Re: Level3 issues from Denver to San Jose?
On Tue, Nov 30, 2010 at 11:22:41PM -0700, Khurram Khan wrote: I'm seeing some packet loss out of one of my routers in San Diego, we peer with L3. ping 4.69.132.57 so gi3/8 repeat 1000 size 5000 Type escape sequence to abort. Sending 1000, 5000-byte ICMP Echos to 4.69.132.57, timeout is 2 seconds: Packet sent with a source address of x.y.d.z !.!!.!.!!. !.!!.!.!!.!!.! .!!.!.!!.!.!!! !!!.!.!!.!.!!. !.!!.!.!!!.!!! !!.!!.!.!!.!.! !.!.!!.!!.!.!! .!.!!.!!.!.!!! !!!.! Success rate is 93 percent (534/573), round-trip min/avg/max = 20/27/204 ms That's most probably ICMP rate-limiting by Level3 - notice the regular pattern. Judging from the reverse DNS of your ping target, this is a Juniper router interface that you are pinging. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- d...@ircnet -- PGP: 0xA85C8AA0
TWT - Comcast congestion
On Tue, Nov 30, 2010 at 9:12 PM, Richard A Steenbergen r...@e-gerbil.net wrote: uncongested access. This is the kind of action that virtually BEGS for government involvement, which will probably end badly for all networks. This depends on the eventual regulatory mechanism and the goals it intends to promote. Everyone in our industry has been aware that security mechanisms related to BGP are needed, but after major incidents making it into the news regularly for ten years, little progress has been made. A regulator putting the hammer down might be a driving force to solve some of our basically solvable problems that no one is willing to spend any time or money on. Additionally, it is easy to make the argument that reduced interconnection cost for end-user ISPs would never motivate any innovation. If any network with 1000 DSL users could connect to the closest PAIX (in every NFL city, of course) and gain access to all the big players for nothing but the cost of transport, it would not significantly reduce their cost to serve their customers. The DSLAMs, tech support monkeys, transport, idiotic implementation choices, etc. cost an order of magnitude more than transit. No regulator is going to believe that eliminating the cost of transit will encourage more broadband deployment, higher broadband speeds, or new inventions that tax the network more heavily. On the other hand, it is very easy for regulators to imagine that, if Youtube had to bear the whole cost of moving bits from them to the end-user, and broadband access was free for anyone with a house and mailbox, developing new applications would be much more expensive and happen less frequently. I think eyeball networks had better start demonstrating how they are innovating new things that benefit the public, and working hard to run their networks and businesses efficiently, before the regulation gauntlet is thrown down. Otherwise, they will be on the losing end. In either case, I don't think it automatically must be bad for all networks, and everyone except those eyeball networks should hope it turns out to be good for the public, increasing consumer choice and bringing new forms of information and entertainment into their homes. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts
New IPv4 blocks allocated to RIPE NCC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [Apologies for duplicate mails] Dear Colleagues, The RIPE NCC received the IPv4 address ranges 5/8 and 37/8 from the IANA in November 2010. We will begin allocating from these ranges in the near future. The minimum allocation size for these two /8s has been set at /21. You may wish to adjust any filters you have in place accordingly. More information on the IP space administered by the RIPE NCC can be found on our web site at: https://www.ripe.net/ripe/docs/ripe-ncc-managed-address-space.html Additionally, please note that three pilot prefixes will be announced from each /8. The prefixes are: 5.0.0.0/16 5.1.0.0/21 5.1.24.0/24 37.0.0.0/16 37.1.0.0/21 37.1.24.0/24 They all originate in AS12654. More information on this pilot activity is available in the draft document De-Bogonising New Address Blocks which can be found at: http://www.ripe.net/ripe/docs/ripe-351.html Kind regards, Andrea Cima Registration Services Manager RIPE NCC -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkz2My0ACgkQXOgsmPkFrjOT7wCgnNa0eUFwK/ebtSeus3YgMoxZ GnUAnRAPMBMth/eSgX2F/opnY0fQI+Co =z5iw -END PGP SIGNATURE-
Re: Level 3 Communications Issues Statement Concerning Comcast's Actions
Well, I don't work for the NBN, but I do live here and follow the politics with interest. So far the 'experiment' is on track. The political parties who support the NBN are the majority by a slim margin (2 or 3 seats) and the project seems to be going forward. Most recently legislation passed that creates the NBN as a corporation among other things. If you're truly interested: http://australianpolitics.com/downloads/10-11-24_nbn-co-business-case-summary.pdf jy On 01/12/2010, at 12:56 AM, William Allen Simpson wrote: I've read through the entire thread thus far, and there are several very interesting points. I'd like to know more about the Australian experiment? But there were a couple of disparate comments that seem highly related, so I'll reply to them jointly here: On 11/30/10 2:59 AM, JC Dill wrote: What is happening now between L3 and Comcast also reminds me of the dial-tone settlement deals in the 1990s. The big telcos thought they could push small telcos out by making it more expensive to place calls (paying a fee to the telco that terminates the call) and less expensive to receive calls (receiving the termination fee). They mistakenly thought the startup telcos would go after consumers (who typically place more calls than they receive) and they didn't think about startup telcos going after ISP dial-up services (which receive more calls than they place) and then being forced to pay those startups settlement fees for all the calls their consumer customers made into the startup telco's ISP customer's modem banks. But I remember what happened next. BellSouth refused to pay their settlements. The CLECs sued and went bankrupt. BellSouth had deeper pockets and more lawyers. We don't have an interstate telephone settlement system or PUC to decide what the rules will be for settlements between content providers and eyeball providers. I believe that in the end it will come down to market forces and which group can better marshal customer angst to their side when packets don't flow freely between these two types of networks. Maybe. But I'm hoping the consumer angst gives us a better FCC. The market hasn't worked before, and isn't working in this case. So, maybe there isn't a market after all On 11/30/10 2:47 AM, Kevin Blackham wrote: I'm not convinced. Either I'm calculating something wrong, or greed is at work. Greed. Reminder: Comcast drastically raised their rates a few years back, saying to local cable commissions that they needed to invest in digital infrastructure. Instead, they took the massive profits and invested in NBC/Universal. When a cable node is an entire neighborhood of 500+ homes, because Comcast never bothered to split the nodes down to a reasonable networking size (as opposed to CATV-sized), then it's a Comcast greed problem A half year ago or so, talking with a Google manager about a certain fiber project, we ended up arguing about the size of cable nodes. He seemed to think everywhere was like Mountain View. I was trying not to embarrass him; just let it stand at -- as you drive, you don't look overhead at the cable infrastructure much, do you? (He admitted he doesn't.) On 11/29/10 11:27 PM, Jared Mauch wrote: The issue here is cost of infrastructure. The last mile generally is more valuable than the long-distance part. Everyone can build a nationwide network for a nominal amount of money. All the carriers can provide circuits at the same IXPs where you can public/private peer. The question does become, who is in those smaller and mid-markets. Not everyone is going to build fiber in Akron, Eugene, nor Madison. It gets even more interesting if you look at what happened with Fairpoint in the northeast IMHO. Verizon realized they would not make money there and sold it off. The promises and costs consumed them and forced bankruptcy. I'm not saying that will happen to Comcast, but it may cause them to divest the unprofitable parts as well, leaving some parts of the country worse-off than we would be today. Or in this case, invest in something else more profitable, NBC/Universal; and then try to leverage their customer base to gouge their CDN competitors. I'd like to see Level 3 pull a Disney/ABC or a Murdock/Fox, and publicly announce that they expect Comcast to share *their* revenue. And be willing to pull the plug! (Admittedly, I thought Disney/ABC and Murdock/Fox are evil, too. That model was only reasonable as the CATV channels had no advertising. All we have left now is Turner Classic Movies. A pox on *all* their houses!) It's really time for some anti-trust legislation/regulation. The last mile market has failed. PGP.sig Description: This is a digitally signed message part
Re: TWT - Comcast congestion
In a message written on Tue, Nov 30, 2010 at 10:59:25PM -0600, Richard A Steenbergen wrote: I believe that's what I said. To be perfectly clear, what I'm saying is: * Comcast acted first by demanding fees * Level 3 went public first by whining about it after they agreed to pay * Comcast was well prepared to win the PR war, and had a large pile of content that sounds good to the uninformed layperson ready to go. I think I can make this very simple. What I am saying is that you're missing a step before your 3 bullet points. Before any of the three things you describe, Level 3 demanded fees from Comcast. Level 3 is doing a great job of getting folks to ignore that fact. Comcast is a customer of L3, and pays them for service. Brining on Netflix will cause Comcast to pay L3 more. More interestingly, in this case it's likely Level 3 went to Comcast and said we don't think your existing customer ports will handle the additional trafficso...um...you should buy more customer ports. Does network neutrality work both ways? If it is bad for Comcast to hold the users hostage to extort more money from Level 3, is it also bad for Level 3 to hold the content hostage to extort more money from Comcast? -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpe4F2R6nxpA.pgp Description: PGP signature
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On 30/11/10 5:32 AM, Christopher J. Pilkington wrote: Anyone know where I can buy cage nuts and rack screws locally near SAVVIS DC3 in Sterling, VA? They don't seem to have a local supply here, and somehow the racks we bought came with a 2:1 screw:nuts ratio. I really don't understand why someone hasn't put vending machines in every major colo around the world. We have vending machines that sell ipods at the maul, we can certainly have a vending machine that sells rack nuts and screws, patch cables, tools, etc. at colos. jc
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
In a message written on Wed, Dec 01, 2010 at 06:43:25AM -0800, JC Dill wrote: I really don't understand why someone hasn't put vending machines in every major colo around the world. We have vending machines that sell ipods at the maul, we can certainly have a vending machine that sells rack nuts and screws, patch cables, tools, etc. at colos. Every meeting I have with a colo provider I suggest this exact idea. Patch cables (cat5, single mode, multi-mode), fiber couplers, maybe even SFP's, velcro ties, a 10-in-1 screwdriver, etc. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpgIRtZSs35g.pgp Description: PGP signature
Re: [NANOG-announce] Reminder: Today is the last day to register for NANOG 51 at the early bird rate
Jon, Sorry about that; not sure what's up. I'll look into it. Thanks, Dave On Tue, Nov 30, 2010 at 7:57 PM, Jon Lewis jle...@lewis.org wrote: On Tue, 30 Nov 2010, David Meyer wrote: Register today to get the early bird rate. Looking forward to seeing you in Miami. I just tried (to take advantage of the early-bird rate) and it looks like the registration code is busted. Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, w...@merit.edu and inform them of the time the error occurred, and anything you might have done that may have caused the error. [17270]ERR: 32: Warning in Perl code: DBD::Oracle::db do failed: ORA-1: unique constraint (NANOG.SYS_C00319811) violated (DBD ERROR: OCIStmtExecute) [for Statement insert into attendee ( attendee_id, attendee_username, attendee_password, attendee_email ) values ( attendee_seq.nextval, ?, ?, ? ) ] at /afs/ merit.net/infotech/www/nanog/secdocs/registration/username.epl line 54. [17270]ERR: 24: Error in Perl code: DBD::Oracle::db do failed: ORA-1: unique constraint (NANOG.SYS_C00319811) violated (DBD ERROR: OCIStmtExecute) [for Statement insert into attendee ( attendee_id, attendee_username, attendee_password, attendee_email ) values ( attendee_seq.nextval, ?, ?, ? ) ] at /afs/ merit.net/infotech/www/nanog/secdocs/registration/username.epl line 54. Apache/2.2.14 (Unix) Embperl/2.3.0 mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.12 mod_perl/2.0.4 Perl/v5.10.0 [Tue Nov 30 22:51:44 2010] I tried several variations of username and email address just in case either was already in the database from when I last attended a NANOG in Miami. It made no difference. Can we extend the early-bird rate until the web site is fixed such that people can actually create a username in order to sign up? -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On Wed, 1 Dec 2010, Leo Bicknell wrote: Every meeting I have with a colo provider I suggest this exact idea. Patch cables (cat5, single mode, multi-mode), fiber couplers, maybe even SFP's, velcro ties, a 10-in-1 screwdriver, etc. I'd say skip the colo provider, and look for vending machine companies. The colo provider's unlikely to go to the bother of digging up somebody to provide the vending machines and contents, but seems likely to be quite interested if the thing's provided to them as a package... cheers! == A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now.
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On Dec 1, 2010, at 9:43 AM, JC Dill wrote: On 30/11/10 5:32 AM, Christopher J. Pilkington wrote: Anyone know where I can buy cage nuts and rack screws locally near SAVVIS DC3 in Sterling, VA? They don't seem to have a local supply here, and somehow the racks we bought came with a 2:1 screw:nuts ratio. I really don't understand why someone hasn't put vending machines in every major colo around the world. We have vending machines that sell ipods at the maul, we can certainly have a vending machine that sells rack nuts and screws, patch cables, tools, etc. at colos. I had that idea back in 2003, after getting very frustrated late one Saturday evening because I didn't have something like cage nuts, and actually tried to interest the management of Switch and Data into doing it, but it went nowhere. I am sure I was not the first here... Regards Marshall jc
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On 2010-12-01, at 09:48, Leo Bicknell wrote: In a message written on Wed, Dec 01, 2010 at 06:43:25AM -0800, JC Dill wrote: I really don't understand why someone hasn't put vending machines in every major colo around the world. We have vending machines that sell ipods at the maul, we can certainly have a vending machine that sells rack nuts and screws, patch cables, tools, etc. at colos. Every meeting I have with a colo provider I suggest this exact idea. Patch cables (cat5, single mode, multi-mode), fiber couplers, maybe even SFP's, velcro ties, a 10-in-1 screwdriver, etc. Two notable places I've done site work where the colo vendor was happy to sell me such things were Terremark/NOTA in Miami and Global Switch in Amsterdam. But even in those cases there were times where I needed something outside normal office hours and couldn't find anybody to sell it to me. Vending machines have the advantage that they don't sleep. Joe
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On Wed, Dec 1, 2010 at 10:24 AM, Cat Okita c...@reptiles.org wrote: On Wed, 1 Dec 2010, Leo Bicknell wrote: Every meeting I have with a colo provider I suggest this exact idea. Patch cables (cat5, single mode, multi-mode), fiber couplers, maybe even SFP's, velcro ties, a 10-in-1 screwdriver, etc. I'd say skip the colo provider, and look for vending machine companies. The colo provider's unlikely to go to the bother of digging up somebody to provide the vending machines and contents, but seems likely to be quite interested if the thing's provided to them as a package... the colo provider may not want to 'waste' electricity/cooling on a vending machine... -chris
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
Once upon a time, Christopher Morrow morrowc.li...@gmail.com said: the colo provider may not want to 'waste' electricity/cooling on a vending machine... A plain (non-drink) machine draws a few watts. I don't think rack screws and patch cables need to be refrigerated; if they can't spare a few watts for a vending machine, then you probably can't install anything new there anyway. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On Dec 1, 2010, at 8:43 AM, Chris Adams wrote: Once upon a time, Christopher Morrow morrowc.li...@gmail.com said: the colo provider may not want to 'waste' electricity/cooling on a vending machine... A plain (non-drink) machine draws a few watts. I don't think rack screws and patch cables need to be refrigerated; if they can't spare a few watts for a vending machine, then you probably can't install anything new there anyway. You know, I don't think the reason this doesn't happen is a technological one. There are a bunch of us who've been pushing this idea to DC and colo providers for well upwards of fifteen years now, and I don't know of anyone who's actually done it. The problem is supply, not demand. Combining someone who's willing to service vending machines for a living with someone who knows what we need the vending machines stocked with is the sticking point, since the market is too small to separate those roles, I think. At least to bootstrap. Of course, if the economy continues downward, maybe there will be more clueful people who figure stocking vending machines is better than no work at all. -Bill PGP.sig Description: This is a digitally signed message part
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On 12/1/10 9:43 AM, Chris Adams wrote: A plain (non-drink) machine draws a few watts. I don't think rack screws and patch cables need to be refrigerated; if they can't spare a few watts for a vending machine, then you probably can't install anything new there anyway. Its def not a bad idea, and if you really wanted to, not like it would be hard to put nuts, screws, etc in a can, put a piece of electrical tape over the top, and completely repurpose an existing soda machine or even use one or two spaces in a machine already in the lobby or NOC. It may not look pretty, but its actually a great way to recycle and do something creative. Or, you could do what our co-loc does, have a large coffee can with screws, nuts, etc and a few shared screwdrivers in another. On your way in, grab the nuts/screws and a screwdriver, on your way out put unused and extras back in the can. Little things like that if people cooperate can be an excellent bullet point on why to be in a specific facility. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
regional ASN's
I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended? Cheers Ryan
Re: TWT - Comcast congestion
On Wed, Dec 01, 2010 at 06:31:39AM -0800, Leo Bicknell wrote: In a message written on Tue, Nov 30, 2010 at 10:59:25PM -0600, Richard A Steenbergen wrote: I believe that's what I said. To be perfectly clear, what I'm saying is: * Comcast acted first by demanding fees * Level 3 went public first by whining about it after they agreed to pay * Comcast was well prepared to win the PR war, and had a large pile of content that sounds good to the uninformed layperson ready to go. I think I can make this very simple. What I am saying is that you're missing a step before your 3 bullet points. Before any of the three things you describe, Level 3 demanded fees from Comcast. Level 3 is doing a great job of getting folks to ignore that fact. Do you have any basis for this claim, or are you just making it up as a possible scenario that would explain Comcast's actions? I have it on good authority that Level 3 did not attempt to raise their prices or ask for additonal fees beyond their existing contract, nor was their contract coming to term where they could renegotiate for more favorable terms. Comcast simply said, we've decided we don't want to pay you, you should pay us instead, and you're going to bend over and like it if you want to be able to reach our customers. Obviously the version I've heard and the version you're pitching can't co-exist, so either you have some REALLY interesting inside info that I don't (which I honestly find hard to believe given your knowledge of the facts so far), or you're stating a theory with no possible basis that I can find as a fact. If it's just a theory, please say so, then we don't keep having to argue these positions that can clearly never converge. Comcast is a customer of L3, and pays them for service. Brining on Netflix will cause Comcast to pay L3 more. More interestingly, in this case it's likely Level 3 went to Comcast and said we don't think your existing customer ports will handle the additional trafficso...um...you should buy more customer ports. Comcast is th customer, they have complete and total control of the traffic being exchabged over their transit ports. If they wanted less traffic, they could announce fewer routes, or add more no-export communities. They also have complete control of traffic being sent outbound, and since Level3 is more than capable of handling 300Gbps (the capacity comcast claims they have), if Comcast actually had 300Gbps of outbound traffic to send they could easily have had a 1:1 ratio. Framing this as a peering ratio debate is absurd, because there two networks were NEVER peers. Any customer could have sent addtional bits to Level3 at any time, and Comcast should be prepared to deal with the TE as a result. That's life on the Internet. Does network neutrality work both ways? If it is bad for Comcast to hold the users hostage to extort more money from Level 3, is it also bad for Level 3 to hold the content hostage to extort more money from Comcast? You know, most people manage to buy sufficient transit capacity to support the volume of traffic that their customers pay them to deliver. Only Comcast seems to feel that it is proper to use their captive customer base hostage to extort content networks into paying for uncongested access. Level 3 is free to sell full transit or CDN to whomever they like, just as Comcast is free to not buy transit from Level 3 when their contract is up. The net neutrality part starts when Level 3 is NOT free to turn off their customer for non-payment just like what would happen to anyone else who suddenly decided they didn't think they should keep paying their bills, because Comcast maintains so little transit capacity that to shut them off would cause mssive disruptions to large portions of the Internet. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: regional ASN's
You can use one AS and communities to seperate your traffic/policies. -jim --Original Message-- From: Ryan Finnesey To: NANOG list Subject: regional ASN's Sent: Dec 1, 2010 1:13 PM I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended? Cheers Ryan Sent from my BlackBerry device on the Rogers Wireless Network
Re: TWT - Comcast congestion
Comcast has released additional details publically. Of course, this is their side of the story, so I wouldn't believe it hook line and sinker but it helps fill in the gaps. http://blog.comcast.com/2010/11/comcasts-letter-to-fcc-on-level-3.html -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpzVf5qkSKbU.pgp Description: PGP signature
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
Or, you could do what our co-loc does, have a large coffee can with screws, nuts, etc and a few shared screwdrivers in another. On your way in, grab the nuts/screws and a screwdriver, on your way out put unused and extras back in the can. I like this idea better - which is what one of our DCs does for snacks and food. Box of Pop-Tarts, with an honor system can for payment. Partially for the staff, but they put it out in the customer area along with free coffee. Coke machine costs $0.50. There is at least one operator on duty 24/7; if I really needed to I could go knock on the door and have them scrounge up tools and screws. There is a Home Depot a half mile away failing that. This all sounds a little silly compared to the normal datacenter facility issues like power, security, telecomm... but indeed these touches go a long way towards customer satisfaction when you're there for an entire weekend for some big install. Next time we look for new facilities, I know I'll have these in mind. An aside: There is a special place in hell reserved for those who throw out unneeded rack hardware. ;) -- Jameel Akari
Re: TWT - Comcast congestion
I've collected my fav links (inc. nanog posts) on this topic on http://www.isoc-ny.org/p2/?p=1504. If there are issues with my brief explanation please let me know. j On Wed, Dec 1, 2010 at 12:34 PM, Leo Bicknell bickn...@ufp.org wrote: Comcast has released additional details publically. Of course, this is their side of the story, so I wouldn't believe it hook line and sinker but it helps fill in the gaps. http://blog.comcast.com/2010/11/comcasts-letter-to-fcc-on-level-3.html -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com Secretary - ISOC-NY - http://isoc-ny.org ---
Re: FUD: 15% of world's internet traffic hijacked
At the very least you might want to review: http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml Renesys provides one data point but there are others that clearly show traffic routed *through* China (meaning they did indeed originate/hijack, and then pass data on to the original destination). as usual i see no traffic measurements in the renesys note. i see inference of traffic based on some control plane measurements. and, has been shown, such inferences are highly suspect. randy
Re: Level 3 Communications Issues Statement Concerning Comcast'sActions
Sprint also offers unlimited 3G/4G data, and they were *really* specific in a mailing to their customers a couple days ago actually that unlimited means unlimited, not like some of our competitors are doing to their customers. D On Nov 30, 2010, at 11:29 AM, Owen DeLong wrote: MetroPCS also offers unlimited EVDO. Owen On Nov 30, 2010, at 8:22 AM, Brielle Bruns wrote: On 11/30/10 9:07 AM, William Herrin wrote: My Verizon Blackberry plan says unlimited data. Including the tether. Its 5GB, trust me on that one. Former roommate worked for Verizon Wireless as a high level blackberry tech in the local call center - they quietly added the cap to all plans over the past year after adding all these little disclaimers to sales docs, websites, etc. She came home and warned us one day that our EVDO modem on the business account was now capped, even though it was originally 'unlimited'. IIRC, they'll start billing you per megabyte or gigabyte after 5GB. I've not had an oppertunity to test this, so I'm only going by what I was told. IIRC, Clear's 4G service has no monthly cap. It does, 5GB as well, but I believe they throttle you down majorly once you hit the cap. I'll keep my eyes on the fine print next time I see a Clear commercial here. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Level 3 Communications Issues Statement Concerning Comcast'sActions
On Nov 29, 2010, at 10:25 PM, William Herrin wrote: There are a couple forms of shared billing. There's a third kind you failed to mention that doesn't require equal footing of the parties. The broker. I might pay an apartment broker $X to help find me an apartment. In turn the apartment broker might match me up with an apartment, and charge the landlord $Y for a successful tenancy. $Y is frequently much higher than $X, because the value to the landlord is much higher than the value to the tenant. There's a lot of similarities to the ISP model here. It's not worth beaucoup cash to the end-user to pay for all the overhead of the bandwidth costs. Their whole benefit is getting to watch a movie. Netflix and L3, on the other hand, stand to make quite a bit of money on the transaction, and could pay the broker-ISP a heftier sum to handle all their transactions with their end-users for them. They do that because it's not cost-effective for them to try and do direct transactions with their end-users, just as it's not often not convenient for land-lords to go around trying to actively find tenants. On Nov 29, 2010, at 11:20 PM, Leo Bicknell wrote: Broadband in the US is not in that boat. Too many consumers have a choice of a single provider. The vast majority of the rest have the choice of two providers. I dunno. I've lived in areas where I had two dozen local providers vying for my last-mile residential connectivity business. Perhaps this is something for you to bring up with your local municipality, tell them to stop strangling the businesses that want to offer service to their residents. But just because your elected officials aren't doing right by you doesn't mean that it justifies telling Comcast that they have to run their network, paid for with their money, according to yours or anyone else's rules. D
Re: FUD: 15% of world's internet traffic hijacked
Dear Randy; On Dec 1, 2010, at 3:28 PM, Randy Bush wrote: At the very least you might want to review: http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml Renesys provides one data point but there are others that clearly show traffic routed *through* China (meaning they did indeed originate/hijack, and then pass data on to the original destination). as usual i see no traffic measurements in the renesys note. i see inference of traffic based on some control plane measurements. and, has been shown, such inferences are highly suspect. Doesn't this traceroute (from the above) seem fairly convincing of transit ? (Not of the _amount_ of transit, just of its _existence_ ?) ...here's one of the typical traceroutes we saw during the incident, between the London Internet Exchange and a host in the USA, passing through China Telecom. This trace was collected at 16:03 UTC, about 13 minutes into the event. Total time in transit is 525ms (this trace typically takes no more than 110ms under normal conditions). 1. our host 0.785ms # London 2. 195.66.248.229 1.752ms # London 3. 195.66.225.541.371ms # London 4. 202.97.52.101399.707ms # China Telecom 5. 202.97.60.6 408.006ms # China Telecom 6. 202.97.53.121432.204ms # China Telecom 7. 4.71.114.101 323.690ms # Level3 8. 4.68.18.254 357.566ms # Level3 9. 4.69.134.221 481.273ms # Level3 10. 4.69.132.14 506.159ms # Level3 11. 4.69.132.78 463.024ms # Level3 12. 4.71.170.78 449.416ms # Level3 13. 66.174.98.66456.970ms # Verizon 14. 66.174.105.24 459.652ms # Verizon [.. four more Verizon hops ..] 19. 69.83.32.3 508.757ms # Verizon 20. last hop 516.006ms # Verizon And doesn't the graph in Craig Labovitz's blog seem consistent with a modest (not overwhelming, or even unusual) amount of excess traffic during the event ? http://asert.arbornetworks.com/2010/11/china-hijacks-15-of-internet-traffic/ So, putting this, and everything else, together, wouldn't it be reasonable to conclude, that - some traffic was diverted but - nowhere near 15% of the Internet, by orders of magnitude ? Regards Marshall randy
Re: FUD: 15% of world's internet traffic hijacked
On Wed, Dec 1, 2010 at 3:28 PM, Randy Bush ra...@psg.com wrote: as usual i see no traffic measurements in the renesys note. i see inference of traffic based on some control plane measurements. and, has been shown, such inferences are highly suspect. it's fairly clear though that you won't get traffic information without looking at the interconnects between the offending parties, eh? I think the Arbor notes about this try to address this from a traffic perspective, though they have anonymized stats at best. conspiracy-hatalso, you won't get the traffic stats from the offending parties/conspiracy-hat -chris
Re: FUD: 15% of world's internet traffic hijacked
it's fairly clear though that you won't get traffic information without looking at the interconnects between the offending parties yep conspiracy-hatalso, you won't get the traffic stats from the offending parties/conspiracy-hat and how much traffic data does google publish? or iij or ntt? oops! cho, fukuda, esaki, kato [0] did show real traffic data from japan's largest isps. no accusations meant. just trying to keep the discussion near sea level. randy --- [0] - http://www.iijlab.net/~kjc/papers/rbb-sigcomm2006.pdf and follow-on from 2010 http://www.iij.ad.jp/en/development/iir/pdf/iir_vol08_report_EN.pdf
Re: wikileaks unreachable
On Nov 30, 2010, at 11:07 AM, Marshall Eubanks wrote: On Nov 28, 2010, at 4:34 PM, Randy Bush wrote: anyone know why https://www.wikileaks.org/ is not reachable? nations state level censors trying to close the barn door after the horse has left? randy That was two days ago - as of this morning, there is apparently another From @wikileaks on twitter wikileaks WikiLeaks DDOS attack now exceeding 10 Gigabits a second. 1 hour ago wikileaks WikiLeaks We are currently under another DDOS attack. More routing news : Wikileaks has been booted off Amazon EC2 http://arstechnica.com/security/news/2010/12/wikileaks-kicked-out-of-amazons-cloud.ars Senator Joe Lieberman (I-CT), chairman of the Homeland Security and Governmental Affairs Committee, was among the congressmen who pressured Amazon to stop hosting Wikileaks... The site was down briefly after being ejected from Amazon, but is back up and once again running on the servers of Bahnhof, its previous Swedish hosting provider. regards Marshall Marshall
Re: regional ASN's
Le mercredi 01 décembre 2010 à 17:31 +, deles...@gmail.com a écrit : You can use one AS and communities to seperate your traffic/policies. Or other iBGP means of internal separation, like BGP confederations (in order to avoid iBGP session hacks). mh -jim --Original Message-- From: Ryan Finnesey To: NANOG list Subject: regional ASN's Sent: Dec 1, 2010 1:13 PM I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended? Cheers Ryan Sent from my BlackBerry device on the Rogers Wireless Network signature.asc Description: This is a digitally signed message part
Re: Level 3 Communications Issues Statement Concerning Comcast'sActions
On Dec 1, 2010, at 3:38 PM, Derek J. Balling wrote: On Nov 29, 2010, at 11:20 PM, Leo Bicknell wrote: Broadband in the US is not in that boat. Too many consumers have a choice of a single provider. The vast majority of the rest have the choice of two providers. I dunno. I've lived in areas where I had two dozen local providers vying for my last-mile residential connectivity business. Perhaps this is something for you to bring up with your local municipality, tell them to stop strangling the businesses that want to offer service to their residents. I live in an area without two dozen local providers that offer services to my address. Neither T nor CMCSA offer service at my address nor will they even return calls about price quotes to build. The local municipalities were uninterested as well, including putting pressure on the local utilities (T/CMCSA) that have major offices/callcenters located in the township. Ultimately I managed to work something out and get service, but for those on the edge areas, its much harder than you would think to gain access. I suspect there will be ongoing property devaluation as a consequence of lack of these utilities.. - Jared
Re: regional ASN's
On Dec 1, 2010, at 4:30 PM, Michael Hallgren wrote: Le mercredi 01 décembre 2010 à 17:31 +, deles...@gmail.com a écrit : You can use one AS and communities to seperate your traffic/policies. Or other iBGP means of internal separation, like BGP confederations (in order to avoid iBGP session hacks). Or just have disparate networks using the same ASN. Works fine. Why waste ASNs and try to explain to others how asX,Y,Z, etc., are all the same company? -- TTFN, patrick --Original Message-- From: Ryan Finnesey To: NANOG list Subject: regional ASN's Sent: Dec 1, 2010 1:13 PM I see various people are recommending networks setup regional ASN's. I am in the process of setting up a new network which will serve as a transit network for all our operating units. I was planning on using one ASN for North America, Asia and Europe. Is this not recommended? Cheers Ryan Sent from my BlackBerry device on the Rogers Wireless Network
Re: wikileaks unreachable
Just on an operational front, does anyone know the nature of the DDoS against wikileaks? eg: spoofed source garbage, http get, synfloods, or ? Mike-
Re: Blocking International DNS
the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. randy
Re: Level 3 Communications Issues Statement Concerning Comcast'sActions
On Wed, 01 Dec 2010 16:32:47 EST, Jared Mauch said: Ultimately I managed to work something out and get service, but for those on the edge areas, its much harder than you would think to gain access. I suspect there will be ongoing property devaluation as a consequence of lack of these utilities.. Has already started. I was looking for an apartment/house recently, and looked at one place towards the outskirts of town that was rather nicer than the rent price would indicate. The guy admitted the rent had been dropped $150/mo because the location had neither DSL nor cable service. Unfortunately, that was a show-stopper for me as well... pgp2g2KhDHZ72.pgp Description: PGP signature
Re: regional ASN's
On Dec 1, 2010, at 4:43 PM, Jack Bates wrote: On 12/1/2010 3:37 PM, Patrick W. Gilmore wrote: Or just have disparate networks using the same ASN. Works fine. Why waste ASNs and try to explain to others how asX,Y,Z, etc., are all the same company? I dislike the problem of routes not being accepted with my ASN in it. There's workarounds, but they are all ugly. Having islands which point default is not ugly. They are probably pointing default anyway. If not, typing nei $FOO allowas-in is also not ugly, IMHO. But your network, your decision. Mine runs fine like that. -- TTFN, patrick
Re: regional ASN's
On 12/1/2010 3:56 PM, Patrick W. Gilmore wrote: Having islands which point default is not ugly. They are probably pointing default anyway. If all sites strictly do default, fine. However, one could say static routing would work fine there too; and then you don't need an ASN. If each site is multihomed (the usual reason to run BGP), you might want to see the routes to apply appropriate traffic policies to them. If not, typing nei $FOO allowas-in is also not ugly, IMHO. Works, but you usually need to be careful when utilizing that method to prevent loops. But your network, your decision. Mine runs fine like that. I'm surprised that you left out the obvious workaround and depending on the traffic, the most appropriate model (leaving workaround status), create an encrypted channel between the networks and run iBGP over it. Jack
Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)
On 12/01/2010 12:47 PM, Jameel Akari wrote: Or, you could do what our co-loc does, have a large coffee can with screws, nuts, etc and a few shared screwdrivers in another. On your way in, grab the nuts/screws and a screwdriver, on your way out put unused and extras back in the can. I like this idea better - which is what one of our DCs does for snacks and food. Box of Pop-Tarts, with an honor system can for payment. Partially for the staff, but they put it out in the customer area along with free coffee. Coke machine costs $0.50. There is at least one operator on duty 24/7; if I really needed to I could go knock on the door and have them scrounge up tools and screws. There is a Home Depot a half mile away failing that. Unfortunately rack nuts (really the clips) aren't at HD, and they miss the thread pitch for several rack screw types. They do have cat5 and cat6 jumpers and bulk cable, tho. This all sounds a little silly compared to the normal datacenter facility issues like power, security, telecomm... but indeed these touches go a long way towards customer satisfaction when you're there for an entire weekend for some big install. Next time we look for new facilities, I know I'll have these in mind. There was always Tribeca Ace Hardware... I see it burned out last May, so no longer... Where else could you get retail fiber jumpers on Sunday? -- Pete
Re: regional ASN's
On Dec 1, 2010, at 5:05 PM, Jack Bates wrote: On 12/1/2010 3:56 PM, Patrick W. Gilmore wrote: Having islands which point default is not ugly. They are probably pointing default anyway. If all sites strictly do default, fine. However, one could say static routing would work fine there too; and then you don't need an ASN. If each site is multihomed (the usual reason to run BGP), you might want to see the routes to apply appropriate traffic policies to them. Just because you have one transit doesn't mean you shouldn't do BGP. Consider the router at an exchange point with 100+ peers and one transit, for instance. If not, typing nei $FOO allowas-in is also not ugly, IMHO. Works, but you usually need to be careful when utilizing that method to prevent loops. There is always a you usually need to be careful with any implementation, including a network without islands. If this is, for instance, a bunch of remote offices with a single router two upstreams each, there is zero risk of routing loops. Otherwise, there are always considerations, whatever your topology choice. But your network, your decision. Mine runs fine like that. I'm surprised that you left out the obvious workaround and depending on the traffic, the most appropriate model (leaving workaround status), create an encrypted channel between the networks and run iBGP over it. If you think you need to be careful with allowas-in, you need to be an order of magnitude more careful with tunnels. Plus I don't like GRE. :) -- TTFN, patrick
Re: FUD: 15% of world's internet traffic hijacked
On Wed, Dec 1, 2010 at 3:52 PM, Randy Bush ra...@psg.com wrote: conspiracy-hatalso, you won't get the traffic stats from the offending parties/conspiracy-hat and how much traffic data does google publish? or iij or ntt? oops! cho, fukuda, esaki, kato [0] did show real traffic data from japan's largest isps. no accusations meant. just trying to keep the discussion near sea level. sometimes I love to pull your chain... :) I agree though that folks won't publish this data (in general) directly, for whatever reason. Also, right '15% of traffic' really should have been '15% of routes*' -chris (*) routes as seen in one set of perspectives... not valid in tennessee, wyoming, parts of Alabama, Albania, Germany, The ex-UK-protectorates or...
Re: FUD: 15% of world's internet traffic hijacked
On Dec 1, 2010, at 4:17 PM, Christopher Morrow wrote: sometimes I love to pull your chain... :) I agree though that folks won't publish this data (in general) directly, for whatever reason. Also, right '15% of traffic' really should have been '15% of routes*' Agreed, I should have been more clear. I wasn't implying that much traffic either, but rather 15% of global prefixes. I was more focused on, Seems clear enough that traffic *transited* China ASNs, as opposed to being blackholed as we seen in many hijacks. Further, in hopes of generating discussion... I've seen a lot of comments along the lines of this was likely an accident, misconfiguration, or fat-finger... I'm having a really hard time figuring how, if traffic not only diverted to China but *transited* China, this could be any kind of mistake. I'm not able to get my fingers or thumbs to randomly (seemingly) select approximately 15% of all prefixes, originate those, modify filters so I can do so, and also somehow divert it to another router that doesn't have the hijacked prefixes I'm announcing but rather forwards the source traffic on to it's intended destination. I can't seem to work all of that out into any kind of accident. Anyone? -b
Re: Blocking International DNS
On 12/01/2010 10:41 PM, Randy Bush wrote: the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. randy Before we do this, I do have some other questions: Wasn't this exactly why people suggested ICANN should just move to Switzerland and become an independent international organization ? Would this still be possibility ? An other question, how much does ICANN really have to say about the content of the root ? Isn't their a long process to get something in/out of the root and isn't it the root operators that decide to actually deploy the zone ?
Re: Blocking International DNS
Randy Bush wrote: the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. randy Might be of interest: http://digitizor.com/2010/12/01/the-pirate-bay-co-founder-starting-a-p2p-based-dns-to-take-on-icann/
Re: Blocking International DNS
On Dec 1, 2010, at 11:41 AM, Randy Bush wrote: the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. Wouldn't this simply change the focus of who can attack from the USG (which, as far as I am aware, has not attacked the root) to some other government (or worse, the UN)? Given a handle, folks are going to want to grab it when they feel a need to control, regardless of who the folks are. It'd be nice to remove the handle, but that appears to be a very hard problem... Regards, -drc
Re: Blocking International DNS
On Dec 1, 2010, at 8:18 42PM, David Conrad wrote: On Dec 1, 2010, at 11:41 AM, Randy Bush wrote: the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. Wouldn't this simply change the focus of who can attack from the USG (which, as far as I am aware, has not attacked the root) to some other government (or worse, the UN)? Given a handle, folks are going to want to grab it when they feel a need to control, regardless of who the folks are. It'd be nice to remove the handle, but that appears to be a very hard problem... I think that the Pirate Bay announcement was triggered by http://www.npr.org/templates/story/story.php?storyId=131678432 plus the COICA bill (http://www.eff.org/coica) -- though it, at least, appears to be dead for this session and who knows what the new Congress will do. That said, I think the problem is primarily political, not technical. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Level 3 Communications Issues Statement Concerning Comcast'sActions
On Wed, Dec 1, 2010 at 3:38 PM, Derek J. Balling dr...@megacity.org wrote: On Nov 29, 2010, at 10:25 PM, William Herrin wrote: There are a couple forms of shared billing. There's a third kind you failed to mention that doesn't require equal footing of the parties. The broker. I might pay an apartment broker $X to help find me an apartment. In turn the apartment broker might match me up with an apartment, and charge the landlord $Y for a successful tenancy. Hi Derek, For the most part the apartment broker process doesn't work quite the way you think. Generally he either gets a fee from you to find you the best apartment or a fee from the landlord to find him a tenant (a no fee listing). But not both. Read http://www.nakedapartments.com/blog/broker-fees-explained/. Sometimes the landlord will agree to cover part of the broker's fee but the legal fiction is that the landlord is paying the renter who is paying the broker. Also bear in mind that apartment brokers tend to be a New York City phenomenon where regulated rent stabilization laws and related heavy regulation apply. They exist elsewhere but all top 20 Google hits for apartment broker fees were NYC. Let's consider a related example that's more ubiquitous than New York City apartment brokers: the real estate agent. The seller's agent collects a commission. So does the buyer's agent. If they're the same person, they get both commissions. Right? http://homebuying.about.com/od/glossaryd/g/DualAgency.htm Dual agency is not legal in all 50 states. http://homebuying.about.com/od/realestateagents/qt/92807_DualAgncy.htm Dual agency must be agreed to in writing between [all three] parties. The problem with dual agency is it's a classic conflict of interest. That's why both buyer and seller have to agree to it and go in eyes-wide-open, even where it's legal. What's more, in the highly competitive real estate market, savvy buyers know it's time to apply the screws -- the agent will earn more money even if he takes a big hit on the buyer's commission. Kinda the opposite of the monopoly/duopoly ISP who doesn't seek your permission in dealing with anyone else. Finally, realize that in both cases (real estate agent and apartment broker) you're dealing with a competitive negotiated process. The law allows -many- things in negotiated contracts that are flat illegal in the contracts of adhesion typically offered to the residential Internet buyer. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: wikileaks unreachable
http://asert.arbornetworks.com/2010/11/wikileaks-cablegate-attack/ and http://asert.arbornetworks.com/2010/11/round2-ddos-versus-wikileaks/ - Craig On Dec 1, 2010, at 4:38 PM, Mike wrote: Just on an operational front, does anyone know the nature of the DDoS against wikileaks? eg: spoofed source garbage, http get, synfloods, or ? Mike-
Re: Blocking International DNS
the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. Wouldn't this simply change the focus of who can attack from the USG (which, as far as I am aware, has not attacked the root) see smb's url re rightsholders having alleged bad sites blocked. randy
Re: Blocking International DNS
On Dec 1, 2010, at 4:41 PM, Randy Bush wrote: the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. Dear Randy; I am beginning to get the same impression, but I see difficulties moving forward. International agencies come to mind (the ITU or WIPO), as they are not subject to government warrants, but I think that the existing ones have their own issues. And I have too many bad memories of Alternic to feel comfortable about Peter Sunde's P2P ideas. Balancing all of that, internationalizing ICANN may be the best solution. Regards Marshall randy
Re: Blocking International DNS
Wasn't this exactly why people suggested ICANN should just move to Switzerland and become an independent international organization ? Would this still be possibility ? You can move ICANN to Mars but unless you move the root, IANA is and will still be under USG control as it is today. Also ICANN didn't touch any operational knobs related to the latest domain names seized by DHS-ICE. - J
Re: Blocking International DNS
internationalizing ICANN may be the best solution. for sure! if it is truly removed from the states and not put in genf. gedanken experiment: who would i trust more to not interfere with **other people's** data, the usg, icann, the itu, or the pirate bay party? my conclusion makes me very sad. but playing with the current dns is a short term solution. in the long run, centralization/rootification of control is equivalent to monopoly. and we have seen time and again that this leads to despotism, often cloaked in false protectionism and false we represent the community.. we have a significant failure by the security community in that they keep giving us hierarchic models, pgp being a notable exception. randy
Re: Blocking International DNS
but playing with the current dns is a short term solution. in the long run, centralization/rootification of control is equivalent to monopoly. and we have seen time and again that this leads to despotism, often cloaked in false protectionism and false we represent the community.. we have a significant failure by the security community in that they keep giving us hierarchic models, pgp being a notable exception. http://lauren.vortex.com/archive/000787.html h
Re: Blocking International DNS
On Dec 2, 2010, at 10:10 AM, Randy Bush wrote: we have a significant failure by the security community in that they keep giving us hierarchic models, pgp being a notable exception. http://en.wikipedia.org/wiki/PNRP --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Sell your computer and buy a guitar.
Re: Blocking International DNS
And I have too many bad memories of Alternic to feel comfortable about Peter Sunde's P2P ideas. IMHO, there is a basic and fundamental flaw on many of the alternate schemes. The current DNS ecosystem has been feeding the pockets of many for many years and became what a ~$7B? industry ? many folks are making a living out of it, so any alternate solution that doesn't take seriously in account the economic side will encounter high resistance to change. Also, who you will really trust to run it ? Balancing all of that, internationalizing ICANN may be the best solution. ICANN is not the problem. It is itself a problem because over the years instead of being a technical coordinator for names and numbers became the playground and clearinghouse for IP (Intellectual Property) groups, all sorts of color, sizes and shapes of attorneys milking from the DNS ecosystem and Internet Governance wanna be politiks. Also while different segments may have some level of participation (including folks that claim they represent the users which they do not) by design ICANN is a membership less organization so the multi stake holder model is a lie and the bottom up process when the bottom does not have the same level of resources to participate as some of the big corp/lobby groups, ends being a fiasco. With the current architecture what you need to internationalize is IANA, but who you will trust with that ? ITU ? As I commented in other forums, I believe that what we need is a novel and well thought resource directory and location service/protocol where central authority and uniqueness are not fundamental requirements, and as said before something that on the long run can be monetized in a way that creates an economic incentive for people to use it. Meanwhile, as Randy said, our only option is to keep dealing with the current system. Regards Jorge
Re: Blocking International DNS
Also, who you will really trust to run it ? The UUCP network chugged along quite nicely for many years without any central authority. (Pathalias and the maps weren't an authority, just a hint.) --lyndon
Re: Blocking International DNS
http://lauren.vortex.com/archive/000787.html I see no drafts, no white or any color papers, no research, no background, good intentions and a napkin list of specs/requirements, no substance. -J
Re: Blocking International DNS
*wonders where his fidonet archives are. dusty. Any system needs to be designed to be open to anyone at any level of the economic chart and a minimum of technical knowledge to implement. This does not necessarily need to encompass the identification requirements for commerce, that may well become a separate system. cheers Jeff On Wed, Dec 1, 2010 at 7:42 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) lyn...@orthanc.ca wrote: Also, who you will really trust to run it ? The UUCP network chugged along quite nicely for many years without any central authority. (Pathalias and the maps weren't an authority, just a hint.) --lyndon
Re: Blocking International DNS
Steve, On Dec 1, 2010, at 3:35 PM, Steven Bellovin wrote: Wouldn't this simply change the focus of who can attack from the USG (which, as far as I am aware, has not attacked the root) to some other government (or worse, the UN)? Given a handle, folks are going to want to grab it when they feel a need to control, regardless of who the folks are. It'd be nice to remove the handle, but that appears to be a very hard problem... I think that the Pirate Bay announcement was triggered by http://www.npr.org/templates/story/story.php?storyId=131678432 Which is, of course, unrelated to ICANN (see http://domainincite.com/icann-had-no-role-in-seizing-torrent-domains/) and is a result of VeriSign following US law in the management of two of the top-level domains they operate. plus the COICA bill (http://www.eff.org/coica) Yeah, COICA is a barrel of fun. As is LOPPSI-2 in France and the equivalent regulations in places like Sweden, Germany, etc. However, my impression (but will admit not having looked into this very much) is that the guy from Pirate Bay is merely pissed off because he lost a UDRP complaint when he obtained the IFPI.COM domain after the International Federation of the Phonograph Industry let it expire, misunderstood (perhaps purposefully) what happened at VeriSign, and decided to capitalize on it. That said, I think the problem is primarily political, not technical. Right, but that wasn't what I was questioning. I suspect that no matter what legal venue you put something as tasty as the control of the DNS, there will be folks who will attempt to exercise that control for their own political purposes. Even internationalizing it doesn't seem to be a good idea to me (based on my impression of how politics get involved in places like the ITU). I'd love to see a non-hierarchical naming system that didn't suck more than the DNS, but as I said, it seems that's a very hard problem... Regards, -drc
Re: Blocking International DNS
the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, This particular domain grab had nothing to do with the root or ICANN. If you look at the name servers and WHOIS of the domains that were seized, you can easily see that the USG served papers on Verisign, who did what the papers told them to, because they're the .COM registry. Anyone who registers a .COM really shouldn't be surprised to find out that Verisign is headquartered in California, and is 100% subject to US law, not to mention still having a side agreement with DoC about .COM due to its history. For several decades the USG has made it crystal clear that they do not mess with ccTLDs, not even ones for countries they don't like such as .CU and .IR. If you want a USG-proof domain, use a ccTLD. I am somewhat more concerned about the possiblity that the government would have a mandatory do-not-resolve list for networks in the US. That would be unlikely to stand up in court, viz. the quick failure of the Pennsylvania child porn IP blacklist, but the process would be painful while it unfolded. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: Blocking International DNS
For several decades the USG has made it crystal clear that they do not mess with ccTLDs, not even ones for countries they don't like such as .CU and .IR. possibly clear to you. the factual experience is that this statement is patently false to those dealing with those particular cctlds. randy
Re: Blocking International DNS
Randy, Can you cite specific examples of USG interfering with ccTLDs? Jeff On Wed, Dec 1, 2010 at 11:53 PM, Randy Bush ra...@psg.com wrote: For several decades the USG has made it crystal clear that they do not mess with ccTLDs, not even ones for countries they don't like such as .CU and .IR. possibly clear to you. the factual experience is that this statement is patently false to those dealing with those particular cctlds. randy -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: Blocking International DNS
Can you cite specific examples of USG interfering with ccTLDs? For several decades the USG has made it crystal clear that they do not mess with ccTLDs, not even ones for countries they don't like such as .CU and .IR. possibly clear to you. the factual experience is that this statement is patently false to those dealing with those particular cctlds. i am not at liberty to do so. but, for a clue % dig +short cu. ns ns.ceniai.net.cu. ns-cu.ripe.net. ns.dns.br. rip.psg.com. -- ns2.gip.net. ns1.gip.net. ns2.ceniai.net.cu. randy --- Q: Because it reverses the logical flow of conversation. A: Why is top posting frowned upon?
Trying to Make Sense of the Comcast/Level 3 Dispute
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Interesting article: http://www.freedom-to-tinker.com/blog/sjs/trying-make-sense-comcast-level-3 - -dispute Considering the fact that I received an e-mail survey request today from Netflix (I am a subscriber) which, among other questions, asked if I ever did streaming of their services on the Internet, Wii, Live TV, etc. (I don't), as well as asked if I am a Comcast subscriber (I am), among other last-mile service provider options -- I just found the timing of all of this very interesting. FYI, - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFM9zEnq1pz9mNUZTMRAkZjAJ9hbP54xMUAuXKBM8XFbPlE1in2+gCgiW5m K5IDw1Qo+Su6L0ySdb+kbLE= =H1rb -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
RE: Level 3 Communications Issues Statement Concerning Comcast's Actions
Makes we wonder if Level3's contract with Netflix has certain performance requirements that would preclude Level3 sending Netflix traffic to Comcast the long way around. http://seekingalpha.com/article/235645-akamai-to-lose-netflix-as-a-customer- level-3-and-limelight-pick-up-the-business If there is one thing Netflix is good at, probably the best in the industry, it's measuring the quality of their streaming. They constantly send out emails asking customers to rank the quality of the video they just watched and they have so much data on what works and what doesn't. So when they choose one provider over another, they really have the data to back it up. George Ou touches on a similar point at the end of his article: http://www.digitalsociety.org/2010/11/level-3-outbid-akamai-on-netflix-by-re selling-stolen-bandwidth/ Frank -Original Message- From: Ryan Finnesey [mailto:ryan.finne...@harrierinvestments.com] Sent: Tuesday, November 30, 2010 5:54 AM To: Thomas Donnelly; Rettke, Brian; Patrick W. Gilmore; NANOG list; Guerra, Ruben Subject: RE: Level 3 Communications Issues Statement Concerning Comcast'sActions It may have something to do with that Level3 is now hosting all the streaming content for Netflixs. Cheers Ryan -Original Message- From: Thomas Donnelly [mailto:tad1...@gmail.com] Sent: Monday, November 29, 2010 5:52 PM To: Rettke, Brian; Patrick W. Gilmore; NANOG list; Guerra, Ruben Subject: Re: Level 3 Communications Issues Statement Concerning Comcast'sActions On November 19, 2010, Comcast informed Level 3 that, for the first time, it will demand a recurring fee from Level 3 to transmit Internet online movies and other content to Comcast's customers who request such content. If the issue is bandwidth, then why not charge for bandwidth? Picking a specific service says we are trying to squash the competition. On Mon, 29 Nov 2010 16:48:06 -0600, Guerra, Ruben ruben.gue...@arrisi.com wrote: I'd have to agree with Brian. There is no simple answer to this one... If the ultimate cause is the abuse of bandwidth, I can understand this... BUT if the underlying motive is to squash competition then shame on you! -Original Message- From: Rettke, Brian [mailto:brian.ret...@cableone.biz] Sent: Monday, November 29, 2010 4:41 PM To: Patrick W. Gilmore; NANOG list Subject: RE: Level 3 Communications Issues Statement Concerning Comcast's Actions Essentially, the question is who has to pay for the infrastructure to support the bandwidth requirements of all of these new and booming streaming ventures. I can understand both the side taken by Comcast, and the side of the content provider, but I don't think it's as simple as the slogans spewed out regarding Net Neutrality, which has become so misused and abused as a term that I don't think it has any credulous value remaining. I'm hoping that there is an eventual meeting of the minds wherein some sort of collaboration takes place. If this gets additional government regulations I fear no one will like the result. Sincerely, Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Monday, November 29, 2010 3:28 PM To: NANOG list Subject: Level 3 Communications Issues Statement Concerning Comcast's Actions http://www.marketwatch.com/story/level-3-communications-issues-statemen t-concerning-comcasts-actions-2010-11-29?reflink=MW_news_stmp I understand that politics is off-topic, but this policy affects operational aspects of the 'Net. Just to be clear, L3 is saying content providers should not have to pay to deliver content to broadband providers who have their own product which has content as well. I am certain all the content providers on this list are happy to hear L3's change of heart and will be applying for settlement free peering tomorrow. (L3 wouldn't want other providers to claim the Vyvx or CDN or other content services provided by L3 are competing and L3 is putting up a toll booth on the Internet, would they?) -- TTFN, patrick -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: Trying to Make Sense of the Comcast/Level 3 Dispute
On Thu, Dec 2, 2010 at 12:40 AM, Paul Ferguson fergdawgs...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Interesting article: http://www.freedom-to-tinker.com/blog/sjs/trying-make-sense-comcast-level-3 - -dispute Considering the fact that I received an e-mail survey request today from Netflix (I am a subscriber) which, among other questions, asked if I ever did streaming of their services on the Internet, Wii, Live TV, etc. (I don't), as well as asked if I am a Comcast subscriber (I am), among other last-mile service provider options -- I just found the timing of all of this very interesting. I suppose this is all just a smoke screen to force one/both sides to upgrade inter-links before the l3/flix cdn contract goes whole hog. A stalling tactic and one to push buttons (political/PR buttons) raising the stakes/pushing timing up on installs... is interesting though. -chris