Re: Charging fee for BGP prefix per /24?!

[joel jaeggli]

On 12/10/14 7:45 PM, Justin M. Streiner wrote:
> On Wed, 10 Dec 2014, Yucong Sun wrote:
>
>> It is not the same thing though. In my case, they just say we want
>> you to
>> buy our IP, if you don't and want use you own Arin allocated IP blocks
>> through bgp, then we got to charge you anyway!
>
> Are they charging per /24 (assuming IPv4 here...), or per prefix?
>
> If they are charging per /24, that seems like a great way to encourage
> customers to find another provider.
>
> If they are charging per prefix, that seems like an interesting way to
> encourage customers to make sure they aggregate their BGP
> advertisements as much as possible.
>
ISPs in my experience have a fee schedule supported by a model which
allows them to recover their expenses plus a nominal profit. If the
model doesn't work, in the long run that is a problem that solves
itself. At the right scale I have productive leverage against the profit
side of that number and also what line items the expenses are lodged
against. below that I'm a retail customer and I pick from the best
options available to me.
> jms
>




signature.asc
Description: OpenPGP digital signature

Re: Comcast thinks it ok to install public wifi in your house

[Jeroen Massar]

On 2014-12-11 03:35, Jeroen van Aart wrote:
> Grear – a paralegal – and her daughter claim the Xfinity hotspot is an
> unauthorized intrusion into their private home, places a "vast" burden
> on electricity bills, opens them up to attacks by hackers, and
> "degrades" their bandwidth.

LibertyGlobal (basically all cable in Europe) calls this "Wi-Free"

description here:
http://www.upc-cablecom.ch/en/internet/wi-free/

Uses likely the same trick as Comcast has:
 - separate DOCSIS channel, thus not on your IP/bandwidth[1]
 - separate SSID (2.4Ghz channel 1 b/g/n + n is what I have seen)
 - authenticated by user/pass (thus you are tracked)

in the LG case though it is opt-out which means that you go to the
"MyUPC" or similar page on their website and turn it off. Turning it off
does mean one cannot use that service elsewhere though.

As in .ch one either has DSL through Swisscom or Cable through UPC
(typically cheaper and faster and one has TV anyway) the latter is
almost per building available, thus the spread of this "UPC Wi-Free" is
pretty big. Check the map at the bottom, it is rather insane, though I
think that map renders where their customers are not where it is
enabled. I see 4 different ones just from my office with the imac
internal antenna...

As most people have pre-paid 4G though I wonder how useful it is that
these SSIDs are everywhere. Maybe one could see it as a sneak
advertising model though.

Primarily it will cause wifi-boxes that auto-select channels to move
away from channel 1 (which seems to be the primary one to be used)
moving away from that channel, thus meaning that other wifi channels get
even more crowded. And likely the Wi-Free ones are not used...

They btw did announce this 'feature' by advertising it. Of course few
people will understand the impacts as their marketing department does
not either and claims 'it does not impact you'...

Greets,
 Jeroen

[1] = of course if you have crappy connectivity then it becomes crappier
if a channel is taken away

Re: Got a call at 4am - RAID Gurus Please Read

[Randy Bush]

zfs and ganeti
-- 
Phones are not computers and suck for email

On December 11, 2014 2:39:19 PM GMT+09:00, Gary Buhrmaster 
 wrote:
>On Thu, Dec 11, 2014 at 2:25 AM, Randy Bush  wrote:
>>> We are now using ZFS RAIDZ and the question I ask myself is, why
>>> wasn't I using ZFS years ago?
>>
>> because it is not production on linux,
>
>Well, it depends on what you mean by
>"production".  Certainly the ZFS on Linux
>group has said in some forums that it is
>"production ready", although I would say
>that their definition is not exactly the
>same as what I mean by the term.
>
>> which i have to use because
>> freebsd does not have kvm/ganeti.
>
>There is bhyve, and virt-manager can
>support bhyve in later versions (but is
>disabled by default as I recall).  Not
>exactly the same, of course.
>
>> want zfs very very badly.  snif.
>
>Anyone who really cares about their data
>wants ZFS.  Some just do not yet know
>that they (should) want it.
>
>There is always Illumos/OnmiOS/SmartOS
>to consider (depending on your particular
>requirements) which can do ZFS and KVM.

Re: Got a call at 4am - RAID Gurus Please Read

[Gary Buhrmaster]

On Thu, Dec 11, 2014 at 2:25 AM, Randy Bush  wrote:
>> We are now using ZFS RAIDZ and the question I ask myself is, why
>> wasn't I using ZFS years ago?
>
> because it is not production on linux,

Well, it depends on what you mean by
"production".  Certainly the ZFS on Linux
group has said in some forums that it is
"production ready", although I would say
that their definition is not exactly the
same as what I mean by the term.

> which i have to use because
> freebsd does not have kvm/ganeti.

There is bhyve, and virt-manager can
support bhyve in later versions (but is
disabled by default as I recall).  Not
exactly the same, of course.

> want zfs very very badly.  snif.

Anyone who really cares about their data
wants ZFS.  Some just do not yet know
that they (should) want it.

There is always Illumos/OnmiOS/SmartOS
to consider (depending on your particular
requirements) which can do ZFS and KVM.

Re: Comcast thinks it ok to install public wifi in your house

[Jay Ashworth]

- Original Message -
> From: "Jeroen van Aart" 

> Comcast-supplied routers broadcast an encrypted, private wireless
> network for people at home, plus a non-encrypted network called
> XfinityWiFi that can be used by nearby subscribers. So if you're passing
> by a fellow user's home, you can lock onto their public Wi-Fi, log in
> using your Comcast username and password, and use that home's
> bandwidth.

Bright House/RoadRunner has been doing this in Tampa Bay for a couple years
now -- but they only do it on business installs.  It's how the Bright House
Wifi and CableWifi SSID services are provisioned.

Interestingly, they *do* do it with a separate cablemodem and a tee, and
a separate high-power access point; it's not built into the cablemodem 
provisioned for the business customer proper.  So space and power *would*
be an issue for these users, though I don't know that anyone's complained.

As another commenter noted, you do have to be a subscriber for their 
auth network to recognize you.

I will give them their props: I only had to sign in *once*, last year;
their auth controller has recognized my MAC address at every spot I've 
used since.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Carrier-grade DDoS Attack mitigation appliance

[Paul S.]

Tons of such companies exist; BlackLotus/Staminus/Prolexic/Voxility to 
name a few within the US.


Service provided is usually based on proprietary algorithms that may or 
may not do what you want it to do, though.


On 12/11/2014 10:39 AM, Javier J wrote:

What about DDOS protection as a service? is that something that is being
offered by more than a few vendors? I know of only one that exists through
a friend.

They basically start advertising your bgp routes, filter out the junk, and
send the good traffic back to you.

On Wed, Dec 10, 2014 at 8:08 AM, James Braunegg 
wrote:
Dear All



We use a combination of NSFOCUS hardware (ADS, ADS-m and NTA along with
A10 Hardware)



All of which I highly recommend !



Kindest Regards


James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braun...@micron21.com  |
ABN:  12 109 977 666
W:  www.micron21.com/ddos-protection<
http://www.micron21.com/ddos-protection>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain
privileged or confidential information. If you are not the intended
recipient of this message you must not use, copy, distribute or disclose it
to anyone other than the addressee. If you have received this message in
error please return the message to the sender by replying to it and then
delete the message from your computer.



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Parrish, Luke
Sent: Wednesday, December 10, 2014 8:08 AM
To: J. Tozo
Cc: nanog
Subject: RE: Carrier-grade DDoS Attack mitigation appliance



Switch to Nemo.







-Original Message-

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of J. Tozo

Sent: Monday, December 08, 2014 3:26 PM

Cc: nanog

Subject: Re: Carrier-grade DDoS Attack mitigation appliance



We also evaluating another appliance to put in place of Arbor, their
"support" outside USA its a joke.



On Mon, Dec 8, 2014 at 6:17 PM, Ammar Zuberi  wrote:




Hi,
We're currently running the Arbor Peakflow SP with the TMS and it
works very well for us.
Best Regards,
Ammar Zuberi
FastReturn, Inc
Direct Line: +971 50 394 7299
Email: am...@fastreturn.net
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are

addressed.


If you have received it by mistake, please let us know by e-mail reply
and delete it from your system; you may not copy this message or
disclose its contents to anyone. Please note that any views or
opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of
viruses. The company accepts no liability for any damage caused by any

virus transmitted by this email.


On Dec 8, 2014, at 10:53 PM, Tony McKay

 wrote:

Does anyone on list currently use Peakflow SP from Arbor with TMS,
and

is it truly a carrier grade DDoS detection and mitigation platform?
Anyone have any experience with Plixir?

Tony McKay
Dir. Of Network Operations
Office:  870.336.3449
Mobile:  870.243.0058
-The boundary to your comfort zone fades a little each time you
cross

it.  Raise your limits by pushing them.

This electronic mail transmission may contain confidential or
privileged

information. If you believe that you have received this message in
error, please notify the sender by reply transmission and delete the
message without copying or disclosing it.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mohamed
Kamal
Sent: Sunday, December 07, 2014 2:10 PM
To: nanog
Subject: Carrier-grade DDoS Attack mitigation appliance
Have anyone tried any DDoS attack mitigation appliance rather than
Arbor

PeakFlow TMS? I need it to be carrier-grade in terms of capacity and
redundancy, and as far as I know, Arbor is the only product in the
market which offers a "clean pipe" volume of traffic, so if the DDoS
attack volume is, for example, 1Tbps, they will grant you for example
50Gbps of clean traffic.

Anyway, I'm open to other suggestions, and open-source products that
can

do the same purpose, we have network development team that can work on

this.


Thanks.
--
Mohamed Kamal
Core Network Sr. Engineer





--

Grato,



Tozo





The information transmitted is intended only for the person or entity to
which it is addressed and may contain proprietary, confidential and/or
legally privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material
from all computers.

Re: Comcast thinks it ok to install public wifi in your house

[Javier J]

The answer is, if someone is using your hotspot, it does use the same radio
and channel your ssid is on.

On Wed, Dec 10, 2014 at 11:18 PM, Andrew Jones  wrote:

> It reads to me like it's not a separate Wi-Fi radio on a different
> channel, but just an additional SSID being broadcast:
> http://wifi.comcast.com/faqs.html
> ctrl+f "Does the new Home Hotspot impact my Internet speeds or data usage?"
>
>
>
>
> On 11.12.2014 14:55, Phil Bedard wrote:
>
>> It won't overlap with the one you are using for yourself on the same
>> device.
>>
>> DOCSIS has service flows with different priorities.  I don't know if
>> they are allocating specific channels for it or if it's just a
>> different service flow, but either way it is a lower priority and
>> should not cause contention with regular user traffic.
>>
>> Really it is just the power they seem to be complaining about.
>>
>> Phil
>>
>> -Original Message-
>> From: "Harald Koch" 
>> Sent: ‎12/‎10/‎2014 10:21 PM
>> To: "Mr Bugs" 
>> Cc: "NANOG list" 
>> Subject: Re: Comcast thinks it ok to install public wifi in your house
>>
>> On 10 December 2014 at 21:50, Mr Bugs  wrote:
>>
>>  however they use a separate DOCSIS and 802.11 channel so if would follow
>>> that it would be a separate IP tied to comcast corporate and not the
>>> subscriber as well as not taking up your bandwidth.
>>>
>>
>>
>>
>> IIRC there are only three non-overlapping channels on 802.11g and six on
>> 802.11n; I can see more networks than that from my basement.
>>
>> I haven't been keeping up with the technology, but in the ancient of days
>> wasn't the uplink side of DOCSIS also a limited-bandwidth, shared
>> resource?
>>
>
>

Re: Carrier-grade DDoS Attack mitigation appliance

[Javier J]

What about DDOS protection as a service? is that something that is being
offered by more than a few vendors? I know of only one that exists through
a friend.

They basically start advertising your bgp routes, filter out the junk, and
send the good traffic back to you.

On Wed, Dec 10, 2014 at 8:08 AM, James Braunegg  wrote:

> Dear All
>
>
>
> We use a combination of NSFOCUS hardware (ADS, ADS-m and NTA along with
> A10 Hardware)
>
>
>
> All of which I highly recommend !
>
>
>
> Kindest Regards
>
>
> James Braunegg
> P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
> E:   james.braun...@micron21.com  |
> ABN:  12 109 977 666
> W:  www.micron21.com/ddos-protection<
> http://www.micron21.com/ddos-protection>   T: @micron21
>
>
> [Description: Description: Description: Description: M21.jpg]
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Parrish, Luke
> Sent: Wednesday, December 10, 2014 8:08 AM
> To: J. Tozo
> Cc: nanog
> Subject: RE: Carrier-grade DDoS Attack mitigation appliance
>
>
>
> Switch to Nemo.
>
>
>
>
>
>
>
> -Original Message-
>
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of J. Tozo
>
> Sent: Monday, December 08, 2014 3:26 PM
>
> Cc: nanog
>
> Subject: Re: Carrier-grade DDoS Attack mitigation appliance
>
>
>
> We also evaluating another appliance to put in place of Arbor, their
> "support" outside USA its a joke.
>
>
>
> On Mon, Dec 8, 2014 at 6:17 PM, Ammar Zuberi  wrote:
>
>
>
> > Hi,
>
> >
>
> > We're currently running the Arbor Peakflow SP with the TMS and it
>
> > works very well for us.
>
> >
>
> > Best Regards,
>
> >
>
> > Ammar Zuberi
>
> > FastReturn, Inc
>
> >
>
> >
>
> >
>
> >
>
> > Direct Line: +971 50 394 7299
>
> > Email: am...@fastreturn.net
>
> >
>
> > This email and any files transmitted with it are confidential and
>
> > intended solely for the use of the individual or entity to whom they are
> addressed.
>
> > If you have received it by mistake, please let us know by e-mail reply
>
> > and delete it from your system; you may not copy this message or
>
> > disclose its contents to anyone. Please note that any views or
>
> > opinions presented in this email are solely those of the author and do
>
> > not necessarily represent those of the company. Finally, the recipient
>
> > should check this email and any attachments for the presence of
>
> > viruses. The company accepts no liability for any damage caused by any
> virus transmitted by this email.
>
> >
>
> > > On Dec 8, 2014, at 10:53 PM, Tony McKay
>
> >  wrote:
>
> > >
>
> > > Does anyone on list currently use Peakflow SP from Arbor with TMS,
>
> > > and
>
> > is it truly a carrier grade DDoS detection and mitigation platform?
>
> > Anyone have any experience with Plixir?
>
> > >
>
> > > Tony McKay
>
> > > Dir. Of Network Operations
>
> > > Office:  870.336.3449
>
> > > Mobile:  870.243.0058
>
> > > -The boundary to your comfort zone fades a little each time you
>
> > > cross
>
> > it.  Raise your limits by pushing them.
>
> > >
>
> > > This electronic mail transmission may contain confidential or
>
> > > privileged
>
> > information. If you believe that you have received this message in
>
> > error, please notify the sender by reply transmission and delete the
>
> > message without copying or disclosing it.
>
> > >
>
> > >
>
> > >
>
> > > -Original Message-
>
> > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mohamed
>
> > > Kamal
>
> > > Sent: Sunday, December 07, 2014 2:10 PM
>
> > > To: nanog
>
> > > Subject: Carrier-grade DDoS Attack mitigation appliance
>
> > >
>
> > >
>
> > > Have anyone tried any DDoS attack mitigation appliance rather than
>
> > > Arbor
>
> > PeakFlow TMS? I need it to be carrier-grade in terms of capacity and
>
> > redundancy, and as far as I know, Arbor is the only product in the
>
> > market which offers a "clean pipe" volume of traffic, so if the DDoS
>
> > attack volume is, for example, 1Tbps, they will grant you for example
>
> > 50Gbps of clean traffic.
>
> > >
>
> > > Anyway, I'm open to other suggestions, and open-source products that
>
> > > can
>
> > do the same purpose, we have network development team that can work on
> this.
>
> > >
>
> > > Thanks.
>
> > >
>
> > > --
>
> > > Mohamed Kamal
>
> > > Core Network Sr. Engineer
>
> > >
>
> >
>
> >
>
>
>
>
>
> --
>
> Grato,
>
>
>
> Tozo
>
> 
>
>
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain proprietary, c

RE: Comcast thinks it ok to install public wifi in your house

[Andrew Jones]

It reads to me like it's not a separate Wi-Fi radio on a different 
channel, but just an additional SSID being broadcast:

http://wifi.comcast.com/faqs.html
ctrl+f "Does the new Home Hotspot impact my Internet speeds or data 
usage?"




On 11.12.2014 14:55, Phil Bedard wrote:
It won't overlap with the one you are using for yourself on the same 
device.


DOCSIS has service flows with different priorities.  I don't know if
they are allocating specific channels for it or if it's just a
different service flow, but either way it is a lower priority and
should not cause contention with regular user traffic.

Really it is just the power they seem to be complaining about.

Phil

-Original Message-
From: "Harald Koch" 
Sent: ‎12/‎10/‎2014 10:21 PM
To: "Mr Bugs" 
Cc: "NANOG list" 
Subject: Re: Comcast thinks it ok to install public wifi in your 
house


On 10 December 2014 at 21:50, Mr Bugs  wrote:

however they use a separate DOCSIS and 802.11 channel so if would 
follow

that it would be a separate IP tied to comcast corporate and not the
subscriber as well as not taking up your bandwidth.




IIRC there are only three non-overlapping channels on 802.11g and six 
on

802.11n; I can see more networks than that from my basement.

I haven't been keeping up with the technology, but in the ancient of 
days
wasn't the uplink side of DOCSIS also a limited-bandwidth, shared 
resource?

Re: Comcast thinks it ok to install public wifi in your house

[Javier J]

In analyzing my neighbors who use comcast (I live in a townhouse and can
see many access points) my biggest complaint is the the wifi pollution
these comcast router/access-points cause.

For each neighbor who has comcast HSI, expect to see 3 SSID with different
mac showing up. There is the xfinity one, the customer one, and a blank one
broadcasting with similar mac on the same channel.

So even if you are just minding your business as a comcast customer
watching netflix, someone who hooks into your comcast router can not only
kill your wifi throughput but streaming content etc on the same channel,
but also piss of your neighbors (me) because of the small channel space in
the 2.4GHz range.

The 2nd problem I have with this is that I'm pretty sure 99.8% of the
people who have comcast and have their new routers have no clue they are
paying for essentially running a public hotspot for comcast. Even if you
still have to register or pay for it, it's available to the general public
without these people knowing about it.



On Wed, Dec 10, 2014 at 9:35 PM, Jeroen van Aart  wrote:

> Why am I not surprised?
>
> Whose fault would it be if your comcast installed public wifi would be
> abused to download illegal material or launch a botnet, to name some random
> fun one could have on your behalf. :-/
>
> (apologies if this was posted already, couldn't find an email about it on
> the list)
>
> http://www.theregister.co.uk/2014/12/10/disgruntled_
> customers_lob_sueball_at_comcast_over_public_wifi/
>
> "A mother and daughter are suing Comcast claiming the cable giant's router
> in their home was offering public Wi-Fi without their permission.
>
> Comcast-supplied routers broadcast an encrypted, private wireless network
> for people at home, plus a non-encrypted network called XfinityWiFi that
> can be used by nearby subscribers. So if you're passing by a fellow user's
> home, you can lock onto their public Wi-Fi, log in using your Comcast
> username and password, and use that home's bandwidth.
>
> However, Toyer Grear, 39, and daughter Joycelyn Harris – who live together
> in Alameda County, California – say they never gave Comcast permission to
> run a public network from their home cable connection.
>
> In a lawsuit [PDF] filed in the northern district of the golden state, the
> pair accuse the ISP of breaking the Computer Fraud and Abuse Act and two
> other laws.
>
> Grear – a paralegal – and her daughter claim the Xfinity hotspot is an
> unauthorized intrusion into their private home, places a "vast" burden on
> electricity bills, opens them up to attacks by hackers, and "degrades"
> their bandwidth.
>
> "Comcast does not, however, obtain the customer's authorization prior to
> engaging in this use of the customer's equipment and internet service for
> public, non-household use," the suit claims.
>
> "Indeed, without obtaining its customers' authorization for this
> additional use of their equipment and resources, over which the customer
> has no control, Comcast has externalized the costs of its national Wi-Fi
> network onto its customers."
>
> The plaintiffs are seeking monetary damages for themselves and on behalf
> of all Comcast customers nation-wide in their class-action case – the
> service was rolled out to 20 million customers this year."
>
> --
> Earthquake Magnitude: 4.8
> Date: 2014-12-10  22:10:36.800 UTC
> Date Local: 2014-12-10 13:10:36 PST
> Location: 120km W of Panguna, Papua New Guinea
> Latitude: -6.265; Longitude: 154.4004
> Depth: 35 km | e-quake.org
>

Re: Comcast thinks it ok to install public wifi in your house

[Mr Bugs]

The technical aside, you could make it opt in and let people who opted in
use the public network free, and charge people not signed up or not even
Comcast customers for profit. This way it makes it feel more like building
a community to the consumer rather than big biz pulling one over on the
little guy.

On Wed, Dec 10, 2014 at 10:55 PM, Phil Bedard  wrote:

> It won't overlap with the one you are using for yourself on the same
> device.
>
> DOCSIS has service flows with different priorities.  I don't know if they
> are allocating specific channels for it or if it's just a different service
> flow, but either way it is a lower priority and should not cause contention
> with regular user traffic.
>
> Really it is just the power they seem to be complaining about.
>
> Phil
> --
> From: Harald Koch 
> Sent: ‎12/‎10/‎2014 10:21 PM
> To: Mr Bugs 
> Cc: NANOG list 
> Subject: Re: Comcast thinks it ok to install public wifi in your house
>
> On 10 December 2014 at 21:50, Mr Bugs  wrote:
>
> > however they use a separate DOCSIS and 802.11 channel so if would follow
> > that it would be a separate IP tied to comcast corporate and not the
> > subscriber as well as not taking up your bandwidth.
>
>
>
> IIRC there are only three non-overlapping channels on 802.11g and six on
> 802.11n; I can see more networks than that from my basement.
>
> I haven't been keeping up with the technology, but in the ancient of days
> wasn't the uplink side of DOCSIS also a limited-bandwidth, shared resource?
>
> --
> Harald
>

RE: Comcast thinks it ok to install public wifi in your house

[Phil Bedard]

It won't overlap with the one you are using for yourself on the same device. 

DOCSIS has service flows with different priorities.  I don't know if they are 
allocating specific channels for it or if it's just a different service flow, 
but either way it is a lower priority and should not cause contention with 
regular user traffic.

Really it is just the power they seem to be complaining about.  

Phil

-Original Message-
From: "Harald Koch" 
Sent: ‎12/‎10/‎2014 10:21 PM
To: "Mr Bugs" 
Cc: "NANOG list" 
Subject: Re: Comcast thinks it ok to install public wifi in your house

On 10 December 2014 at 21:50, Mr Bugs  wrote:

> however they use a separate DOCSIS and 802.11 channel so if would follow
> that it would be a separate IP tied to comcast corporate and not the
> subscriber as well as not taking up your bandwidth.



IIRC there are only three non-overlapping channels on 802.11g and six on
802.11n; I can see more networks than that from my basement.

I haven't been keeping up with the technology, but in the ancient of days
wasn't the uplink side of DOCSIS also a limited-bandwidth, shared resource?

-- 
Harald

Re: Comcast thinks it ok to install public wifi in your house

[Mr Bugs]

Comcast is pushing DOCSIS 3.0 heavily, and the channel allocation and
configuration in DOCSIS 3.0 is much more flexible, allowing speed
configurations by bonding channels. http://en.wikipedia.org/wiki/DOCSIS

But the wifi, this is of course making an already crowded and noisy space
much worse. I live in a high density area with people that have wifi, and
its nearly useless. My devices that can be wired are, my 4G cell is often
faster and more reliable than trying to go 2.4ghz 802.11* on the same cell
phone. 5ghz is pretty empty, and I'm about to move to all Asus EA-N66 wifi
network on 5ghz.

I understand what Comcast is trying to do, but I think it should be an
opt-in type of thing instead.

On Wed, Dec 10, 2014 at 10:19 PM, Harald Koch  wrote:

> On 10 December 2014 at 21:50, Mr Bugs  wrote:
>
>> however they use a separate DOCSIS and 802.11 channel so if would follow
>> that it would be a separate IP tied to comcast corporate and not the
>> subscriber as well as not taking up your bandwidth.
>
>
>
> IIRC there are only three non-overlapping channels on 802.11g and six on
> 802.11n; I can see more networks than that from my basement.
>
> I haven't been keeping up with the technology, but in the ancient of days
> wasn't the uplink side of DOCSIS also a limited-bandwidth, shared resource?
>
> --
> Harald
>
>

Re: Charging fee for BGP prefix per /24?!

[Justin M. Streiner]

On Wed, 10 Dec 2014, Yucong Sun wrote:


It is not the same thing though. In my case, they just say we want you to
buy our IP, if you don't and want use you own Arin allocated IP blocks
through bgp, then we got to charge you anyway!


Are they charging per /24 (assuming IPv4 here...), or per prefix?

If they are charging per /24, that seems like a great way to encourage 
customers to find another provider.


If they are charging per prefix, that seems like an interesting way to 
encourage customers to make sure they aggregate their BGP advertisements 
as much as possible.


jms

Re: Comcast thinks it ok to install public wifi in your house

[Harald Koch]

On 10 December 2014 at 21:50, Mr Bugs  wrote:

> however they use a separate DOCSIS and 802.11 channel so if would follow
> that it would be a separate IP tied to comcast corporate and not the
> subscriber as well as not taking up your bandwidth.



IIRC there are only three non-overlapping channels on 802.11g and six on
802.11n; I can see more networks than that from my basement.

I haven't been keeping up with the technology, but in the ancient of days
wasn't the uplink side of DOCSIS also a limited-bandwidth, shared resource?

-- 
Harald

RE: Comcast thinks it ok to install public wifi in your house

[Mr Bugs]

Jeroen,

Not that I agree with this practice, I specifically got my own modem
because of this (and to have it directly attached to a real router) ,
however they use a separate DOCSIS and 802.11 channel so if would follow
that it would be a separate IP tied to comcast corporate and not the
subscriber as well as not taking up your bandwidth.
The bandwidth issue seems to be the only thing they can imagine people
being worried about and when you complain its the only thing they talk
about, making sure you know it wont take up any of your speed or quota.

Re: Comcast thinks it ok to install public wifi in your house

[Charles Mills]

In the US at least you have to authenticate with your Comcast credentials
and not like a traditional open wifi where you can just make up an email
and accept the terms of service.  I also understand that it is a different
IP than the subscriber.  Based on this the subscriber should be protected
from anyone doing anything illegal and causing the SWAT team to pay a
visit.  I haven't upgraded my gear though.

Now..they are doing this on your electric bill and taking up space (albeit
a small amount of it) in your home.

Chuck



On Wed, Dec 10, 2014 at 9:35 PM, Jeroen van Aart  wrote:

> Why am I not surprised?
>
> Whose fault would it be if your comcast installed public wifi would be
> abused to download illegal material or launch a botnet, to name some random
> fun one could have on your behalf. :-/
>
> (apologies if this was posted already, couldn't find an email about it on
> the list)
>
> http://www.theregister.co.uk/2014/12/10/disgruntled_
> customers_lob_sueball_at_comcast_over_public_wifi/
>
> "A mother and daughter are suing Comcast claiming the cable giant's router
> in their home was offering public Wi-Fi without their permission.
>
> Comcast-supplied routers broadcast an encrypted, private wireless network
> for people at home, plus a non-encrypted network called XfinityWiFi that
> can be used by nearby subscribers. So if you're passing by a fellow user's
> home, you can lock onto their public Wi-Fi, log in using your Comcast
> username and password, and use that home's bandwidth.
>
> However, Toyer Grear, 39, and daughter Joycelyn Harris – who live together
> in Alameda County, California – say they never gave Comcast permission to
> run a public network from their home cable connection.
>
> In a lawsuit [PDF] filed in the northern district of the golden state, the
> pair accuse the ISP of breaking the Computer Fraud and Abuse Act and two
> other laws.
>
> Grear – a paralegal – and her daughter claim the Xfinity hotspot is an
> unauthorized intrusion into their private home, places a "vast" burden on
> electricity bills, opens them up to attacks by hackers, and "degrades"
> their bandwidth.
>
> "Comcast does not, however, obtain the customer's authorization prior to
> engaging in this use of the customer's equipment and internet service for
> public, non-household use," the suit claims.
>
> "Indeed, without obtaining its customers' authorization for this
> additional use of their equipment and resources, over which the customer
> has no control, Comcast has externalized the costs of its national Wi-Fi
> network onto its customers."
>
> The plaintiffs are seeking monetary damages for themselves and on behalf
> of all Comcast customers nation-wide in their class-action case – the
> service was rolled out to 20 million customers this year."
>
> --
> Earthquake Magnitude: 4.8
> Date: 2014-12-10  22:10:36.800 UTC
> Date Local: 2014-12-10 13:10:36 PST
> Location: 120km W of Panguna, Papua New Guinea
> Latitude: -6.265; Longitude: 154.4004
> Depth: 35 km | e-quake.org
>

RE: Relative cost of ONT and UPS for FTTP

[Brian R]

Jean-Francois,
 
We use the Adtran ONT solutions.  The configuration is Adtran TA5000 with an 
Active Ethernet 24-Port Module (1187561F1) feeding an ONT TA324E (1287737G2) at 
the customer premise.
For power we are using the Cyber Power CSN27U12v-NA3 units.
The clam shell we are using to put the ONT in is TA350 ONT NID HSG SPLICE 
(1187770G1)
 
All of these part numbers should be available on Adtrans website to look up.
 
Brian
 
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jean-Francois Mezei
> Sent: Wednesday, December 10, 2014 2:27 PM
> To: Nanog@nanog.org
> Subject: Relative cost of ONT and UPS for FTTP
> 
> At recent hearings, I stuck my foot deep into my mouth (as I often do).
> 
> So I am now tasked to find the relative cost of the ONT/UPS compared to the 
> cost of the FTTP drop to the home (in a Flexnap environment).
> 
> From what I had read in the past, the ONT/UPS represent a major portion of 
> the costs to connect a home to an existing  Flexnap FTTP system as the drop 
> itself is now dirt cheap to install with unskilled workforce (no need for 
> laser splicing since flexnap is plug and play).
> 
> I know that the Aussie NBN had considered ditching the UPS to greatly reduce 
> the cost to reduce homes, so I have to hunt down those documents (which 
> predate existing pro-copper govt).
> 
> 
> Does ayone have numbers for ONT/UPS or could point me to such ?
> I assume manpower to install the ONT/UPS in homes is a large part of the cost 
> inside the home ?
> 
> 
> And is there any evidence that the actual drop to the home with Flexnap FTTP 
> is cheaper than a drop using copper from the splice panel on pole to the home 
> ?
> 
> Any/all information would be helpful.  (this is convince the regulator that 
> an independent ISP who buys the ONT/UPS to be used by one of its customers 
> relieves the incumbent telco from a major portion of the cost to connect a 
> home, which, according to telcos, represent 1/3 of total cost of FTTP 
> deployment.
> 
> 

  

Comcast thinks it ok to install public wifi in your house

[Jeroen van Aart]

Why am I not surprised?

Whose fault would it be if your comcast installed public wifi would be 
abused to download illegal material or launch a botnet, to name some 
random fun one could have on your behalf. :-/


(apologies if this was posted already, couldn't find an email about it 
on the list)


http://www.theregister.co.uk/2014/12/10/disgruntled_customers_lob_sueball_at_comcast_over_public_wifi/

"A mother and daughter are suing Comcast claiming the cable giant's 
router in their home was offering public Wi-Fi without their permission.


Comcast-supplied routers broadcast an encrypted, private wireless 
network for people at home, plus a non-encrypted network called 
XfinityWiFi that can be used by nearby subscribers. So if you're passing 
by a fellow user's home, you can lock onto their public Wi-Fi, log in 
using your Comcast username and password, and use that home's bandwidth.


However, Toyer Grear, 39, and daughter Joycelyn Harris – who live 
together in Alameda County, California – say they never gave Comcast 
permission to run a public network from their home cable connection.


In a lawsuit [PDF] filed in the northern district of the golden state, 
the pair accuse the ISP of breaking the Computer Fraud and Abuse Act and 
two other laws.


Grear – a paralegal – and her daughter claim the Xfinity hotspot is an 
unauthorized intrusion into their private home, places a "vast" burden 
on electricity bills, opens them up to attacks by hackers, and 
"degrades" their bandwidth.


"Comcast does not, however, obtain the customer's authorization prior to 
engaging in this use of the customer's equipment and internet service 
for public, non-household use," the suit claims.


"Indeed, without obtaining its customers' authorization for this 
additional use of their equipment and resources, over which the customer 
has no control, Comcast has externalized the costs of its national Wi-Fi 
network onto its customers."


The plaintiffs are seeking monetary damages for themselves and on behalf 
of all Comcast customers nation-wide in their class-action case – the 
service was rolled out to 20 million customers this year."


--
Earthquake Magnitude: 4.8
Date: 2014-12-10  22:10:36.800 UTC
Date Local: 2014-12-10 13:10:36 PST
Location: 120km W of Panguna, Papua New Guinea
Latitude: -6.265; Longitude: 154.4004
Depth: 35 km | e-quake.org

Re: Got a call at 4am - RAID Gurus Please Read

[Randy Bush]

> We are now using ZFS RAIDZ and the question I ask myself is, why
> wasn't I using ZFS years ago?

because it is not production on linux, which i have to use because
freebsd does not have kvm/ganeti.  want zfs very very badly.  snif.

randy

Re: automatic / intelligent fiber optic patch panel (iow SDN @ layer 0)

[joel jaeggli]

On 12/10/14 4:33 PM, Phil Bedard wrote:
> Curious what the use case is where a photonic or L1 switch wouldn't get 
> the job done?  
>
> With the robotic system you still need to wire everything up so it's 
> available to be xconnected.  

We've done electromechanical cross connect termination before on a very
large scale.

http://www.siemens.com/history/pool/newsarchiv/newsmeldungen/20110403_bild_3_fernsprechamt_muenchen-schwabing_458px.jpg

those systems typically don't have the capacity to connect 100% of the
edges at once.

> FiberZone was another vendor who made robotic patch panels, but I'm not 
> sure they are around anymore. 
their website is still there, I've never seen an AFM live.
> Interesting also Verizon has a patent on automated patch panels, but using 
> very specific mechanics.  
>
> https://www.google.com/patents/US8175425
>
>
>  
>
> Phil 
>
>
>
>
> On 12/9/14, 11:51 PM, "Arnold Nipper"  wrote:
>
>> Am 2014-12-10 00:36, schrieb Andrew Jones:
>>
>>> http://www.laser2000.de/out/media/glimmerglass_system_100%281%29.pdf
>>>
>> Thank you, Andrew ... while Glimmerglass is really an exciting and
>> excdellent system, these devices are exactly those photonic cross
>> connects I'm _not_ looking for :9
>>
>>> On 10.12.2014 10:21, Arnold Nipper wrote:
 I'm looking for a modular, cost-effective automatic / intelligent fibre
 optic patch panel.

 I'm not looking at these photonic x-connects, but really for something
 which does the patching instead of a technician.

>>
>> Arnold
>> -- 
>> Arnold Nipper / nIPper consulting, Sandhausen, Germany
>> email: arn...@nipper.de  phone: +49 6224 5593407 2
>> mobile: +49 172 2650958  fax:   +49 6224 5593407 9
>>




signature.asc
Description: OpenPGP digital signature

Re: automatic / intelligent fiber optic patch panel (iow SDN @ layer 0)

[Phil Bedard]

Curious what the use case is where a photonic or L1 switch wouldn't get 
the job done?  

With the robotic system you still need to wire everything up so it's 
available to be xconnected.  

FiberZone was another vendor who made robotic patch panels, but I'm not 
sure they are around anymore. 

Interesting also Verizon has a patent on automated patch panels, but using 
very specific mechanics.  

https://www.google.com/patents/US8175425


 

Phil 




On 12/9/14, 11:51 PM, "Arnold Nipper"  wrote:

>Am 2014-12-10 00:36, schrieb Andrew Jones:
>
>> http://www.laser2000.de/out/media/glimmerglass_system_100%281%29.pdf
>> 
>
>Thank you, Andrew ... while Glimmerglass is really an exciting and
>excdellent system, these devices are exactly those photonic cross
>connects I'm _not_ looking for :9
>
>> On 10.12.2014 10:21, Arnold Nipper wrote:
>>> I'm looking for a modular, cost-effective automatic / intelligent fibre
>>> optic patch panel.
>>>
>>> I'm not looking at these photonic x-connects, but really for something
>>> which does the patching instead of a technician.
>>>
>
>
>Arnold
>-- 
>Arnold Nipper / nIPper consulting, Sandhausen, Germany
>email: arn...@nipper.de  phone: +49 6224 5593407 2
>mobile: +49 172 2650958  fax:   +49 6224 5593407 9
>

Re: Got a call at 4am - RAID Gurus Please Read

[Joe Greco]

> I'm just going to chime in here since I recently had to deal with bit-rot
> affecting a 6TB linux raid5 setup using mdadm (6x 1TB disks)
> 
> We couldn't rebuild because of 5 URE sectors on one of the other disks in
> the array after a power / ups issue rebooted our storage box.
> 
> We are now using ZFS RAIDZ and the question I ask myself is, why wasn't I
> using ZFS years ago?
> 
> +1 for ZFS and RAIDZ

I hope you are NOT using RAIDZ.  The chances of an error showing up
during a resilver is uncomfortably high and there are no automatic 
tools to fix pool corruption with ZFS.  Ideally use RAIDZ2 or RAIDZ3
to provide more appropriate levels of protection.  Errors introduced
into a pool can cause substantial unrecoverable damage to the pool,
so you really want the bitrot detection and correction mechanisms to
be working "as designed."

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

Relative cost of ONT and UPS for FTTP

[Jean-Francois Mezei]

At recent hearings, I stuck my foot deep into my mouth (as I often do).

So I am now tasked to find the relative cost of the ONT/UPS compared to
the cost of the FTTP drop to the home (in a Flexnap environment).

>From what I had read in the past, the ONT/UPS represent a major portion
of the costs to connect a home to an existing  Flexnap FTTP system as
the drop itself is now dirt cheap to install with unskilled workforce
(no need for laser splicing since flexnap is plug and play).

I know that the Aussie NBN had considered ditching the UPS to greatly
reduce the cost to reduce homes, so I have to hunt down those documents
(which predate existing pro-copper govt).


Does ayone have numbers for ONT/UPS or could point me to such ?
I assume manpower to install the ONT/UPS in homes is a large part of the
cost inside the home ?


And is there any evidence that the actual drop to the home with Flexnap
FTTP is cheaper than a drop using copper from the splice panel on pole
to the home ?

Any/all information would be helpful.  (this is convince the regulator
that an independent ISP who buys the ONT/UPS to be used by one of its
customers relieves the incumbent telco from a major portion of the cost
to connect a home, which, according to telcos, represent 1/3 of total
cost of FTTP deployment.

Re: Got a call at 4am - RAID Gurus Please Read

[Javier J]

I'm just going to chime in here since I recently had to deal with bit-rot
affecting a 6TB linux raid5 setup using mdadm (6x 1TB disks)

We couldn't rebuild because of 5 URE sectors on one of the other disks in
the array after a power / ups issue rebooted our storage box.

We are now using ZFS RAIDZ and the question I ask myself is, why wasn't I
using ZFS years ago?

+1 for ZFS and RAIDZ



On Wed, Dec 10, 2014 at 8:40 AM, Rob Seastrom  wrote:

>
> The subject is drifting a bit but I'm going with the flow here:
>
> Seth Mos  writes:
>
> > Raid10 is the only valid raid format these days. With the disks as big
> > as they get these days it's possible for silent corruption.
>
> How do you detect it?  A man with two watches is never sure what time it
> is.
>
> Unless you have a filesystem that detects and corrects silent
> corruption, you're still hosed, you just don't know it yet.  RAID10
> between the disks in and of itself doesn't help.
>
> > And with 4TB+ disks that is a real thing.  Raid 6 is ok, if you accept
> > rebuilds that take a week, literally. Although the rebuild rate on our
> > 11 disk raid 6 SSD array (2TB) is less then a day.
>
> I did a rebuild on a RAIDZ2 vdev recently (made out of 4tb WD reds).
> It took nowhere near a day let alone a week.  Theoretically takes 8-11
> hours if the vdev is completely full, proportionately less if it's
> not, and I was at about 2/3 in use.
>
> -r
>
>

Re: ASN Domain for rDNS

[Joe Abley]

On 9 Dec 2014, at 19:30, Keefe John  wrote:

> I've been seeing more and more carriers(and even small ISPs) using as.net 
> as their domain for rDNS on IP space.  What are the pros and cons for doing 
> this versus using your primary business domain name?

When you are forced to change your name because of chapter 11, acquisition, 
rebranding, trademark challenge or a sudden need to distance yourself from 
previous senior management and their intense hatred of all customers, it's nice 
not to have to change all your reverse DNS.


Joe

Re: Charging fee for BGP prefix per /24?!

[Ammar Zuberi]

I was once with a provider that charged something stupid like $500 per BGP 
session.

This really isn't that big of a surprise.

On 10 Dec 2014, at 8:33 pm, John Levine  wrote:

>> Haven't encountered this myself, but putting a price on DFZ routing
>> slots seems like a Good Thing to me.
> 
> Paid to whom?
> 
> Yes, it would be nice to put more backpressure on announcements to get
> the size of the DFZ down.  But unless you can figure out how to get
> the money from the people announcing the routes to the people actually
> running the backbone routers, fees are just a way for providers to
> extract more money from their customers.
> 
> R's,
> John

Re: Charging fee for BGP prefix per /24?!

[John Levine]

>Haven't encountered this myself, but putting a price on DFZ routing
>slots seems like a Good Thing to me.

Paid to whom?

Yes, it would be nice to put more backpressure on announcements to get
the size of the DFZ down.  But unless you can figure out how to get
the money from the people announcing the routes to the people actually
running the backbone routers, fees are just a way for providers to
extract more money from their customers.

R's,
John

Re: Got a call at 4am - RAID Gurus Please Read

[Rob Seastrom]

The subject is drifting a bit but I'm going with the flow here:

Seth Mos  writes:

> Raid10 is the only valid raid format these days. With the disks as big
> as they get these days it's possible for silent corruption.

How do you detect it?  A man with two watches is never sure what time it is.

Unless you have a filesystem that detects and corrects silent
corruption, you're still hosed, you just don't know it yet.  RAID10
between the disks in and of itself doesn't help.

> And with 4TB+ disks that is a real thing.  Raid 6 is ok, if you accept
> rebuilds that take a week, literally. Although the rebuild rate on our
> 11 disk raid 6 SSD array (2TB) is less then a day.

I did a rebuild on a RAIDZ2 vdev recently (made out of 4tb WD reds).
It took nowhere near a day let alone a week.  Theoretically takes 8-11
hours if the vdev is completely full, proportionately less if it's
not, and I was at about 2/3 in use.

-r

RE: Carrier-grade DDoS Attack mitigation appliance

[James Braunegg]

Dear All



We use a combination of NSFOCUS hardware (ADS, ADS-m and NTA along with A10 
Hardware)



All of which I highly recommend !



Kindest Regards


James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braun...@micron21.com  |  ABN:  
12 109 977 666
W:  www.micron21.com/ddos-protection   
T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain 
privileged or confidential information. If you are not the intended recipient 
of this message you must not use, copy, distribute or disclose it to anyone 
other than the addressee. If you have received this message in error please 
return the message to the sender by replying to it and then delete the message 
from your computer.



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Parrish, Luke
Sent: Wednesday, December 10, 2014 8:08 AM
To: J. Tozo
Cc: nanog
Subject: RE: Carrier-grade DDoS Attack mitigation appliance



Switch to Nemo.







-Original Message-

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of J. Tozo

Sent: Monday, December 08, 2014 3:26 PM

Cc: nanog

Subject: Re: Carrier-grade DDoS Attack mitigation appliance



We also evaluating another appliance to put in place of Arbor, their "support" 
outside USA its a joke.



On Mon, Dec 8, 2014 at 6:17 PM, Ammar Zuberi  wrote:



> Hi,

>

> We're currently running the Arbor Peakflow SP with the TMS and it

> works very well for us.

>

> Best Regards,

>

> Ammar Zuberi

> FastReturn, Inc

>

>

>

>

> Direct Line: +971 50 394 7299

> Email: am...@fastreturn.net

>

> This email and any files transmitted with it are confidential and

> intended solely for the use of the individual or entity to whom they are 
> addressed.

> If you have received it by mistake, please let us know by e-mail reply

> and delete it from your system; you may not copy this message or

> disclose its contents to anyone. Please note that any views or

> opinions presented in this email are solely those of the author and do

> not necessarily represent those of the company. Finally, the recipient

> should check this email and any attachments for the presence of

> viruses. The company accepts no liability for any damage caused by any virus 
> transmitted by this email.

>

> > On Dec 8, 2014, at 10:53 PM, Tony McKay

>  wrote:

> >

> > Does anyone on list currently use Peakflow SP from Arbor with TMS,

> > and

> is it truly a carrier grade DDoS detection and mitigation platform?

> Anyone have any experience with Plixir?

> >

> > Tony McKay

> > Dir. Of Network Operations

> > Office:  870.336.3449

> > Mobile:  870.243.0058

> > -The boundary to your comfort zone fades a little each time you

> > cross

> it.  Raise your limits by pushing them.

> >

> > This electronic mail transmission may contain confidential or

> > privileged

> information. If you believe that you have received this message in

> error, please notify the sender by reply transmission and delete the

> message without copying or disclosing it.

> >

> >

> >

> > -Original Message-

> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mohamed

> > Kamal

> > Sent: Sunday, December 07, 2014 2:10 PM

> > To: nanog

> > Subject: Carrier-grade DDoS Attack mitigation appliance

> >

> >

> > Have anyone tried any DDoS attack mitigation appliance rather than

> > Arbor

> PeakFlow TMS? I need it to be carrier-grade in terms of capacity and

> redundancy, and as far as I know, Arbor is the only product in the

> market which offers a "clean pipe" volume of traffic, so if the DDoS

> attack volume is, for example, 1Tbps, they will grant you for example

> 50Gbps of clean traffic.

> >

> > Anyway, I'm open to other suggestions, and open-source products that

> > can

> do the same purpose, we have network development team that can work on this.

> >

> > Thanks.

> >

> > --

> > Mohamed Kamal

> > Core Network Sr. Engineer

> >

>

>





--

Grato,



Tozo





The information transmitted is intended only for the person or entity to which 
it is addressed and may contain proprietary, confidential and/or legally 
privileged material. Any review, retransmission, dissemination or other use of, 
or taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited. If you received this 
in error, please contact the sender and delete the material from all computers.

Re: ASN Domain for rDNS

[Paul S.]

Just been using the .net version of our company domain for 
router/interface IPs.


Also own the AS.com/net and .as though, primarily to not get 
squatted on.


On 12/10/2014 午前 09:30, Keefe John wrote:
I've been seeing more and more carriers(and even small ISPs) using 
as.net as their domain for rDNS on IP space.  What are the pros 
and cons for doing this versus using your primary business domain name?


Keefe John

Re: ASN Domain for rDNS

[Rubens Kuhl]

And considering browsers use domains to define whether to send cookies or
not along a request, not having access customers on the same domain of your
website is a security benefit.


Rubens


On Wed, Dec 10, 2014 at 3:13 AM, Kate Gerry  wrote:

> Short answer: I just like doing it.
>
> Long answer: It allows me to create as many hosts on a segregated domain
> instead of making my company DNS zone 3000 records long.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Fred
> Sent: Tuesday, December 09, 2014 4:36 PM
> To: nanog@nanog.org
> Subject: Re: ASN Domain for rDNS
>
> I'd say this is mostly for whitelabelling reason rather than a technical
> one?
>
> Keefe John:
> > I've been seeing more and more carriers(and even small ISPs) using
> > as.net as their domain for rDNS on IP space.  What are the pros
> > and cons for doing this versus using your primary business domain name?
> >
> > Keefe John
>

Re: Got a call at 4am - RAID Gurus Please Read

[Stuart Henderson]

On 2014-12-09, symack  wrote:
> Server down. Got to colo at 4:39 and an old IBM X346 node with
> Serveraid-7k has failed. Opened it up to find a swollen cache battery that
> has bent the card in three different axis.

> * Can I change from an active (ie, disks with data) raid 5 to raid 10.

Even if the hw/firmware supports it, raid level migration is risky enough
at the best of times, and totally insane on a known-bad controller.

Re: Got a call at 4am - RAID Gurus Please Read

[Seth Mos]

symack schreef op 9-12-2014 22:03:
> * Can I change from an active (ie, disks with data) raid 5 to raid 10.
> There are 4 drives

Dump and restore. I've used Acronis succesfully in the past and today,
they have a bootable ISO. Also, if you have the option, they have
universal restore so you can restore Windows on another piece of
hardware (you provide the drivers).

> in the unit, and I have two on the shelf that I can plug in.
> * If so, will I have less of performance impact with RAID 10 + write-thru
> then RAID 5 + write through

Raid10 is the only valid raid format these days. With the disks as big
as they get these days it's possible for silent corruption.

And with 4TB+ disks that is a real thing.  Raid 6 is ok, if you accept
rebuilds that take a week, literally. Although the rebuild rate on our
11 disk raid 6 SSD array (2TB) is less then a day.

If it accepts sata drives, consider just using SSDs instead. They're
just 600 euros for a 800GB drive. (Intel S3500)

> Given I can move from RAID 5 to RAID 10 without loosing data. How long to
> anticipate downtime for this process? Is there heavy sector re-arranging
> happening here? And the same for write-thru, is it done quick?

Heavy sectory re-arranging, yes, so just dump and restore, it's faster
and more reliable. Also, you then have a working bare metal restore backup.

Regards,

Seth

Re: Charging fee for BGP prefix per /24?!

[Yucong Sun]

if that is the intent, they should charge per prefix. Not per /24 eqiv.

On Wed, Dec 10, 2014, 00:20 Tore Anderson  wrote:

> * Yucong Sun
>
> > My recent inquiry to some network provider reveals that they are
> > charging fee for per /24 announced. Obvious that would means they get
> > to charge a lot with little to none efforts on their side.
> >
> > In a world we are charging total bytes transferred instead of bps on
> > uplinks, i can't say I'm surprised that much. But does anyone else had
> > same experience? Did you pay? Is this the new status quo now?
>
> Haven't encountered this myself, but putting a price on DFZ routing
> slots seems like a Good Thing to me.
>
> Tore
>

Re: Charging fee for BGP prefix per /24?!

[Yucong Sun]

It is not the same thing though. In my case, they just say we want you to
buy our IP, if you don't and want use you own Arin allocated IP blocks
through bgp, then we got to charge you anyway!

Because why couldn't they?

On Wed, Dec 10, 2014, 00:21 Maximilian Baehring 
wrote:

> Europe: It costs 50 euros yearly fee per PI-Space Resource without the
> anouncment ppayable via a LIR. They cahreg - in my case - additional 25
> Euros for the financial transaction with Ripe. The cheapest possible
> anouncment is via TWO Route-Servers and the minimum required for this is a
> VPS (not openVZ which cannot run the routing daemon) Linux-KVM with Quagga!
> http://www.openpeering.nl/shoppinglist.shtml - http://www.ripe.net/lir-
> services/member-support/info/billing/billing-procedure-and-
> fee-schedule-2014
>
> mit freundlichem Gru&SZlig; / Yours sincerely
>
> Maximilian Baehring
> Hoelderlinstrasse 4
> 60316 Frankfurt a.M.
> Germany
> maximil...@baehring.at
> Fon: +49 (0)69 17320776
> Fon: +49 (0)176 65605075
> Fon: +49 (0)174 3639226
> Fax: +49 (0)69 67831634
>
> -BEGIN PGP PUBLIC KEY BLOCK-
> Version: GnuPG v2
>
> mQGiBFRbtw0RBACmtrehmuVpR0EiXlEcdl9AttnGlK7BvVidu+EEJAg8bpnzxZ3G
> nGF2Z4LDSnEJid4nDs4ey7lAlkQ0bVozcmutyCvQo2JXNwjtVlMFR3ePuHGcgn6i
> 55bFw2aMhth5d//3MoYAXk/PeFH2zZtWwq6WVIYN4YIIPLT/j7nEElndnwCglQHs
> jDVQcAGmqZeJBA+j2SwIIjMD/1yy/tq7qyQ2O12+f4mIVLNY6+lTmg9jQu3y0jiw
> fT7xKQ3e4YSsYUxZM03Uw8XHL9OqDhKROppx1D0ywSaHzdFi14VBU0B1rv5ZUFbF
> IkO06R8dFl8HOoEwaplPtr1e6b17oM0KkLRf15nPi39pmnr8IYtpArQTV83Twmgz
> L65vA/47+UZi618F5UafoXqmRPoSnz7Bcfrk84I8WmSDqXY/VqD35DdYFz0pzCY9
> R2wk7ivxfF/cbPSrq9WUqbDGlcso96FlbqWdtPROuQQqepn3giOxDTY5RqhG0M3d
> IVdja94U08K7ypbI7pPJbl8fb8wSJ0qHdRvnvx5HnHqXd/uA4LQsTWF4aW1pbGlh
> biBCYWVocmluZyA8bWF4aW1pbGlhbkBiYWVocmluZy5hdD6IYwQTEQIAIwUCVFu3
> DQIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEH2oe7epzbrju5cAn3P3
> 0/S+fIMLHYUCDBIpeEl/Cw5uAJ9smUUUHwh2M0SkJAxEmec4mpaDI7kBDQRUW7cN
> EAQAkHhbnFMtkJeMbyb9HnlwGRQ8/W2NV4mfHTce/c2ggtionOYcPi1BXBN2Nq/w
> knfQDAbnwrSk21xZ//BN8CE570cEGgLAN3ILyvmjXwBtLfKDpe/RYVskjxFgMtQ1
> lz7BiU9MfrVDWKNP1PJPSAAjcWPPgIJVzFjbIrOC1DKeR9sAAwUD/RsSBkJVmfA3
> NnK/vRnZMQ9sgUiXVYblJHXxnCvGVSz6rWRdR3jrQrALYeCkqbGEZAoX7PhLUwG5
> +c+nwhbKgnSI5VkwTxTf5To/sKfGY/ZU7uVKdNT3OG6fon5kSv+1neXD2ekFoD5G
> NV2DqzaXq4kjIi3gfgU0PpeMpHyNsyA7iEkEGBECAAkFAlRbtw0CGwwACgkQfah7
> t6nNuuMXqQCZAfBvDdJ/9S8qK6u/yVo6t9cxtpkAn3XJsfNKK4YwRgL68p6eK8uA
> +VIJ
> =kOqh
> -END PGP PUBLIC KEY BLOCK-
>
>
>
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+maximilian=baehring...@nanog.org] On
> Behalf Of Yucong Sun
> Sent: Mittwoch, 10. Dezember 2014 07:27
> To: NANOG
> Subject: Charging fee for BGP prefix per /24?!
>
> Hi,
>
> My recent inquiry to some network provider reveals that they are charging
> fee for per /24 announced. Obvious that would means they get to charge a
> lot with little to none efforts on their side.
>
> In a world we are charging total bytes transferred instead of bps on
> uplinks, i can't say I'm surprised that much. But does anyone else had same
> experience? Did you pay? Is this the new status quo now?
>
> Thanks.
>
>

Re: Charging fee for BGP prefix per /24?!

[Tore Anderson]

* Yucong Sun

> My recent inquiry to some network provider reveals that they are
> charging fee for per /24 announced. Obvious that would means they get
> to charge a lot with little to none efforts on their side.
> 
> In a world we are charging total bytes transferred instead of bps on
> uplinks, i can't say I'm surprised that much. But does anyone else had
> same experience? Did you pay? Is this the new status quo now?

Haven't encountered this myself, but putting a price on DFZ routing
slots seems like a Good Thing to me.

Tore