Re: Bandwidth Savings

2017-01-11 Thread Fletcher Kittredge
The problem with the local cache[s] is the bandwidth cost of populating the cache and keeping it coherent can be greater than the bandwidth saved. From your description, I would expect this to be the case so a local cache will not help. Rule of thumb is if your downstream traffic is not at least 3g

Re: Bandwidth Savings

2017-01-11 Thread Geoffrey Keating
Keenan Singh writes: > Hi Guys > > We are an ISP in the Caribbean, and are faced with extremely high Bandwidth > costs, compared to the US, we currently use Peer App for Caching however > with most services now moving to HTTPS the cache is proving to be less and > less effective. We are currentl

Re: Advice re network compromise and "law enforcement" (PCI certification)

2017-01-11 Thread Jippen
I am not a lawyer, and this is not legal advice, but... General rule is to always notify the credit card companies, and to notify legal. One/both/neither may advice law enforcement activity. In either case, your PCI-required Incident response plan is required to do certain isolation steps explicit

Re: Bandwidth Savings

2017-01-11 Thread Marty Strong via NANOG
Seemingly also a GGC is there: https://ix.tt/cache-services-now-live-at-ttix/ maybe if the cost is low it might be worth it, assuming the incumbent doesn’t make it prohibitive. Regards, Marty Strong -- Cloudflare - AS13335 Network Engineer ma...@cloudflare.com

Re: Bandwidth Savings

2017-01-11 Thread Marty Strong via NANOG
I believe the ISP is located in Trinidad & Tobago. There are five international submarine cables that land on the island: - SG-SCS - Americas-II - ECFS - Southern Caribbean Fiber - ECLink Of those, 1 go to the closest real interconnectivity hub of Miami, with the others requiring another pair on

Re: Bandwidth Savings

2017-01-11 Thread Eric Kuhnke
The challenges are almost certainly economics related, at the lack of competition and high costs for layer 1/2 transport from his Caribbean island to Miami. Via whatever submarine cables exist that are controlled by larger ILEC type entities/telcos. Or satellite (whether geostationary transponder c

Re: Bandwidth Savings

2017-01-11 Thread Richard Hicks
​​ I don't know the the Caribbean Internet Exchanges market. Are any worth peering at versus buying additional L2 bandwidth to Miami? https://cw.ams-ix.net/ http://www.ocix.net/ocix/ Rick​ On Tue, Jan 10, 2017 at 8:08 PM, Keenan Singh wrote: > Hi Guys > > We are an ISP in the Caribbean, and a

RE: Bandwidth Savings

2017-01-11 Thread Luke Guillory
Netflix won’t even begin talks for their cache if you're not doing a minimum of 5Gbps. They also require massive uploads to the cache often, these are things are 200TB now if I recall and they send everything unlike the transparent who only grab what's already being consumed. Luke Guillory

RE: Soliciting your opinions on Internet routing: A survey on BGP convergence

2017-01-11 Thread Jakob Heitz (jheitz)
When you simply bring down an ebgp session, withdraws will propagate throughout the network. Soon after, the alternate routes will propagate. In the interim, some routers will lose connectivity. This problem is solved by graceful shutdown. This only works for planned shutdown This interim time ca

Re: Bandwidth Savings

2017-01-11 Thread Valdis . Kletnieks
On Tue, 10 Jan 2017 23:08:45 -0500, Keenan Singh said: > do have a Layer 2 Circuit between the Island and Miami, I am seeing there > are WAN Accelerators where they would put a Server on either end and sort > of Compress and decompress the Traffic before it goes over the Layer 2, I > have never us

RE: Bandwidth Savings

2017-01-11 Thread Luke Guillory
I reached out to my vendor and got back the following. Also what services have you seen move to HTTPS that you're not able to cache? Hi Luke, Regarding HTTPS Streaming and Netflix... Netflix announced in the spring of 2015 that it would move to HTTPS delivery by April of 2016. At the time of

Re: Bandwidth Savings

2017-01-11 Thread Marty Strong via NANOG
The first step would be profiling your traffic sources. I would imagine you probably have a bunch of YouTube, Netflix et al. content, that those content providers will send you a cache box for, subject to minimum traffic requirements. Regards, Marty Strong --

Bandwidth Savings

2017-01-11 Thread Keenan Singh
Hi Guys We are an ISP in the Caribbean, and are faced with extremely high Bandwidth costs, compared to the US, we currently use Peer App for Caching however with most services now moving to HTTPS the cache is proving to be less and less effective. We are currently looking at any way we can save on

Re: OmanTel hijacking of IP space

2017-01-11 Thread Christopher Morrow
On Wed, Jan 11, 2017 at 10:50 AM, Jared Mauch wrote: > 206.125.164.0 thanks to everyone who's (not) filtering. You're making the internet a little (less) better each time this happens.. What year is it?

OmanTel hijacking of IP space

2017-01-11 Thread Jared Mauch
There is an ongoing pattern of OmanTel hijacking IP space and advertising it to many of their peers (but not transits). here’s the most recent announcement. This could be mitigated in a few days, such as filtering your peers on a prefix basis, or at minimum rejecting the private ASN space, eg:

Re: Advice re network compromise and "law enforcement" (PCI certification)

2017-01-11 Thread Keith Stokes
What advice does your QSA have regarding writing the policy? There are generic templates available to write your company security policy. That policy doesn’t necessarily constitute legal definitions or requirements for any sort of breach, which may vary by locale and provider. I’m assuming EDUs

Re: Advice re network compromise and "law enforcement" (PCI certification)

2017-01-11 Thread Matt Freitag
Adding to what Rich said, it's very easy for advice on this to cross into advice on legal matters. It's also usually very illegal for non-attorneys or non-licensed attorneys to offer advice on legal matters. I recommend finding a lawyer with expertise in this area and who has specific knowledge o

Re: Advice re network compromise and "law enforcement" (PCI certification)

2017-01-11 Thread Rich Kulawiec
On Wed, Jan 11, 2017 at 09:37:19AM -0500, David H wrote: > Anyone have pointers/advice on what you came up with for a reasonable > definition of events that warrant involving law enforcement, and then what > agency/agencies would be contacted? This question is best answered by an attorney with e

Advice re network compromise and "law enforcement" (PCI certification)

2017-01-11 Thread David H
Hi all, I figure there's probably some folks on the list that have hands in environments that touch credit cards. Unlike HIPAA compliance, or even social security numbers, PCI is very ambiguous about what must occur if a network/systems breach occurs that exposes credit card data. PCI, and its au

Re: Fiber Costs [Was: Re: SoCal FIOS outage(?) / static IP readdressing]

2017-01-11 Thread Leo Bicknell
In a message written on Tue, Jan 10, 2017 at 10:21:53AM -0500, Fletcher Kittredge wrote: > Numbers for building fiber optic systems are out there if you do the > research. Joining the FTTH Council is a good start. One thing to recognise > is that the numbers vary widely based on what is being buil