they would, wouldn't they..)

Should I just buy flexoptix? They are over twice the price though it
doesn't take many train tickets to London to cover that ..

Re: [uknof] virus in attachment from john.bou...@mobileinternet.com

[Stuart Henderson]

On 2018/07/04 12:40, Paul Mansfield wrote:
> I'm wondering how the unique email address I use for UKNOF got leaked.
> 
> I received a reply to an email from john.bou...@mobileinternet.com,
> with the body being this:
> > Hi,
> > Please see attached, let me know if you have questions!
> > Thanks
> > John
> 
> What makes this remarkable is that the message pretends to be a reply
> to an email I send in March 2015! The attachment is called
> "ETF_Inquiry.doc".
> 
> Did anyone else get this? And did anyone analyse the attachment?
> 

Yes, I had four copies with the same content/file. Doesn't look like
something you would want to open.

https://www.virustotal.com/#/file/4223f40b2ebdcaed227f7e72dd8aed6242b76b56db83bcae88d851e91ba1e029/details


Return-Path: 
X-Original-To: s...@spacehopper.org
Delivered-To: st...@symphytum.spacehopper.org
Received: from atl4mhob21.registeredsite.com (atl4mhob21.registeredsite.com 
[209.17.115.115])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by symphytum.spacehopper.org (Postfix) with ESMTPS id 41KhlP3CyZzC1Sh
for ; Tue,  3 Jul 2018 12:31:07 +0100 (BST)
Received: from mailpod.hostingplatform.com 
(atl4qobmail01pod1.registeredsite.com [10.30.71.113])
by atl4mhob21.registeredsite.com (8.14.4/8.14.4) with ESMTP id 
w63BV49H089440
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 
verify=FAIL)
for ; Tue, 3 Jul 2018 07:31:04 -0400
Received: (qmail 38442 invoked by uid 0); 3 Jul 2018 11:31:04 -
X-TCPREMOTEIP: 178.128.255.79
X-Authenticated-UID: john.bou...@mobileinternet.com
Received: from unknown (HELO localhost) 
(john.bou...@mobileinternet.com@178.128.255.79)
by 0 with ESMTPA; 3 Jul 2018 11:31:03 -
Date: Tue, 3 Jul 2018 11:30:30 +
To: s...@spacehopper.org
From: John Bourke 
Subject: Re: Re: [uknof] Layer 2 from Ireland to london
Message-ID: <864dc40c4ede97636a3b65781f2d9563@127.0.0.1>
X-Mailer: Outlook
In-Reply-To: <7b711c18-8a2e-46c7-a466-d1035ae42...@domino.org>
References: <7b711c18-8a2e-46c7-a466-d1035ae42...@domino.org>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_864dc40c4ede97636a3b65781f2d9563"

Re: [uknof] GeoCaching of new netblock - customers can't reach UK catchup TV or Netflix :(.

[Stuart Henderson]

On 2018/06/12 14:45, Stephen Wilcox wrote:
> 
> 
> On 12 June 2018 at 14:39, Stuart Henderson  wrote:
> 
> On 2018/06/12 13:45, Stephen Wilcox wrote:
> > Looks Bulgarian to me, and I'm not even a robotic geocache..
> >
> > inetnum:        185.161.4.0 - 185.161.7.255
> > netname:        BG-UEDELTA-20160726
> 
> The RIPE db entry looks alright to me, specifically:
> 
> > country:        GB
> 
>                   ^^ this is set correctly
> 
> 
> I also saw that, but the fact that he is not getting the right geoloc in 
> practice from everyone
> suggests that is not what all the providers are using...

Record last updated a couple of weeks ago, if that's when the country
change was made I think it would be unlikely for many geoloc providers to
have picked it up by themselves without a prodding..

> One specific problem you will have is that if people are using the old
> free MaxMind geolite database, there are *no* more updates, the last one
> available lists you in Bulgaria. So people using this will either need
> to pay for the commercial database (which still gets updates for a
> little while longer) or rewrite their code against the libmaxminddb
> API instead which is a lot more to ask of the site operator than "please
> update your database to the newest".. Consolation there is that this is
> likely to be small/less important sites.

btw, more info on this at
https://blog.maxmind.com/2018/01/02/discontinuation-of-the-geolite-legacy-databases/

Re: [uknof] GeoCaching of new netblock - customers can't reach UK catchup TV or Netflix :(.

[Stuart Henderson]

On 2018/06/12 13:45, Stephen Wilcox wrote:
> Looks Bulgarian to me, and I'm not even a robotic geocache..
> 
> inetnum:        185.161.4.0 - 185.161.7.255
> netname:        BG-UEDELTA-20160726

The RIPE db entry looks alright to me, specifically:

> country:        GB

  ^^ this is set correctly

> organisation:   ORG-UDPO1-RIPE
> org-name:       UE Delta Prod OOD
> org-type:       LIR
> address:        10 Stefan Karadzha Street, Office 4
> address:        7002
> address:        Ruse
> address:        BULGARIA
> phone:          +35982518880

The org country shouldn't matter too much, an organisation can have
IP resources in multiple countries, and you can use an LIR from a different
country. The rest of the entry (things like mnt-by, mnt-routes) matches up
with what you might expect to see on a resold block.

> I’ve recently bought an IP block from a Bulgarian ISP for use on our 
> network. The block
> is correctly designated as a UK block now, but it appears that a 
> bunch of service
> providers still think that it’s eastern block :(, and so I’ve got new 
> customers who are
> being rejected from TV services such as NetFlix/BBC iPlayer/catchup 
> tv, etc.
> 
> Does anyone have a contact any Netflix, or the BBC (or C4/ITV?) that 
> I speak to to try
> and get this resolved quickly? It looks like MindMax have it 
> correctly designated as UK
> so it’s likely to be a local geocache at the service providers.

There are a bunch of different companies providing geolocation services.
You'll find some of them listed at
https://superuser.com/questions/84891/is-it-possible-to-correct-my-geoip-location
and may need to prod them separately if they don't pick it up quickly enough
by themselves.

One specific problem you will have is that if people are using the old
free MaxMind geolite database, there are *no* more updates, the last one
available lists you in Bulgaria. So people using this will either need
to pay for the commercial database (which still gets updates for a
little while longer) or rewrite their code against the libmaxminddb
API instead which is a lot more to ask of the site operator than "please
update your database to the newest".. Consolation there is that this is
likely to be small/less important sites.

Re: [uknof] pockethernet

[Stuart Henderson]

On 2017/07/27 16:10, Paul Mansfield wrote:
> in case anyone's been thinking of buying one and isn't on their
> mailing list, there's a 10% discount on for one day "sysadmin day".

Are they any good?

Re: [uknof] Virgin Media fibre expansion

[Stuart Henderson]

On 2017/06/01 13:56, Alex Harrowell wrote:
> IIRC one of the US cablecos had a wireless broadband product called OMG
> FAST!

And verizon were dismissive in advertisements about their "half-fast"
competitors with low upstream speeds :)

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[Stuart Henderson]

>  Original message 
> From: Jack Kay 
> 
> Maplins appear to sell patch leads but no optics.. helpful.

On 2017/03/20 09:13, Peter Knapp wrote:
> You cant really expect them to sell sfps though given branded
> manufacturers are all device coded (including Advas)

Maybe flexoptix could do a deal with them :)

Re: [uknof] Investigatory Powers Act

[Stuart Henderson]

On 2016/11/30 16:48, Pete Stevens wrote:
> However, viewing dangerous right wing material leading to overthrow of
> the government in a referendum (e.g. the Telegraph homepage) generated
> 215 ICRs when I just measured it with most web requests generating 50-100
> ICRs per pageview.

Map tiles are fun too.

> (i) That's going to be a lot of data. Invest in disks.
> (ii) You'll need DPI to sniff the SNI destination URL from https
> connections.

Even though encrypted SNI doesn't seem to be mentioned any more in the
TLS 1.3 discussions,, if you're reconnecting to a server and are doing 0-RTT,
the SNI destination could be in the encrypted part of a connection, so at
least in those cases it's going to be hard to figure out how long a
"session" to a certain website has lasted.

> (iii) What do you do for UDP? Do you log every NTP/DNS/VPN packet?

That's going to be a lot of traffic if a botnet is making high-volume
DNS/NTP requests.

Don't forget traffic from some browsers to some servers are over UDP too
(QUIC). Google use this for "data saver" proxying as well as for their own
hosted services.

> (iv) Imagine SQLSlammer2. How do you log that?

On a huge wall of hard drives stretching the length of the country :-)

Re: [uknof] IPv6 adoption approaching 16% in UK

[Stuart Henderson]

On 2016/11/08 15:38, Personal wrote:
> Not that hard to migrate BGP or static for an SMB.

Migrating a setup that's using a standard NAT+dynamic IP on v4 to a
setup using dynamic addressing on v6 is harder though. I think this is
where quite a few SMBs will become unstuck. It's going to take some a
while to get a good understanding of things like ULA and the concept
of machines having addresses from multiple prefixes.

Re: [uknof] Disable calls on phone line bearing xDSL?

[Stuart Henderson]

On 2016/05/26 08:36, a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
> > > Is there anyone out there who can provide xDSL (fttc preferably) with a 
> > > non-working phone line?
> > 
> > We get a WLR POTS with no call plan (so emergency only) when
> > customers want one to go with our ADSL/FTTC
> 
> one thing to be aware of that I've encountered through several parties
> some stuff is badly documented or marked up and it appears that when engineers
> need to find a spare circuit they just check for dial-tone being present
> and if none, pull the circuit for their own use to clear another request.
> so circuits with no phone line in the plan are at risk.

It needs more than dialtone in some cases, see
http://www.okcheersbye.co.uk/kelly-communications/.

A play a recorded message (and IIUC log these being played)
to mitigate this.

Re: [uknof] Openreach withdrawal of FTTC CPEs

[Stuart Henderson]

On 2015/09/10 13:59, Neil J. McRae wrote:
> 
> > On 10 Sep 2015, at 13:07, Gord Slater  wrote:
> > 
> > But like Brandon says, that's another issue - it's the end-end+demark
> > principle. I see this as BT Group washing their hands of things as a
> > business tactic to raise profits on SFI visits and dodge out of fixing
> > the faults in their plant. I can see only one winner there.
> 
> What absolute codswallop.
> 
> "Dodge out of fixing the faults" ?! If there is a problem and it
> needs fixing then we want to fix it. We want customers to be happy,

When you have a line fault and are stuck in a loop of "talk to BT call
centre in the evening, they pass things onto OR to look at the next day,
rinse & repeat" with OR disputing the information given by the customer,
it really doesn't feel like this is the case.

Do BT do any "secret shopper" tests of fault resolution going through
the whole standard end-user procedure? Few people I've known that have
had faults have been entirely happy about how it was handled.

Re: [uknof] £ per IP

[Stuart Henderson]

On 2015/04/14 02:09, Tom Hill wrote:
 On 2015-04-13 13:52, Simon Green wrote:
 We're just about to go out to try and acquire some more address space.
 
 I'm wondering if anyone on the list knows what the going rate is and
 what I should expect when I start looking around?
 
 You probably can't go far wrong firing off some emails to the vendors found
 here: https://lirportal.ripe.net/member-to-member/ (RIPE LIR login
 required).
 
 If you request quotes from enough vendors, one would hope it will shield you
 from any immediate danger of price fixing. :)

Just be aware that any space you get from another LIR now is going to be
from a PA block, so a) they can ask for it back or change terms and b) it's
a pretty good idea to have either a tunnel or transit from the network
which is announcing the wider prefix.

Personally at this point I wouldn't be looking at sources for addresses
other than RIPE unless I had already run out of the last /22 available from
them.. If you aren't running a multi homed network / BGP yourselves then
you could at least ask an upstream to announce it for you.

Re: [uknof] DNS Issue - Expenential-e / newham.gov.uk

[Stuart Henderson]

On 2015/02/02 16:46, Stuart Henderson wrote:
 On 2015/02/02 16:27, Richard Carde wrote:
  Can anyone from Exponential-e confirm if they had DNS issues today?
  
  Google DNS and OpenDNS are caching dodgy records for the newham.gov.uk
  domain.
  
  Verisign Labs DNS Debugger indicates Exponential-e servers have
  poisoned A records somewhere / somehow.
  
  http://dnssec-debugger.verisignlabs.com/newham.gov.uk
  
  newham.gov.uk
  
  No DS records found for newham.gov.uk in the gov.uk zone
  No DNSKEY records found
  Query to auth0.expontential-e.net/50.57.203.17 for newham.gov.uk/A
   ^
 
 Looks like this was typo'd.

Either on the auth server or the gov.uk servers, I mean.

Aha - it's still there:

$ drill newham.gov.uk. ns @ns2.ja.net.
;; -HEADER- opcode: QUERY, rcode: NOERROR, id: 44654
;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 2 
;; QUESTION SECTION:
;; newham.gov.uk.   IN  NS

;; ANSWER SECTION:

;; AUTHORITY SECTION:
newham.gov.uk.  86400   IN  NS  auth1.expontential-e.net.
newham.gov.uk.  86400   IN  NS  auth0.expontential-e.net.
newham.gov.uk.  86400   IN  NS  ns3.newham.gov.uk.
newham.gov.uk.  86400   IN  NS  ns4.newham.gov.uk.

;; ADDITIONAL SECTION:
ns3.newham.gov.uk.  86400   IN  A   151.133.2.109
ns4.newham.gov.uk.  86400   IN  A   151.133.2.110

;; Query time: 17 msec
;; SERVER: 193.63.105.17
;; WHEN: Mon Feb  2 17:07:58 2015
;; MSG SIZE  rcvd: 157

 OpenDNS and Google DNS both allow you to forcibly flush an entry.
 
 http://cachecheck.opendns.com/
 https://developers.google.com/speed/public-dns/cache

...but this won't help if the glue is still broken.

Re: [uknof] DNS poll - what do you use?

[Stuart Henderson]

On 2014/12/03 11:27, David Reader wrote:
 nsd does require a hard kick to add/remove zones

nsd4 doesn't

Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Stuart Henderson]

On 2014/04/21 11:00, Gavin Henry wrote:
 
 On 21 Apr 2014 10:30, Paul Mansfield paul+uk...@mansfield.co.uk
 wrote:
 
  I'd still use the security setting if possible even if you think it's
 unnecessary... to avoid fat finger breakage.
 
 Yep,  makes sense. 
 

This isn't exactly the highest quality code in the world anyway, but
even the authors think that the option you need to set to allow this hole
is dangerous enough that you need to compile it with a special argument,
and set a config option to enable it, which has the following description:

--
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed.  This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.  
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=0
--

Re: [uknof] Openbgpd for BGP peering with LINX and media converter requirement

[Stuart Henderson]

On 2014/03/26 23:12, Randhir Prakash wrote:
 My openbsd box is virtualized on xenserver. I dont know which fiber nic
 is more compatible with xenserver. 

While I could possibly understand that for something like a route server,
that's an additional layer that I would not want in my forwarding path...

As for nics, no idea about xenserver specifically, but HotLava Systems
have cards with 2/4/6 SFP or SFP+ based on Intel controllers which have
pretty good OS compatibility.

Re: [uknof] Openbgpd for BGP peering with LINX and media converter requirement

[Stuart Henderson]

On 2014/03/25 21:50, Randhir Prakash wrote:
 Hi,
 
  
 
 This is my first post as a community member !
 
  
 
 I wish to use a Openbgpd using OpenBSD box to connect and peer with
 LINX members.
 
 I would like to know
 
 A) Has anyone in the UKNOF community heard of any other network
 operator working successfully with this setup?
 
 B) LINX provides connectivity using Single Mode Fiber in Telehouse
 North. I am looking to learn more about how to connect the Openbsd box
 Ethernet network to fiber network of LINX i.e. Media converter vs a
 managed switch. and what make and models will be best option ? I am
 looking for a cost effective and flexible solution either Media
 converter vs a managed switch.

Why not just use a fibre NIC directly?

Re: [uknof] BT/Yahoo Mail Cry for Help!

[Stuart Henderson]

On 2013/12/02 15:27, Marcus Taylor wrote:
 We hit a similar problem with Critical Path [cpcloud.co.uk] - it was
 found that their DNS lookup would be in uppercase and a bug in a Cisco
 ASA firewall in the path was dropping the request.
 
 Not sure if this is a similar issue.

Looks like it.

$ dig +short 242.22.0.134.in-addr.arpa. ptr @ns1.c-it.co.
shared4.wirehive.net.
$ dig +short 242.22.0.134.in-addr.ARPA. ptr @ns1.c-it.co. 
;; connection timed out; no servers could be reached

 A while ago CISCO released an update to their IOS firmware that
 introduced a bug. As a consequence, it no longer accepted PTR lookups
 that used uppercase alphabetic characters.

Interesting. Note that this will also break lookups for people using
resolvers that implement draft-vixie-dnsext-dns0x20-00 (for example unbound
with the use-caps-for-id option).

Re: [uknof] First one of these I've received...

[Stuart Henderson]

On 2013/04/17 12:14, Alasdair Lumsden wrote:
 On 17/04/2013 12:07, Ricky Blaikie wrote:
 what's considered to be the smallest v4 block which would be globally 
 routable given BGP prefix filtering?
 
 
 /24 isn't it?
 
 We announce a /24 of PI space on behalf of one of our clients and
 periodically (although not frequently) they find places they can't
 reach due to aggressive prefix filtering. But on the whole it seems
 completely usable.
 
 I would expect a /25 to be a very different story though.
 

/24 from a block that was originally used for /24's (swamp or LIR PI
assignments) seems to be fairly OK, but I have heard of people having
bigger problems when they try and route a /24 carved from a larger
PA block routed separately from that block. (Yes it is meant to be
aggregated, but there is no other source of address space for small
networks who want to start multi homing in the RIPE region now,
so I think we can expect to see use of this increasing).

Re: [uknof] Need advice on L2TP/WBMC or other wholesalers

[Stuart Henderson]

On 2013/01/16 16:36, Ronan Mullally wrote:
 [1] Bastardised as only mobile operators can do - there was a PPP proxy
 sitting somewhere in the middle which didn't do things like IPv6.

The PPP session you make when you connect a computer to a 3G modem/phone
is with the modem/phone itself, it isn't end-to-end to the provider.

Re: [uknof] A dual stack London2012?

[Stuart Henderson]

On 2012/01/13 23:49, Paul M wrote:
 I have an interesting idea. A lot of these consumer grade CPEs haven't
 sufficient ROM/RAM to do dual stack. So, throw out the IPv4 stack
 altogether. Get rid of the nat, port mapping, all the crappy broken
 SIP ALGs etc, everything required to make room.
 
 Leave only IPv6, with stateful firewall.
 
 Then, have the ISP do some magic* to make IPv4 visible.
 * I'll leave it as an exercise to those more sober and less tired to
 solve that problem. But I guess it'd mean some clever DNS
 capture/re-map for all locations which don't have  addresses,
 remap them to a local 6 to 4 proxy.

By itself it's not enough, there are plenty of things people might want
to run that don't use DNS. So if you're going to need v4 stacks and at least
some v4 nat anyway to give expected levels of service, I think there's little
point in adding comparatively untested nat64 gateways and synthesizing^Wforging
DNS responses..

Re: [uknof] A dual stack London2012?

[Stuart Henderson]

On 2012/01/12 20:03, Tom Bird wrote:
 On 12/01/2012 16:52, Simon Lockhart wrote:
 
 This was discussed at a recent LINX meeting, after a presentation from BT on
 their network for Olympics 2012, and the answer is no, it will not be IPv6
 enabled - it was considered too much risk for no technical gain (i.e. there's
 nothing that can't be done on IPv4).
 
 Macs, Linux and even Windows these days will take a v6 address out of
 the box if it sees a router advertisement,

Perhaps some friendly user of this service will setup a tunnel and
make router advertisements so others on their shared lan will get v6
routed through their machine.

Or on the other hand, perhaps some unfriendly user of this service
will setup a tunnel and make router advertisements so others on
their shared lan will get v6 routed through their machine