Re: Addressing plan exercise for our IPv6 course
On Jul 24, 2010, at 10:35 PM, Doug Barton wrote: On Sat, 24 Jul 2010, Brandon Butterworth wrote: Eventually ARIN (or someone else will do it for them) may create a site ... Did you mean something like this maybe ?: http://www.sixxs.net/tools/grh/ula/ Q.E.D. The RFC seeks to avoid a registry so we end up with the potential for many as a result. May as well have had ARIN do it officially in the first place so there'd only be one. So, back when ULA was first proposed, some of us said (sometimes privately) that there are only 2 rational options: 1. Do it; with a persistent, guaranteed unique, global registry. 2. Don't do it. Option 2 was a non-starter since there was too much critical mass. The logical candidate to operate option 1 was the IANA, and the RIRs were having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) For bonus points, explain how the numbers side of IANA pays for anything when the RIRs stop funding it? So given the overwhelming force pulling at this thing from both directions, you end up somewhere in the middle where no one wants to be. And BTW, the lottery is actually the perfect analogy for ULA, since no matter how astronomical the odds against, eventually someone always wins. Except in the case of ULA, hitting the jackpot is actually losing. Owen
Re: Addressing plan exercise for our IPv6 course
On Jul 25, 2010, at 8:10 AM, Owen DeLong wrote: The logical candidate to operate option 1 was the IANA, and the RIRs were having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) For bonus points, explain how the numbers side of IANA pays for anything when the RIRs stop funding it? None of the sides of IANA pay for anything. There is no binding between what parties pay and what the ICANN staff who perform the IANA function do. In fact, those staff do not have any knowledge of whether any organization has paid anything (other than what they might hear incidentally). The (zero dollar) IANA functions contract has 3 major functions, of which allocating blocks of addresses to the RIRs (and at the direction of the IETF) is one. Failure to perform that function would be interpreted as breach of contract, regardless of whether the RIRs pay anything to ICANN or not. Regards, -drc
Re: Addressing plan exercise for our IPv6 course
Doug Barton wrote: having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) whois. what did I win? IANA can handle very basic assignments, but hasn't the staff for large support or extra services (whois, POC management/validity, routing registry). I think IANA would be perfect for ULA identifier assignments. No whois/poc/routing registry needed. Send email, get an identifier in a week or 2. And BTW, the lottery is actually the perfect analogy for ULA, since no matter how astronomical the odds against, eventually someone always wins. This is my concern. A business would rather be assured uniqueness over gambling, no matter what the odds. Given no additional services are needed, the administration cost is the same as handing out snmp enterprise oids. The fact that the community isn't offering such due to politics is disheartening and just plain sad.
Re: Addressing plan exercise for our IPv6 course
David Conrad wrote: On Jul 24, 2010, at 7:52 PM, Brandon Butterworth wrote: Indeed, best not listen to vendors As it is best not to listen to doctors that tell you if you continue chain smoking or eating 5000 calories a day, you'll likely regret it. Bad analogy. A doctor tells you these things for your well being. In fact, the doctor's advice, while meeting the goals of his oath, conflict with his business needs (your regret of not following his advice will be lots more doctor bills). Vendors care about their bottom line. Some will happily lie for a sale. Most will highlight their strong points and gloss over their weaknesses. More care goes to those who pay the most. An engineer is closer to a doctor. The engineer cares about the health of their network and how well it performs, even if it means begging for more expensive gear from management. The engineer is less concerned with the bottom line and more concerned with doing things right (especially if it means less work, less headaches, and less problems for the same amount of pay). I rant OT too much. :) Jack
Re: Addressing plan exercise for our IPv6 course
On Jul 25, 2010, at 8:42 AM, Jack Bates wrote: Doug Barton wrote: having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) whois. http://whois.iana.org what did I win? IANA can handle very basic assignments, but hasn't the staff for large support or extra services (whois, POC management/validity, routing registry). With the exception of a routing registry (which I wasn't aware was an address allocation requirement), these services are provided by ICANN as part of the IANA functions contract. Out of curiosity, why do you think providing whois, POC management/validity, and even a routing registry requires a large staff? I think IANA would be perfect for ULA identifier assignments. No whois/poc/routing registry needed. Send email, get an identifier in a week or 2. As you note, ICANN already provides something like this as part of the protocol parameter function of the IANA functions contract for private enterprise numbers (OIDs). This is my concern. A business would rather be assured uniqueness over gambling, no matter what the odds. I remember arguments like that about why Token Ring was going to win over Ethernet :-) Given no additional services are needed, the administration cost is the same as handing out snmp enterprise oids. The fact that the community isn't offering such due to politics is disheartening and just plain sad. Indeed. I have stories... Regards, -drc (who no longer works for ICANN)
Re: Addressing plan exercise for our IPv6 course
On Jul 25, 2010, at 8:56 AM, Jack Bates wrote: David Conrad wrote: On Jul 24, 2010, at 7:52 PM, Brandon Butterworth wrote: Indeed, best not listen to vendors As it is best not to listen to doctors that tell you if you continue chain smoking or eating 5000 calories a day, you'll likely regret it. Bad analogy. A doctor tells you these things for your well being. In fact, the doctor's advice, while meeting the goals of his oath, conflict with his business needs (your regret of not following his advice will be lots more doctor bills). I'll stick by the analogy. There are engineers inside routing vendors who have been quite loud in saying that we can't keep adding more routes to the routing system and expect costs to remain linear. Those same engineers will also tell you that the companies they work for will be happy to build what the customer wants, even if it will cost the customer 3 arms and 4 legs. Vendors care about their bottom line. Some will happily lie for a sale. Most will highlight their strong points and gloss over their weaknesses. More care goes to those who pay the most. Which, according to numerous studies, also describes the health care system in the US, but that's not an appropriate topic for this list. An engineer is closer to a doctor. The engineer cares about the health of their network and how well it performs, even if it means begging for more expensive gear from management. The engineer is less concerned with the bottom line and more concerned with doing things right (especially if it means less work, less headaches, and less problems for the same amount of pay). All vendors that expect to remain in business for any length of time have engineering staff that behave as you describe. For just one example, look at the folks behind LISP (not the language). Or the active participants in the IRTF RRG working group. Regards, -drc
Re: Addressing plan exercise for our IPv6 course
whois. what did I win? IANA can handle very basic assignments, but hasn't the staff for large support or extra services (whois, POC management/validity, routing registry). routing registry not necessarily needed from address registry. and i am sure even the icann/iana could do the combined rir work for half the combined rir budgets, especially with the insane budgets of the more inflated rirs. randy
Re: Addressing plan exercise for our IPv6 course
On Sun, 25 Jul 2010, Jack Bates wrote: Doug Barton wrote: having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) whois. what did I win? IANA can handle very basic assignments, but hasn't the staff for large support or extra services (whois, POC management/validity, routing registry). I think IANA would be perfect for ULA identifier assignments. No whois/poc/routing registry needed. Send email, get an identifier in a week or 2. You misunderstood. The correct answer to ULA was Don't do it (or, more correctly, do IPv6 PI instead). And BTW, the lottery is actually the perfect analogy for ULA, since no matter how astronomical the odds against, eventually someone always wins. This is my concern. A business would rather be assured uniqueness over gambling, no matter what the odds. Given no additional services are needed, the administration cost is the same as handing out snmp enterprise oids. The fact that the community isn't offering such due to politics is disheartening and just plain sad. Now that sounds like something it would have been easy for IANA to do. See, you have tension on this topic even in your own line of reasoning. :) Doug -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
Re: Fwd: Re: North Korea conflict with US and South Korea could spark cyber war
From: andrew.wallace andrew.wall...@rocketmail.com Continue to call me a troll in public and I'll be seeking legal advice. andrew wallace, i think you are a troll who needs legal advice. probably could also use some other care. randy
Appliance Vs Software based routers
Dear all Greetings I'm wondering why the software based router is not preferable in business even if they have high featured Processers, and high capcity of memory. What is the main deferent between Appliance router and Software based routers? thank you all in adavance. -- Tarig Y. Adam _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re: Addressing plan exercise for our IPv6 course
On Sat, 24 Jul 2010, Owen DeLong wrote: On Jul 24, 2010, at 10:35 PM, Doug Barton wrote: On Sat, 24 Jul 2010, Brandon Butterworth wrote: Eventually ARIN (or someone else will do it for them) may create a site ... Did you mean something like this maybe ?: http://www.sixxs.net/tools/grh/ula/ Q.E.D. The RFC seeks to avoid a registry so we end up with the potential for many as a result. May as well have had ARIN do it officially in the first place so there'd only be one. So, back when ULA was first proposed, some of us said (sometimes privately) that there are only 2 rational options: 1. Do it; with a persistent, guaranteed unique, global registry. 2. Don't do it. Option 2 was a non-starter since there was too much critical mass. The logical candidate to operate option 1 was the IANA, and the RIRs were having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) For bonus points, explain how the numbers side of IANA pays for anything when the RIRs stop funding it? David already answered more eloquently than I could, so I'll simply add that what he said applied when I was there as well. The IANA is, and always has been a cost center. You don't want to live in an IANA fee-for-service world. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
Re: Appliance Vs Software based routers
Tarig Yassin wrote: What is the main deferent between Appliance router and Software based routers? I believe the main difference is the ability to handle features at line rate speeds. The more interfaces/speed + CoS/ACL, the harder it is for a software based router to keep up. Jack
Re: Addressing plan exercise for our IPv6 course
On Sun, 2010-07-25 at 01:42 -0500, Jack Bates wrote: This is my concern. A business would rather be assured uniqueness over gambling, no matter what the odds. Given no additional services are needed, the administration cost is the same as handing out snmp enterprise oids. The fact that the community isn't offering such due to politics is disheartening and just plain sad. No matter what the odds? A good business person weighs the odds carefully and takes calculated risks. The chance of a conflict if you choose a random ULA prefix is lower than just about any other risk an enterprise would even bother considering. There is much more chance of an employee going postal, of a massive lightning strike, of a disastrous fire or flood, of a two-week power outage, than there is of a ULA prefix conflict, and all those things will cause far more real damage than a ULA prefix conflict. The risk of a ULA prefix conflict is for *all practical purposes* zero. It is a far lower risk than almost anything else you probably have contingency plans for. Not only that, but *even if the event comes to pass*, it is merely an inconvenience. Not only that but it is an inconvenience that can be detected in plenty of time and planned for and mitigated with relative ease. There may be good arguments against ULA, but the risk of prefix conflict is not one of them. Please let's stop behaving as if a ULA conflict is some kind of accident waiting to happen. If an expert stood up in court and said the chances that this fingerprint is the defendant's are a million to one, and the prosecutor then said Aha! So you admit it's *possible*! we would rightly scorn the prosecutor for being an innumerate nincompoop. Yet here we are paying serious heed to the idea that a ULA prefix conflict is a real business risk. Sheesh, if we professionals can't get a grip on what these tiny, tiny probabilities really *mean* then how is anyone else going to? Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF signature.asc Description: This is a digitally signed message part
Re: Appliance Vs Software based routers
The official answer: commodity hardware doesn't handle all the features needed at line rate. The (more often than not) unofficial answer: using a custom platform raises the entry barrier for cloning/abuse/etc. It's a bit hard to run your appliance MIPS software on an off-the-shelf PC; but it (used) to be possible to run PIX software on a PC (and in a VM too, IIRC.) Fun times, Adrian On Sun, Jul 25, 2010, Tarig Yassin wrote: Dear all Greetings I'm wondering why the software based router is not preferable in business even if they have high featured Processers, and high capcity of memory. What is the main deferent between Appliance router and Software based routers? thank you all in adavance. -- Tarig Y. Adam _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $24/pm+GST entry-level VPSes w/ capped bandwidth charges available in WA -
Re: Addressing plan exercise for our IPv6 course
On (2010-07-25 17:32 +1000), Karl Auer wrote: The risk of a ULA prefix conflict is for *all practical purposes* zero. http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+ It wouldn't puke nice graph with 'n', it did try, but never finished. So if there are million assigned ULA's there is 36.5% chance of collision, if formula is right. If operator fscks-up their residential DSL product, lets say the assign all the /128 user could want, but from single shared /64 subnet, not routing dedicated /48 to each customer. Users who need to route, will want solution and some vendor will step in, providing router which will auto-assign ULA + NAT66, will that vendor sell million copies of said CPE? But I don't think it is interesting to discuss the random chance of collisions, as human factor will guarantee collisions, many people will assign fd::/48 to get short and memorable addresses in their network. (You've made your bed, now lie in it.) If your IT staff includes personnel who've done painful renumbering due to MA, there is good chance they'll allocate random, otherwise they'll likely opt for short and memorable network, as they did with RFC1918. Just because we get IPv6, doesn't mean people will get sudden burst of insight in design and engineering. -- ++ytti
Re: Addressing plan exercise for our IPv6 course
On Sun, 25 Jul 2010 09:01:33 +0200 David Conrad d...@virtualized.org wrote: On Jul 25, 2010, at 8:42 AM, Jack Bates wrote: Doug Barton wrote: having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) whois. http://whois.iana.org what did I win? IANA can handle very basic assignments, but hasn't the staff for large support or extra services (whois, POC management/validity, routing registry). With the exception of a routing registry (which I wasn't aware was an address allocation requirement), these services are provided by ICANN as part of the IANA functions contract. Out of curiosity, why do you think providing whois, POC management/validity, and even a routing registry requires a large staff? I think IANA would be perfect for ULA identifier assignments. No whois/poc/routing registry needed. Send email, get an identifier in a week or 2. As you note, ICANN already provides something like this as part of the protocol parameter function of the IANA functions contract for private enterprise numbers (OIDs). This is my concern. A business would rather be assured uniqueness over gambling, no matter what the odds. I remember arguments like that about why Token Ring was going to win over Ethernet :-) +1 +1 +1 (Was quite happy when I was able to have an 10Mpbs ethernet pulled from the floor below when my gov dept. was merged with another gov dept. and I was moved to their IT section - and they were using 4Mbps token ring) Of course being in business is a gamble in itself. They gamble on future profits occurring when they spend on product or service development, government regulation staying stable, cost bases that aren't going to dramatically change, and possibly currency values staying fairly stable (GFC type events being the ones that out bad gamblers). I doubt businesses will be all that uncomfortable with IPv6 ULA collision odds that are worse than winning the lottery. Given no additional services are needed, the administration cost is the same as handing out snmp enterprise oids. The fact that the community isn't offering such due to politics is disheartening and just plain sad. Indeed. I have stories... Regards, -drc (who no longer works for ICANN)
Re: Addressing plan exercise for our IPv6 course
On Sun, 25 Jul 2010 11:40:19 +0300 Saku Ytti s...@ytti.fi wrote: On (2010-07-25 17:32 +1000), Karl Auer wrote: The risk of a ULA prefix conflict is for *all practical purposes* zero. http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+ It wouldn't puke nice graph with 'n', it did try, but never finished. So if there are million assigned ULA's there is 36.5% chance of collision, if formula is right. That's duplication, not collision. Collision only occurs when two ULA domains want to interconnect, and have duplicate routes they would like to exchange. Here is what the RFC says about odds - 3.2.3. Analysis of the Uniqueness of Global IDs The selection of a pseudo random Global ID is similar to the selection of an SSRC identifier in RTP/RTCP defined in Section 8.1 of [RTP]. This analysis is adapted from that document. Since Global IDs are chosen randomly (and independently), it is possible that separate networks have chosen the same Global ID. For any given network, with one or more random Global IDs, that has inter-connections to other such networks, having a total of N such IDs, the probability that two or more of these IDs will collide can be approximated using the formula: P = 1 - exp(-N**2 / 2**(L+1)) where P is the probability of collision, N is the number of interconnected Global IDs, and L is the length of the Global ID. The following table shows the probability of a collision for a range of connections using a 40-bit Global ID field. Connections Probability of Collision 21.81*10^-12 104.54*10^-11 1004.54*10^-09 10004.54*10^-07 14.54*10^-05 Based on this analysis, the uniqueness of locally generated Global IDs is adequate for sites planning a small to moderate amount of inter-site communication using locally generated Global IDs. If operator fscks-up their residential DSL product, lets say the assign all the /128 user could want, but from single shared /64 subnet, not routing dedicated /48 to each customer. Users who need to route, will want solution and some vendor will step in, providing router which will auto-assign ULA + NAT66, will that vendor sell million copies of said CPE? But I don't think it is interesting to discuss the random chance of collisions, as human factor will guarantee collisions, many people will assign fd::/48 to get short and memorable addresses in their network. (You've made your bed, now lie in it.) That bed was called site locals, and the prefix was fec0::/10. If two separate organisations choose to make ULAs effectively site locals, and then join their ULA domains, then they deserve the pain they'll get because they haven't followed the RFC4193 formula. At the end of the day you can't stop people doing stupid things unless you take away the variables that they can set. If people are arguing that ULA specs won't be followed correctly, then any other IPv6 spec variable may also not be set correctly by the same person. Ultimately that means that incompetent networking people are running the network. I don't think you can use that as a valid reason to dismiss ULAs, and then not use it to dismiss the whole of IPv6 *and* IPv4. If your IT staff includes personnel who've done painful renumbering due to MA, there is good chance they'll allocate random, otherwise they'll likely opt for short and memorable network, as they did with RFC1918. Just because we get IPv6, doesn't mean people will get sudden burst of insight in design and engineering. -- ++ytti
Re: Addressing plan exercise for our IPv6 course
On Sat, 24 Jul 2010 22:35:07 PDT, Doug Barton said: having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) The same way that companies are making money selling people credit reports they are legally able to get for free. Sorry, but you asked. ;) pgpspckYNrpse.pgp Description: PGP signature
Re: Addressing plan exercise for our IPv6 course
On Sun, 25 Jul 2010 11:40:19 +0300, Saku Ytti said: On (2010-07-25 17:32 +1000), Karl Auer wrote: The risk of a ULA prefix conflict is for *all practical purposes* zero. http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+ It wouldn't puke nice graph with 'n', it did try, but never finished. So if there are million assigned ULA's there is 36.5% chance of collision, if formula is right. Bzzt! Wrong, but thank you for playing. If there exists some screwed-up network design that *interconnects* 1M networks that are all *advertising* ULAs there's a 36% chance of collision. It's a subtle but important difference. You only care about a collision if (a) you and some site in Zimbabwe both chose the same ULA prefix *AND* (b) you wish to set up a private interconnect with them and talk with them *using the ULA prefix*. Very important 'and' there. On the other hand, today if you interconnect *3* private networks that use NAT you have like a 90% chance of collision. And yet, people manage to do this all the time. So ULAs give a way to make it literally a million times easier - and THOSE SAME PEOPLE WHO DO THIS WITH NAT ADDRESSES ALL THE TIME ARE WHINING ULA IS UNWORKABLE. Geez guys, give me a break. pgpRUwjVI6v4y.pgp Description: PGP signature
Re: Appliance Vs Software based routers
On Sun, 25 Jul 2010 10:20:43 +0300, Tarig Yassin said: I'm wondering why the software based router is not preferable in business Sorry, but you've gone wrong already. You can't ask why something is true until you first establish that the something is in fact true. There are *plenty* of businesses where a software based router is quite preferable due to its lower cost and increased flexibility. Proof: How many software-based routers (whatever that really means) has Cisco sold that are making their shops very happy? pgpH8g2hcDCCS.pgp Description: PGP signature
Re: Addressing plan exercise for our IPv6 course
On (2010-07-25 10:28 -0400), valdis.kletni...@vt.edu and Mark Smith wrote similarly: http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+ So if there are million assigned ULA's there is 36.5% chance of collision, if formula is right. Bzzt! Wrong, but thank you for playing. Point I was trying to convey is that you should not assume ULA to be globally unique. Visibility of IP can extend past routing, for example someone could use x-forwarded-for and assume rfc4193 to be as unique as any other IPv6 address. I personally have no beef with ULA and I don't mind that it can't be trusted to be globally unique identifier. It'll still allow well planned enterprise networks to avoid renumbering in MA. -- ++ytti
Re: Addressing plan exercise for our IPv6 course
On Jul 24, 2010, at 11:40 PM, David Conrad wrote: On Jul 25, 2010, at 8:10 AM, Owen DeLong wrote: The logical candidate to operate option 1 was the IANA, and the RIRs were having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) For bonus points, explain how the numbers side of IANA pays for anything when the RIRs stop funding it? None of the sides of IANA pay for anything. There is no binding between what parties pay and what the ICANN staff who perform the IANA function do. In fact, those staff do not have any knowledge of whether any organization has paid anything (other than what they might hear incidentally). The (zero dollar) IANA functions contract has 3 major functions, of which allocating blocks of addresses to the RIRs (and at the direction of the IETF) is one. Failure to perform that function would be interpreted as breach of contract, regardless of whether the RIRs pay anything to ICANN or not. Regards, -drc The point was more that if the RIRs go away, IANA loses significant funding. Owen
Re: Appliance Vs Software based routers
On Jul 25, 2010, at 12:31 AM, Jack Bates wrote: Tarig Yassin wrote: What is the main deferent between Appliance router and Software based routers? I believe the main difference is the ability to handle features at line rate speeds. The more interfaces/speed + CoS/ACL, the harder it is for a software based router to keep up. Jack Most Appliances are small(er) software-based routers. Owen
Re: Addressing plan exercise for our IPv6 course
For bonus points, explain how the numbers side of IANA pays for anything when the RIRs stop funding it? David already answered more eloquently than I could, so I'll simply add that what he said applied when I was there as well. The IANA is, and always has been a cost center. You don't want to live in an IANA fee-for-service world. My point was that as a cost center, IANA depends on funding from other sources. The RIRs are a major source of that funding. Owen
RE: Appliance Vs Software based routers
I'm wondering why the software based router is not preferable in business even if they have high featured Processers, and high capcity of memory. It may be helpful before proceeding if you provide some examples of each, so we can understand your definition of a 'appliance' vs 'software router'. Best Regards, Nathan Eisenberg
RE: Addressing plan exercise for our IPv6 course
If an expert stood up in court and said the chances that this fingerprint is the defendant's are a million to one, and the prosecutor then said Aha! So you admit it's *possible*! we would rightly scorn the prosecutor for being an innumerate nincompoop. Yet here we are paying serious heed to the idea that a ULA prefix conflict is a real business risk. Yes, but if this prosecutor does this a million times, he's bound to be right at least once. Yes, a good businessperson takes risks. They also do everything possible to mitigate those risks, such as background checks on employees, lightning rods and grounding systems and insurance on the electronics in the building, buy generators and fuel contracts or source an emergency workplace. Yes, a crazy employee may get through a background check, but if the question is the presence of an attempt and prevention, then what is the risk mitigation for ULA? Best Regards, Nathan Eisenberg
Re: Appliance Vs Software based routers
On 7/25/2010 9:07 AM, Nathan Eisenberg wrote: I'm wondering why the software based router is not preferable in business even if they have high featured Processers, and high capcity of memory. It may be helpful before proceeding if you provide some examples of each, so we can understand your definition of a 'appliance' vs 'software router'. Best Regards, Nathan Eisenberg They are all software based routers... It really shouldn't matter whether an Appliance Application (i.e. some routing program is running on a minimal runtime environment ) or a routing program is running as part of an OS or as an Application on an OS. It is all Software until it becomes silicon. The only issue is how far off the metal you are and its not hardware based routing really until there is no OS, no development environment, no software involved right? Todd
RE: Appliance Vs Software based routers
They are all software based routers... It really shouldn't matter whether an Appliance Application (i.e. some routing program is running on a minimal runtime environment ) or a routing program is running as part of an OS or as an Application on an OS. It is all Software until it becomes silicon. The only issue is how far off the metal you are and its not hardware based routing really until there is no OS, no development environment, no software involved right? As has been pointed out, hardware/appliance/software can be a highly semantic issue, at least for some people. OP seemed like a specific question couched in vague terms - I'd rather have a discussion about what OP was trying to accomplish than rehash Vyatta as a BRAS. What's specifically important is the distinction between an 'appliance' platform (like a MIPS or Cisco routing switch), and what I presume OP infers a 'software' platform to be (an x86 box running iptables or Quagga). In that case, I would tell OP that the PCI/PCI-e bus architecture isn't built to handle the rampant interrupts (or polling) that a real routing/switching workload generates. The bus controller is built/sized to pump data to and from a video card/IO controller/etc, not to ship Ethernet packets up to the CPU and back out again in 8 different directions. On the other hand, moving packets between 8 interfaces is exactly what a routing switch like a Cisco 3750 is built to do. So, I wanted to retrieve the values of 'software router' and 'appliance' from OP to see if that's where he was going. Best Regards, Nathan Eisenberg
Re: Appliance Vs Software based routers
On Sat, Jul 24, 2010 at 9:20 PM, Tarig Yassin tariq198...@hotmail.com wrote: I'm wondering why the software based router is not preferable in business even if they have high featured Processers, and high capcity of memory. What is the main deferent between Appliance router and Software based routers? http://www.pagiamtzis.com/cam/camintro.html Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Who controlls the Internet?
Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
RE: Who controlls the Internet?
And why not the ICCAN take this reponsibity as an International organization not USA government? From: tariq198...@hotmail.com To: nanog@nanog.org Subject: Who controlls the Internet? Date: Sun, 25 Jul 2010 20:24:27 +0300 Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? Thanks Tarig Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
Re: Who controlls the Internet?
In all honesty control over the Internet doesn't sound like the issue here. The US Government regulates entities functioning with in it's boarders. This would be no different if I being in the US were restricted access to a site in any other country due to their regulations.
Re: Who controlls the Internet?
On Sun, 25 Jul 2010, Tarig Yassin wrote: I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? No one person or entity controls the Internet, which itself is just a large collection of interconnected public and private networks that use the same protocols to communicate with each other. Many government entities exert some degree of control over the connectivity to, from, and within their contries. This ranges from overt restriction of access to certain sites, to overt/covert monitoring of user activity. Numerous examples have been discussed here over the years (China, Pakistan, Iran, Burma/Myanmar, Australia, India... the list goes on and on). Discussions related to the political reasons for such control are likely off topic for this list. In the case of certain websites in the USA being forbidden from IP addresses listed as being registered to a Sudanese entity, that is the result either of a choice not to accept connections from Sudanese IP blocks (to the extent that they can be identified) or the site has content and is within the sphere of influence of the US government, which maintains a list of contries with whom they either do not have direct diplomatic relations (Iran, North Korea) or they keep at arms' length for other reasons (Syria, Sudan, Somalia, etc). jms
RE: Who controlls the Internet?
On Sun, 25 Jul 2010, Tarig Yassin wrote: And why not the ICCAN take this reponsibity as an International organization not USA government? ICANN has no authority to tell sovereign nations how to run their IP connectivity. jms From: tariq198...@hotmail.com To: nanog@nanog.org Subject: Who controlls the Internet? Date: Sun, 25 Jul 2010 20:24:27 +0300 Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? Thanks Tarig Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
Re: Who controlls the Internet?
On Sun, Jul 25, 2010 at 08:24:27PM +0300, Tarig Yassin tariq198...@hotmail.com wrote a message of 27 lines which said: For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? It is not the Internet, it is just some Web sites in the USA which, for local reasons, ban access from Sudan. The Internet still works. And, on the Internet, any Web site can unilaterally decide to refuse access from country X or country Y, either because a *local* law mandates it or because they just feel that way. Go to Web sites in Japan or Costa-Rica and I assume everything will be OK. And why not the ICCAN take this reponsibity as an International organization not USA government? Since the ICANN is nothing more than a puppet of the US government, I don't see the improvment it would make.
Re: Who controlls the Internet?
On Jul 25, 2010, at 13:24, Tarig Yassin tariq198...@hotmail.com wrote: I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? No one. To be more clear, no on person, company, government, or any other entity controls the Internet. Not even ICANN. Also, I am interested in examples of sites that the US gov't has blocked or otherwise somehow limited access. Please exclude sites owned by the US gov't itself. (Any entity which owns a web server can configure the ACLs on that sever however they plz as far as I'm concerned.) -- TTFN, patrick
RE: Who controlls the Internet?
probabaly every web server in USA e.g. Google, Verisign and sourceforge. What if a large orginization which has an infrstructure in many countires, in which regulations the will comply, in terms to ban other countries accessing to thier Internet resources. my regards, -- Tarig Y. Adam From: patr...@ianai.net Subject: Re: Who controlls the Internet? Date: Sun, 25 Jul 2010 13:55:56 -0400 To: nanog@nanog.org On Jul 25, 2010, at 13:24, Tarig Yassin tariq198...@hotmail.com wrote: I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? No one. To be more clear, no on person, company, government, or any other entity controls the Internet. Not even ICANN. Also, I am interested in examples of sites that the US gov't has blocked or otherwise somehow limited access. Please exclude sites owned by the US gov't itself. (Any entity which owns a web server can configure the ACLs on that sever however they plz as far as I'm concerned.) -- TTFN, patrick _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Re: Who controlls the Internet?
I would like to issue a question here, who controls this Internet? The global abstract Internet ? nobody. Your government/service provider and/or the government/service provider of the destination you are trying to reach may restrict/block/redirect/tweak/tamper/sniff/shape the free flow of packets. Have you ever considered trying to use Tor ? (http://www.torproject.org/ well if you can get to it :-) PS. ICANN has no responsibility or operational role denying access or services. Regards
Re: Addressing plan exercise for our IPv6 course
On Jul 25, 2010, at 6:02 PM, Owen DeLong wrote: My point was that as a cost center, IANA depends on funding from other sources. The RIRs are a major source of that funding. I guess it depends on your definition of major. From section 5.1 of ICANN's draft FY11 budget (http://www.icann.org/en/financials/proposed-opplan-budget-v1-fy11-17may10-en.pdf if you care): Registry $32,647,000 Registrar$29,159,000 RIR $823,000 ccTLD $1,600,000 IDN ccTLD $780,000 Meeting Sponsorships$500,000 Total$65,509,000 So the RIRs contribute 1.25% of ICANN's budget. Regards, -drc
Re: Who controlls the Internet?
On 7/25/10 11:05 AM, Tarig Yassin wrote: probabaly every web server in USA e.g. Google, Verisign and sourceforge. Hah, no. ~Seth
Re: Who controlls the Internet?
On Jul 25, 2010, at 7:24 PM, Tarig Yassin wrote: Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I don't know of USG blacklists. There are certainly blacklists looked at by operators; they do this for their own reasons, not due to government pressure. Understand that the kind of thing that would motivate the USG to blacklist a country from looking at a given web site would be if the web site displayed information that would enable that country to threaten the US. There is information that is covered by a set of regulations called ITAR; it doesn't say what country can't receive information, it says what information a US citizen cannot legally communicate to anyone that is not a US citizen. I suspect that what is really happening here is that the Sudan has a redirect in place that blocks information it considers its citizens should not be able to access. The web page you see is designed to get you to wonder about those evil devils, the Americans, rather than those who are actually blocking the traffic. I would like to issue a question here, who controls this Internet? Nobody, and everybody. ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969 http://www.ipinc.net/IPv4.GIF
Re: Who controlls the Internet?
On Jul 25, 2010, at 8:05 PM, Tarig Yassin wrote: probabaly every web server in USA e.g. Google, Verisign and sourceforge. ALL companies that operate in the US are bound by law to abide by restrictions that are defined at http://www.ustreas.gov/offices/enforcement/ofac/ and elsewhere. Failure to abide by those laws can result in criminal sanctions (that is, being thrown in jail for years). However, the US is not the only country that restricts who does business with whom. I suspect you'll find pretty much every country in the world has a similar list in one form or another. In many cases, and depending on context, companies can obtain licenses that permit the provision of content and services to countries and people that are under sanction, but those companies have to do the work and I suspect most find it isn't worth the effort. In addition, Intellectual Property owners may decide that they want to deny access to content for arbitrary reasons. Examples of this outside of the Internet are region encoded DVDs. These restrictions are determined by business models. The issue isn't that the US has these restrictions, rather it is that there is a lot of useful content that is generated in and/or distributed from the US. One could argue that this encourages creation of and distribution channels for useful content outside the US... What if a large orginization which has an infrstructure in many countires, in which regulations the will comply, in terms to ban other countries accessing to thier Internet resources. As has been pointed out, the Internet is a set of interconnected public and private networks. Each of those networks has their own rules about who they'll grant access and what resources they'll make available. Regards, -drc
Re: Who controlls the Internet?
On Sun, Jul 25, 2010 at 6:24 PM, Tarig Yassin tariq198...@hotmail.com wrote: I would like to issue a question here, who controls this Internet? The truth to your question is, anybody who wants to. Hackers, activists, governments, terrorists all have the ability to control it. But probably not all at the same time. With the increase in irresponsible security disclosures by folks such as Tavis Ormandy, power and control is very much being handed to the people. I have been campaigning for a while to get tighter laws introduced on irresponsible security disclosures, to give the government more control over the internet. Andrew Wallace
Re: Who controlls the Internet?
On Sun, Jul 25, 2010 at 08:24:27PM +0300, Tarig Yassin wrote: Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. thats a nice, vague, and non-supportable message that is phrased to generate anger. which web sites, what web proxies, and which orgin IP addresses are in question here? I would like to issue a question here, who controls this Internet? the brief answer is - lots of people. ISPs, Telecoms companies, Government censors and regulators, your content providers, access providers (the Internet cafe), and your parents. ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
Re: Who controlls the Internet?
On Sun, Jul 25, 2010 at 01:21:46PM -0500, Jorge Amodio wrote: PS. ICANN has no responsibility or operational role denying access or services. Regards except ICANN has presumed for itself an operational role. it has taken on root server operations for some years now and is trying to take over root zone editorial control. --bil
Re: Who controlls the Internet?
On 25 July 2010 21:05, Tarig Yassin tariq198...@hotmail.com wrote: probabaly every web server in USA e.g. Google, Verisign and sourceforge. In this case you will most likely discover that these are blocked by the service provider at your end and not by Google et al. What if a large orginization which has an infrstructure in many countires, in which regulations the will comply, in terms to ban other countries accessing to thier Internet resources. The local laws/regulations take precedence in each country and they must abide to what's been set. This however isnt a concern to many since not many countries impose such strict restrictions. ./TJ
RE: Who controlls the Internet?
The local laws/regulations take precedence in each country and they must abide to what's been set. This however isnt a concern to many since not many countries impose such strict restrictions. I thought most countries had trade and export restrictions of one sort or another? Best Regards, Nathan Eisenberg
RE: Addressing plan exercise for our IPv6 course
On Sun, 2010-07-25 at 16:19 +, Nathan Eisenberg wrote: If an expert stood up in court and said the chances that this fingerprint is the defendant's are a million to one, and the prosecutor then said Aha! So you admit it's *possible*! we would rightly scorn the prosecutor for being an innumerate nincompoop. Yet here we are paying serious heed to the idea that a ULA prefix conflict is a real business risk. Yes, but if this prosecutor does this a million times, he's bound to be right at least once. Hm. Would you hire a prosecutor who was, on average, right once in a million times? Yes, a good businessperson takes risks. They also do everything possible to mitigate those risks, such as background checks on employees, lightning rods and grounding systems and insurance on the electronics in the building, buy generators and fuel contracts or source an emergency workplace. Yes, a crazy employee may get through a background check, but if the question is the presence of an attempt and prevention, then what is the risk mitigation for ULA? Choose a random ULA prefix. Done. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156 Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF signature.asc Description: This is a digitally signed message part
Re: Who controlls the Internet?
Hi Tarig This is a bit like asking who controls friendship. Of course nobody does. However if certain friends of yours are going to impose conditions on you, you have to go along with it or find new friends. One way round it is to use other friends as interlocutors, simply by using proxy services, or, in more intense situations, something like Kaleidoscope http://www.isoc-ny.org/?p=1485 j On Sun, Jul 25, 2010 at 1:24 PM, Tarig Yassin tariq198...@hotmail.comwrote: Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969 -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com Secretary - ISOC-NY - http://isoc-ny.org ---
Re: Who controlls the Internet?
On Sun, Jul 25, 2010 at 12:58:01PM -0700, andrew.wallace wrote: On Sun, Jul 25, 2010 at 6:24 PM, Tarig Yassin tariq198...@hotmail.com wrote: I would like to issue a question here, who controls this Internet? The truth to your question is, anybody who wants to. Hackers, activists, governments, terrorists all have the ability to control it. But probably not all at the same time. With the increase in irresponsible security disclosures by folks such as Tavis Ormandy, power and control is very much being handed to the people. I have been campaigning for a while to get tighter laws introduced on irresponsible security disclosures, to give the government more control over the internet. Which government? There are rather a lot of them, and they all have a legitimate interest in control over the internet (or at least their chunk of it. Good luck deciding where their chunk ends though). Andrew Wallace
RE: Who controlls the Internet?
Tarig, Just going out on a limb here, but who says the sites in the US are blocking instead of the country itself? Maybe the Sudan government is blocking access to the sites for whatever reason. Allen -Original Message- From: Joly MacFie [mailto:j...@punkcast.com] Sent: Sunday, July 25, 2010 7:12 PM To: Tarig Yassin Cc: nanog Subject: Re: Who controlls the Internet? Hi Tarig This is a bit like asking who controls friendship. Of course nobody does. However if certain friends of yours are going to impose conditions on you, you have to go along with it or find new friends. One way round it is to use other friends as interlocutors, simply by using proxy services, or, in more intense situations, something like Kaleidoscope http://www.isoc-ny.org/?p=1485 j On Sun, Jul 25, 2010 at 1:24 PM, Tarig Yassin tariq198...@hotmail.comwrote: Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969 -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com Secretary - ISOC-NY - http://isoc-ny.org ---
Re: Who controlls the Internet?
PS. ICANN has no responsibility or operational role denying access or services. Regards except ICANN has presumed for itself an operational role. it has taken on root server operations for some years now and is trying to take over root zone editorial control. Sure, no doubt there are some groups under the ICANN umbrella desperate to expand their operational role including the last move about creating a DNS-CERT or GAC-ifing every decision. Besides L server I don't think ICANN has much control of the rest of the root servers. Amen about the root zone. I'd love to see how viable and what it would take to go Postel, screw ICANN and declare independence from it. I'd say that today nobody has full control but among some organizations (including now the other competing traveling circus aka IGF) many want to have it. Cheers Jorge
Re: Addressing plan exercise for our IPv6 course
On Jul 25, 2010, at 11:54 AM, David Conrad wrote: On Jul 25, 2010, at 6:02 PM, Owen DeLong wrote: My point was that as a cost center, IANA depends on funding from other sources. The RIRs are a major source of that funding. I guess it depends on your definition of major. From section 5.1 of ICANN's draft FY11 budget (http://www.icann.org/en/financials/proposed-opplan-budget-v1-fy11-17may10-en.pdf if you care): Registry $32,647,000 Registrar$29,159,000 RIR $823,000 ccTLD $1,600,000 IDN ccTLD $780,000 Meeting Sponsorships$500,000 Total$65,509,000 So the RIRs contribute 1.25% of ICANN's budget. Regards, -drc Correct, now, what portion of ICANN's budget is related to the NRO sector? My bet is that it's less than 1.25%. I suppose you can make domain owners pay for address administration if you want to make address administration free, but, that seems a bit backwards to me. Owen
Re: Who controlls the Internet?
From: Tarig Yassin tariq198...@hotmail.com To: nanog nanog@nanog.org Subject: Who controlls the Internet? Date: Sun, 25 Jul 2010 20:24:27 +0300 Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government p= y. I would like to issue a question here, who controls this Internet? Fluffy owns USENET, as everybody knows, and her big mean brother owns the Internet. I could tell you his name, but then I'd have to kill you. Whether you like it or not, the government of a country where a server is located, and/or where the service operator is located, *CAN* dictate terms to that server or service operator. There are _no_ 'uniform' international rules, or guarantees of aceess. Be thankful you're not in China, where attempts to access 'forbidden' sites can bring the secret police knocking. Or some of the Middle East Countries, where *everything* going out-of- country goes through government-owned/-operated censorship boxes. The answer to your question -- as asked -- is everybody, and NOBODY. Any government entity can enact laws concerning what people _within_ _their_jurisdiction_ can do over the Internet, just as they can regulate any other aspcet of 'life'. OTOH, there's no international authority you have to go to, to get a 'license' to get on the Internet and use it. except to whatever extent it is controlled by local government, you can set up services, buy connectivity from whomever you want, and -do- whatever you want, regardless of whether or not such activities make you a 'good net neighbor' or a 'bad' one. As for your particular 'problem', some countries have intternational reputations for being 'bad neighbors'. Things like financing known terrorist organizations, providing various facilities and training capabilities, etc. Countries that do things like this -- or more properly _allow_ things like this to go on within their jurisdiction, run the risk of being cast as 'beyond the pale' by those countries that frown on such things. In which case, any resources that _might_ help those 'bad guys' with ther malevolent efforts are denied to _anyone_ from that country. If you don't like being in that classification, take it up with *your* government. Good Luck.
RE: Who controlls the Internet?
I'm moving all operations to Sealand Bob- -Original Message- From: Robert Bonomi [mailto:bon...@mail.r-bonomi.com] Sent: Sunday, July 25, 2010 11:16 PM To: nanog@nanog.org Subject: Re: Who controlls the Internet? From: Tarig Yassin tariq198...@hotmail.com To: nanog nanog@nanog.org Subject: Who controlls the Internet? Date: Sun, 25 Jul 2010 20:24:27 +0300 Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government p= y. I would like to issue a question here, who controls this Internet? Fluffy owns USENET, as everybody knows, and her big mean brother owns the Internet. I could tell you his name, but then I'd have to kill you. Whether you like it or not, the government of a country where a server is located, and/or where the service operator is located, *CAN* dictate terms to that server or service operator. There are _no_ 'uniform' international rules, or guarantees of aceess. Be thankful you're not in China, where attempts to access 'forbidden' sites can bring the secret police knocking. Or some of the Middle East Countries, where *everything* going out-of- country goes through government-owned/-operated censorship boxes. The answer to your question -- as asked -- is everybody, and NOBODY. Any government entity can enact laws concerning what people _within_ _their_jurisdiction_ can do over the Internet, just as they can regulate any other aspcet of 'life'. OTOH, there's no international authority you have to go to, to get a 'license' to get on the Internet and use it. except to whatever extent it is controlled by local government, you can set up services, buy connectivity from whomever you want, and -do- whatever you want, regardless of whether or not such activities make you a 'good net neighbor' or a 'bad' one. As for your particular 'problem', some countries have intternational reputations for being 'bad neighbors'. Things like financing known terrorist organizations, providing various facilities and training capabilities, etc. Countries that do things like this -- or more properly _allow_ things like this to go on within their jurisdiction, run the risk of being cast as 'beyond the pale' by those countries that frown on such things. In which case, any resources that _might_ help those 'bad guys' with ther malevolent efforts are denied to _anyone_ from that country. If you don't like being in that classification, take it up with *your* government. Good Luck.
FW: Who controlls the Internet?
-Original Message- From: Robert West [mailto:robert.w...@just-micro.com] Sent: Sunday, July 25, 2010 10:56 PM To: 'Tarig Yassin' Subject: RE: Who controlls the Internet? Each individual government seems to control the information the enters or leaves their borders.Do a search for Internet Censorship Wikileaks. Every government has their own set of morals and standards and politically motivated black list. Certainly the USA wants to swagger and force its will on not only its own people but the entire planet, but they are not alone. Australia, China, North Korea, Germany Etc All with their own agenda. It would be great if there was ONE entity that controlled content and each country had to abide by their decisions in order to have access to the backbone but that's only just a dream at this point. The flat earth that should be the flow of information needs to be demanded by everyone. That's my 13 cents worth. (Inflation sucks) But who am I but just a thinking and caring animal of this planet? Bob- -Original Message- From: Tarig Yassin [mailto:tariq198...@hotmail.com] Sent: Sunday, July 25, 2010 1:24 PM To: nanog Subject: Who controlls the Internet? Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
FW: Who controlls the Internet?
-Original Message- From: Robert West [mailto:robert.w...@just-micro.com] Sent: Sunday, July 25, 2010 11:02 PM To: 'Tarig Yassin' Subject: RE: Who controlls the Internet? To add... This is a great reason to provide proxy servers or to use Tor. If enough resources are thrown against it to make it irrelevant.. Well... Okay, so they will fight back with even more. Time to shoot one's self in the head. :) In the immortal words of Bob Marley, Get Up, Stand Up! Don't Give Up The Fight! Bob- -Original Message- From: Tarig Yassin [mailto:tariq198...@hotmail.com] Sent: Sunday, July 25, 2010 1:24 PM To: nanog Subject: Who controlls the Internet? Deal all I want to show you some obstacles that some countries face them every day. For example when users from Sudan trying to access some web site they will get a *Forbidden Access Error* message. And some messages say: you are forbidden to access this web site because your IP address appears form country black listed due to USA government policy. I would like to issue a question here, who controls this Internet? ThanksTarig _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
FW: Who controlls the Internet?
-Original Message- From: Robert West [mailto:robert.w...@just-micro.com] Sent: Sunday, July 25, 2010 11:15 PM To: 'andrew.wallace' Subject: RE: Who controlls the Internet? I thought it was Kim Jong-il. At least that was what was on the memo. Bob- -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Sunday, July 25, 2010 3:58 PM To: tariq198...@hotmail.com Cc: nanog@nanog.org Subject: Re: Who controlls the Internet? On Sun, Jul 25, 2010 at 6:24 PM, Tarig Yassin tariq198...@hotmail.com wrote: I would like to issue a question here, who controls this Internet? The truth to your question is, anybody who wants to. Hackers, activists, governments, terrorists all have the ability to control it. But probably not all at the same time. With the increase in irresponsible security disclosures by folks such as Tavis Ormandy, power and control is very much being handed to the people. I have been campaigning for a while to get tighter laws introduced on irresponsible security disclosures, to give the government more control over the internet. Andrew Wallace
ho controlls the Internet?
I thought it was Kim Jong-il. At least that was what was on the memo. Bob- -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Sunday, July 25, 2010 3:58 PM To: tariq198...@hotmail.com Cc: nanog@nanog.org Subject: Re: Who controlls the Internet? On Sun, Jul 25, 2010 at 6:24 PM, Tarig Yassin tariq198...@hotmail.com wrote: I would like to issue a question here, who controls this Internet? The truth to your question is, anybody who wants to. Hackers, activists, governments, terrorists all have the ability to control it. But probably not all at the same time. With the increase in irresponsible security disclosures by folks such as Tavis Ormandy, power and control is very much being handed to the people. I have been campaigning for a while to get tighter laws introduced on irresponsible security disclosures, to give the government more control over the internet. Andrew Wallace
Re: Addressing plan exercise for our IPv6 course
Owen DeLong o...@delong.com writes: for NAT. Enterprises of non-trivial size will likely use RFC4193 (and I fear we will notice PRNG returning 0 very often) and then NAT it to provider provided public IP addresses. Why on earth would you do that? Why not just put the provider-assigned addresses on the interfaces along side the ULA addresses? Using ULA in that manner is horribly kludgy and utterly unnecessary. To state the obvious: People are stupid. This is to facilitate easy and cheap way to change provider. Getting PI address is even harder now, as at least RIPE will verify that you are multihomed, while many enterprises don't intent to be, they just need low cost ability to change operator. Why is that easier/cheaper than changing your RAs to the new provider and letting the old provider addresses time out? Well it's not cheaper but using NAT (and multiple NAT) leads to job security as nobody else will understand the network. BTST. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: Addressing plan exercise for our IPv6 course
Saku Ytti s...@ytti.fi writes: RFC4193 + NAT quite simply is what they know and are comfortable with. NAT is *not simple*. NAT adds one more layer of complexity. When using multiple NAT things get worse. In most cases people don't want or need NAT they are just used to it and old habits die hard. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: FW: Who controlls the Internet?
I thought that Randy Bush won it from Paul Vixie in a poker game. Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474
Re: Addressing plan exercise for our IPv6 course
Owen DeLong o...@delong.com writes: You know that, I know that and (hopefully) all people on this list know that. But NAT == security was and still is sold by many people. So is snake oil. Ack, but people are still buying snake oil too. After one of my talks about IPv6 the firewall admins of a company said something like: So we can't use NAT as an excuse anymore and have to configure firewall rules? We don't want this. So how did you answer him? To be honest: I don't remember. I got drunk that evening. ;-) The correct answer is No, you don't have to configure rules, you just need one rule supplied by default which denies anything that doesn't have a corresponding outbound entry in the state table and it works just like NAT without the address mangling. They used NAT as an excuse not to let some applications to the outside. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: Addressing plan exercise for our IPv6 course
On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote: Owen DeLong o...@delong.com writes: The correct answer is No, you don't have to configure rules, you just need one rule supplied by default which denies anything that doesn't have a corresponding outbound entry in the state table and it works just like NAT without the address mangling. They used NAT as an excuse not to let some applications to the outside. That's OK, if it's NAT unfriendly, chances are it requires deep packet inspection to make the state tables do the right thing anyway. - Matt -- Skippy was a wallaby. ... Wallabies are dumb and not very trainable... The *good* thing...is that one Skippy looks very much like all the rest, hence...one-shot Skippy and plug-compatible Skippy. I don't think they ever had to go as far as belt-fed Skippy -- Robert Sneddon, ASR
Re: Addressing plan exercise for our IPv6 course
Owen, Correct, now, what portion of ICANN's budget is related to the NRO sector? Read the ICANN budget. ICANN does not budget things that way. You asked explain how the numbers side of IANA pays for anything when the RIRs stop funding it? Doug and I, who have a bit of knowledge on the subject, have told you IANA does not pay for anything. ICANN is a signatory to a contract with the US Department of Commerce that requires ICANN to provide the IANA functions, of which numbers allocation is one. Failure to perform any of the functions would be interpreted by DoC as a breach of contract. If the NRO did not contribute the (currently) 1.5% (which they have withheld in the past), ICANN would still be required to perform the number allocation function (as they did even when the RIR contribution was withheld). There is _no_ linkage between the contributions made by any stakeholder and the operation of the IANA functions contract. In the case of coordinating ULA assignments, I have no doubt IANA staff at ICANN _could_ provide the function quite easily since most of the infrastructure and processes are already in place for other services ICANN provides as part of the IANA functions contract. The question of whether or not the community, including folks from the RIR community and the IETF, want ICANN to perform that service is entirely different, and highly non-technical. Regards, -drc
