Re: Hurricane Electric AS6939

On Tue, 13 Oct 2020 23:29:55 + Aaron Gould wrote: > Do y’all like HE for Internet uplink? I’m thinking about using them > for 100gig in Texas. It would be for my eyeballs ISP. We currently > have Spectrum, Telia and Cogent. The price is usually amongst the lowest you'll find. I've found

RE: Hurricane Electric AS6939

Don’t you have to be there to join? I’m in Austin and San Antonio -Aaron From: Mike Hammett Sent: Tuesday, October 13, 2020 7:20 PM To: Aaron Gould Cc: nanog@nanog.org Subject: Re: Hurricane Electric AS6939 https://bgp.he.net/AS16527 You don't appear to be on any IXes.

RE: Hurricane Electric AS6939

I have to be in Dallas for that right? I’m in Austin (Data Foundry) and San Antonio (100 Taylor) -Aaron From: Ryan Hamel Sent: Tuesday, October 13, 2020 6:34 PM To: Aaron Gould Cc: nanog@nanog.org Subject: Re: Hurricane Electric AS6939 You would get better peering from Equinix

Re: Ingress filtering on transits, peers, and IX ports

On 10/13/20 8:04 PM, Eric Kuhnke wrote: If I had a dollar for every 'scary security alert' email received in a NOC email inbox from a 'security researcher group' that is the results of a port scan, or some small subset of trojan infected residential endpoint computers attempting outbound

Re: Ingress filtering on transits, peers, and IX ports

If I had a dollar for every 'scary security alert' email received in a NOC email inbox from a 'security researcher group' that is the results of a port scan, or some small subset of trojan infected residential endpoint computers attempting outbound connections on ($common_service_port), or

Re: Ingress filtering on transits, peers, and IX ports

Once upon a time, Eric Kuhnke said: > Considering that one can run an instance of an anycasted recursive > nameserver, under heavy load for a very large number of clients, on a $600 > 1U server these days... I wonder what exactly the threat model is. A customer forwarded one of these notices to

Re: Residential GPON last mile for network engineers (Telus AS852 and others)

On 2020-10-13 6:38 p.m., Eric Kuhnke wrote: Any insights as to what the configuration of the Telus AS852 GPON network looks would be helpful. Or other observations in general on technically-oriented persons who are doing similar with other ILECs. I have heard rumors that Telus's GPON

Re: Virginia voter registration down due to cable cut

On Tue, 13 Oct 2020 17:11:53 -0400, Christopher Morrow said: > sorry I meant that: 1) yes clearly it's still the middle of > roadwork/backhoe season, 2) i'm surprised that a single path failure > for their production datacenter was enough to take the system offline. > 'spof' there meant: "Wow, a

Re: Residential GPON last mile for network engineers (Telus AS852 and others)

Very interesting. Looks like the intention is to bypass the ONT entirely and use a GPON ONT SFP in ones own choice of small home router. If the ISP wants to do some weird TR069 provisioning or other stuff it could be seen as interfering with the proper management of their network if you remove the

Re: Residential GPON last mile for network engineers (Telus AS852 and others)

I don't have any particular insights for Telus, but there is a huge thread about bypassing Bell ONTs on DSLReports: https://www.dslreports.com/forum/r32230041-Internet-Bypassing-the-HH3K-up-to-2-5Gbps-using-a-BCM57810S-NIC Cheers, Eric On Oct 13 2020, at 9:38 pm, Eric Kuhnke wrote: > With the

Re: Ingress filtering on transits, peers, and IX ports

Aside from the BCPs currently being discussed for ingress filtering, I would be very interested in seeing what this traffic looked like from the perspective of your DNS servers' logs. I assume you're talking about customer facing recursive/caching resolvers, and not authoritative-only

Re: Ingress filtering on transits, peers, and IX ports

Specifically with regards to “Don’t accept your own prefix”, this poses an interesting challenge for the original notice sent out by the security researchers. It is not uncommon today for various content networks (and others) to operate multiple “island networks” with a single ASN. For

Residential GPON last mile for network engineers (Telus AS852 and others)

With the growth of gigabit class single fiber GPON last mile services, I imagine a number of people reading the list must have subscribed to such by now. Something that I have observed, and shared observations with a number of colleagues, is that very often a person who works for ($someAS) lives

Re: Hurricane Electric AS6939

Side note, they don’t support any traffic engineer aside from prepends but no complaints Besides that. On Oct 13, 2020, at 8:25 PM, Mike Hammett mailto:na...@ics-il.net>> wrote: https://bgp.he.net/AS16527 You don't appear to be on any IXes. Definitely join some IXes before buying another

Re: Hurricane Electric AS6939

https://bgp.he.net/AS16527 You don't appear to be on any IXes. Definitely join some IXes before buying another 100G of transit. DFW has a couple and there are some more that are starting up. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers

Re: Hurricane Electric AS6939

On 10/13/20 5:10 PM, Darin Steffl wrote: You would do well to add them to your mix and remove one of the other ones. I'd probably remove spectrum and replace with HE. We've only had 30 minutes of downtime total in 5 years so they've been very reliable for us. I removed Spectrum (Charter)

Re: Hurricane Electric AS6939

In Minnesota, hurricane has the lowest latency and most routes out of our state. I can reach most destinations with lower latency than any other carrier I've tested. Their NOC is great and easy to reach. Billing is perfect and predictable with no hidden fees or surcharges in the fine print. And

Re: Hurricane Electric AS6939

On 10/13/20 7:29 PM, Aaron Gould wrote: Do y’all like HE for Internet uplink? I’m thinking about using them for 100gig in Texas. It would be for my eyeballs ISP. We currently have Spectrum, Telia and Cogent. They're a good bulk/budget option in a blend. A decent number of content hosts

Re: Ingress filtering on transits, peers, and IX ports

Hi, Brian Check RFC3704/BCP84 Ingress Filtering for Multihomed Networks (Updated by: RFC8704 Enhanced Feasible-Path uRPF). Ingress Access Lists require typically manual maintenance, but are the most bulletproof when done properly; typically, ingress access lists are best fit between

Re: Hurricane Electric AS6939

sounds like he needs full routes.. On Tue, Oct 13, 2020 at 4:36 PM Ryan Hamel wrote: > You would get better peering from Equinix IX, which includes free HE IPv4 > Peering + IPv6 Transit > > Ryan > On Oct 13 2020, at 4:29 pm, Aaron Gould wrote: > > Do y’all like HE for Internet uplink? I’m

Re: Hurricane Electric AS6939

You would get better peering from Equinix IX, which includes free HE IPv4 Peering + IPv6 Transit Ryan On Oct 13 2020, at 4:29 pm, Aaron Gould wrote: > Do y’all like HE for Internet uplink? I’m thinking about using them for > 100gig in Texas. It would be for my eyeballs ISP. We currently have

Hurricane Electric AS6939

Do y’all like HE for Internet uplink? I’m thinking about using them for 100gig in Texas. It would be for my eyeballs ISP. We currently have Spectrum, Telia and Cogent. -Aaron

Re: Ingress filtering on transits, peers, and IX ports

Hi Mel, My understanding of uRPF is: * Strict mode will permit a packet only if there is a route for the source IP in the RIB, and that route points to the interface where the packet was received * Loose mode will permit a packet if there is a route for the source IP in the RIB. It does not

RE: Ingress filtering on transits, peers, and IX ports

That’s an interesting suggestion There are 2 modes for uRPF. Loose and strict. Which one would you recommend in this scenario and why? There are many ways to solve this and definitely uRPF is one layer of defense. But, probably not the best alone. I advocate a 3 layers approach.

Re: Ingress filtering on transits, peers, and IX ports

Matt Harris|Infrastructure Lead Engineer 816-256-5446|Direct Looking for something? Helpdesk Portal|Email Support|Billing Portal We build and deliver end-to-end IT solutions. On Tue, Oct 13, 2020 at 5:22 PM Mel Beckman wrote: > You can also use Unicast Reverse Path Forwarding. RPF is more

Re: Ingress filtering on transits, peers, and IX ports

You can also use Unicast Reverse Path Forwarding. RPF is more efficient than ACLs, and has the added advantage of not requiring maintenance. In a nutshell, if your router has a route to a prefix in its local RIB, then incoming packets from a border interface having a matching source IP will be

Ingress filtering on transits, peers, and IX ports

We recently received an email notice from a group of security researchers who are looking at the feasibility of attacks using spoofed traffic. Their methodology, in broad strokes, was to send traffic to our DNS servers with a source IP that looked like it came from our network. Their attacks

Re: Virginia voter registration down due to cable cut

On Tue, Oct 13, 2020 at 2:41 PM Sean Donelan wrote: > > On Tue, 13 Oct 2020, Christopher Morrow wrote: > > spof > > > > the vita folk have a history of 'not really understanding large scale > > compute/network operations' :( > > Reportedly, the VITA data center and Virginia voter registration

Re: Passive Wave Primer

From the perspective of a large carrier, spectrum is an operational nightmare. At a former $dayjob it was an “offering” in the sense that we had deployed it, told customers we offered it but wouldn’t actually deploy it anymore. Logistically there are a lot of potential points of failure once

Re: Passive Wave Primer

On 10/13/20 4:01 PM, Mike Hammett wrote: It seems incredibly simple to do, depending on the capabilities of your platform. What am I missing? If the span between the mux/demux pair is entirely passive, it's fairly straightforward. That's going to limit distances to around 80km or so with

Re: Passive Wave Primer

Thanks for the explanation, I always thought 'waves' were 'alien waves' I guess, I thought you had to coordinate the channel and you used wdm optics, I didn't realize they normally are provisioned with ethernet to a OTN then get channelized, good info. On Tue, Oct 13, 2020 at 11:36 AM Tony Wicks

Re: Passive Wave Primer

On 10/13/20 3:35 PM, Tony Wicks wrote: We sell some wavelengths on passive CWDM/DWDM path's between Datacentres (less than 80Km) to customers to spread the cost of leasing the dark fibre. But yes, as far as long distance (apart from bespoke offerings) I'm yet to see a productised alien wave

Re: Passive Wave Primer

It seems incredibly simple to do, depending on the capabilities of your platform. What am I missing? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Brandon Martin" To: nanog@nanog.org Sent:

RE: Juniper configuration recommendations/BCP

IOS-XR accepts extended communities and large communities by default. You have to enable to send them, but not receive. Regards, Jakob. -Original Message- Date: Mon, 12 Oct 2020 15:06:05 +0100 From: Here's a fun one. By default Junos accepts extended communities on any BGP session (not

Re: Passive Wave Primer

I know there are some European carriers that offer this as a fully productized service, Colt and euNetworks come to mind. Best regards, Martijn From: NANOG on behalf of Tony Wicks Sent: 13 October 2020 21:35 To: 'Brandon Martin' Cc: nanog@nanog.org Subject:

RE: Passive Wave Primer

We sell some wavelengths on passive CWDM/DWDM path's between Datacentres (less than 80Km) to customers to spread the cost of leasing the dark fibre. But yes, as far as long distance (apart from bespoke offerings) I'm yet to see a productised alien wave service. If you are spending all that money

Re: Passive Wave Primer

On 10/13/20 8:27 AM, Rod Beck wrote: Looking for a tutorial on passive waves. How it works. Pros and cons. . If you're talking about what I think you are, the term the folks who make the transport gear seem to use is "spectrum" as in you (as service provider) sell your customer some portion

Re: Virginia voter registration down due to cable cut

On Tue, 13 Oct 2020, Christopher Morrow wrote: spof the vita folk have a history of 'not really understanding large scale compute/network operations' :( Reportedly, the VITA data center and Virginia voter registration system is back up. According to VITA, a Verizon fiber was struck during

RE: Passive Wave Primer

An Alien wave comes in from an external source, for an example a customer has WDM optics in their kit. A normal wave the “customer” connects with a normal 10GE/100GE (or whatever is appropriate) and a line card on the OTN platform “grooms” that to the appropriate WDM channel. From: NANOG

Re: Passive Wave Primer

What is the difference between a normal wave and a alien wave? On Tue, Oct 13, 2020, 6:36 AM James Jun wrote: > On Tue, Oct 13, 2020 at 12:27:44PM +, Rod Beck wrote: > > Dear Network Gurus, > > > > Looking for a tutorial on passive waves. How it works. Pros and cons. . > > > > Essentially,

Re: Virginia voter registration down due to cable cut

spof the vita folk have a history of 'not really understanding large scale compute/network operations' :( On Tue, Oct 13, 2020 at 11:06 AM Sean Donelan wrote: > > > On the last day of Virginia voter registration, the state-wide voter > registration system experienced a cable cut disrupting

Virginia voter registration down due to cable cut

On the last day of Virginia voter registration, the state-wide voter registration system experienced a cable cut disrupting access to the state-wide database system. Absent clear and convincing evidence otherwise, the problems will likely be caused by the usual stupid stuff. VITA

Re: Passive Wave Primer

On Tue, Oct 13, 2020 at 12:27:44PM +, Rod Beck wrote: > Dear Network Gurus, > > Looking for a tutorial on passive waves. How it works. Pros and cons. . > Essentially, you're providing a channel off of your DWDM filters for someone else to pass light. Commonly in the market, a "wavelength"

Passive Wave Primer

Dear Network Gurus, Looking for a tutorial on passive waves. How it works. Pros and cons. . Thanks. Best, Roderick. Roderick Beck VP of Business Development United Cable Company www.unitedcablecompany.com New York City & Budapest