Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps

[Keith Stokes]

Cox also has a 1.2 TB cap.

If I can believe my graphs, the metered Cox connection (video streaming 
primarily for wife) is about 90 GB the month of April and the unmetered ATT 
fiber WFH for me is about 370 GB. Total LAN is about 450 GB. Napkin math but 
it's pretty close.


From: NANOG  on behalf of Steve 
Meuse 
Sent: Friday, June 16, 2023 3:59 PM
To: cjc+na...@pumpky.net 
Cc: nanog@nanog.org 
Subject: Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps


I always looked at Comcast's caps as pre-emptive fodder for future FCC 
bargaining. The next time they want to do something with the FCC's approval and 
the commission wanted a concession, they would offer it up for the block.

-Steve



On Fri, Jun 16, 2023 at 1:41 AM Crist Clark 
mailto:cjc%2bna...@pumpky.net>> wrote:
Comcast still has data caps. My service is 1.2 TB per month. If we get close, 
we get a warning email. If we were to go over (hasn’t happened yet), we get 
billed per additional 500 MB.

However, I just looked at my account usage for the first time for a few months, 
and somehow have had zero usage since March of this year.


On Thu, Jun 15, 2023 at 5:48 PM Michael Thomas 
mailto:m...@mtcc.com>> wrote:

On 6/15/23 3:19 PM, Sean Donelan wrote:
>
> While a lot of ISPs gave up on data caps, the language is still
> lurking in many Terms Of Service.
>
>
>
> https://www.fcc.gov/document/chair-rosenworcel-proposes-investigate-impact-data-caps
>
>
> proposed Notice of Inquiry to learn more about how broadband providers
> use data caps on consumer plans. Data caps, or usage limits, are a
> common practice where an internet service provider (ISP) restricts how
> much bandwidth or data a consumer uses, though many broadband ISPs
> temporarily or permanently refrained from enforcing or imposing data
> caps in response to the COVID-19 pandemic. In particular, the agency
> would like to better understand the current state of data caps, their
> impact on consumers, and whether the Commission should consider taking
> action to ensure that data caps do not cause harm to competition or
> consumers’ ability to access
> broadband Internet services.

So why did they back off? Cost too much in support calls with pissed
people? Bad publicity? People can't meaningfully use the offered
bandwidth these days? Something else?

Mike

Re: Spectrum (legacy TWC) Infrastructure - Contact Off List (Patrick Garner)

[Keith Stokes]

I think the bright orange is so you don't run over it with your lawn mower, 
especially since it's going to be there for 3 years.

You'd think in the 3 years in the US South it would be grown over and buried 
itself. 


From: NANOG  on behalf of Patrick 
Garner 
Sent: Friday, February 3, 2023 10:16 AM
To: nanog@nanog.org 
Subject: Re: Spectrum (legacy TWC) Infrastructure - Contact Off List (Patrick 
Garner)

We have the same issue here in suburban Atlanta but with Comcast. The Comcast 
ped in my front yard has no cover... it's exposed to the elements. There's a 
bright orange cable running from there to my neighbor's house, it's been there 
for at least 3 years. At the least, it doesn't touch my property. There's other 
spots in my neighborhood where Comcast's bright orange coax just runs on the 
ground, along the road, in the gutter. Not saying AT is the greatest but at 
the very least their peds(they are so old they still say Bellsouth) have covers 
and they come within 3 days of install to bury DSL lines. I don't understand 
why Comcast has to choose the absolute ugliest bright orange cables to leave 
everywhere. If you're going to leave it, at least use a black cable.

Yay duopoly!
--
Patrick Garner
Owner
Cherokee Communications LLC
404-406-9864
patrick@cherokee.network

Re: Rogers Outage Canada

[Keith Stokes]

As a Rogers data center customer I received this on Saturday:


You have received this bulletin because you are an official contact for your 
Rogers Data Centres Server Colocation service

The nationwide network outage has now been resolved.

Rogers Data Centres is reporting all network and dependent services as 
operating normally. If you are experiencing any ongoing issues please reach out 
to the Data Centres help desk

An official Incident Report will be shared in 5 to 7 Business days.

We thank you for your patience during the restoration.


--

Keith Stokes
SalonBiz, Inc



On Jul 11, 2022, at 10:16 AM, Victor Kuarsingh 
mailto:vic...@jvknet.com>> wrote:

This is the most they can and will say.  For liabilities reasons, specifics are 
likely not in the cards.  As most services ride over common service networks, 
its quite possible that a network substrate failure can have a number of 
upstream service impacts.  The point here is that the CEO is directly 
addressing the customer base, which is needed here.

regards,

Victor K

On Mon, Jul 11, 2022 at 10:11 AM Shane Ronan 
mailto:sh...@ronan-online.com>> wrote:
What in depth analysis have you seen? Seems to me, this was a failure in a 
known maintenance activity, and they simply disconnected the devices under 
maintenance from the network.

Shane

On Mon, Jul 11, 2022 at 5:41 AM Jon Sands 
mailto:fohdee...@gmail.com>> wrote:
Given the outage was so bad it was disrupting select E911 services nationwide 
for something like 24+ hours, it's great to see such an in depth analysis and 
plan of action to prevent such things in the future. bravo rogers

On 7/10/2022 2:55 PM, L F wrote:
fyi - see BOLD.

A Message from Rogers President and CEO



Dear Valued Customer,

As you know, we experienced a service outage across the Rogers, Fido, Chatr and 
Cityfone wireless networks on Friday.

I am reaching out to share that our services have been restored, and our 
networks and systems are close to fully operational. Our technical teams are 
continuing to monitor for any remaining intermittent issues. I also want to 
outline an action plan we are putting in place to address what happened.

I want to share what we know about what happened on Friday. We now believe 
we’ve narrowed the cause to a network system failure following a maintenance 
update in our core network, which caused some of our routers to malfunction. We 
disconnected the specific equipment and redirected traffic, which allowed our 
network and services to come back online over time as we managed traffic 
volumes returning to normal levels.



On Sat, Jul 9, 2022 at 9:09 PM L F 
mailto:liz.faze...@gmail.com>> wrote:

Lest we ALL MOVE ON….


Yes he said

“RETARD” =

The delay in processing the current status of a Situation…


Lets move on to bigger n scarier Post mortems:


Was This or Was this NOT

A CYBERATTACK ???

Done.

Lets deal with REAL threats not PC references.

Time to evaluate n re eval Our NTS!!

Veni vidi vici 2022




On Sat, Jul 9, 2022 at 5:01 PM Eric Kuhnke 
mailto:eric.kuh...@gmail.com>> wrote:
Can we have a discussion with the list admins about a list member appending a 
threat of violence to their outbound emails?  Whether serious or not.

Does this person need directions to some local mental healthcare resources?


On Sat, 9 Jul 2022 at 08:48, Keith Medcalf 
mailto:kmedc...@dessus.com>> wrote:

>I can't either, but the reality right now seems to be that 911 calls are
>failing for anyone on a Rogers cellphone.

This is par for the course.  These people chose to deal with Rogers despite 
knowing the consequences.  It is like if you bought a Rogers Snowblower and it 
did not work.  That would mean that people who bought the Rogers Snowblower 
will not be using it to get rid of the snow that is preventing them from 
leaving their house.

Mutatis mutandis when Rogers is down things that are Rogers dependent will not 
work.

Some people are so retarded it is astonishing!

--
(CAUTION) You are advised that if you attack my person or property, you will be 
put down in accordance with the provisions of section 34 & 35 of the Criminal 
Code respectively.  If you are brandishing (or in possession) of a weapon then 
lethal force will be applied to your person in accordance with the law.  This 
means that your misadventures may end in your death.  Consider yourself 
cautioned and govern your actions appropriately.

>-Original Message-
>From: NANOG 
>mailto:dessus@nanog.org>> On 
>Behalf Of
>Eric Kuhnke
>Sent: Friday, 8 July, 2022 13:34
>To: jim deleskie mailto:deles...@gmail.com>>
>Cc: NANOG list mailto:nanog@nanog.org>>
>Subject: Re: Rogers Outage Canada
>
>
>I have seen anecdotal reports that the mobile network is in a half broken
>state that phones remain registered to, so a 911 call will attempt and
>then fail.
>
>
>This is unlike what would happen if you had a US/

Re: "Permanent" DST

[Keith Stokes]

There are plenty of arguments that the existing school hours aren’t best for 
educating children so the better answer might be to make school hours match 
later daylight hours.



> On Mar 15, 2022, at 5:23 PM, Matthew Huff  wrote:
> 
> They don't want their names on it when what happened in the 70s happens 
> again. The effect of setting everything to DST and staying there is that in 
> the winter, especially in the norther latitude it will be pitch dark during 
> most of the morning when children get picked up at school bus stops. When the 
> tragedy happens again, and it will, they will end up undoing this again...
> 
> History repeats itself, first as a tragedy, then as a farce...
> 
> Matthew Huff | Director of Technical Operations | OTA Management LLC
> 
> Office: 914-460-4039
> mh...@ox.com | www.ox.com
> ...
> 
> -Original Message-
> From: NANOG  On Behalf Of Jay R. 
> Ashworth
> Sent: Tuesday, March 15, 2022 5:30 PM
> To: Tom Beecher 
> Cc: nanog@nanog.org list 
> Subject: Re: "Permanent" DST
> 
> Oh.  This was "Unanimous Consent"?  AKA "I want to vote for this, but *I do 
> not want to be held responsible for having voted for it when it blows up*?"
> 
> I'd missed that; thanks.
> 
> - Original Message -
>> From: "Tom Beecher" 
>> To: "Eric Kuhnke" 
>> Cc: "nanog@nanog.org list" 
>> Sent: Tuesday, March 15, 2022 5:04:02 PM
>> Subject: Re: "Permanent" DST
> 
>> I would say if something passes the United States Senate in our 
>> current political environment by unanimous consent (which this did) , 
>> I kinda feel like there won't be a ton of issues with everybody 
>> figuring out how to line themselves up appropriately.
>> 
>>> On Tue, Mar 15, 2022 at 5:01 PM Eric Kuhnke  wrote:
>>> 
>>> That is true but at present everything business related in BC has a 
>>> clear expectation of being in the same time zone as WA/OR/CA, and AB 
>>> matches US Mountain time.
>>> 
>>> On Tue, 15 Mar 2022 at 13:35, Paul Ebersman 
>>> wrote:
>>> 
 eric> If Canada doesn't do the same thing at the same time, it'll be 
 eric> a real hassle, dealing with a change from -8 to -7 crossing 
 eric> the border between BC and WA, for instance. It has to be done 
 eric> consistently throughout North America.
 
 You must not have ever dealt with Indiana, where it was DST or not 
 by choice per county. It wasn't quite the cluster***k you'd think.
 
> 
> -- 
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: VPN recommendations?

[Keith Stokes]

Pfsense on Netgate appliances?

I’ve used several of them, while not for this exact purpose they have done the 
roles but maybe not the amount of VPN traffic.


--

Keith Stokes
SalonBiz, Inc



On Feb 10, 2022, at 12:02 PM, William Herrin 
mailto:b...@herrin.us>> wrote:

Hi folks,

Do you have any recommendations for VPN appliances? Specifically: I need to 
build a site to site VPNs at speeds between 100mpbs and 1 gbit where all but 
one of the sites are behind an IPv4 NAT gateway with dynamic public IP 
addresses.

Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my 
customer insists on a network appliance. Site to site VPNs using IPSec and 
static IP addresses on the plaintext side are a dime a dozen but traversing NAT 
and dynamic IP addresses (and automatically re-establishing when the service 
goes out and comes back up with different addresses) is a hard requirement.

Thanks in advance,
Bill Herrin

--
William Herrin
b...@herrin.us<mailto:b...@herrin.us>
<https://bill.herrin.us/>
https://bill.herrin.us/

Re: What do you think about the "cloudification" of mobile?

[Keith Stokes]

In Andreessen Horowitz's words:

“you’re crazy if you don’t start in the cloud; you’re crazy if you stay 
on it"


On 1/27/22 15:54, Michael Thomas wrote:


On 1/26/22 11:11 PM, Mark Tinka wrote:



On 1/26/22 17:10, Tom Beecher wrote:



Those folks also tend to learn hard lessons about what happens when 
the Magic Cloud provider fails in a way that isn't possible to 
anticipate because it's all black box.


Saving 12 months of opex $ sounds great, except when you lose 18 
months of opex $ in 2 days completely outside of your ability to 
control.


I don't disagree.

What this does, though, is democratize access into the industry. For 
a simple business model that is serving a small community with a 
handful of eyeballs, not trying to grow forever but put food on the 
table, it's somewhere to start.


Didn't Netflix for the longest time run on AWS? I imagine if I were 
talking to a VC these days and said the first thing I was going to do 
is rack up a bunch of servers, I'd get laughed at. Cloud makes sense 
until it doesn't make sense. Just like everything else.


Mike

Re: What do you think about the "cloudification" of mobile?

[Keith Stokes]

Cox has been doing this for awhile.

On 1/25/22 13:44, Matthew Petach wrote:



On Tue, Jan 25, 2022 at 10:11 AM Michael Thomas  wrote:


[...]

Since everybody has their own wifi it seems that federating all of
them
for pretty good coverage by a provider and charging a nominal fee to
manage it would suit a lot of people needs. It doesn't need expensive
spectrum and the real estate is "free". Basically a federation of
"guestnets".

Mike


Which is pretty much what Xfinity is already offering
to their subscribers; use your xfinity login to get onto
the wifi access points of other xfinity users all around
the country, relatively seamlessly.

I'm sure other networks that provide their own CPE are
likely to follow suit as well.

Matt

Re: What do you think about this airline vs 5G brouhaha?

[Keith Stokes]

Being a former satellite downlink/uplink operator I loosely kept up with this 
and had some involvement.

The satellite vendors moved frequencies on some of their customers to make way. 
I forget the full economics and seem to remember one could get reimbursed from 
the FCC for the change.

However there wasn’t as much of an “agreed-upon signoff” as there was “move, go 
off the air or accept interference”. The FCC and telco deal was done no matter 
what.


--

Keith Stokes



On Jan 19, 2022, at 10:22 AM, Tom Beecher 
mailto:beec...@beecher.cc>> wrote:

It's also relevant that the spectrum surrounding the 4.2-4.4 range has not been 
an empty desert. It has been used for satellite downlink since the 60s I think?

Yes, there are surely tons of differences in RF characteristics between the 
two. But let's be honest. Analysis would have been done decades ago on the 
impact of spurious emissions from sat downlinks on RAs, so there should be at 
least a baseline to work from.

Either way this should not be a discussion now. This clearly was discussed 
early in FCC filings, questions were asked, data was presented, and all these 
parties signed off.

On Wed, Jan 19, 2022 at 11:13 AM Tom Beecher 
mailto:beec...@beecher.cc>> wrote:
Altimeter Band : 4.2Ghz - 4.4Ghz

VZ and AT agreed (long ago) to reduce power and stay inside 3.7Ghz - 3.98Ghz 
once the full deployment was done, staying 200MHz away from altimeters.

In Japan, they have been running 5G for over a year now up to 4,1Ghz, and 
restarting again at 4.5Ghz. Only 100MHz of guard on either side of the 
altimeter band. I think EU is close-ish, but not totally sure.

I can't find a single report or study that has shown radio altimeter issuers in 
Japan since 5G was turned on there.

Aside from a single study which a LOT of smart people have called out flaws in, 
there isn't much out there that proves there WILL be interference with 
altimeters, just a lot of FUD that says it MIGHT. I dunno what the angle is, 
but this has turned into a shitshow.


On Tue, Jan 18, 2022 at 3:32 PM Michael Thomas 
mailto:m...@mtcc.com>> wrote:

I really don't know anything about it. It seems really late to be having
this fight now, right?

Mike

Re: home router battery backup

[Keith Stokes]

Many times those coincide. ;-)


On 1/12/22 3:34 PM, Mike Hammett wrote:
"Top Gear Top Tip: I also have a UPS on my garage door opener. That 
saves the
misses from dealing with manually opening/closing the garage door if 
I'm not

at home."


Keeping one's spouse happy is FAR more important than keeping a router 
or modem online.  ;-)




-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From: *"Sabri Berisha" 
*To: *"nanog" 
*Sent: *Wednesday, January 12, 2022 3:01:27 PM
*Subject: *Re: home router battery backup

- On Jan 12, 2022, at 10:15 AM, Andy Ringsmuth a...@andyring.com 
wrote:


Hi,

>> On Jan 12, 2022, at 11:35 AM, Scott T Anderson via NANOG 


>> wrote:
>> services, I was wondering if anyone had any insights on the 
prevalence of
>> battery backup for home modem/routers? I.e., what percentage of 
home users
>> actually install a battery backup in their home modem/router or use 
an external

>> UPS?

> Given that most people barely even know what their home router is, I 
suspect the

> percentage would be somewhere south of 1 percent. Outside of my home, I
> honestly cannot recall EVER seeing someone’s home using a battery 
backup for

> their internet infrastructure.

Same here. A small UPS that will keep my modem, router, and POE for 
APs alive for
the time I need to run outside and hook up my generator when PG 
decides to cut
the power again. A bigger UPS for the small 19" rack that hosts some 
stuff.


Top Gear Top Tip: I also have a UPS on my garage door opener. That 
saves the
misses from dealing with manually opening/closing the garage door if 
I'm not

at home.

Thanks,

Sabri


--
Keith Stokes
SalonBiz, Inc

Re: Never push the Big Red Button

[Keith Stokes]

The bigger thing to notice is the *lack* of noise as every server, switch and 
storage system spins down.

---

Keith Stokes



On Sep 15, 2021, at 3:50 PM, Stephen Satchell 
mailto:l...@satchell.net>> wrote:

In the data centers I've worked in over the decades, those Big Red Buttons 
would activate a normally-closed contactor in a breaker panel. When pushed, the 
contactor would open, and turn off all the circults in said breaker panel.  Not 
affected are lights, convenience outlets, door locks, and other non-data loads. 
 Resetting the contactor to the working position was done after throwing all 
the breakers to the off position, and then turn on each breaker, one at a time.

The only noise that I have ever heard when the Big Red Button was pushed was 
the loud BANG as the contactor operated.  You hear a similar bang in movies in 
scenes where lights in a large area are turned on and off.

Nothing like the BANG of a 600-amp 3-phase breaker tripping -- experienced that 
at University of Illinois Center for Advanced Computation.  You immediately 
look for the person holding a gun.

Re: Support for End User Services

[Keith Stokes]

I’ve always used wording such as “I’m contacting you on behalf of so-and-so.” 
If they ask further I usually tell them I’m a consultant.



On Feb 20, 2021, at 11:29 AM, Mike Hammett 
mailto:na...@ics-il.net>> wrote:

Leave aside any conversation about whether the business has the ability (or 
approval) to pay for it or not.


Is it appropriate for organizations that provide services to end-users to 
require that you are a paying customer to contact their support?

Is it appropriate to pretend to be your complaining customer to get support on 
network-level issues (IP Geolocation, false VPN notices, buffering, despite a 
clean path to their CDN, etc.)?



-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

Re: Infomart Dallas is on generator

[Keith Stokes]

Equinix DA-2 reported loads transferred 3-4 a.m.




From: NANOG  on behalf of Robert 
DeVita 
Sent: Monday, February 15, 2021 4:51 PM
To: Eric Kuhnke ; nanog@nanog.org list 
Subject: Re: Infomart Dallas is on generator

Hopefully the other 400mw in Dallas follow their lead.

Robert DeVita
Founder & CEO
Mejeticks
c. 469-441-8864
e. radev...@mejeticks.com

From: NANOG  on behalf of Eric 
Kuhnke 
Sent: Monday, February 15, 2021 4:10:32 PM
To: nanog@nanog.org list 
Subject: Infomart Dallas is on generator

I have now heard from two reliable sources that Infomart Dallas is presently on 
generator, and is likely to remain so until the cold weather/electrical supply 
emergency in Texas has abated. No network impact seen yet.

Re: Pinging a Device Every Second

[Keith Stokes]

I have a Nagios installation running on a PIII with maybe 512 MB of RAM.

I ping a couple hundred devices 5 times per minute and have an alarm threshold 
of no response for 3 minutes which sends an e-mail.

The same device also checks about 900 services among those 200 devices mostly 
every minute with some every 15 - 60 minutes.

This machine happens to be on a backup measured circuit with one other small 
service.

ISP measures my 90% bandwidth rate at < 20K for years. That includes the 
monitoring, the other low usage service, multiple machines hitting the web 
interface to check status and the outbound e-mails.

--

Keith Stokes
SalonBiz, Inc


On Dec 15, 2018, at 12:33 PM, Colton Conor 
mailto:colton.co...@gmail.com>> wrote:

CAUTION EXTERNAL EMAIL
The problem I am trying to solve is to accurately be able to tell a customer if 
their home internet connection was up or down.  Example, customer calls in and 
says my internet was down for 2 minutes yesterday. We need to be able to verify 
that their internet connection was indeed down. Right now we have no easy way 
to do this.  Getting metrics like packet loss and jitter would be great too, 
though I realize ICMP data path does not always equal customer experience as 
many network device prioritize ICMP traffic. However ICMP pings over the 
internet do usually accurately tell if a customers modem is indeed online or 
not.

Most devices out in the field like ONT's and DSL modems do not support SNMP but 
rather use TR-069 for management. Most of these devices only check into the 
TR-069 ACS server once a day.
If the consumer device does support SNMP, they usually have weak broadcom or 
qualcom SoC processors, outdated linux kernel embedded operating systems, 
limited ram, and storage. Most of these can't handle SNMP walks every minute 
let alone every 5. We are talking about sub $100 routers here not Juniper, 
Cisco, Arista, etc.

Most all of these consumer devices are connected to an carrier aggregation 
device like a DSLAM, OLT, ethernet switch, or wireless access point. These 
access devices do support SNMP, but most manufactures recommend only 5 minute 
SNMP poling, so a 2 minute outage would not easily be detected. Plus its hard 
to correlate that consumer X is on port Y on access switch, and get that right 
for a tier 1 CSR.

The only two ways I think I can accomplish this is:
1. ICMP pings to a device every so many seconds. Almost every device supports 
responding to WAN ICMP pings.
or
2. IPFIX sampling at core router, and then drilling down by customer IP. I 
think this will tell me if any data was flowing to this customers IP on a 
second by second basis, but won't necessarily give us an up or down indicator. 
Requires nothing from the consumer's router.





On Sat, Dec 15, 2018 at 10:51 AM Stephen Satchell 
mailto:l...@satchell.net>> wrote:
On 12/15/18 7:48 AM, Colton Conor wrote:
> How much compute and network resources does it take for a NMS to:
>
> 1. ICMP ping a device every second
> 2. Record these results.
> 3. Report an alarm after so many seconds of missed pings.
>
> We are looking for a system to in near real-time monitor if an end
> customers router is up or down. SNMP I assume would be too resource
> intensive, so ICMP pings seem like the only logical solution.
>
> The question is once a second pings too polling on an NMS and a consumer
> grade router? Does it take much network bandwidth and CPU resources from
> both the NMS and CPE side?
>
> Lets say this is for a 1,000 customer ISP.

What problem are you trying to solve, exactly?  That more than anything
will dictate what you do.

Short answer: about 1500 bits of bandwidth, and the CPU loading on the
remote device is almost invisible.  Remember the only real difference
between ping and SNMP monitoring (UDP) is the organization of the bits
in the packet and the protocol number in the IP header.  It's still one
packet pair exchanged, unless you get really ambitious with your SNMP
OID list.

When I was in a medium-sized hosting company, I developed an SNMP-based
monitoring system that would query a number of load parameters (CPU,
disk, network, overall) on a once a minute schedule, and would keep
history for hours on the monitoring server.  The boss fretted about the
load such monitoring would impose.  He never saw any.

For pure link monitoring, which is what I'm hearing you want to do, in
my experience I found that a six-second ping cycle gives lots of early
warning for link failures.  Again, it depends on the specifications and
detection targets.

Some things to consider:

1.  Router restarts take a while.  Consumer-grade routers can take a
minute or more to complete a restart to the point where it will respond
to ping.  Carrier-grade routers are more variable but in general have so
many options built into them that it takes longer to complete a restart
cycle.  Since you are talking consumer-grade gear, you probably

Re: Proving Gig Speed

[Keith Stokes]

Typical electrical breakers are not instantaneous devices and likely will not 
trip at .5% over rated load until they've been run near limit for extended 
periods of time.


-

Keith Stokes

> On Jul 22, 2018, at 5:52 AM, Radu-Adrian Feurdean 
>  wrote:
> 
>> On Tue, Jul 17, 2018, at 18:12, Andy Ringsmuth wrote:
>> 
>> I suppose in reality it’s no different than any other utility. My home 
>> has 200 amp electrical service. Will I ever use 200 amps at one time? 
> 
> No, because at 201 Amps instantaneous the breaker will cut everything.
> 
>> Highly highly unlikely. But if my electrical utility wanted to advertise 
>> “200 amp service in all homes we supply!” they sure could. Would an 
>> electrician be able to test it? I’m sure there is a way somehow.
> 
> Will they deal with customers calling to complain that their (unknown to the 
> utility) "megatron equipment" says it cannot draw 199 Amps from a single 
> outlet ? I don't think so. They just ensure the global breaker will not 
> trigger when oven+microwave+home-wide air-con+water heating+BT rig in the 
> basement all draw all they can (i.e. up to ~25 Amps each) for something like 
> 5 min.
> 
>> saturate my home fiber 300 mbit synchronous connection? Every now and 
>> then yes, but rarely. Although if I’m paying for 300 and not getting it, 
>> my ISP will be hearing from me.
> 
> Will you waste your time if some random site says "you have 200 Mbps" ? On 
> residential, we only accept complaints for tests in pre-determined (wired, no 
> intermediate device, select set of test servers and tools, customer hardware 
> check) conditions and only for results lower than 60-70% of "advertised 
> speed". If wireless is invoved, test is being dismissed as "dear customer, 
> please fix your network, regards".
> 
> For pro/enterprise service, we use higher bandwidth threshold, but we do 
> expect the other side to be competent enough for something like an iperf3 
> test.
> 
> However, I have to mention that for the moment we can afford to run a 
> congestion-free network (strictly less than 80% charge - usually less than 
> 50% - measured with 1-minute sampling).
> 
>> If my electrical utility told me “hey, you can upgrade to 500 amp 
> 
> Are the 200 Amps written somewhere in the contract or is it what reads on the 
> usually installed breaker ? Around here, the maximal power is determined in 
> the contract (and enforced by the "connected" electrical meter/breaker that 
> has a generous functioning margin.

Re: Proving Gig Speed

[Keith Stokes]

At least in the US, Jane also doesn’t really have a choice of her electricity 
provider, so she’s not getting bombarded with advertising from vendors selling 
“Faster WiFi” than the next guy. I don’t get to choose my method of power 
generation and therefore cost per kWh. I’d love to buy $.04 from the Pacific NW 
when I’m in the Southern US.

I’m not a betting guy, but my money says when self power generation hits some 
point and multiple vendors are trying to get people to buy their system, we’ll 
get “More amps per X hours of sunlight with our system” and she will care.

On Jul 18, 2018, at 7:01 AM, Mark Tinka 
mailto:mark.ti...@seacom.mu>> wrote:



On 17/Jul/18 18:12, Andy Ringsmuth wrote:

I suppose in reality it’s no different than any other utility. My home has 200 
amp electrical service. Will I ever use 200 amps at one time? Highly highly 
unlikely. But if my electrical utility wanted to advertise “200 amp service in 
all homes we supply!” they sure could. Would an electrician be able to test it? 
I’m sure there is a way somehow.

If me and everyone on my street tried to use 200 amps all at the same time, 
could the infrastructure handle it? Doubtful. But do I on occasion saturate my 
home fiber 300 mbit synchronous connection? Every now and then yes, but rarely. 
Although if I’m paying for 300 and not getting it, my ISP will be hearing from 
me.

If my electrical utility told me “hey, you can upgrade to 500 amp service for 
no additional charge” would I do it? Sure, what the heck. If my water utility 
said “guess what? You can upgrade to a 2-inch water line at no additional 
charge!” would I do it? Probably yeah, why not?

Would I ever use all that capacity on $random_utility at one time? Of course 
not. But nice to know it’s there if I ever need it.

The difference, of course, between electricity and the Internet is that
there is a lot more information and tools freely available online that
Average Jane can arm herself with to run amok with figuring out whether
she is getting 300Mbps of her 300Mbps from her ISP.

Average Jane could care less about measuring whether she's getting 200
amps of her 200 amps from the power company; likely because there is a
lot more structure with how power is produced and delivered, or more to
the point, a lot less freely available tools and information with which
she can arm herself to run amok with. To her, the power company sucks if
the lights go out. In the worst case, if her power starts a fire, she's
calling the fire department.

Mark.


---

Keith Stokes
Neill Technologies

Re: (perhaps off topic, but) Microwave Towers

[Keith Stokes]

There’s a lot less backhoe fade with microwave. ;-)

Kidding aside, I’m sure there are plenty of scenarios where microwave makes 
better sense than fiber especially since it’s a lot easier to clear right of 
way through the air.

Side gig has me maintaining a satellite system. Yes that still makes sense. As 
part of that I have a service that monitors people applying for microwave 
transmitters within a few hundred miles. You’d be surprised how many links are 
applied for every month.

--

Keith Stokes
Neill Technologies


> On Jul 14, 2018, at 9:56 AM, Miles Fidelman  
> wrote:
> 
> Hi Folks,
> 
> I find myself driving down Route 66.  On our way through Arizona, I was 
> surprised by what look like a lot of old-style microwave links.  They pretty 
> much follow the East-West rail line - where I'd expect there's a lot of fiber 
> buried.
> 
> Struck me as somewhat interesting.
> 
> It also struck me that folks here might have some comments.
> 
> Miles Fidelman
> 
> -- 
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
> 

Re: NG Firewalls & IPv6

[Keith Stokes]

I’ve been using PfSense @ home dual-stack on Cox for a year or two. As far as I 
can tell any IPv6 problems are Cox issues.


On Apr 5, 2018, at 12:12 PM, Blake Hudson 
<bl...@ispn.net<mailto:bl...@ispn.net>> wrote:

I've used pfSense (BSD firewall) in a dual stack setup. Not all features
are at parity with v4 (the captive portal doesn't support v6, for
example), but the core features of stateful firewall, DHCPv6, etc seemed
to work without any fuss.

Joe Klein wrote on 4/2/2018 5:58 PM:
All,

At security and network tradeshows over the last 15 years, I have asked
companies if their products supported "IPv6". They all claimed they did,
but were unable to verify any successful installations. Later they told me
it was on their "Roadmap" but were unable to provide an estimated year,
because it was a trade secret.

Starting this last year at BlackHat US, I again visited every product
booth, asking if their products supported dual-stack or IPv6 only
operations. Receiving only the same unsupported answers, I decided to focus
on one product category.

To the gurus of the NANOG community, What are your experiences with
installing and managing Next Generations firewalls? Do they support IPv6
only environments? Details? Stories?

If you prefer not to disparage those poor product companies, please contact
me off the list.

Thanks,

Joe Klein

"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8



---

Keith Stokes

Re: Zayo zColo Xcon Pricing

[Keith Stokes]

In a previous life when I was on the other side of writing contracts and my 
boss demanded auto-renewals, I always told my customers to write me a 
cancellation letter when they signed the contract.

The amazing thing was how few actually did it.


On Mar 7, 2018, at 10:55 AM, Mel Beckman 
<m...@beckman.org<mailto:m...@beckman.org>> wrote:

NRC? Do you mean ETC (early termination charge)?

This is a sore point with me in all telco contracts. They want a one- or 
two-year term, or even three, and in exchange give you a discount on the 
installation and a tiny MRC reduction. But if you cancel early, they demand 
full payment for all the remaining months! I realize that the contract is 
written this way, but why? It doesn’t seem fair at all, and as a service 
provider myself, I know this is actually a huge unearned windfall for the 
provider.

To make things worse, many providers subtly plant an “auto-renew” clause in 
their contracts. You miss canceling but the end of the contract date, and BOOM, 
you’re on the hook for another two years!

I’ve been burned by this more than once.

-mel

On Mar 7, 2018, at 8:41 AM, Romeo Czumbil 
<romeo.czum...@tierpoint.com<mailto:romeo.czum...@tierpoint.com>> wrote:

Wait till you ask for a disconnect. Then you get hit again for a hefty NRC





-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of James Laszko
Sent: Wednesday, March 7, 2018 10:11 AM
To: nanog <nanog@nanog.org<mailto:nanog@nanog.org>>
Subject: Zayo zColo Xcon Pricing

One of our colo’s in San Diego was purchased by Zayo recently and I requested a 
new copper Ethernet xcon to be placed.  After a few days I received a quote 
from my new rep quoting a MRC 3x what I’m currently paying for existing xcon’s 
as well as a hefty NRC as well.  Anyone have any experience with this kind of 
thing?  Anyone care to share what an average copper xcon, single floor, 
meet-me-room to cage, Ethernet from carrier circuit costs?  (This xcon is 
approx 30 feet..)

Thanks!

James

Sent from my iPad



---

  Keith Stokes

[cid:71D8C5C8-00C4-4DF2-8EA2-9D534D8EB9A6@neilltech.com]

Re: Temp at Level 3 data centers

[Keith Stokes]

If you are using hot/cold aisles and don't fill the rack, don't forget you have 
to put in blank panels. 

--

Keith Stokes

> On Oct 12, 2017, at 5:45 PM, William Herrin <b...@herrin.us> wrote:
> 
> On Wed, Oct 11, 2017 at 8:31 AM, David Hubbard <
> dhubb...@dino.hostasaurus.com> wrote:
> 
>> Curious if anyone on here colo’s equipment at a Level 3 facility and has
>> found the temperature unacceptably warm?  I’m having that experience
>> currently, where ambient temp is in the 80’s, but they tell me that’s
>> perfectly fine because vented tiles have been placed in front of all
>> equipment racks.
> 
> 
> Hi David,
> 
> The thing I'm not understanding in this thread is that the last time I
> checked Level 3 was a premium player not a cost player. Has that changed?
> 
> If a premium data center vendor is asking you to swallow 80F in the cold
> aisle, something is very wrong. But realize I just said 80F in the *cold
> aisle*. DC cooling is not about "ambient" or "sensible cooling" or similar
> terms bandied about by ordinary HVAC professionals. In a data center, air
> doesn't really stack up anywhere. It flows.
> 
> If you haven't physically checked your racks, it's time to do that. There
> are lots of reasons for high temps in the cabinet which aren't the DC's
> fault.
> 
> Is all the air flow in your cabinet correctly moving from the cold aisle to
> the hot aisle? Even those side-venting Cisco switches? You're sure? If
> you're looping air inside the cabinet, that's your fault.
> 
> Have you or your rack neighbors exceeded the heat density that the DC's
> HVAC system supports? If you have, the air in the hot aisle may be looping
> over the top of the cabinets and back in to your servers. You can't
> necessarily fill a cabinet with equipment. When you reach the allowable
> heat density, you have to start filling the next cabinet. I've seen DC
> cabinets left half empty for exactly this reason.
> 
> Regards,
> Bill Herrin
> 
> 
> -- 
> William Herrin  her...@dirtside.com  b...@herrin.us
> Dirtside Systems . Web: <http://www.dirtside.com/>

Re: Temp at Level 3 data centers

[Keith Stokes]

There are plenty of people who say 80+ is fine for equipment and data centers 
aren’t built for people.

However other things have to be done correctly.

Are you sure your equipment is properly oriented for airflow (hot/cold aisles 
if in use) and has no restrictions?

On Oct 11, 2017, at 9:42 AM, Sam Kretchmer 
<s...@coeosolutions.com<mailto:s...@coeosolutions.com>> wrote:

with a former employer we had a suite at the L3 facility on Canal in
Chicago. They had this exact issue for the entire time we had the suite.
They kept blaming a failing HVAC unit on our floor, but it went on for
years no matter who we complained to, or what we said.

Good luck.


On 10/11/17, 7:31 AM, "NANOG on behalf of David Hubbard"
<nanog-boun...@nanog.org<mailto:nanog-boun...@nanog.org> on behalf of 
dhubb...@dino.hostasaurus.com<mailto:dhubb...@dino.hostasaurus.com>> wrote:

Curious if anyone on here colo¹s equipment at a Level 3 facility and has
found the temperature unacceptably warm?  I¹m having that experience
currently, where ambient temp is in the 80¹s, but they tell me that¹s
perfectly fine because vented tiles have been placed in front of all
equipment racks.  My equipment is alarming for high temps, so obviously
not fine.  Trying to find my way up to whomever I can complain to that¹s
in a position to do something about it but it seems the support staff
have been told to brush questions about temp off as much as possible.
Was wondering if this is a country-wide thing for them or unique to the
data center I have equipment in.  I have equipment in several others from
different companies and most are probably 15-20 degrees cooler.

Thanks,

David



---

Keith Stokes

Re: Hurricane Maria: Summary of communication status - and lack of

[Keith Stokes]

And your upstream(s) to work. And their upstream(s) to work. etc. If 90% of the 
stations in the EAS web are down you may end up with nothing working.


On Sep 27, 2017, at 9:21 AM, Edwin Pers 
<ep...@ansencorp.com<mailto:ep...@ansencorp.com>> wrote:

The telecommunications damage in PR and USVI will be a good test how well the 
EAS works during extreme telecommunications damage.

>From my brief time as a radio station tech, all you need for EAS to function 
>properly is power to the receiver/decoder and for the station's transmitter to 
>be alive



---

Keith Stokes

Re: Please run windows update now

[Keith Stokes]

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/


Look near the bottom under Further Resources.


On May 15, 2017, at 10:44 AM, Keith Medcalf 
<kmedc...@dessus.com<mailto:kmedc...@dessus.com>> wrote:


I do not see any links to actually download the actual patches.  Just a bunch 
of text drivel.


--
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of
timrutherf...@c4.net<mailto:timrutherf...@c4.net>
Sent: Monday, 15 May, 2017 09:23
To: 'Josh Luthman'; 'Nathan Fink'
Cc: nanog@nanog.org
Subject: RE: Please run windows update now

I should clarify, the link in my email below is only for windows versions
that are considered unsupported.

This one has links for the currently supported versions of windows

https://support.microsoft.com/en-us/help/4013389/title


-Original Message-
From: timrutherf...@c4.net [mailto:timrutherf...@c4.net]
Sent: Monday, May 15, 2017 11:12 AM
To: 'Josh Luthman' <j...@imaginenetworksllc.com>; 'Nathan Fink'
<nef...@gmail.com>
Cc: 'nanog@nanog.org' <nanog@nanog.org>
Subject: RE: Please run windows update now

They even released updates for XP & 2003

http://www.catalog.update.microsoft.com/search.aspx?q=4012598


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Josh Luthman
Sent: Monday, May 15, 2017 10:45 AM
To: Nathan Fink <nef...@gmail.com>
Cc: nanog@nanog.org
Subject: Re: Please run windows update now

Link?

I only posted it as reference to the vulnerability.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Sat, May 13, 2017 at 2:07 AM, Nathan Fink <nef...@gmail.com> wrote:

I show MS17-010 as already superseded in SCCM

On Fri, May 12, 2017 at 1:44 PM, Josh Luthman
<j...@imaginenetworksllc.com

wrote:

MS17-010
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Fri, May 12, 2017 at 2:35 PM, JoeSox <joe...@gmail.com> wrote:

Thanks for the headsup but I would expect to see some references
to the patches that need to be installed to block the
vulnerability (Sorry for sounding like a jerk).
We all know to update systems ASAP.

--
Later, Joe

On Fri, May 12, 2017 at 10:35 AM, Ca By <cb.li...@gmail.com> wrote:

This looks like a major worm that is going global

Please run windows update as soon as possible and spread the
word

It may be worth also closing down ports 445 / 139 / 3389

http://www.npr.org/sections/thetwo-way/2017/05/12/
528119808/large-cyber-attack-hits-englands-nhs-hospital-
system-ransoms-demanded











---

Keith Stokes

Re: Verizon wireless to stop issuing static IPv4

[Keith Stokes]

You said the e-mail was from VZ wireless but the e-mail text says Verizon. Is 
it really all of Verizon, VZ Wireless, home, business or some combination?

On Mar 8, 2017, at 11:16 AM, David Hubbard 
<dhubb...@dino.hostasaurus.com<mailto:dhubb...@dino.hostasaurus.com>> wrote:

Thought the list would find this interesting.  Just received an email from VZ 
wireless that they’re going to stop selling static IPv4 for wireless 
subscribers in June.  That should make for some interesting support calls on 
the broadband/fios side; one half of the company is forcing ipv6, the other 
can’t provide it.  At least now we have a big name forcing the issue though.

David

Here’s complete text:

On June 30, 2017, Verizon will stop issuing new Public Static IPv4 addresses 
due to a shortage of available addresses. Customers that currently have active 
Public Static IPv4 addresses will retain those addresses, and Verizon will 
continue to fully support existing Public Static IPv4 addresses. In order to 
reserve new IP addresses, your company will need to convert to the Persistent 
Prefix IPv6 requirements and implement new Verizon-certified IPv6 devices.





Why should you make the move to Persistent Prefix IPv6?





•

Unlike IPv4, which is limited to a 32-bit prefix, Persistent Prefix IPv6 has 
128-bit addressing scheme, which aligns to current international agreements and 
standards.



•

Persistent Prefix IPv6 will provide the device with an IP address unique to 
that device that will remain with that device until the address is relinquished 
by the user (i.e., when the user moves the device off the Verizon Wireless 
network).



•

IPv4-only devices are not compatible with Persistent Prefix IPv6 addresses.









---

Keith Stokes

Re: Advice re network compromise and "law enforcement" (PCI certification)

[Keith Stokes]

What advice does your QSA have regarding writing the policy?

There are generic templates available to write your company security policy. 
That policy doesn’t necessarily constitute legal definitions or requirements 
for any sort of breach, which may vary by locale and provider. I’m assuming 
EDUs will have their own set of rules as may non-profits.

At best you will want to pass legal responsibility out of technical hands into 
C-Level/management hands to make decisions about whom is notified, what legal 
actions and third parties are called in. Your security policy can define when 
the buck is passed and left to a given committee.

On Jan 11, 2017, at 9:23 AM, Matt Freitag 
<mlfre...@mtu.edu<mailto:mlfre...@mtu.edu>> wrote:

Adding to what Rich said, it's very easy for advice on this to cross into
advice on legal matters.

It's also usually very illegal for non-attorneys or non-licensed attorneys
to offer advice on legal matters.

I recommend finding a lawyer with expertise in this area and who has
specific knowledge of your operation.

Matt Freitag
Network Engineer I
Information Technology
Michigan Technological University
(906) 487-3696 <%28906%29%20487-3696>
https://www.mtu.edu/
https://www.it.mtu.edu/

On Wed, Jan 11, 2017 at 10:19 AM, Rich Kulawiec <r...@gsp.org> wrote:

On Wed, Jan 11, 2017 at 09:37:19AM -0500, David H wrote:
Anyone have pointers/advice on what you came up with for a reasonable
definition of events that warrant involving law enforcement, and then
what
agency/agencies would be contacted?

This question is best answered by an attorney with expertise in this area
and with specific knowledge of your operation.

---rsk



---

Keith Stokes

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Keith Stokes]

Assuming all devices are vulnerable isn't a bad start.

--

Keith Stokes

> On Sep 27, 2016, at 11:04 AM, Roland Dobbins <rdobb...@arbor.net> wrote:
> 
>> On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote:
>> 
>> All the more reason to educate people TODAY on why having vulnerable devices 
>> is a Very Bad Idea.
> 
> Yes, but how do they determine that a given device is vulnerable?
> 
> ---
> Roland Dobbins <rdobb...@arbor.net>

Re: Don't press the big red buttom on the wall!

[Keith Stokes]

At one point in one data center I dealt with a disgruntled employee hit the UPS 
disconnect button on the way out.

Same story, procedures modified, cover put over switch with a hammer to break 
the glass, lessons learned, accounts credited.

On Aug 30, 2016, at 9:21 AM, Ken Chase 
<m...@sizone.org<mailto:m...@sizone.org>> wrote:

3 of my internet-lifetimes/startups ago, we had this happen when one of the L2
techs was doing their 'rounds' - but had a backpack on. They swung around and
hit the safety cover on the BRS - which got knocked off. They freaked
out a bit while putting the cover back on... and managed to activate it.

Dead silence followed: "Whoa! What wasn't that?!"

(A good story anyway. It wasnt clear from video exactly what happened. More
entertaining in review when sped up and backed with Yakety Sax.)

Hilarity ensued. Customers irated. Procedures were modified. SLAs were paid.
Nicknames were coined.

Could also be that it was a bit too red and shiny:

https://www.youtube.com/watch?v=NITBfc1EOBo#t=27s

/kc

On Mon, Aug 29, 2016 at 10:31:27PM -0700, Aaron C. de Bruyn said:
"???Unfortunately because it was human error we weren???t prepared for it,???
Holmes said."

I'm glad to know they are prepared for errors by deities and squirrels.

-A

On Mon, Aug 29, 2016 at 4:02 PM, Alan Buxey 
<a.l.m.bu...@lboro.ac.uk<mailto:a.l.m.bu...@lboro.ac.uk>> wrote:

???Unfortunately because it was human >error we weren???t prepared for it,???
Holmes said.

"But it's elementary!" Watson retorted

:)

alan


--
Ken Chase - Toronto Canada


---

Keith Stokes

Re: Comparing carrier hotels and colo: How much are you paying per 208V 30A circuit

[Keith Stokes]

We’re grandfathered to power being available with rack, and $hundreds to 
$thousands per month for 208V/30A HA depending upon the facility. These sites 
are not West Coast.

On Aug 17, 2016, at 11:48 AM, Eric Kuhnke 
<eric.kuh...@gmail.com<mailto:eric.kuh...@gmail.com>> wrote:

Of course I know all of the above exist and are available. Looking more
into the cost difference between facilities that sell 'basic' backed power
(where you absolutely need to install your own rectifier and battery plant)
vs facilities that sell 30A circuits they claim meet the definition of high
availability.

I have seen a lot of prices already and know that just the $/MRC for power
is occasionally not under NDA, so those who wish to share their costs might
do so in a general way without naming a specific facility...

Looking at west coast states (CA/OR/WA) primarily.


On Wed, Aug 17, 2016 at 9:41 AM, Patrick W. Gilmore 
<patr...@ianai.net<mailto:patr...@ianai.net>>
wrote:

L6-30s are probably the most common power drop in colocation.

A) Is proprietary. I won’t pretend you will get zero answers, lots of
people will likely break their NDAs.

B) You can find any and all of those options.

C) Ditto.

Are you looking for specific cities or buildings? Or just trying to see if
it is available?

--
TTFN,
patrick

On Aug 17, 2016, at 12:37 PM, Eric Kuhnke 
<eric.kuh...@gmail.com<mailto:eric.kuh...@gmail.com>> wrote:

a) How much, in $/mo

b) To what degree is it protected (1+0 generator, 1+1 generator, N+1
generator, single UPS, 1+1 UPS, etc).

c) What extent of diversity were you able to obtain vs. your other AC
circuits (unique riser?  separate transformer?  separate power feed from
second route into the building?)




---

Keith Stokes

Re: DNS Services for a registrar

[Keith Stokes]

Never say “never”. ;-)

Notice I did not say “you must” or “you should”. It is something to consider 
based on how many 9s are important to your business. The job of many of us is 
to think of those things that are highly unlikely, assign a risk and make a 
plan (or not) accordingly. The likely ones are written down and “anyone” can 
follow them.

In this case I’d say the risk is higher that someone puts the wrong info into a 
DNS change and if they are in different services and not automatically 
replicated, you could be better off. Again, what are the risks to your business?

On Aug 12, 2016, at 2:24 PM, Peter Beckman 
<beck...@angryox.com<mailto:beck...@angryox.com>> wrote:

If there are other metrics in which to measure DNS speed, availability and
redundancy, I'd love to seeing them. I have but my own datapoint and the
metrics from others. Tear down the testing model, but at least show a
different/better one in return.

On Fri, 12 Aug 2016, Keith Stokes wrote:

Route53 can get expensive for lots of domains. Queries are cheap with the
first 1M free, but if you have 1000 domains you’ll pay $500/month.

You can build dedicated servers in multiple AZs and data centers able to
handle that many domains for far less.

You might also consider running dedicated servers in each of AWS and
Azure to avoid a single-provider failure.

Having worked for AWS, there is no "global" control plane that would bring
two regions down at the same time. While possible, due to say a targeted
successful attack on both regions simultaneously, highly unlikely. Control
and data plane software updates and deployments are done regionally, and
often on an Availability Zone basis where applicable, to ensure there are
no defects.  Automation measures and will automatically roll back code that
breaks deployment metrics.

It's pretty sweet. Their internal tools team does amazing things with
automation.

Route53 is $0.50 per month per "zone" (domain) for the FIRST 25, then $0.10
per month per zone after that. 1000 domains would be $110 a month, not
$500. 500 million queries at $0.40 per million, another $200/month.

Who knows if you need that much, but it is pretty affordable.

Beckman
---
Peter Beckman  Internet Guy
beck...@angryox.com<mailto:beck...@angryox.com> 
http://www.angryox.com/
-------


---

Keith Stokes

Re: DNS Services for a registrar

[Keith Stokes]

Much better math than mine. I pulled from memory and didn’t know the discount @ 
25. I’m only running a half-dozen domains in Route53 and the rest are hosted 
internally.

You could probably use less than a c4.large too.

On Aug 12, 2016, at 11:29 AM, Peter Kristolaitis 
<alte...@alter3d.ca<mailto:alte...@alter3d.ca>> wrote:

On 2016-08-12 11:36 AM, Keith Stokes wrote:
Route53 can get expensive for lots of domains. Queries are cheap with the first 
1M free, but if you have 1000 domains you’ll pay $500/month.
If you had 1000 domains, you'd pay $110/month, not $500.   The first 25 domains 
at $0.50/month each, after that it's $0.10.   And that's based on the publicly 
available pricing -- they have special pricing if you're hosting >500 domains.

Including queries, if each hosted domain had a million queries a month, your 
total bill would $310.

That's probably a high estimate because it doesn't account for the >500 domain 
special pricing and your average registrar-hosted domain doesn't get anywhere 
near 1M queries a month.  Your actual bill would probably be significantly less.

You can build dedicated servers in multiple AZs and data centers able to handle 
that many domains for far less.
If you were to use c4.large instances, it would cost just under $400/month to 
have 6 instances spread across 2 regions with 3 AZs each, after instances, load 
balancers and bandwidth.  That's assuming you do the discounted 1-year, 
no-upfront-fee term on the instances.

And you're still not as redundant or fast as Route 53, which is anycast from 
way more than 6 places.

The math gets a little trickier when we start looking at labour costs for both 
initial development of your platform and ongoing maintenance, but from strictly 
an infrastructure cost perspective, I don't think the claim that it would cost 
"far less" to run your own infrastructure is necessarily true for a 
registrar-doing-hosting scenario.



---

Keith Stokes

Re: DNS Services for a registrar

[Keith Stokes]

Route53 can get expensive for lots of domains. Queries are cheap with the first 
1M free, but if you have 1000 domains you’ll pay $500/month.

You can build dedicated servers in multiple AZs and data centers able to handle 
that many domains for far less.

You might also consider running dedicated servers in each of AWS and Azure to 
avoid a single-provider failure.

On Aug 12, 2016, at 9:44 AM, John Kinsella 
<j...@thrashyour.com<mailto:j...@thrashyour.com>> wrote:

Also a big fan of DNS Made easy, but I wish they’d add DNSSEC already.

I’m happy with AWS - one thing to consider is model out the network costs. That 
seems to get some people, who just expect the bill for instances at end of 
month. If you’re worried about availability due to an availability zone going 
down, ensure you have the service replicated across multiple AZs or regions and

It might be worth a few minutes pondering just using Amazon’s Route53 instead 
of running the DNS server yourself. I haven’t looked at how the cost compares.

On Aug 12, 2016, at 6:41 AM, Peter Beckman 
<beck...@angryox.com<mailto:beck...@angryox.com>> wrote:

I highly recommend DNS Made Easy. Super fast, extremely reliable (100% up
time in the last 10-12 years excluding an 8 hour period 4-5 years ago where
they got DDOSed, no issues since), very affordable.

#2 fastest for July: http://www.solvedns.com/dns-comparison/2016/07

Has been #1 several months this year.

Beckman

On Fri, 12 Aug 2016, Ryan Finnesey wrote:

We need to provide DNS services for domains we offer as a registrar.  We were 
discussing internally the different options for the deployment.  Does anyone 
see a down side to using IaaS on AWS and Azure?

We were also kicking around the idea of a PaaS offering and using Azure DNS or 
AWS Route 53.

Cheers
Ryan



---
Peter Beckman  Internet Guy
beck...@angryox.com<mailto:beck...@angryox.com> 
http://www.angryox.com/
-------



---

Keith Stokes

Re: sub $500-750 CPE firewall for voip-centric application

[Keith Stokes]

PCI certification at the business level isn’t about whether your firewall 
vendor has gone through an audit and paid someone.

You can build your own firewall if you wish and it must meet all of the 
necessary requirements. So will a commercial firewall, because it’s certainly 
possible to configure anyone’s firewall in an insecure manner.

In fact, my name brand expensive firewall automatically fails the regular 
security scans because it answers ISAKMP. When asked, and it took awhile to get 
the truth, the answer was “We automatically flag because ISAMKP can be 
configured insecurely, so we automatically flag.” Showing my config wasn’t 
insecure got me a green light.

On May 6, 2016, at 1:45 PM, amuse 
<nanog-am...@foofus.com<mailto:nanog-am...@foofus.com>> wrote:

Don't forget ponying up the fees and charges for paying the auditors - which is 
why most OSS projects don't end up going through them.

On Fri, May 6, 2016 at 11:41 AM, Keith Stokes 
<kei...@neilltech.com<mailto:kei...@neilltech.com>> wrote:
I've been told by various PCI auditors that a noncommercial/FOSS firewall could 
pass as long as you have implemented the necessary controls such as 
encryption/logging/management and passing actual testing.

--

Keith Stokes

> On May 6, 2016, at 1:31 PM, Mel Beckman 
> <m...@beckman.org<mailto:m...@beckman.org>> wrote:
>
> The question of code quality is always a difficult one, since in FOSS it’s 
> public and often found lacking, but in private source you may never know. In 
> these cases I rely on the vendor’s public statements about their development 
> processes and certifications (e.g., ICSA). Commercial products often disclose 
> their development processes and even run in-house security threat research 
> groups that publish to the community.
>
> There are also outside certifications. For example, 
> www.icsalabs.com<http://www.icsalabs.com/><http://www.icsalabs.com<http://www.icsalabs.com/>>
>  lists certifications by vendor for those that have passed their test 
> regimen, and both Dell SonicWall and Fortinet Fortigate are shown to be 
> current. PFSense isn’t listed, and although it is theoretically vetted by 
> many users, there is no guarantee of recency or thoroughness of the test 
> regimen.
>
> This brings up the question of whether PFSense can meet regulatory 
> requirements such as PCI, HIPAA, GLBA and SOX. While these regulatory 
> organizations don’t require specific overall firewall certifications, they do 
> require various specific standards, such as encryption strength, logging, VPN 
> timeouts, etc. I don’t know if PFsense meets these requirements, as they 
> don’t say so on their site. Companies like Dell publish white papers on their 
> compliance with each regulatory organization.
>
> -mel
>
>
> On May 6, 2016, at 11:05 AM, Aris Lambrianidis 
> <effulge...@gmail.com<mailto:effulge...@gmail.com><mailto:effulge...@gmail.com<mailto:effulge...@gmail.com>>>
>  wrote:
>
> amuse wrote:
> One question I have is:  Is there any reason to believe that the source
> code for Sonicwall, Cisco, etc are any better than the PFSense code?  Or
> are we just able to see the PFSense code and make unfounded assumptions
> that the commercial code is in better shape?
> Perhaps not. In fact, probably not, judging by the apparent lack of
> audit processes for say,
> OpenSSL libraries re-used in commercial products.
>
> It still doesn't detract from the value  of what people are aware of, in
> this case,
> pfSense code quality.
>
> Aris
>



---

Keith Stokes

Re: sub $500-750 CPE firewall for voip-centric application

[Keith Stokes]

I've been told by various PCI auditors that a noncommercial/FOSS firewall could 
pass as long as you have implemented the necessary controls such as 
encryption/logging/management and passing actual testing.

--

Keith Stokes

> On May 6, 2016, at 1:31 PM, Mel Beckman <m...@beckman.org> wrote:
> 
> The question of code quality is always a difficult one, since in FOSS it’s 
> public and often found lacking, but in private source you may never know. In 
> these cases I rely on the vendor’s public statements about their development 
> processes and certifications (e.g., ICSA). Commercial products often disclose 
> their development processes and even run in-house security threat research 
> groups that publish to the community.
> 
> There are also outside certifications. For example, 
> www.icsalabs.com<http://www.icsalabs.com> lists certifications by vendor for 
> those that have passed their test regimen, and both Dell SonicWall and 
> Fortinet Fortigate are shown to be current. PFSense isn’t listed, and 
> although it is theoretically vetted by many users, there is no guarantee of 
> recency or thoroughness of the test regimen.
> 
> This brings up the question of whether PFSense can meet regulatory 
> requirements such as PCI, HIPAA, GLBA and SOX. While these regulatory 
> organizations don’t require specific overall firewall certifications, they do 
> require various specific standards, such as encryption strength, logging, VPN 
> timeouts, etc. I don’t know if PFsense meets these requirements, as they 
> don’t say so on their site. Companies like Dell publish white papers on their 
> compliance with each regulatory organization.
> 
> -mel
> 
> 
> On May 6, 2016, at 11:05 AM, Aris Lambrianidis 
> <effulge...@gmail.com<mailto:effulge...@gmail.com>> wrote:
> 
> amuse wrote:
> One question I have is:  Is there any reason to believe that the source
> code for Sonicwall, Cisco, etc are any better than the PFSense code?  Or
> are we just able to see the PFSense code and make unfounded assumptions
> that the commercial code is in better shape?
> Perhaps not. In fact, probably not, judging by the apparent lack of
> audit processes for say,
> OpenSSL libraries re-used in commercial products.
> 
> It still doesn't detract from the value  of what people are aware of, in
> this case,
> pfSense code quality.
> 
> Aris
> 

Re: Why the US Government has so many data centers

[Keith Stokes]

Plus a subsequent GAO report accounting for a miscount due to using paperclips 
on the history forms.

On Mar 14, 2016, at 4:06 PM, mikea 
<mi...@mikea.ath.cx<mailto:mi...@mikea.ath.cx>> wrote:

On Mon, Mar 14, 2016 at 04:49:38PM -0400, Sean Donelan wrote:
On Mon, 14 Mar 2016, Scott Weeks wrote:
It's all phunny money.  Real economics are not even considered.
At all.

And what makes your think the Data Center Optimization Initiative is any
different, when they are counting single servers instead of data centers?

If it was a rational, coherent plan; that would be great.  Instead I see
lots of people spending years looking for servers, and writing reports
about counting servers, and moving servers from on room to another room.
What's the return on investment counting paperclips?

But when they're finished, they'll have the serial number of each individual
paperclip, and a paperclip history form to go with it.

--
Mike Andrews, W5EGO
mi...@mikea.ath.cx<mailto:mi...@mikea.ath.cx>
Tired old sysadmin


---

Keith Stokes

Re: Ear protection

[Keith Stokes]

Since I’m in our colo facility this morning, I decided to put some numbers on 
it in my little isolated corner with lots of blowers running.

According to my iPhone SPL meter, average SPL is 81 - 82 dB with peaks 88 - 89 
dB.

According to the OSHA hearing protection chart, 90 dB is the maximum level for 
8-hour daily exposure. See 
https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=STANDARDS_id=9735

Etymotic, a manufacturer of high performance ear buds/ear phones says 85 dB is 
acceptable 8 hours per day, 5 days per week. See 
http://www.etymotic.com/downloads/dl/file/id/15/product/82/guide_to_safe_listening.pdf

There is some argument to the point of what type of noise but ~10 dB is still 
pretty good headroom using the OSHA limits and 4 dB is certainly usable for the 
Etymotic figure.

In the general area the levels are 6 - 9 dB lower.

My thought is if you’re listening to music many hours per day you’re may be 
exceeding these levels already.

On Sep 23, 2015, at 8:48 AM, Bryan Holloway 
<bhollo...@pavlovmedia.com<mailto:bhollo...@pavlovmedia.com>> wrote:


On 9/23/15, 7:53 AM, "NANOG on behalf of Joe Greco"
<nanog-boun...@nanog.org<mailto:nanog-boun...@nanog.org> on behalf of 
jgr...@ns.sol.net<mailto:jgr...@ns.sol.net>> wrote:

Maybe I've always listened to my music to loud and spend the bulk of
time
via ssh, but I've never felt a need for hearing protection in a DC, is
this
generally an issue for people?

Depends on how long and how noisy.

As I've gotten older, I find loud noise in general is less tolerable,
so I've taken to always keeping a pair of earplugs with me.  It makes
being around loud music, etc., much more enjoyable.

Long term exposure to noise is widely considered to be a hazard, but
walking into an average data center for an hour once a month is
probably not that risky.

... JG


Depends on the type of "noise" too.

Datacenters generate (more or less) white noise, which is particularly
harmful long-term to the cilia in your ears because it excites all of them
all of the time. A loud datacenter is much worse than a loud rock band,
IMO.

I personally use Bose noise-canceling headphones.




---

Keith Stokes

Re: cisco.com unavailable

[Keith Stokes]

It works fine for me from Cox.



---

Keith Stokes


From: NANOG <nanog-boun...@nanog.org> on behalf of Murat Kaipov 
<mkai...@outlook.com>
Sent: Monday, September 21, 2015 1:51 PM
To: nanog@nanog.org
Subject: cisco.com unavailable

Hi folks!
Is cisco.com <http://cisco.com/> unavailable or it is affected just for 
Rostelecom?

Re: high latency on West Coast?

[Keith Stokes]

I have a SmokePing machine sitting in AWS Oregon looking at a few of my sites. 
It shows a bunch of ugliness starting around midnight Central and smoothing out 
but still with higher latency continuing to some sites. The same site is 
showing ugliness in the last hour. 

--

Keith Stokes

> On Sep 18, 2015, at 4:39 PM, Florin Andrei <flo...@andrei.myip.org> wrote:
> 
> I've asked Runscope (a monitoring service we're using for a few things, with 
> locations in AWS and Rackspace), and they've confirmed my findings - there's 
> unusually high latency somewhere around the AWS facility in Oregon, started 
> last night, but they say it's "getting better".
> 
> -- 
> Florin Andrei
> http://florin.myip.org/

Re: IP's with jitter/packet loss and very far away

[Keith Stokes]

There are also plenty of simulators to create what you want. This one looks 
pretty useful:

http://www.linuxfoundation.org/collaborate/workgroups/networking/netem

On Sep 18, 2015, at 10:54 AM, Neill 
<kei...@neilltech.com<mailto:kei...@neilltech.com>> wrote:

Use probably any coffee shop’s wireless network to anyone any you’ll get that 
most of the time.


On Sep 18, 2015, at 10:42 AM, Dovid Bender 
<do...@telecurve.com<mailto:do...@telecurve.com>> wrote:

Hi,

I am working on a presentation and looking to create samples of what a
trace should not look like? Anyone have IP's that I can trace from the US
or UK that will show
1) jitter
2) packet loss
3) very far away (perhaps an IP on a sat. link). Pref over 2000 ms

TIA.

Dovid


---

Keith Stokes






---

Keith Stokes

Re: IP's with jitter/packet loss and very far away

[Keith Stokes]

Use probably any coffee shop’s wireless network to anyone any you’ll get that 
most of the time.


On Sep 18, 2015, at 10:42 AM, Dovid Bender 
<do...@telecurve.com<mailto:do...@telecurve.com>> wrote:

Hi,

I am working on a presentation and looking to create samples of what a
trace should not look like? Anyone have IP's that I can trace from the US
or UK that will show
1) jitter
2) packet loss
3) very far away (perhaps an IP on a sat. link). Pref over 2000 ms

TIA.

Dovid


---

Keith Stokes

Re: Ashburn

[Keith Stokes]

Or router bugs.

Or even inserting new NSA taps since some of the rest have been caught.

---

Keith Stokes


From: NANOG <nanog-boun...@nanog.org> on behalf of Christopher Morrow 
<morrowc.li...@gmail.com>
Sent: Wednesday, September 16, 2015 10:34 AM
To: Matt Hoppes
Cc: North American Network Operators' Group
Subject: Re: Ashburn

removal of nsa taps

On Wed, Sep 16, 2015 at 10:34 AM, Matt Hoppes
<mhop...@indigowireless.com> wrote:
> What the world is going on in Ashburn?  Over the last two days I've seen
> multiple flaps from multiple carriers going through there.  They generally
> last about two to three minutes and then everything restores.

Re: outlook.com outgoing blacklists?

[Keith Stokes]

Well now you have to share the answer.

On Sep 10, 2015, at 3:06 PM, Todd K Grand 
<tgr...@tgrand.com<mailto:tgr...@tgrand.com>> wrote:

The problem has been resolved.
Thanks to everybody that contributed.



---

Keith Stokes

Re: ATT U-Verse Data Setup Convention

[Keith Stokes]

“Forever” is a long time. We’re shooting for not having to change people’s 
address multiple times per week while still trying to help them save costs by 
not paying extra for “official static IPs.

Changing every 6 months as some have pointed out as their experience is 
perfectly acceptable to us.

On Jul 30, 2015, at 11:51 AM, James Hartig 
fastest...@gmail.commailto:fastest...@gmail.com wrote:

I've had ATT UVerse for 3 years now and it has changed at least twice since I 
got it. The DHCP address has an expiration of ~7 days and it usually keeps the 
same address upon renewal but a few times I have noticed that it's changed. I 
wouldn't trust it to be static forever.

--
James Hartig


---

Keith Stokes

ATT U-Verse Data Setup Convention

[Keith Stokes]

I’m wondering if some can share their experiences or maybe there’s an ATT 
person here who can confirm policy.

I work for SaaS provider who requires a source IP to access our system to 
businesses.

Normally we tell the customer to request a “Static IP” from their provider. 
That term makes sense to most ISPs.

However, we’ve recently worked with an ATT higher-up tech who told us that 
every U-Verse modem is locked to an address even when set to DHCP and will not 
change unless the unit is changed. Ordering a “Static IP” from them means your 
devices will individually get public addresses, which isn’t a requirement for 
us, isn’t quite as easy to add multiple devices and costs our customers more 
money.

Here are my questions:

1. Is it really accurate that the customer’s address is tied to the 
modem/router?

2. For my curiosity, is this done through a DHCP reservation or is there a hard 
coded entry somewhere?

3. Do all U-Verse modem/routers behave the same way? This particular unit was a 
Motorola but the friends I’ve seen with U-Verse use a Cisco unit.

---

Keith Stokes

Re: ATT U-Verse Data Setup Convention

[Keith Stokes]

Access is not the only reason we ask for non-changing source IP addresses.

I’m not arguing the long-term sensibility of the approach. It’s arguably a 
legacy app and has 5000 endpoints that we have to still support until different 
solutions on our side are complete. That process is outside of my control.

On Jul 30, 2015, at 11:20 AM, Chuck Anderson 
c...@wpi.edumailto:c...@wpi.edu wrote:

People need to really stop using Source IP as an ACL mechanism
whereever possible.  Have you considered using SSL certs or SSH keys
or some other sort of API key instead?  I'm mean, do you really want
to have to know how the technology of every ISP that every possible
SaaS customer may use to access your service is set up?

On Thu, Jul 30, 2015 at 04:02:06PM +, Keith Stokes wrote:
I’m wondering if some can share their experiences or maybe there’s an ATT 
person here who can confirm policy.

I work for SaaS provider who requires a source IP to access our system to 
businesses.

Normally we tell the customer to request a “Static IP” from their provider. 
That term makes sense to most ISPs.

However, we’ve recently worked with an ATT higher-up tech who told us that 
every U-Verse modem is locked to an address even when set to DHCP and will not 
change unless the unit is changed. Ordering a “Static IP” from them means your 
devices will individually get public addresses, which isn’t a requirement for 
us, isn’t quite as easy to add multiple devices and costs our customers more 
money.

Here are my questions:

1. Is it really accurate that the customer’s address is tied to the 
modem/router?

2. For my curiosity, is this done through a DHCP reservation or is there a hard 
coded entry somewhere?

3. Do all U-Verse modem/routers behave the same way? This particular unit was a 
Motorola but the friends I’ve seen with U-Verse use a Cisco unit.


---

Keith Stokes

Re: United Airlines is Down (!) due to network connectivity problems

[Keith Stokes]

Who roles out software in the middle of the week and not on weekends? People 
who have more business on the weekends than the week, such as retail.

On Jul 8, 2015, at 4:40 PM, Dovid Bender 
do...@telecurve.commailto:do...@telecurve.com wrote:

Other than for an emergency repair who roles out a software update in
middle of the week? We test, test and then test some more and only then
roll out on weekends. Our maintenance window is 00:00 - 01:00 Sunday
mornings for sw updates etc.


On Wed, Jul 8, 2015 at 3:02 PM, Matthew Huff 
mh...@ox.commailto:mh...@ox.com wrote:

Traders on the floor are being told that it’s a software glitch from new
software that was rolled out Tuesday night. Nothing official has been
said.  The only thing I know for sure is that if the NYSE was hacked, they
wouldn’t tell anyone the details for a long time, if ever.

The impact of the NYSE being down is much less significant than it used to
be since most stocks are multiple-listed on other exchanges.

The lack of information through official channels is unusual though. In
previous situations, there has been at least a little hand-holding. So far,
nada. In fact, other than financial service provider’s emails, there has
been no emails so far today from the NYSE, including the announcement of
resumption of service. According the the NYSE web page, trading will resume
at 3:05pm EST today with primary specialist, and 3:10 for everyone.




On Jul 8, 2015, at 2:33 PM, Brett Frankenberger 
rbf+na...@panix.commailto:rbf+na...@panix.com
wrote:

On Wed, Jul 08, 2015 at 01:55:43PM -0400, 
valdis.kletni...@vt.edumailto:valdis.kletni...@vt.edu wrote:
On Wed, 08 Jul 2015 17:42:52 -, Matthew Huff said:

Given that the technical resources at the NYSE are significant and
the lengthy duration of the outage, I believe this is more serious
than is being reported.

My personal, totally zero-info suspicion:

Some chuckleheaded NOC banana-eater made a typo, and discovered an
entirely new class of wondrous BGP-wedgie style We know how we got
here, but how do we get back? network misbehaviors

We don't know how long the underlying problem lasted, and how much of
the continued outage time is dealing with the logistics of restarting
trading mid-day.  Completely stopping and then restarting trading
mid-day is likely not a quick process even if the underlying technical
issue is immediately resolved.

(Such things have happened before - like the med school a few years ago
that
extended their ethernet spanning tree one hop too far, and discovered
that
merely removing the one hop too far wasn't sufficient to let it come
back up...)

No, but picking a bridge in the center, giving it priority sufficient
for it to become root, and then configuring timers[1] that would
support a much larger than default diameter, possibly followed by some
reboots, probably would have.

From what has been publicly stated, they likely took a much longer and
more complicated path to service restoration than was strictly
necessary.  (I have no non-public information on that event.  There may
be good reasons, technical or otherwise, why that wasn't the chosen
solution.)

   -- Brett

[1] You only have to configure them on the root; non-root bridges use
what root sends out, not what they ahve configured.




---

Keith Stokes

Re: World's Fastest Internet™ in Canadaland

[Keith Stokes]

Use wireless. There are reasonably priced point to point bridges available.

--

Keith Stokes

 On Jun 26, 2015, at 11:18 PM, Peter Kristolaitis alte...@alter3d.ca wrote:
 
 On 6/26/2015 7:26 PM, Joe Abley wrote:
 
 On 26 Jun 2015, at 15:04, Hank Disuko wrote:
 
 Bell Canada is apparently gearing up to provide the good people of Toronto 
 with the World's Fastest Internet™.
 http://www.thestar.com/news/city_hall/2015/06/25/bell-canada-to-give-toronto-worlds-fastest-internet.html
  
 
 Bell Canada is in the business of defending the current regulatory regime 
 from claims that internet speeds are slow, or that investment by incumbents 
 in the last mile is lacking, or that it ought to be required to share its 
 access network with competitors. Read the press with that context in mind.
 
 There's cooperative, rural broadband in the UK [1] that offers 10G access to 
 farms at a lower price than Bell charges for some satellite TV bundles. I 
 don't think anybody need waste any cycles persuading other people here that 
 the fastest internet claims are not aligned precisely with the kind 
 reality you find even on this list.
 
 Joe
 
 [1] http://b4rn.org.uk
 
 And defend the current regulatory regime well they do.  I live literally 
 minutes outside of the Ottawa urban area and I have as choices for network 
 connectivity either LoS wireless or satellite. I can, however, stand at the 
 end of my driveway and look in EITHER direction to see houses that can get 
 cable service, yet none of the incumbents are willing to service my little 
 stretch of road (affecting me and ~5 neighbours).
 
 I'm told by the neighbours (I just moved here) that they've been bugging the 
 incumbents for YEARS and getting no traction at all. I'm thinking of pricing 
 out a fiber run and running a little local co-op network access provider for 
 me and the neighbours, but I suspect that install costs might nix that idea.
 
 (For extra fun, I was told by one of the incumbents that my address was 
 serviceable with up to 150Mbps cable before I purchased the property.  Then 
 when I took possession and tried to get service set up -- nope, sorry.  But 
 that's a whole other story...)