Dormant space on blacklists, how can I resolve this?

[Matthew Crocker]

Hello,

I run Crocker Communications (AS7849) and have ARIN allocations of 
161.77.0.0/16 & 66.59.48.0/20.   The 66.58.48.0/20 space was used for our 
datacenter which shutdown a couple years ago.  The space has mostly been 
dormant for the past couple years.   I’m now starting to assign 
66.59.[55-60].0/24 to a new group of residential FTTH customers.   The 
customers are getting access denied messages from Akamai based websites.

What can I do to get Akamai to unblock the 66.59.48.0/20 space.
Is there a website I can look to research the reputation of the subnets?  They 
haven’t been used in years so I would expect them to be pretty clean.

Thanks

-Matt

UltraDNS contact

[Matthew Crocker]

Can anyone from UltraDNS contact me off list please?   I have some security 
issues I’d like to discuss with you.

Thanks

-Matt

Santander bank contact

[Matthew Crocker]

If anyone on this list is affiliated with Santander bank please reach me 
off-list.  You are blocking one of my subnets and my customers cannot access 
your bank website.

Thanks

-Matt

Re: Upstream bandwidth usage

[Matthew Crocker]

GPON is TDM (Time Division Multiplexing).  The downstream is essentially OC-48 
(2.4Gbps).   The OLT sets the clock and each ONT has a specific timeslot for 
uploading.  Some vendors can adjust the timeslot reservations to ‘guarantee’ 
specific upload speeds to specific ONTs

From: NANOG  on behalf of Mel 
Beckman 
Date: Thursday, June 9, 2022 at 7:31 PM
To: Adam Thompson 
Cc: nanog@nanog.org 
Subject: Re: Upstream bandwidth usage
CAUTION: This email originated from outside of Crocker. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.


Adam,

Your point on asymmetrical technologies is excellent. But you may not be aware 
that residential optical fiber is also asymmetrical. For example, GPON, the 
latest ITU specified PON standard, and the most widely deployed, calls for a 
2.4 Gbps downstream and a 1.25 Gbps upstream optical line rate.

 -mel

> On Jun 9, 2022, at 3:08 PM, Adam Thompson  wrote:
> However, if you're talking about fiber service, it's pretty much pure 
> marketing-dept-driven BS, combined with some vague justification of not 
> letting TOR nodes or copyright-ignoring seeders/Warez-providers/etc. 
> overwhelm the network in unexpected ways.

Free-ish Linux Netflow collector/analyser options

[Matthew Crocker]

I’m looking for a free-ish Linux open sources Netflow collector/analyser.  I 
have 5 Juniper MX routers that will send IPFIX flows to for an ISP network.
I’m hoping it is something I can run in AWS/EC2 as I don’t want to worry about 
storage again in my lifetime.  Does anyone have any recommendations?

For reporting I would like to generate basic  usage reports to/from 
IP/Subnet/ASN.  It would be great if it could also detect DDoS and activate 
flowspec back into my core routers but that isn’t a requirement

Thanks

-Matt

Re: OOB management options @ 60 Hudson & 1 Summer

[Matthew Crocker]

Geez,  I’ve been at 1 Summer for 6+ years, never new they offered this.  I’ll 
have to check it out

Thanks

-Matt


From: Saku Ytti 
Date: Friday, April 16, 2021 at 1:34 AM
To: Matthew Crocker 
Cc: NANOG 
Subject: Re: OOB management options @ 60 Hudson & 1 Summer
CAUTION: This email originated from outside of Crocker. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.



On Fri, 16 Apr 2021 at 01:18, Matthew Crocker 
mailto:matt...@corp.crocker.com>> wrote:

I have routers in both 60 Hudson St & 1 Summer St and I’m looking for some low 
cost bandwidth options for out of band management.  Currently

I’m surprised OOB bandwidth isn’t a feature for colocation providers.

That would surprise me too.

https://www.digitalrealty.com/connectivity/ip-bandwidth
https://www.markleygroup.com/cloud/network/out-of-band

--
  ++ytti

OOB management options @ 60 Hudson & 1 Summer

[Matthew Crocker]

I have routers in both 60 Hudson St & 1 Summer St and I’m looking for some low 
cost bandwidth options for out of band management.  Currently I have Opengear 
boxes at each site with cell modems but they don’t work too well.  I either 
need to replace them with new cell based devices or find a wireless/ethernet 
bandwidth option.   I only need a couple serial ports and ethernet for when 
everything breaks.

I’m in DR space @ 60 Hudson and the Markeley MMR @ 1 Summer

I’m surprised OOB bandwidth isn’t a feature for colocation providers.

Thanks

Re: Infomart Dallas is on generator

[Matthew Crocker]

They are most likely part of a demand load shedding program and are being paid 
to run off generator.

From: NANOG  on behalf of 
Eric Kuhnke 
Date: Monday, February 15, 2021 at 5:10 PM
To: "nanog@nanog.org list" 
Subject: Infomart Dallas is on generator


I have now heard from two reliable sources that Infomart Dallas is presently on 
generator, and is likely to remain so until the cold weather/electrical supply 
emergency in Texas has abated. No network impact seen yet.

Anyone from Draftkings.com on here?

[Matthew Crocker]

Hoping someone from Draftkings.com is on this list.  If so, please message me 
directly so I can get a subnet block cleared up.

Thanks

-Matt

Re: [EXTERNAL]Re: Don't need someone with clue @ Network Solutions.

[Matthew Crocker]

Yes I tried reaching out to Amazon and they said they can't help me.   
Crocker.com was hosted with Network Solutions earlier this year.  I'm thinking 
it might transfer it back to Network Solutions and get them to delete the stale 
records.Amazon Route53 is great,  Amazon Registrar not so much.


On 12/18/20, 4:36 PM, "NANOG on behalf of Doug Barton" 
 wrote:

CAUTION: This email originated from outside of Crocker. Do not click links 
or open attachments unless you recognize the sender and know the content is 
safe.


I'm curious, and my apologies if I missed it, but crocker.com is
registered at Amazon, and the COM whois shows that it was Amazon's
registrar that added the host records.

Were you able to work with the Amazon registrar (not AWS), as one of
their customers, to get the records removed; since crocker.com is not
delegated to those servers?

If not, that's a pretty big gap in their registrar offering.

Doug

http://registrar.amazon.com/


On 12/18/20 11:03 AM, Matthew Crocker wrote:
>
> At this point I've basically given up and I'm moving the 66.59.48.x IPs 
to a new datacenter over the weekend.  I'll move the DNS servers on the old IPs 
to the new datacenter and call it a day.   We are trying to get all of the 
customers to re-register anyway, then I'll shut all of this down.
>
> Thanks for the help
>
> On 12/17/20, 3:16 PM, "NANOG on behalf of John R. Levine" 
 
wrote:
>
>  CAUTION: This email originated from outside of Crocker. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.
>
>
>  > a czds dl, however, shows:
>
>  You're right, I checked again.
>
>  > :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz
>  > dns-auth1.crocker.com.172800  in  a   66.59.48.87
>  > dns-auth2.crocker.com.172800  in  a   66.59.48.88
>  > dns-auth3.crocker.com.172800  in  a   66.59.48.94
>  > dns-auth4.crocker.com.172800  in  a   66.59.48.95
>  >
>  > and leaving off the ^ shows that a large number of zones use those.
>
>  Since crocker.com uses different NS, I still don't see why they're 
in the
>  .COM zone.  Making inquiries.
>
>  Regards,
>  John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet 
for Dummies",
>  Please consider the environment before reading this e-mail. 
https://jl.ly
>

Re: [EXTERNAL]Re: Don't need someone with clue @ Network Solutions.

[Matthew Crocker]

At this point I've basically given up and I'm moving the 66.59.48.x IPs to a 
new datacenter over the weekend.  I'll move the DNS servers on the old IPs to 
the new datacenter and call it a day.   We are trying to get all of the 
customers to re-register anyway, then I'll shut all of this down.

Thanks for the help

On 12/17/20, 3:16 PM, "NANOG on behalf of John R. Levine" 
 
wrote:

CAUTION: This email originated from outside of Crocker. Do not click links 
or open attachments unless you recognize the sender and know the content is 
safe.


> a czds dl, however, shows:

You're right, I checked again.

> :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz
> dns-auth1.crocker.com.172800  in  a   66.59.48.87
> dns-auth2.crocker.com.172800  in  a   66.59.48.88
> dns-auth3.crocker.com.172800  in  a   66.59.48.94
> dns-auth4.crocker.com.172800  in  a   66.59.48.95
>
> and leaving off the ^ shows that a large number of zones use those.

Since crocker.com uses different NS, I still don't see why they're in the
.COM zone.  Making inquiries.

Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for 
Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: [EXTERNAL]Need someone with clue @ Network Solutions.

[Matthew Crocker]

Thanks everyone who responded

It appears I should have been looking for clue in my own network.  Amazon hosts 
crocker.com and they have the glue records.  Apparently left over from when the 
domain was with Network Solutions.   I have tickets open with Amazon to get 
them removed/updated.

-Matt


From: NANOG  on behalf of 
Matthew Crocker 
Date: Tuesday, December 15, 2020 at 11:43 AM
To: "nanog@nanog.org" 
Subject: [EXTERNAL]Need someone with clue @ Network Solutions.

CAUTION: This email originated from outside of Crocker. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

I need to get Network Solutions to remove glue records for hosts in my domain.  
 My domain isn’t registered with Network Solutions and they refuse to speak 
with me as I’m not a customer.

I’ve had my customer attempt to update their domain through Network Solutions 
but the only thing they can change is the NS record, not the underlying host 
glue record.   I don’t think the glue records even need to exist as they are 
published by my domain already.

Does anyone have any contacts at Network Solutions that can help?

Example:


dig .com NS @i.gtld-servers.net.



; <<>> DiG 9.10.6 <<>> .com NS @i.gtld-servers.net.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;.com.IN NS



;; AUTHORITY SECTION:

.com.  172800 IN NS dns-auth4.crocker.com.

.com.  172800 IN NS dns-auth3.crocker.com.



;; ADDITIONAL SECTION:

dns-auth4.crocker.com.  172800 IN A  66.59.48.95

dns-auth3.crocker.com.  172800 IN A  66.59.48.94



;; Query time: 73 msec

;; SERVER: 192.43.172.30#53(192.43.172.30)

;; WHEN: Tue Dec 15 11:34:41 EST 2020

;; MSG SIZE  rcvd: 124


The correct servers are:


dns-auth3.crocker.com.  299IN A  66.59.61.10

dns-auth4.crocker.com.  299IN A  66.59.61.194

Need someone with clue @ Network Solutions.

[Matthew Crocker]

I need to get Network Solutions to remove glue records for hosts in my domain.  
 My domain isn’t registered with Network Solutions and they refuse to speak 
with me as I’m not a customer.

I’ve had my customer attempt to update their domain through Network Solutions 
but the only thing they can change is the NS record, not the underlying host 
glue record.   I don’t think the glue records even need to exist as they are 
published by my domain already.

Does anyone have any contacts at Network Solutions that can help?

Example:


dig .com NS @i.gtld-servers.net.



; <<>> DiG 9.10.6 <<>> .com NS @i.gtld-servers.net.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;.com.IN NS



;; AUTHORITY SECTION:

.com.  172800 IN NS dns-auth4.crocker.com.

.com.  172800 IN NS dns-auth3.crocker.com.



;; ADDITIONAL SECTION:

dns-auth4.crocker.com.  172800 IN A  66.59.48.95

dns-auth3.crocker.com.  172800 IN A  66.59.48.94



;; Query time: 73 msec

;; SERVER: 192.43.172.30#53(192.43.172.30)

;; WHEN: Tue Dec 15 11:34:41 EST 2020

;; MSG SIZE  rcvd: 124


The correct servers are:


dns-auth3.crocker.com.  299IN A  66.59.61.10

dns-auth4.crocker.com.  299IN A  66.59.61.194

Changing DNS host records

[Matthew Crocker]

Hello

It has been over a decade since I’ve done this and need some help refreshing my 
memory.

I have many customers that have registered their domains against my 
authoritative servers (DNS-AUTH3.CROCKER.COM).I need to move that machine 
to a different network/IP address.I’ve made the updates in my domain 
(crocker.com) but I think I also need to update the host glue records in the 
gtld-servers as well.   How do I go about doing that?   Ultimately the 
customers need to update their registration with our new authoritative servers, 
many have but we still have some stragglers I don’t want to break when I 
shutdown the old servers.

Thanks

-Matt

Re: sfps from fs dot com

[Matthew Crocker]

I have had some fail and SFP+ & QSFP28s that my Juniper MC480s refuse to 
recognize even though I ordered 'branded Juniper' optics.

99% of my stuff is from FlexOptix (https://www.flexoptix.net/).  They are a bit 
more expensive but I've had 100% reliability and they have worked in all 
systems I've put them in.



On 9/20/19, 8:33 AM, "NANOG on behalf of Nicholas Warren" 
 wrote:

Anyone have experience with fs.com's lasers? Are they reliable?

Re: Protecting 1Gb Ethernet From Lightning Strikes

[Matthew Crocker]

Could you use a transceiver for the 1000Base-T?  copper <-> fiber <-> copper 
that will create an ‘air gap’ on the data circuit.   You still run the risk of 
a lightning strike entering through the transceiver power.   You could filter 
that through a -48VDC power supply, rectifier/inverter pair.


From: NANOG  on behalf of Javier J 

Date: Tuesday, August 13, 2019 at 2:23 PM
To: "nanog@nanog.org" 
Subject: Protecting 1Gb Ethernet From Lightning Strikes

I'm working with a client site that has been hit twice, very close by 
lightening.

I did lots of electrical work/upgrades/grounding but now I want to focus on 
protecting Ethernet connections between core switching/other devices that can't 
be migrated to fiber optic.

I was looking for surge protection devices for Ethernet but have never shopped 
for anything like this before. Was wondering if anyone has deployed a solution?
They don't have a large presence on site (I have been moving all of their core 
stuff to AWS) but they still have core networking / connectivity and PoE 
cameras / APs around the property.
Since migrating their onsite servers/infra to the cloud, now their connectivity 
is even more important.

This is a small site, maybe about 200 switch ports, but I would only need to 
protect maybe 12 core ones. but would be something I could use in the future 
with larger deployments.
it's just a 1Gbe network BTW.

Hope someone with more experience can help make hardware recommendations?

Thanks in advance.

- Javier

Re: Service Provider NetFlow Collectors

[Matthew Crocker]

 +1 Kentik as well,  DDoS, RTBH, Netflow.  Cloud based so I don't have to worry 
about it.

On 12/31/18, 11:37 AM, "NANOG on behalf of Bryan Holloway" 
 wrote:

+1 Kentik ...

We've been using their DDoS/RTBH mitigation with good success.


On 12/31/18 3:52 AM, Eric Lindsjö wrote:
> Hi,
> 
> We use kentik and we're very happy. Works great, tons of new features 
> coming along all the time. Going to start looking into ddos detection 
> and mitigation soon.
> 
> Would recommend.
> 
> Kind regards,
> Eric Lindsjö
> 
> 
> On 12/31/2018 04:29 AM, Erik Sundberg wrote:
>>
>> Hi Nanog….
>>
>> We are looking at replacing our Netflow collector. I am wonder what 
>> other service providers are using to collect netflow data off their 
>> Core and Edge Routers. Pros/Cons… What to watch out for any info would 
>> help.
>>
>> We are mainly looking to analyze the netflow data. Bonus if it does 
>> ddos detection and mitigation.
>>
>> We are looking at
>>
>> ManageEngine Netflow Analyzer
>>
>> PRTG
>>
>> Plixer – Scrutinizer
>>
>> PeakFlow
>>
>> Kentik
>>
>> Solarwinds NTA
>>
>> Thanks in advance…
>>
>> Erik
>>
>>
>> 
>>
>> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, 
>> files or previous e-mail messages attached to it may contain 
>> confidential information that is legally privileged. If you are not 
>> the intended recipient, or a person responsible for delivering it to 
>> the intended recipient, you are hereby notified that any disclosure, 
>> copying, distribution or use of any of the information contained in or 
>> attached to this transmission is STRICTLY PROHIBITED. If you have 
>> received this transmission in error please notify the sender 
>> immediately by replying to this e-mail. You must destroy the original 
>> transmission and its attachments without reading or saving in any 
>> manner. Thank you.
> 

Re: Extending network over a dry pair

[Matthew Crocker]

You can’t push a T1 through a load-coil which are normally placed every mile on 
copper.   Typically the telco would cut the load-coil out of the 2 T1 pairs and 
install a repeater to push the T1 the next mile.  That is with a traditional T1 
circuit.   Most T1s these days are 2 wire HDSL which has a max of about 12k 
feet.  So for 6 miles you’ll need 3 repeaters in the span *if* you have good 
copper.



From: NANOG  on behalf of Nick Bogle 
Date: Wednesday, December 12, 2018 at 10:00 PM
To: Dan Hollis 
Cc: "nanog@nanog.org" 
Subject: Re: Extending network over a dry pair

The driving distance is 4 miles, we are leasing it from CenturyLink whose 
headend maybe adds a mile or less, it's on the route and about half way 
through. I made it 6 miles to be safe. We currently can pull a full 1.5Mbps off 
of that T1 we run there so perhaps CenturyLink is repeating at their CO and/or 
along the route?


On Wed, Dec 12, 2018 at 6:32 PM Dan Hollis 
mailto:goe...@sasami.anime.net>> wrote:
I doubt he will get >1.5mbps with those over a 6 mile long connection.

I did a quick check and flowpoint 2200s seem to max out at 192kbps at 3
miles.

-Dan

On Wed, 12 Dec 2018, Tim Pozar wrote:

> For dry pairs, I have used Flowpoint SDSL modems (see attached).  I
> picked these up for a sawbuck.
>
> Tim
>
> On 12/12/18 5:00 PM, Dan Hollis wrote:
>> On Wed, 12 Dec 2018, Nick Bogle wrote:
>>> A quick question for you guys;
>>>
>>> If you had a single dry pair (pair of copper wires originally for phones)
>>> to a remote site that was around 6 miles away, what would you use? We
>>> currently are just extending a T1 line to this site, but 1.5Mbps isn't
>>> cutting it anymore. Unfortunately it's a research site on a federally
>>> protected wildlife preserve so we can't run any new infrastructure (fiber
>>> etc) and it isn't in a geographical place where point to point
>>> wireless is
>>> practical. We were thinking there is some sort of network extender that
>>> uses some form of DSL for higher bandwidth capacity.
>>>
>>> Any suggestions?
>>
>> If this is telco provided dry pair then the distance is probably longer
>> than 6 miles as the endpoints are probably tied together through a telco
>> CO.
>>
>> I have not heard of any equipment which will work over a 6 mile pair any
>> faster than you're getting with T1.
>>
>> You might consider setting up wireless repeaters to bridge where there
>> is no direct LOS. Look at what the hamwan guys have done.
>> http://hamwan.org/
>>
>> -Dan
>

Re: A few GPON questions...

[Matthew Crocker]

This,

Rip it out

Sorry this isn’t what you want to hear.3rd party optics *may* work but when 
they don’t Zhone support will not help you.

I recommend Zhone to my competitors.



From: NANOG  on behalf of Ben Cannon 
Date: Tuesday, December 11, 2018 at 11:33 AM
To: Nick Bogle 
Cc: "nanog@nanog.org" 
Subject: Re: A few GPON questions...

Rip it out and run 9/125 SMF fiber home runs. Use BiDi SFPs to re-use your 
existing (likely SMF thankfully) cable plant.  My opinion.
-Ben. AS15206

On Dec 6, 2018, at 7:18 PM, Nick Bogle mailto:n...@bogle.se>> 
wrote:
Hello fellow NANOG members :)

Let me start with a little bit of background, my day job is a Network Engineer 
for a local university where we have primarily a Cisco environment from phones 
to switching to routing, etc. Before my time, we hired a contractor to design a 
GPON LAN system for a new building as a cost saving measure (though I am not 
sure how successful that was).

Either way, the contractor is about to hand the system off to us, and we have 
gone through the training and such, and I feel confident in my ability to 
manage the system, but we have a few questions that the manufacturer of our 
equipment and our contractor didn't really want to answer. We are currently 
using a Dasan Zhone MXK-F1419 with several different downstream ONT models (all 
Zhone).

-We would like to consider use of 3rd party GPON B+ Optics on the linecards to 
add redundancy to the splitter (as the cost of 1st party are too high). Does 
anyone have experience with 3rd party vendors/compatibility/stability issues? 
We were told they theoretically should work and just throw a log event, but it 
hasn't been tested. If so, what vendors would you recommend? So far all we've 
really seen are Ubiquiti and Fiberstore optics.

-As GPON is a standard itself, I'm aware interoperability between OLT and ONT 
vendors is heavily limited.. Does anyone have any experience using say, Zhone 
ONT's with a different model OLT, or Zhone ONT's with a different model OLT? 
I've heard word that Zhone ONT's may be able to work with Nokia OLT's but it's 
technically not supported.

-We've already experienced some pretty big stability issues (have replaced 1 
line card 5 times..), our contractor is saying it's just because we were a 
pretty early adopter of this line and that they've fixed it and fixed internal 
policies to add additional QA and testing before shipping to customers. Does 
anyone have any experience with working with Zhone and their overall stability 
of components?

- Any other thoughts/gotchas/advice for deploying a GPON environment in a 
corporate LAN? (or about deploying a Zhone solution) It's pretty service 
provider oriented, and is incredible noticeable in the CLI.

Feel free to contact me offlist if you have any pertinent info that you don't 
want on the list.

Thanks,

Nick Bogle
n...@bogle.se

Re: Proving Gig Speed

[Matthew Crocker]

I'm on a Mac and launch 40 speedtests at the same time and monitor interface 
bandwidth

#!/bin/bash

for i in `./speedtest-cli --list | cut -f1 -d')' | head -n 40`; do 
./speedtest-cli --server $i & done


I've been able to saturate 10G links with this method

-Matt 
 
-- 
Matthew Crocker
Crocker Communications, Inc.
President

On 7/16/18, 1:59 PM, "NANOG on behalf of Chris Gross"  wrote:

I'm curious what people here have found as a good standard for providing 
solid speedtest results to customers. All our techs have Dell laptops of 
various models, but we always hit 100% CPU when doing a Ookla speedtest for a 
server we have on site. So then if you have a customer paying for 600M or 1000M 
symmetric, they get mad and demand you prove it's full speed. At that point we 
have to roll out different people with JDSU's to test and prove it's functional 
where a Ookla result would substitute fine if we didn't have crummy laptops 
possibly. Even though from what I can see on some google results, we exceed the 
standards several providers call for.

Most of these complaints come from the typical "power" internet user of 
course that never actually uses more than 50M sustained paying for a 
residential connection, so running a circuit test on each turn up is uncalled 
for.

Anyone have any suggestions of the requirements (CPU/RAM/etc) for a laptop 
that can actually do symmetric gig, a rugged small inexpensive device we can 
roll with instead to prove, or any other weird solution involving ritual 
sacrifice that isn't too offensive to the eyes?

BGP Communities

[Matthew Crocker]

Hello,

I’m just getting started setting up communities for my network.  Is there any 
standard convention for community numbering (*:666 for RTBH for example)?   
I’ve looked at some examples from other carriers and it looks like everyone 
does their own thing.

-Matt

--
Matthew Crocker
Crocker Communications, Inc.
President

Looking for colocation in NY or NJ

[Matthew Crocker]

Hello,

I’m looking to establish a POP in the area with the purpose of connecting to 
exchanges (DE-CIX, Equinix New York, NYIIX).  I’ll need access to Lightower or 
Level(3) for transport back to Springfield (1 Federal St), & Boston MA (1 
Summer St).

I’ll need a cabinet, 208v power, planning on a Juniper MX480 but my go with a 
couple MX204s

Initially I was looking at 111 8th.  I’m getting pricing from Equinix for NY2 
that will save $$ on space & power.   Is it really ‘all the same’ and I can get 
anywhere to anywhere in NY Metro?

Would I be handicapping myself by going across the river into NJ?

Thanks

-Matt

--
Matthew Crocker
Crocker Communications, Inc.
President

Questions on IPv6 deployment

[Matthew Crocker]

Hello,

I’m AS7849 and I have an IP problem.

I’m running IPv4 ( /16 legacy + /20) and have enough space to last me for  a 
while,  multi-homed, BGP4 full tables + peering, ect.
I have some new shiny Juniper MX480s (RE-S-2X00x6, 64MB RAM) in my core.

I want to start building my IPv6 infrastructure.

I have a /32 assigned from ARIN (2001:4918::/32)

I’m looking for some direction/reading list of how to properly configure IPv6.  
I’ve read to use a /64 for PtP interfaces and I’ve read use a /128 instead.
Assign all loopbacks from the same /64, use a different /64 for each loopback. 
Ect, ect.

I’m trying not to light a religious war but what is the current best practice 
for IPv6 deployment in a service provider network?

PS.  I’ll be at NANOG69 in DC next month,  1st NANOG for me after 22 years.  ☺

-Matt

--
Matthew Crocker
Crocker Communications, Inc.
President

Lightower (ASN:46887) RTBH community info

[Matthew Crocker]

Hello,

Does anyone know the RTBH community for Lightower?  I’ve tried 46887:666 but 
that doesn’t work.   I have a /32 I need to blackhole, Lightower is the last 
ISP and it doesn’t appear they support RTBH ☹

Thanks

-Matt

--
Matthew Crocker
President – Crocker Communications
matt...@corp.crocker.com<mailto:matt...@corp.crocker.com>

Re: optical gear cooling requirements

[Matthew Crocker]

 
 On Mar 4, 2015, at 4:54 PM, Nick Hilliard n...@foobar.org wrote:
 
 On 04/03/2015 21:33, Jay Hennigan wrote:
 We used Livingston Portmaster 3 back in the day. Front to back
 ventilation, ran cool as a cucumber, plug it in and it just worked.
 Awesome gear until Lucent bought the company to kill the product in
 favor of their Ascend TNT space heaters.
 
 Ascend kit was a horror to deal with.  I ran isdn dialin on some of their
 lower end kit at one stage.  It only worked because I put it on a power
 timer which power-cycled it twice a day.
 
 +1 on portmasters, though.
 

My ISP grew up on Livingston Postmaster 2e  3s.  I even had a Postmaster 4 for 
a bit.   Lucent swapped that out for an APX 8000.I still have an Ascend TNT 
running the remainder of my modem pool. 8 Active users on it at the moment.

Recently won a state contract for IP services.  The very first order was for a 
chunk of dialup accounts so the Department of Conservation and Recreation could 
call in from their firepowers.

It just keeps chugging away in a forgotten corner of my datacenter.

 Nick
 
 

Re: automatic / intelligent fiber optic patch panel (iow SDN @ layer 0)

[Matthew Crocker]

Are you looking for a robot to install your fiber jumpers between patch panels?

Something like: http://telescent.com/tswitch.php

--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com



 On Dec 9, 2014, at 6:51 PM, Arnold Nipper arn...@nipper.de wrote:
 
 Am 2014-12-10 00:36, schrieb Andrew Jones:
 
 http://www.laser2000.de/out/media/glimmerglass_system_100%281%29.pdf
 
 
 Thank you, Andrew ... while Glimmerglass is really an exciting and
 excdellent system, these devices are exactly those photonic cross
 connects I'm _not_ looking for :9
 
 On 10.12.2014 10:21, Arnold Nipper wrote:
 I'm looking for a modular, cost-effective automatic / intelligent fibre
 optic patch panel.
 
 I'm not looking at these photonic x-connects, but really for something
 which does the patching instead of a technician.
 
 
 
 Arnold
 -- 
 Arnold Nipper / nIPper consulting, Sandhausen, Germany
 email: arn...@nipper.de  phone: +49 6224 5593407 2
 mobile: +49 172 2650958  fax:   +49 6224 5593407 9
 

Help, need Verizon fiber outage phone number

[Matthew Crocker]

Does anyone have a phone number for Verizon-NE  (Massachusetts)?   

I have a fiber outage between two Verizon COs and their stupid VTAG system is 
worthless.  I can’t get a trouble ticket entered to save my life.

All of the numbers I have either go nowhere or get stuck in music on hold hell 
then disconnect.

Thanks

-Matt

--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com

Saying goodnight to my GSR

[Matthew Crocker]

Has been running for a while, time to shut ‘er down.   She (is a router a she?) 
used to handle all of my BGP GigE links but over the years has been demoted to 
OSPF and T1 aggregation.

If anyone needs a boat anchor let me know.

gsr8-1#show version 
Cisco Internetwork Operating System Software 
IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 30-Jun-05 18:29 by pwade
Image text-base: 0x50010E80, data-base: 0x536E8000

ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE 
SOFTWARE

 gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes
Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes
System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005
System image file is slot0:gsr-p-mz.120-30.S3.bin

cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory.
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
Last reset from power-on

2 Route Processor Cards
2 Clock Scheduler Cards
3 Switch Fabric Cards
2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet).
1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet).
1 Ethernet/IEEE 802.3 interface(s)
5 GigabitEthernet/IEEE 802.3 interface(s)
507K bytes of non-volatile configuration memory.

20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102



--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com

Re: ISP inbound failover without BGP

[Matthew Crocker]

Depends on the application,  

SIP, VPN, SMTP, etc just setup both IPs and let the end-user application figure 
it out (SIP-UA register to both IPs for example)

HTTP/HTTPS setup a proxy server in a colo that is multi-homed to frontend the 
requests. Then it can load balance traffic over both IPs.

DNS TTL ‘tricks’ are just that, they work ‘kinda’

Fatpipe?   Crazy expensive IMHO but I hear they work ok.

-Matt

--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com



On Mar 3, 2014, at 8:11 PM, Eric A Louie elo...@yahoo.com wrote:

 This may sound like dumb question, but... I'm used to asking those.
 
 Here's the scenario
 
 Another ISP, say ATT, is the primary ISP for a customer.
 
 Customer has publicly accessible servers in their office, using the ATT 
 address space.
 
 I am the customer's secondary ISP.
 
 Now, if ATT link fails, I can provide the customer outbound Internet access 
 fairly easily.  So they can surf and get to the Internet.
 
 What about the publicly accessible servers that have ATT addresses, though?
 
 One thought I had was having them use Dynamic DNS service.  
 
 Are there any other solutions, short of using BGP multihoming and having them 
 try to get their own ASN and IPv4 /24 block?
 
 
 It looks like a few router manufacturers have devices that might work, but it 
 looks like a short DNS TTL (or Dynamic DNS) needs to be set so when the 
 primary ISP fails, the secondary ISP address is advertised.
 

Re: carrier comparison

[Matthew Crocker]

IMHO  Cogent bandwidth is fine so long as it isn’t your only bandwidth.  Good, 
Cheap, Fast,  Pick any two.


--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com



On Feb 6, 2014, at 10:17 AM, Adam Greene maill...@webjogger.net wrote:

 Hi,
 
 
 
 We're a small ISP / datacenter with a Time Warner fiber-based DIA contract
 that is coming up for renewal. 
 
 
 
 We're getting much better pricing offers from Cogent, and are finding out
 what Level 3 can do for us as well. Both providers will use Time Warner
 fiber for last mile.
 
 
 
 My questions are:
 
 -  Will we be sacrificing quality if we spring for Cogent?
 (yesterday's Cogent/Verizon thread provided some cold chills for my spine)
 
 -  Is there a risk with contracting a carrier that utilizes another
 carrier (such as Time Warner) for the last mile? (i.e. if there is a
 downtime situation, are we going to be caught in a web of confusion and
 finger-pointing that delays problem resolution)?
 
 -  How are peoples' experiences with L3 vs TWC?
 
 
 
 Although I assume everyone on the list would be interested in what others
 have to say about these questions, out of respect for the carriers in
 question, I encourage you to email frank opinions off list. 
 
 
 
 Or if there are third party tools or resources you know that I could consult
 to deduce the answers to these questions myself, they are most welcome. 
 
 
 
 Thanks,
 
 Adam
 
 

Re: Fiber Bypass Switch

[Matthew Crocker]

Something like this?

http://www.alcon-tech.com/pdfs/Optical-Protection-Switch-FSXpert.pdf



--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com



On Jan 27, 2014, at 1:40 PM, Keyser, Philip pkey...@fibertech.com wrote:

 Does anyone have any recommendations for a fiber bypass switch? I am looking 
 for something capable of 10G that when there is a power hit will fail over to 
 route traffic out the network ports and away from that site's with the 
 customer handoff.
 
 Thanks,
 Phil Keyser
 
 

Re: Cogent Level 3 routing issue?

[Matthew Crocker]

Cogent found the problem today.  It took them 4 days to do a ‘show conf’ and 
see that an outbound access-list was applied to my interface by mistake during 
a ‘normal maintenance window at 8AM EST on Friday’

4 days of jumping through hoops to prove that the problem wasn’t on my network. 
  grumble.

-Matt

--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com



On Dec 7, 2013, at 7:58 PM, Matthew Crocker matt...@corp.crocker.com wrote:

 
 On Dec 7, 2013, at 3:40 PM, Jason Canady ja...@unlimitednet.us wrote:
 
 Unfortunately Cogent has a lot of peering issues.  We use them in our 
 network blend and we have been having lots of problems with traffic outbound 
 to Comcast.  It looks like from South Bend, Indiana on Cogent to Chicago / 
 Level 3 we are getting a very tiny amount of packet loss and a higher than 
 'normal' latency of 35ms+.
 
 Yeah, I know they are always my secondary, never my primary
 
 Where are you connected to Cogent at?  And what destination are you going to 
 on Level 3?
 
 
 Boston (300 Bent) but I think they haul it to 1 Summer St
 
 A bunch of sites fail but www.cnn.com is one that comes to mind.
 
 Best Regards,
 
 -- 
 
 Jason Canady
 Unlimited Net, LLC
 Responsive, Reliable, Secure
 
 www.unlimitednet.us
 ja...@unlimitednet.us
 twitter: @unlimitednet
 
 On 12/7/13 3:14 PM, Matthew Crocker wrote:
 Anyone seeing issues between Cogent  Level3 in NYC?
 
 I have Sprint  Cogent for bandwidth.   Everything has been humming along 
 for a couple years just fine.   Yesterday around 8:00AM my BGP session with 
 Cogent flapped.  Now, when my Cogent BGP is up I get 100% packet loss in 
 level3 land.  When Cogent BGP is down (i.e. I’m running solely on Sprint)  
 Everything is fine.
 
 I have an open ticket with Cogent.  They say they have a ‘capacity issue’ 
 with level3 that has been escalated to executive levels.
 
 With Sprint  Cogent BGP UP
 I see traceroutes showing traffic leaving me on Sprint but returning on 
 Cogent (and failing at level3).  I’m guessing it is the level3/cogent border
 
 With Sprint UP  Cogent Down
 I see trace routes showing traffic on to/from on Sprint just fine.
 
 
 Anyone else having issues?
 
 -Matt
 
 --
 Matthew S. Crocker
 President
 Crocker Communications, Inc.
 PO BOX 710
 Greenfield, MA 01302-0710
 
 E: matt...@crocker.com
 P: (413) 746-2760
 F: (413) 746-3704
 W: http://www.crocker.com
 
 
 
 
 
 
 
 

Cogent Level 3 routing issue?

[Matthew Crocker]

Anyone seeing issues between Cogent  Level3 in NYC?

I have Sprint  Cogent for bandwidth.   Everything has been humming along for a 
couple years just fine.   Yesterday around 8:00AM my BGP session with Cogent 
flapped.  Now, when my Cogent BGP is up I get 100% packet loss in level3 land.  
When Cogent BGP is down (i.e. I’m running solely on Sprint)  Everything is fine.

I have an open ticket with Cogent.  They say they have a ‘capacity issue’ with 
level3 that has been escalated to executive levels.

With Sprint  Cogent BGP UP
 I see traceroutes showing traffic leaving me on Sprint but returning on Cogent 
(and failing at level3).  I’m guessing it is the level3/cogent border

With Sprint UP  Cogent Down
 I see trace routes showing traffic on to/from on Sprint just fine.


Anyone else having issues?

-Matt

--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com

Re: Cogent Level 3 routing issue?

[Matthew Crocker]

On Dec 7, 2013, at 3:40 PM, Jason Canady ja...@unlimitednet.us wrote:

 Unfortunately Cogent has a lot of peering issues.  We use them in our network 
 blend and we have been having lots of problems with traffic outbound to 
 Comcast.  It looks like from South Bend, Indiana on Cogent to Chicago / Level 
 3 we are getting a very tiny amount of packet loss and a higher than 'normal' 
 latency of 35ms+.

Yeah, I know they are always my secondary, never my primary
 
 Where are you connected to Cogent at?  And what destination are you going to 
 on Level 3?
 

Boston (300 Bent) but I think they haul it to 1 Summer St

A bunch of sites fail but www.cnn.com is one that comes to mind.

 Best Regards,
 
 -- 
 
 Jason Canady
 Unlimited Net, LLC
 Responsive, Reliable, Secure
 
 www.unlimitednet.us
 ja...@unlimitednet.us
 twitter: @unlimitednet
 
 On 12/7/13 3:14 PM, Matthew Crocker wrote:
 Anyone seeing issues between Cogent  Level3 in NYC?
 
 I have Sprint  Cogent for bandwidth.   Everything has been humming along 
 for a couple years just fine.   Yesterday around 8:00AM my BGP session with 
 Cogent flapped.  Now, when my Cogent BGP is up I get 100% packet loss in 
 level3 land.  When Cogent BGP is down (i.e. I’m running solely on Sprint)  
 Everything is fine.
 
 I have an open ticket with Cogent.  They say they have a ‘capacity issue’ 
 with level3 that has been escalated to executive levels.
 
 With Sprint  Cogent BGP UP
  I see traceroutes showing traffic leaving me on Sprint but returning on 
 Cogent (and failing at level3).  I’m guessing it is the level3/cogent border
 
 With Sprint UP  Cogent Down
  I see trace routes showing traffic on to/from on Sprint just fine.
 
 
 Anyone else having issues?
 
 -Matt
 
 --
 Matthew S. Crocker
 President
 Crocker Communications, Inc.
 PO BOX 710
 Greenfield, MA 01302-0710
 
 E: matt...@crocker.com
 P: (413) 746-2760
 F: (413) 746-3704
 W: http://www.crocker.com
 
 
 
 
 
 
 

CALEA options for a small ISP/ITSP

[Matthew Crocker]

I have a CALEA appliance from BearHill that I 'rent'.  It has been in my 
network for years.  I'm looking for other alternative solutions for CALEA 
compliance with a small ISP.   It looks like OpenCalea is a dead project.
What is everyone else using?

My current solution is $1k/month and I rarely get subpoenas, I've never had a 
wiretap one.

My ISP network is a mix of Cisco and Juniper gear.   I have a couple GigE 
connections to my upstreams and push 300-400mbps through the network.

I would think that wireshark pcap files would be enough :(

Thanks

-Matt

--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matt...@crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com

Re: Power/temperature monitoring

[Matthew Crocker]

We used an Uptime Device and it didn't work out too well.  We switched  
to an AKCP SensorProbe8-60 http://www.akcp.com/company/sensorProbe8X60.htm 
 which has worked out better.


We need a lot of dry contacts to monitor our alarm relays (Cisco  
ONS15454, Taqua T7000, Liebert HVACs, Generator, Fire Suppression,  
etc, etc...)




On May 30, 2008, at 11:10 AM, Mike Tancsa wrote:


At 10:58 AM 5/30/2008, Frank Bulk wrote:


Required:
- temperature sensor
- 110 VAC power monitoring (on/off, not necessarily current)
- Ethernet interface (at least SNMP, Web GUI and


We have been using Uptime Devices.  Our units have room for 3  
sensors (we have 2 temp and one for humidity).  Web, SNMP, ethernet,  
external AC power blob. Its a fairly small form factor and it has  
been reliable for us over the years.  Alerts work as expected and  
havent had any false positives either over the years.


   ---Mike