Re: Any enterprise operators very happy with their MPLS providers?

2012-12-06 Thread Måns Nilsson
Subject: Any enterprise operators very happy with their MPLS providers? Date: Wed, Dec 05, 2012 at 02:14:25PM + Quoting McCall, Gabriel (gabriel.mcc...@thyssenkrupp.com): I'm getting ready to prepare an RFP for our next generation WAN, and would like feedback from anyone else who has 100+

RE: /. ITU Approves Deep Packet Inspection

2012-12-06 Thread Adam Vitkovsky
So is it recommended now to go over all the NGN core routers and restore them to default with: no lawful-intercept disable cmd? :) adam

Google Fiber - keeps you regular

2012-12-06 Thread Suresh Ramasubramanian
http://www.youtube.com/watch?v=re0VRK6ouwIfeature=share you'll probably laugh so hard you won't even need the fiber

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Kyrian
On 5 Dec 2012, r...@maine.edu wrote: Where there is no way to change this though /proc ... Those netfilter connection tracking tunables have nothing to do with the kernel's TCP socket handling. No, but these do... net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Ray Soucy
It does require a fixed source address. The box is also a router and firewall, so it has many IP addresses available to it. On Wed, Dec 5, 2012 at 5:24 PM, William Herrin b...@herrin.us wrote: On Wed, Dec 5, 2012 at 5:01 PM, Mark Andrews ma...@isc.org wrote: In message

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Ray Soucy
This tunes conntrack, not local TCP on the server itself. On Wed, Dec 5, 2012 at 4:18 PM, Cyril Bouthors cy...@bouthors.org wrote: On 5 Dec 2012, r...@maine.edu wrote: Where there is no way to change this though /proc 10:17PM lenovo:~% sudo sysctl -a |grep wait

Fwd: [Infowarrior] - Leaked: ITU's secret Internet surveillance standard discussion draft]

2012-12-06 Thread Rich Kulawiec
- Forwarded message from Richard Forno rfo...@infowarrior.org - From: Richard Forno rfo...@infowarrior.org Date: Thu, 6 Dec 2012 08:21:15 -0500 To: Infowarrior List infowarr...@attrition.org Subject: [Infowarrior] - Leaked: ITU's secret Internet surveillance standard discussion

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Ray Soucy
net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_time = 90 net.ipv4.tcp_fin_timeout = 30 As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't just Google for 5 min. and chime

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Kyrian
Quoting Ray Soucy r...@maine.edu: net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_time = 90 net.ipv4.tcp_fin_timeout = 30 As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread William Allen Simpson
On 12/6/12 10:20 AM, Kyrian wrote: Also, if you are going to hack the kernel to make that change, I urge you to make it part of the sysctl mechanism as well, and to send a patch back to the kernel developers to help out others who might be in a similar situation to you. This is both to help

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Jean-Francois Mezei
Question: If a TCP connection is left hanging and continues to hoard the port for some time before it times out, shouldn't the work to be focused on finding out why the connection is not properly closed instead of trying to support a greater number of hung connections waiting to time out ?

Cogent outage?

2012-12-06 Thread Matthew Huff
About 10 minutes ago we stopped being able to pass traffic through cogent. I de-peered us from Cogent, and everything appears better. When I call cogent, all I get is a busy signal (must be a major outage). Anyone else seeing anything? Matthew Huff | 1 Manhattanville Rd

Re: Cogent outage?

2012-12-06 Thread Steven Saner
On 12/06/2012 11:11 AM, Matthew Huff wrote: About 10 minutes ago we stopped being able to pass traffic through cogent. I de-peered us from Cogent, and everything appears better. When I call cogent, all I get is a busy signal (must be a major outage). Anyone else seeing anything? Passing

RE: Cogent outage?

2012-12-06 Thread Evan Moore
I may have seen this as well. I touch Cogent in Boston. Seems to be returning as of 1717 GMT. ERM Evan R Moore Network Engineer Sovernet Communications -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Thursday, December 06, 2012 12:12 PM To: 'nanog@nanog.org'

Re: TCP time_wait and port exhaustion for servers

2012-12-06 Thread Ray Soucy
This issue is for really for connections that close properly and without any issue. The application closes the socket and doesn't care about it; but the OS keeps it in the TIME_WAIT state as required by the RFC for TCP in case data tries to be sent after the connection has closed (out of order

Re: Cogent outage?

2012-12-06 Thread Christopher Nielsen
Passing normal traffic in San Jose and Ashburn. On Thu, Dec 6, 2012 at 12:11 PM, Matthew Huff mh...@ox.com wrote: About 10 minutes ago we stopped being able to pass traffic through cogent. I de-peered us from Cogent, and everything appears better. When I call cogent, all I get is a busy

Re: Cogent outage?

2012-12-06 Thread Nick Olsen
No issues seen in Orlando either. Nick Olsen Network Operations (855) FLSPEED x106 From: Steven Saner ssa...@hubris.net Sent: Thursday, December 06, 2012 12:17 PM To: nanog@nanog.org Subject: Re: Cogent outage? On 12/06/2012 11:11 AM, Matthew Huff

Re: Cogent outage?

2012-12-06 Thread PC
No visible issues in the DC area. On Thu, Dec 6, 2012 at 10:17 AM, Evan Moore emo...@sover.net wrote: I may have seen this as well. I touch Cogent in Boston. Seems to be returning as of 1717 GMT. ERM Evan R Moore Network Engineer Sovernet Communications -Original Message-

RE: Cogent outage?

2012-12-06 Thread Jeremiah Millay
Evan, We are hearing reports of this from our customers as well. We connect to them in NY and Boston. Jeremiah Millay Network Engineer Vermont Telephone Co., Inc. Phone: 802 885-7796 Mobile: 802 289-2116 E-Mail: jmil...@vermontel.com -Original Message- From: Evan Moore

Re: Cogent outage?

2012-12-06 Thread Warren Bailey
Internet pulse shows cogent being difficult. From my Galaxy Note II, please excuse any mistakes. Original message From: Nick Olsen n...@flhsi.com Date: 12/06/2012 9:28 AM (GMT-08:00) To: Steven Saner ssa...@hubris.net,nanog@nanog.org Subject: Re: Cogent outage? No issues

Re: Cogent outage?

2012-12-06 Thread Michael Proto
I'm seeing packet loss between my Atlanta Cogent connection and some servers we have in both Dallas and London. According to Cogent's status page they're having an outage in the NYC area. -Proto http://status.cogentco.com/ On Thu, Dec 6, 2012 at 12:11 PM, Matthew Huff mh...@ox.com wrote:

RE: Cogent outage?

2012-12-06 Thread Matthew Huff
We are peered in Westchester Co, NY (north of NYC). Reports from status.cogentco.com suggest a problem in NYC. I wonder if it's related to the 75 Broad Street explosion this morning. According to Cogent status, they are running on generator. Matthew Huff | 1 Manhattanville Rd

Re: Cogent outage?

2012-12-06 Thread Warren Bailey
Internet pulse now shows cogent with increased latency on nearly every peer. From my Galaxy Note II, please excuse any mistakes. Original message From: Christopher Nielsen m4dh4t...@gmail.com Date: 12/06/2012 9:31 AM (GMT-08:00) To: Matthew Huff mh...@ox.com Cc:

RE: Cogent outage?

2012-12-06 Thread Jeremiah Millay
We just disabled our peering with Cogent in Boston and things have improved. We still have peering with them established in NYC (60 Hudson). Jeremiah Millay Network Engineer Vermont Telephone Co., Inc. Phone: 802 885-7796 Mobile: 802 289-2116 E-Mail: jmil...@vermontel.com -Original

Solutions for DoS DDoS

2012-12-06 Thread Mike Gatti
Hello Everyone, I'm assisting a non-profit organization to research solutions to secure their network from DOS/DDOS attacks. So far we have gone the route of discussing with their ISP's to see what solutions they have to offer, believing that the carriers are better positioned to block the

RE: Streaming video traffic increase from Level3?

2012-12-06 Thread Frank Bulk
We think we found out the source of usage -- the local college's Men's Volleyball team played last night against the neighboring (rival) school. The local college's streams are fixed at 1.5 Mbps, so you just need a few people watching to make it add up in hurry. That would explain the usage and

RE: China Telecom VPN problems (again)

2012-12-06 Thread Naslund, Steve
Make sure you check this out in detail. My export / import people found out that if the device is going to be in control of and used by a US company doing business in China, there are a lot less encryption restrictions. The ruling was that it was not an export if the device remains the property

RE: China Telecom VPN problems (again)

2012-12-06 Thread Naslund, Steve
Agreed. I have run IPsec over MPLS with no problem in China on several carriers. Internet connectivity also worked but performance was spotty due to overloaded firewall or circuits in and out of the country. Steven Naslund -Original Message- From: Tom Paseka

RE: China Telecom VPN problems (again)

2012-12-06 Thread Naslund, Steve
There are lots of carriers but unfortunately they all seem to use China Telecom infrastructure for transport so there is not really a way to get better Internet service there. In our experience MPLS performs better because China Telecom seems to hand off service to the international MPLS carriers

RE: How to get DID local numbers (IP Telephony)

2012-12-06 Thread Naslund, Steve
You can get DID numbers from a carrier when you buy a service from them. There is usually a ratio of how many DIDs you can get for a certain service. I know you will need state utilities commission licenses at least if you want to become a telephone carrier. IP only voice service I am not

Re: How to get DID local numbers (IP Telephony)

2012-12-06 Thread Derek Ivey
If you're looking to use SIP, I've had a good experience with Flowroute.com. I got one of my customers a block of 20 DIDs from them. Flowroute had to order the block from the CLEC in their area code and it took about two weeks. Derek On Dec 4, 2012, at 5:03 PM, Сергей Харламов men...@bk.ru

RE: Six Strike Rule (Was: William was raided...)

2012-12-06 Thread Naslund, Steve
If you are a facilities based broadband provider in the US you have to comply with CALEA. There is no coming to some agreement, you have a legal obligation to comply. No more, and no less. You don't have to comply with requests from agencies other than law enforcement under CALEA but you may

Re: How to get DID local numbers (IP Telephony)

2012-12-06 Thread Jay Ashworth
- Original Message - From: Сергей Харламов men...@bk.ru Can someone explain me how can I get an block of DID (Telephony numbers)? For example I need 200 numbers. Is that special organization or I must buy it somewhere? What the rule for USA (NY) about telephony providing ? Should I

RE: Cogent outage?

2012-12-06 Thread Harris, James (IT)
Seeing 25% packet lost between Tampa and Munich at 19:59 UTC James Harris 727-571-9328 -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Thursday, December 06, 2012 12:12 PM To: 'nanog@nanog.org' Subject: Cogent outage? About 10 minutes ago we stopped being able to

Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread William Herrin
Hi folks, I'm looking at several brands of rackmount 3kva double-conversion UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically looking for something that will work as a line-interactive UPS until the power starts to misbehave and will then switch to double-conversion mode until a

Re: Solutions for DoS DDoS

2012-12-06 Thread Steve
The ideal solution is a carrier that has its own true DDoS mitigation platform, and does not rely on black hole routing . Have the carrier handle the the large bulk flood attacks, then have your own prem base mitigation platform take care of the more application specific attacks that get

RE: Solutions for DoS DDoS

2012-12-06 Thread Joseph Chin
Is the cause of this non-profit a controversial one with a good likelihood of attracting the attention of demographics with the ability to mount DDoS attacks? If your upstream can do it for a good price (on account of being a non-profit organization) and they have lots of bandwidth along with a

Re: Solutions for DoS DDoS

2012-12-06 Thread Joly MacFie
By coincidence we have just published the video archive of our Mitigating DDoS Attacks: Best Practices for an Evolving Threat Landscape event last Wednesday. It's at http://youtu.be/FR0660X9lGc We'll have a full transcript up early next week. j On Thu, Dec 6, 2012 at 12:51 PM, Mike Gatti

RE: Cogent outage?

2012-12-06 Thread Michael Bubb
We got a notice from Internap a few hours ago: At approximately 12:10 EST Internap shut down the BGP session with Cogent as we were widespread packet loss issues through their network out of our New York (NYM) PNAP. We are contacting Cogent to see if they are aware of what the issue is. They

Re: Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread Mike
On 12/06/2012 12:49 PM, William Herrin wrote: Hi folks, I'm looking at several brands of rackmount 3kva double-conversion UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically looking for something that will work as a line-interactive UPS until the power starts to misbehave and will

Re: How to get DID local numbers (IP Telephony)

2012-12-06 Thread John Levine
Can someone explain me how can I get an block of DID (Telephony numbers)? As I think recent messages have shown, it's not possible to provide a useful answer unless you give us some hint about what you want to do with the traffic from those numbers. If you want to deliver it via SIP over the

Re: Cogent outage?

2012-12-06 Thread Blair Trosper
We've seen BGP resets on our servers in Tampa...with Cogent no longer being the preferred route for outgoing traffic. The preferred path from out DC is now through Hurricane (AS6939). Blair Trosper Updraft Networks LEARN (North Texas GigaPOP) On Thu, Dec 6, 2012 at 3:09 PM, Michael Bubb

Re: Amazon Abuse contact

2012-12-06 Thread Enrico Sorge
http://aws.amazon.com/security/vulnerability-reporting/ On Tue, Dec 4, 2012 at 11:40 PM, Mark Keymer m...@viviotech.net wrote: Hi, If there is a Amazon Abuse person our there or if someone has a good contact to someone at Amazon can you message me off-list. We have put in some Abuse

RE: Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread Joseph Chin
That is so old-school FUD re line-interactive vs double-conversion. Very much the tubeless vs tubed tire debate all over again. Buy well-engineered quality brand products (ie Emerson/Liebert, Schneider/APC) then it will be a non-issue. -Original Message- From: Mike

Re: Cogent outage?

2012-12-06 Thread Michael Bubb
Internap just updated: Cogent has said that the issue they were having has been resolved. Internap's BGP session was turned back up at approximately 15:45 EST and traffic has been stable since that time. On Thu, Dec 6, 2012 at 4:36 PM, Blair Trosper blair.tros...@gmail.comwrote: We've seen

RE: Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread Alex Rubenstein
I'm looking at several brands of rackmount 3kva double-conversion UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically looking for something that will work as a line-interactive UPS until the power starts to misbehave and will then switch to double-conversion mode until a

Re: Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread Seth Mattinen
On 12/6/12 12:49 PM, William Herrin wrote: Hi folks, I'm looking at several brands of rackmount 3kva double-conversion UPSes, such as Tripp Lite and Eaton Powerware. I'm specifically looking for something that will work as a line-interactive UPS until the power starts to misbehave and will

Verizon ISP ATM ports

2012-12-06 Thread Joe Maimon
Hey All, Its that time of the year again, and I am looking for verizon ATM/DSL wholesale DSL ports for NY/NJ latas. Off-list replies are welcome. Thanks, Joe

RE: Google Fiber - keeps you regular

2012-12-06 Thread Otis L. Surratt, Jr.
Why does the youtube video link lead back to their Fiber Internet/TV offering? Maybe I'm lost but the video is about a Google Fiber Bar right? Otis -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:31 AM To: nanog@nanog.org

Re: Google Fiber - keeps you regular

2012-12-06 Thread Suresh Ramasubramanian
All jokes about crappy Internet service aside, that is? On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote: Why does the youtube video link lead back to their Fiber Internet/TV offering? Maybe I'm lost but the video is about a Google Fiber Bar right? Otis -Original Message-

RE: Google Fiber - keeps you regular

2012-12-06 Thread Otis L. Surratt, Jr.
Yep. But you know I wouldn't be surprised if Google entered that market. That's why I was asking. You never know these days. From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:36 PM To: Otis L. Surratt, Jr. Cc: nanog@nanog.org Subject: Re: Google

Re: Google Fiber - keeps you regular

2012-12-06 Thread Suresh Ramasubramanian
If you look at www.google.com/fiber they do seem to be in that market now On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote: Yep. But you know I wouldn't be surprised if Google entered that market. That's why I was asking. You never know these days. From: Suresh Ramasubramanian

RE: Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread Alex Rubenstein
I have a 700VA 9130 rackmount that I recently bought to give it an eval run (although the first was a dud). There is a 3kVA model. For my small load it reports a PF of 0.91 online. PF, as in power factor? That has nothing to do with UPS efficiency.

Re: Online/double-conversion UPS economy/high efficiency modes?

2012-12-06 Thread Seth Mattinen
I apologize for mentioning it; thanks for taking the time to point out such data could not possibly be useful. ~Seth Sent from my iPad, please excuse my brevity. On Dec 6, 2012, at 16:19, Alex Rubenstein a...@corp.nac.net wrote: I have a 700VA 9130 rackmount that I recently bought to give it

Re: Amazon Abuse contact

2012-12-06 Thread Mark Keymer
Thank you for everyone's help. We were contacted by Amazon today. Sincerely, Mark Keymer On 12/6/2012 1:37 PM, Enrico Sorge wrote: http://aws.amazon.com/security/vulnerability-reporting/ On Tue, Dec 4, 2012 at 11:40 PM, Mark Keymer m...@viviotech.net mailto:m...@viviotech.net wrote:

Re: Solutions for DoS DDoS

2012-12-06 Thread Erol Blakely
My experience with most providers has been that null routing is the industry standard when a DDoS hits their network. I would suggest approaching companies who specialize in DDoS mitigation - Prolexic and Blacklotus to name two I am familiar with. These outfits may have something that works

Re: Solutions for DoS DDoS

2012-12-06 Thread Ahmed Maged
The most popular solution is Arbor Clean pipes. they have different ways you can get this : http://www.arbornetworks.com/ On Thu, Dec 6, 2012 at 5:26 PM, Erol Blakely e...@easydns.com wrote: My experience with most providers has been that null routing is the industry standard when a DDoS