Re: Cogent Layer 2

On Thu, 15 Oct 2020 at 09:11, Ryan Hamel wrote: Yep. Make sure you run BFD with your peering protocols, to catch outages > very quickly. > Make sure you get higher availability with BFD than without it, it is easy to get this wrong and end up losing availability. First issue is that BFD has qui

Re: Cogent Layer 2

Yep. Make sure you run BFD with your peering protocols, to catch outages very quickly. On Oct 14 2020, at 12:47 pm, Mike Hammett wrote: > I haven't heard any concerns with reliability, on-net performance (aside from > 2 gig flow limit) or other such things. Do they generally deliver well in >

Re: Cogent Layer 2

On Wed, Oct 14, 2020, at 20:38, Rod Beck wrote: > You are correct that if you have > to carve it up into a lots of VLANs, it would be a nightmare. But > Hibernia was a true wholesale carrier providing backbone to clients, > not links distributing traffic to lots of user end points. The fact th

Re: FCC FUSF charges clarification

On 10/14/20 2:14 PM, Nuno Vieira via NANOG wrote: > Company Z charges company A on top of agreed services: It may be just a coincidence, but I had the same problem with a company that begins with "Z" (and ends with "ayo"). The quote I got was for a certain exact dollar amount with some tiny boil

Re: Ingress filtering on transits, peers, and IX ports

> On 15 Oct 2020, at 04:09, Casey Deccio wrote: > > >> On Oct 13, 2020, at 8:49 PM, Chris Adams wrote: >> >> Once upon a time, Eric Kuhnke said: >>> Considering that one can run an instance of an anycasted recursive >>> nameserver, under heavy load for a very large number of clients, on a

Re: Ingress filtering on transits, peers, and IX ports

So I have put together what I think is a reasonable and complete ACL. From my time in the enterprise world, I know that a good ingress ACL filters out traffic sourcing from: * Bogon blocks, like 0.0.0.0/8, 127.0.0.0/8, RFC1918 space, etc (well-documented in https://team-cymru.com/community-s

Re: FCC FUSF charges clarification

On Wed, Oct 14, 2020 at 2:16 PM Nuno Vieira via NANOG wrote: > Need some help/insight from you guys on this: > > Company A is an incorporated in Europe, where it main business is, > however it has some pops within USA. If you're complying with all the laws then you've also filed the various docum

Re: FCC FUSF charges clarification

On Wed, 14 Oct 2020, Nuno Vieira via NANOG wrote: So... my question IS: Is an European company (or whatsoever foreign wholesale company) WITHOUT ANY customers in USA liable to pay those taxes to the carrier ? Those aren't customer taxes, they are company surcharges with names to discourage

Re: FCC FUSF charges clarification

You shouldn't be getting USF recovery charges if you aren't utilizing interstate services from said carrier, although all carriers will try to collect these recovery charges even though a fraction of them actually pay this forward into USF fund! IP Transit is exempt per ITNA/ITFA as well as any wav

RE: Hurricane Electric AS6939

Which was my point is all, while it might be an extreme case, IP can cause issues for waves as well. Luke From: Eric Kuhnke Sent: Wednesday, October 14, 2020 4:31 PM To: Luke Guillory Cc: Matt Erculiani ; Darin Steffl ; nanog list Subject: Re: Hurricane Electric AS6939 *External Email: Us

Re: Ingress filtering on transits, peers, and IX ports

I think he means packet captures from an example, voluntarily-tested recursive nameserver subject to this attack. On Wed, Oct 14, 2020 at 11:53 AM Casey Deccio wrote: > Hi Bryan, > > > On Oct 14, 2020, at 12:43 PM, Bryan Holloway wrote: > > > > I too would like to know more about their methodo

Re: Hurricane Electric AS6939

Yes it did, because they were running *all* of those over their Infinera DWDM platforms which crashed. If the underlying optical line terminals are FUBAR, all bets are off. On Wed, Oct 14, 2020 at 2:27 PM Luke Guillory wrote: > Didn’t the Dec 2018 CL outage cause waves and even TDM circuits to

Re: FCC FUSF charges clarification

re. actually it is more than 20%... (i miscalculated stuff) On the IPT part is 6%; on the waveleght part is 48,2%. anoyone out there that can point some light on this ? Or all the other carriers are wrong ? :) On Wed, 2020-10-14 at 22:14 +0100, Nuno Vieira via NANOG wrote: > Hello All, > > Ne

Re: Hurricane Electric AS6939

The inverse of that is that an actual wavelength for 10/100G services can be contractually defined to a certain specific path at OSI layer 1 (with GIS vector shape files from the underlying carrier provided prior to signing a contract). Whereas a layer 2 transport service could also turn out to be

RE: Hurricane Electric AS6939

Didn’t the Dec 2018 CL outage cause waves and even TDM circuits to go down? Luke From: NANOG On Behalf Of Matt Erculiani Sent: Wednesday, October 14, 2020 3:59 PM To: Darin Steffl Cc: nanog list Subject: Re: Hurricane Electric AS6939 *External Email: Use Caution* For providers who use th

FCC FUSF charges clarification

Hello All, Need some help/insight from you guys on this: Company A is an incorporated in Europe, where it main business is, however it has some pops within USA. Company A uses services from several companies within USA. (carrier H, C, Z, G, L, etc..) all in the United States to remotelly connec

Re: Ingress filtering on transits, peers, and IX ports

"What do you mean by "tangibles in the form of PCAPs”” I think Brian means packet captures, in PCAP format, so that we can observe example testing via Wireshark or some other protocol analyzer. -mel > On Oct 14, 2020, at 11:52 AM, Casey Deccio wrote: > > Hi Bryan, > >> On Oct 14, 2020, at

Re: Hurricane Electric AS6939

For providers who use the same infrastructure for their IP backbone and Ethernet services (as so many do), a large DDoS could disrupt all Ethernet services that normally traverse affected links, whereas Waves would be blissfully ignorant of such an event. Waves are pretty reliable and will only go

Re: Hurricane Electric AS6939

*nods* instead of paying for protection, I'd rather just engineer a completely diverse route, preferable to a different Z location. Potential for greater diversity, you get more capacity. Costs may vary. I've seen similar things regarding 1G and less. - Mike Hammett Intelligent Comp

Re: Hurricane Electric AS6939

Yes but they're $$$ to have protection. Generally ethernet will be cheaper than waves with the added protection. I'm not arguing for one or the other. Waves will often be cheaper when looking at 10G or 100G compared to ethernet. For 1G or less, ethernet might be cheaper with some protection alread

Re: Hurricane Electric AS6939

*nods* There are protected wave services generally available if you wish to protect about such things. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Darin Steffl" To: "Mike Hammett" Cc: "Eric Kuh

Re: Hurricane Electric AS6939

The downside to waves are that they're typically not protected. So a cut will take you down. If you have 10G Layer 2 ethernet, they often will have redundant paths so the only single path that can fail is between you and their first POP where they hopefully have redundancy. It can make a big differ

Re: Cogent Layer 2

I haven't heard any concerns with reliability, on-net performance (aside from 2 gig flow limit) or other such things. Do they generally deliver well in those regards? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message

Re: Hurricane Electric AS6939

I suppose it depends on your carrier and their capabilities. I much prefer waves to any kind of service that you can aggregate. Being able to aggregate just means they're going to oversubscribe you and at some point, you'll not get what you're paying for. Can't do that on a wave. - Mi

Re: Cogent Layer 2

On Wed, Oct 14, 2020 at 10:54:49AM -0700, Ryan Hamel wrote: > > One would think that with 100GE interfaces, it would not be possible to > overrun the interface if we allowed full 10Gbps/flow, however most 100GE > interfaces, at the chip level are broken down into 10Gbps lanes and the > interfac

Re: Ingress filtering on transits, peers, and IX ports

Hi Bryan, > On Oct 14, 2020, at 12:43 PM, Bryan Holloway wrote: > > I too would like to know more about their methodology We've written up our methodology and results in a paper that will be available in a few weeks. Happy to post it here if folks are interested. Obviously, no networks are

Re: Ingress filtering on transits, peers, and IX ports

I too would like to know more about their methodology and actual tangibles ideally in the form of PCAPs. On 10/14/20 4:56 PM, Brian Knight via NANOG wrote: Hi Eric, I shot a message over the folk who did the testing for more info about their test.  If I'm able to find anything useful in our

Re: Cogent Layer 2

Look, you are looking for a fight, in which I have no interest. And no, a provider can't overbook a packet over SDH circuit. It is SDH performance. Pure dedicated bandwidth. You are correct that if you have to carve it up into a lots of VLANs, it would be a nightmare. But Hibernia was a true who

Re: Cogent Layer 2

Hibernia's implementation must of made scaling in terms of VLAN allocations, and programming all the equipment in path (with possibly no redundancy), very difficult to manage. Any link can be saturated no matter if it is layer 2 or 3. If you want dedicated bandwidth with an SLA, you have to pay

Re: Cogent Layer 2

Hibernia was offering Switched Ethernet 'everywhere' long before it had a Layer 3 network. So I am a bit skeptical. In fact, in the 'old days' 2006-2011 we had a nice packet over SDH service that has all the performance of SDH with all the functionality of Ethernet. Very popular service. Unfortu

Re: Cogent Layer 2

All carrier Ethernet services are tunnels provided by VPLS Psuedowire or VXLAN services. Did you really expect a VLAN to be layer 2 switched everywhere? Ryan On Oct 14 2020, at 11:03 am, Rod Beck wrote: > > I always heard this service was really Layer 3 disguised as Layer 2. > > > From: NANOG o

Re: Cogent Layer 2

I always heard this service was really Layer 3 disguised as Layer 2. From: NANOG on behalf of Ryan Hamel Sent: Wednesday, October 14, 2020 7:54 PM To: Mike Hammett Cc: nanog@nanog.org Subject: Re: Cogent Layer 2 Mike, Layer 2 is fine once it works. * You

Re: Cogent Layer 2

When I last spoke to them, it sounded like they were using a bunch of LAG groups based on ip address because they _really_ wanted to know how many ip addresses we had and what kind of traffic we would be expecting (eyeball networks, big data transport, etc). -Original Message- From: "

Re: Cogent Layer 2

Mike, Layer 2 is fine once it works. You will have to put up with whatever VLAN tags they pick, if you plan on having multiple virtual circuits on a 10G hub. They do like to see into the flows of traffic, as they only allow up to 2Gbits/flow, per there legacy infrastructure. If the circuit does

Re: Cogent Layer 2

Thus spake Mike Hammett (na...@ics-il.net) on Wed, Oct 14, 2020 at 12:36:39PM -0500: > > Are any legitimate beefs with Cogent limited to their IP policies, BGP > session charges, and peering disputes? Meaning, would using them for layer 2 > be reasonable? Be sure to ask if your circuit will f

Re: Cogent Layer 2

I had a discussion with them about a point to point circuit last year and ran into some weirdness around how burstable it would be for specific IP to IP streams as our use case was cheap circuit / high speed data replication between given endpoints. The sales rep was suggesting to me that I’d s

Cogent Layer 2

Are any legitimate beefs with Cogent limited to their IP policies, BGP session charges, and peering disputes? Meaning, would using them for layer 2 be reasonable? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP

Re: Ingress filtering on transits, peers, and IX ports

On Tue, Oct 13, 2020 at 05:49:42PM -0500, Brian Knight via NANOG wrote: > Hi Mel, > > My understanding of uRPF is: > > * Strict mode will permit a packet only if there is a route for the > source IP in the RIB, and that route points to the interface where the > packet was received > > * Loose

Re: Ingress filtering on transits, peers, and IX ports

Great for customer-facing interfaces, though. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Nick Hilliard" To: "Brian Knight" Cc: nanog@nanog.org Sent: Wednesday, October 14, 2020 3:12:22 AM Sub

Re: Hurricane Electric AS6939

If an eyeball network has good peering, is there much value to be gained in chasing the long tail? It certainly presents a different cost perspective if you can pay a couple of the more premium networks for your remaining 15% - 20% of traffic not on the IXes. I just don't know that I'd really wo

RE: Hurricane Electric AS6939

Thanks, Yeah MEF-speak…. Lit layer 2 untagged is EPL Lit layer 2 tagged is EVPL ...it’s MEF (CE) terminology -Aaron From: NANOG On Behalf Of Josh Luthman Sent: Wednesday, October 14, 2020 8:44 AM To: Forrest Christian (List Account) Cc: nanog list Subject: Re: Hurricane Elect

Re: Ingress filtering on transits, peers, and IX ports

> On Oct 13, 2020, at 8:49 PM, Chris Adams wrote: > > Once upon a time, Eric Kuhnke said: >> Considering that one can run an instance of an anycasted recursive >> nameserver, under heavy load for a very large number of clients, on a $600 >> 1U server these days... I wonder what exactly the thr

Re: Hurricane Electric AS6939

On Wed, Oct 14, 2020 at 1:30 AM Aaron Gould wrote: > Do y’all like HE for Internet uplink? I’m thinking about using them for > 100gig in Texas. It would be for my eyeballs ISP. We currently have > Spectrum, Telia and Cogent. > > -Aaron > I find HE useful as a special kind of transit provider.

Re: Hurricane Electric AS6939

Cost isn't always the only factor one does something. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Darin Steffl" To: "Michael Spears" Cc: "Mike Hammett" , "Aaron Gould" , nanog@nanog.org Sent:

Re: Hurricane Electric AS6939

There's a startup IX in those markets, but it's not going to take much of your traffic. Yes, you would have to get a 100G wave to DFW. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: aar...@gvtc.com

Visit the NANOG 80 Virtual Expo!

*The latest technology, all in one space.* Be sure to visit the NANOG 80 Virtual Expo throughout the conference to learn about the latest technologies, and connect with reps from 19 North American companies. Plus, you'll have the chance to win a

Re: Ingress filtering on transits, peers, and IX ports

Hi Eric, I shot a message over the folk who did the testing for more info about their test. If I'm able to find anything useful in our logs from their detail, I'll post it to the list. The message referenced DNS cache poisoning and DDOS amplification, so it seemed fairly general and more focus

Re: Hurricane Electric AS6939

Depending on peer traffic, it may make more sense to co-locate a switch at a DC and then bring in some PNIs from your top usage peers. Check your peer usage using something like AS-Stats. Your top usage peers are going to be your most costly expense in the end... Erich Kaiser The Fusion Network

Re: Ingress filtering on transits, peers, and IX ports

Hi Marcos, Thanks for your reply. But I am looking for guidance on traffic filtering, not BGP prefix filtering. I have looked at BCP 84, and it's a good overview of the methods available to an ISP. My questions are more operational in nature and are not covered by the document. Of the cho

Re: Hurricane Electric AS6939

> On Oct 13, 2020, at 7:29 PM, Aaron Gould wrote: > > Do y’all like HE for Internet uplink? I’m thinking about using them for > 100gig in Texas. It would be for my eyeballs ISP. We currently have > Spectrum, Telia and Cogent. No. Too many problems with scenic routing due to lack of BGP

Re: Virginia voter registration down due to cable cut

On Tue, Oct 13, 2020 at 5:15 PM Christopher Morrow wrote: > > On Tue, Oct 13, 2020 at 2:41 PM Sean Donelan wrote: > > > > On Tue, 13 Oct 2020, Christopher Morrow wrote: > > > spof > > > > > > the vita folk have a history of 'not really understanding large scale > > > compute/network operations' :

Re: Hurricane Electric AS6939

Charter/Spectrum calls it an EPL - Ethernet Private Line. Josh Luthman 24/7 Help Desk: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Oct 14, 2020 at 4:08 AM Forrest Christian (List Account) < li...@packetflux.com> wrote: > I guess I should have been a bit cle

Re: Hurricane Electric AS6939

On Tue, Oct 13, 2020 at 8:22 PM Seth Mattinen wrote: > > On 10/13/20 5:10 PM, Darin Steffl wrote: > > > > You would do well to add them to your mix and remove one of the other > > ones. I'd probably remove spectrum and replace with HE. We've only had > > 30 minutes of downtime total in 5 years so

Re: Hurricane Electric AS6939

Depending on transport costs, it may be cheaper to just use HE at a datacenter he's already in vs going to a datacenter he's not in currently. HE has 10G of transit for as low as $900 right now. If 10G of transport from him to an IX is more than that, there's no financial incentive to peer instead

RE: Hurricane Electric AS6939

Yep. Get on some IXes first. You’d be able to offload a ton of traffic to free peering, vs sending everything via the transit you pay for. From: NANOG On Behalf Of Mike Hammett Sent: Tuesday, October 13, 2020 8:20 PM To: Aaron Gould Cc: nanog@nanog.org Subject: Re: Hurricane Electric AS6939 h

Re: Hurricane Electric AS6939

We had horrible experiences with them a long time ago. Inexplicable packet loss problems, route weirdness, so we dumped them. A couple of years ago we decided to give them another try (I was skeptical), but so far it has been just fine. At 07:29 PM 13/10/2020, Aaron Gould wrote: Do y’al

RE: Hurricane Electric AS6939 [EXTERNAL]

Good ISP, fast and knowledgeable NOC, pricing is also pretty good. If you have multiple peers already and want to do traffic management/engineering forget it. HE heavily peers with everyone and they don't accept communities from their clients. -Original Message- From: NANOG On Behalf

FYI - ARIN 46 Virtual Meeting Starts Today! (was: Fwd: [arin-announce] ARIN 46 Will Be Here Soon – Get Ready!)

NANOGers - FYI - ARIN 46 Virtual Meeting will start at today at noon ET. The meeting will be held via Zoom, and details on the schedule policy discussions, presentations, meeting materials and registration are attached. Best wishes! /John John Curran President and CEO American Registry for Int

Re: Ingress filtering on transits, peers, and IX ports

On 10/13/20 9:40 PM, Nikolas Geyer wrote: Tl;dr - definitely don’t accept your own prefix from the site it originated from, or other sites that have internal connectivity. But also don’t assume that an AS has a full-mesh of internal connectivity behind it and shouldn’t accept its own prefixes

Re: Hurricane Electric AS6939

On Wed, 14 Oct 2020 at 11:11, Forrest Christian (List Account) < li...@packetflux.com> wrote: Yes, what you would be ordering is typically a lit L2 circuit. However, > my experience is that certain carrier salespeople tend to call anything > like this a 'wave'. I have had lots of discussions ov

Re: Ingress filtering on transits, peers, and IX ports

Brian Knight via NANOG wrote on 13/10/2020 23:49: Strict mode won't work for us, because with our multi-homed transits and IX peers, we will almost certainly drop a legitimate packet because the best route is through another transit. there's no "almost" about it: strict mode is unfeasible for

Re: Hurricane Electric AS6939

I guess I should have been a bit clearer. Yes, what you would be ordering is typically a lit L2 circuit. However, my experience is that certain carrier salespeople tend to call anything like this a 'wave'. I have had lots of discussions over the years with various salespeople about the differen

Re: Hurricane Electric AS6939

For small ISPs looking at setting up their first ever presence at an IX point, you almost certainly would not be ordering an actual 'wave' (eg: a specific DWDM channel on a legacy 10G DWDM platform, handed off to you with 1310/LX interfaces at both ends), but lit layer 2 transport service between t