Re: AT mobile intercepting TCP sockets?

[lists]

IME ATT has intercepted virtually everything on mobile (this is on a hotspot) -

If I curl a HTTP vs HTTPS site, I get a different IP on each (one is obviously 
a shared web proxy); if I download images, they won't match md5-wise with the 
original version, etc. I have trouble connecting to VPNs that aren't standard 
SSL VPNs. They appear to MITM all web traffic they can. Using third party DNS 
servers has questionable results.


On Mon, May 21, 2018, at 12:35 PM, Chris Adams wrote:
> I ran into an odd issue with access to a website I manage from AT
> mobile devices this weekend.  The website worked for everybody not on
> AT mobile, and AT mobile users could access other sites; the problem
> was just this combination.
> 
> Android and iOS phones, as well as a Linux system tethered to an Android
> phone, all had the same problem.  On the Linux system, I disabled IPv6
> in Firefox, and it could then connect.  Browsers got various "connection
> reset" type errors; on Linux, I could telnet to port 80 or 443, and it
> would connect and immediately close.
> 
> The site does have an IPv6 address, but I had missed getting the
> webserver to listen on IPv6 (my mistake).  Adding that looks to have
> solved the problem.
> 
> When I ran tcpdump on the server and had someone try to connect from
> their AT mobile iPhone, I saw three connection attempts a few tenths
> of a second apart (all refused by the server).
> 
> My question is this: is AT mobile intercepting the TCP socket (and
> not handling "connection refused" correctly)?  Is that a known thing?
> 
> -- 
> Chris Adams 

Re: Geolocation: IPv4 Subnet blocked by HULU, and others

[lists]

I could use a contact for all of these as well.  I have been trying to 
get my subnet unblocked with all of these providers and have reached out 
in many ways to all of them over the past few months, but never get a 
response.


Thank you,
Brett A Mansfield

On 2017-12-15 19:57, Mike Hammett wrote:

Bump for Hulu.




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

- Original Message -

From: "Michael Crapse" 
To: nanog@nanog.org
Sent: Wednesday, December 6, 2017 3:38:20 PM
Subject: Geolocation: IPv4 Subnet blocked by HULU, and others

I am a local WISP. And my customers have trouble reaching Hulu, Disney 
now,

and previously netflix and amazon prime(both resolved).
I have emailed, mailed, and called both HULU and Disney now to get my
196.53.96.0/22 subnet unblacklisted as a VPN provider(no longer so) 
from
their services. They have replied saying it takes 3-5 days to resolve 
the

issue, that was several weeks ago. Can i get contact from those two
services that can help my customers reach their services, thank you.


Thank you for the help.
-Michael

Re: Nominum NS2 Reach

[lists]

I found this, if it helps. Reuploaded to imgur, since not sure if nanog-list 
takes attachments.

https://i.imgur.com/waVW7zi.png

On Tue, Mar 6, 2018, at 9:51 AM, Rubens Kuhl wrote:
> Hi there.
> 
> I found the available product information on NS2 Reach (Nominum) to not
> dive into real product behavior like if it requires every HTTP traffic to
> be PBR to the box, or possible deployment scenarios without intercepting
> all HTTP traffic.
> 
> Anyone can shed a light on its workings, or point to a NetEng description
> of it ?
> 
> 
> Tks,
> Rubens

Re: Websurfing trouble to .gov and .il.us

[lists]

On Mon, Mar 12, 2018, at 10:44 AM, Sam Kretchmer wrote:
> IP's they use, specifically parts of 213.159.132/22. They can surf any 

This block appears to have shifted over from RIPE into ARIN space.

I've seen a few firewalls and filtering systems that block countries or block 
unallocated/weird/bogon ranges in broken ways (probably more so if it was an 
enterprise/government/finance situation). They could be locally terminating 
connections at the entry point or something in a browser, which might produce 
oddities like the loading/connecting/loading. 

Alternatively, I've also seen some crappy fw/transparent proxies have problems 
dealing with IPs that end in .0 and .255 and sometimes .254.

Re: IPv4 and IPv6 hijacking by AS 6

[lists]

Have you tried their IRR entries? Bull appears to redirect to Atos now 
(site-wise).

notify: ed.gie...@atos.net
notify: charlie.mol...@atos.net
changed:christophe.fra...@atos.net 20180117  #18:47:40Z

On Thu, Apr 12, 2018, at 9:34 AM, Matt Harris wrote:
> AS 6 is now announcing several IPv4 and IPv6 blocks of mine, and it looks
> like I'm not alone.  Does anyone have any contacts there, or know what
> might be going on?  The number of prefixes they're currently advertising is
> tremendous.  The phone numbers associated with AS6's RIR whois data are
> non-functional.  I've sent emails to their contacts listed in RIR whois
> (Mike Abbott and John Luke Mills), but with phone numbers being dead, I'm
> not optimistic.
> 
> If anyone is there who has any control over AS 6 or knows whom I can reach
> out to, please let me know.
> 
> Thanks,
> Matt

Questions for Level3 & Choopa about their Enabling of IP Hijacking (RPKI Invalid)

[lists]

Is there anyone on this list at Level3 or Choopa who can respond to why:
1. Level3/Centurylink/Lumen: How come RPKI invalid prefixes were allowed 
to be announced and considered valid?
2. Level3/Centurylink/Lumen: Is there any actual NOC hidden behind the 
numbers where someone can reasonably be of assistance? Why are your SOC, 
Support and DDoS team saying you can't blackhole a hijacked prefix 
because of "GOVERNMENT regulations"?
3. CHOOPA: Why does your Vultr brand allow anyone who can successfully 
insert an IRR record (eg, in RaDB) to be imported (even when RPKI is 
invalid) and permit hijacking?
4. CHOOPA: Why does your Network Team need 3 days to check an RPKI valid 
or invalid? It is not rocket science.


Please feel free to contact me off the list with these answers. If you 
are interested in the long story of the whole ordeal of being hijacked 
for 3 days, it is below.


IP hijacking ordeal we went through:

We are extremely disappointed with Choopa/Vultr and Level3. On
2020-12-07 at exactly 23:48:10, we notified Choopa and Vultr via email,
ticket and contact form that one of our IPv4 prefixes was being hijacked
by one of their customers. Our prefixes are RPKI signed, and the ASN
announcing the prefix was not in the RPKI sign.

We continued to follow up on the request, and sent more requests in to
Vultr/Choopa's system. When we phoned Choopa, we were told by the
individual on the phone that they see the ticket, and they'll bump it up
on the network engineering ticket list.

Frustrated after three days of an ongoing hijack, and consistently no
assistance from Vultr or it's parent Choopa, we reached out to the only
Tier-1 Choopa has in London that was NOT filtering according to RPKI,
Level3.

We sent an email to the n...@level3carrier.com, which was listed as a
point of contact on the ASN & PeeringDB pages. The email had no
response. We then called the number (1-833-453-8353), and spoke to
Technical Support, who transferred us the first time to the SOC, the
second time to their DDoS department.

The person who responded in the SOC said that they can filter it "very
fast" if we validate ownership of the prefix (despite being RPKI
signed). So we complied, we were told to email
"ab...@centurylinkservices.net" with a message saying the prefix is
being hijacked, the ASN of the hijacker and the direct upstream
(Vultr/Choopa). We sent that email, he said we "should get" an automatic
reply (none arrived, confirmed with mx it was delivered). We waited half
an hour, which they agreed was a "reasonable time" to wait for it to be
filtered.

After half an hour, we followed up, and this time landed on the DDoS
department (I have no clue how they thought this through). At the DDoS
department, they said that they can't help, and I should "keep emailing"
ab...@centurylinkservices.net. He offered a phone number for me to call
as a "direct line to abuse", upon hanging up and dialing, I got to the
generic prompts for *customer services*. They were no help either.

Fast forward four hours, we have no point of contact at Level3 or
Choopa, we have had no communication from either. We finally get a
message from Choopa, reading:

"Greetings,

This ticket has been forwarded to our networking team so they can
examine your situation, check the infrastructure configuration, and
apply any relevant changes. Please allow for significant additional time
while we review this ticket."

"Significant additional time" to check an RPKI valid? That seems
incredibly odd. Fast forward to another hour, we receive the next of
Choopa messages, this time saying: "Thanks for the update on this. We
have validated the removal request and have removed the prefix from our
network. Please allow additional time for this to update to the
providers.".

We finally thought we were in the clear. Almost two hours go by, and the
prefix is still not filtered what-so-ever. We follow up once more, and
are told "We have removed the prefix and is not announced by Vultr
anymore. Please allow 24 to 48 hours for the internet providers to
update their routing database."

Finally, an hour later, nlnog & other lg's are seeing Level3 no longer
announcing the prefix.

What we found out in the process is Vultr ignores RPKI invalid (despite
having a table on their system which shows RPKI Invalid/Invalid ASN), as
long as at one point in time an IRR record existed (or, is created).
Once Vultr gets their hands on it, they make the IRR records at RaDB,
and keep updating them even when they're not valid.

With the run around of Level3, and Choopa/Vultr, they're practically
inviting IP hijackers to play. Insanity!

Verizon MPLS service in Anchorage

[lists lists]

Hello,

I've got a bunch of sites connected to the Verizon Private IP MPLS service,
and recently brought online a location in Anchorage connected to the
brand-new PE node in the same city.

I'm seeing that packets marked as DSCP EF are given fantastic treatment (low
jitter, no packet loss), but other packets, including AF41, AF31, and BE are
given what appears to be the junk bucket treatment.

I'm having a difficult time getting anyone to acknowledge this problem, but
it's causing interactive applications to be unusable for times of the day.

Can anyone point me in a good direction?

thanks.

Re: Verizon MPLS service in Anchorage

[lists lists]

On Thu, Feb 24, 2011 at 10:01 AM, Brandon Ross br...@pobox.com wrote:

 On Thu, 24 Feb 2011, lists lists wrote:

  I'm seeing that packets marked as DSCP EF are given fantastic treatment
 (low
 jitter, no packet loss), but other packets, including AF41, AF31, and BE
 are
 given what appears to be the junk bucket treatment.


 Hah, just a few days ago I spoke with an engineer at VZ that tried to
 claim that each of the treatments were different, but that they only charged
 extra for EF.  I asked why I shouldn't just put all my traffic in the
 highest free treatment and beat out all the other customers for the best
 treatment for mine.  He told me that most of his customers weren't trying
 to get their traffic through at the expense of other customers.

 Anyway, despite what their engineers say, only EF is actually treated on
 the VZ network better than BE, the rest are just to prioritize traffic at
 your own egress port.

 --
 Brandon Ross  AIM:
  BrandonNRoss
   ICQ:  2269442
   Skype:  brandonross  Yahoo:  BrandonNRoss



Brandon,

VZ does or can apply a PE-egress profile that handles traffic differently
based on DSCP marking.  Your account team should be able to provide this to
you.

As far as unique treatment within their P network, it sure looks to me that
the higher AF classes do get better treatment.

My problem is that non-EF is handled terribly, and it's causing a big
problem with interactive traffic.  Voice is fine.

thanks.

Re: OpenFlow

[tammy-lists]

We all would love too but dumba$$ keeps getting new domains  email addresses.  
I think he ate lead paint as a kid or something. He is absolutly 190% insane
Mods:: please show gilliam the door :)
Sent from my Verizon Wireless BlackBerry

-Original Message-
From: Jeroen Massar jer...@unfix.org
Date: Fri, 24 Sep 2010 23:45:59 
To: Matlock, Kenneth Lmatlo...@exempla.org
Cc: nanog@nanog.org
Subject: Re: OpenFlow

On 2010-09-24 23:41, Matlock, Kenneth L wrote:
 Which is fine and all (being that it's on-topic). My main beef is that a
 certain person can't take a hint. Using an 'anonymous' re-mailer to try
 and get people to read nothing more than copy/paste, and then 5 billion
 'references' (most of which use asinine 'docs.google.com' references
 instead of the actual document) strikes me as unprofessional at the
 least, if not infantile.

 I'd have thought he'd have learned the last 50 times he got smacked down
 for this. But of course, I'm just an ignorant American! :)

If you where less ignorant and more ignoring then nobody else would
notice it due to their killfiles...

aka 'be quiet and the trolls won't have any fun'. The mods are doing
quite a fine job already from what I heard, they can't always be on
guard though, sometimes they drink a bit too much whiskey ;)

Greets,
 Jeroen

Re: Pointer for documentation on actually delivering IPv6

[MarcoH - lists]

On 5 dec 2010, at 23:19, Miquel van Smoorenburg wrote:

 In article 
 xs4all.aanlktikm-=0xt8kjv0_0gbc7fzxofobn+fh8oil6v...@mail.gmail.com you 
 write:
 If there is an inexpensive CPE with an implementation of DHCPv6 PD
 that works without issues,
 I would love to hear about  who makes it, and what the device is...
 
 AVM Fritzbox 7270/7340/7390
 Draytek Vigor 2130/2750
 
 Those are the ones I tested, there are lots more, but according to
 http://www.getipv6.info/index.php/Broadband_CPE:
 To date, there is not one complete implementation of IPv6 on a
 residential consumer-grade xDSL modem available in North America.

Another list of pointers can be found at 
http://labs.ripe.net/Members/mirjam/ipv6-cpe-surveys/.

Feedback on how these boxes do in a real environment are welcome as thers is 
still a lot of beta, unfinished implementations, bugs and vapourware around 
these days.

Marco

Re: why haven't ethernet connectors changed?

[tech-lists]

On 2012-12-20 12:20, Michael Thomas wrote:
I was looking at a Raspberry Pi board and was struck with how large 
the ethernet
connector is in comparison to the board as a whole. It strikes me: 
ethernet
connectors haven't changed that I'm aware in pretty much 25 years. 
Every other
cable has changed several times in that time frame. I imaging that if 
anybody
cared, ethernet cables could be many times smaller. Looking at wiring 
closets,

etc, it seems like it might be a big win for density too.

So why, oh why, nanog the omniscient do we still use rj45's?

Mike



The primary reason that pops to mind is backwards compatibility...   
Ubiquitous availablity of the
parts for RJ45 connectors (end connectors, wall plates, panels, etc.) 
also means that it is more
economical to continue using the well established connector.   A new 
connector would
drive up costs initially, whereas continuing to use RJ45 is cheap and 
already works.


Jay

Anyone can suggest a good and reliable VPS provider in India ?

[fc lists]

Hi ...

This is my last resort. Apologies if this have been discussed before or if
is totally OT ... but i figured i could find some useful help here.

I need to find a good VPS provider in India where to setup a small set of
machines in a Virtual Internal Private network (L2TPD/IPSEC) and an
extenrnal VPN to other sites with (IPinIP tunnels and IPSEC)

after doing research on internet i decided to try out CTRLs (
http://www.ctrls.com/) that looked the best in terms of ... everything.
What looks the best is not always the best as it turns out ...

I had all possible problems with them on any layer you can imagine ... from
having a server deployed on XEN that would be moved to OPENVZ on rebuild
(Bad but not the worst) ... to horrible packet loss to half of the world
that basically made them unusable for anything serious.

The only requirements i have is that the VPS should be close enough to
MUMBAI (don't have an ISP there yet so can't really say close to what )
and that their are reliable from a network point of view.

Does anyone have any GOOD experience with VPS in india to share with me ?

Thanks in advance for your help
Francesco

Re: New IPv6 survey released on labs.ripe.net

[MarcoH - lists]

 Can we get mobile devices added to this? Mobile consumes a large amount of 
 address space and is especially well suited for ipv6-only operations.

I would rather make it a separate study. Integrating this with CPE might become 
messy and it would make the survey really long and complicated. Of course 
anything is possible. We encourage people to contribute on RIPE Labs with ideas 
and experiments. 

I think the first thing to do is to start a thread either here or on 
labs.ripe.net about what people would like to see from a survey on mobile 
devices. The CPE survey started of as a result of some work I did for my 
employer at the time. After a round of vendor selecting I was sitting on a pile 
of data and decided to publish it. Now I know my way around mobile a bit, but I 
am not an expert. So guidance on what is relevant and what not or help from 
somebody who knows more about mobile is more than welcome should we decide to 
push this forward.

 Unfortunately, the results would be painfully narrow.  Now that Nokia no 
 longer supports ipv6, there is no going forward ipv6 support on any mobile 
 device (htc did something special for thunderbolt, it's not an android 3g 
 feature )
 
 It's a very sad state of affairs.

From what I know and seen so far this is indeed the sad situation we are in. At 
this stage I don't think publishing a survey towards end users would make the 
difference. But I am more than happy to find myself wrong on this one :)

Grtx,

MarcoH

-- 
Good tests kill flawed theories; we remain alive to guess again

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[Ryan - Lists]

I don't think he was saying that at all. Just stating that from a pure numbers 
standpoint 50k/140mil is a small percentage.

OTOH, I agree to your point - Network Solutions definitely downplayed this in 
their release. Curiously so.

Sent from my iPhone

On Jun 20, 2013, at 5:42 PM, RijilV rij...@riji.lv wrote:

 On 20 June 2013 14:28, valdis.kletni...@vt.edu wrote:
 
 On Thu, 20 Jun 2013 14:08:18 -0700, Jeff Shultz said:
 
 small number of Network Solutions customers
 
 They must be staffed with physicists, astronomers, or economists I
 don't know anyone else that would consider nearly fifty thousand (from
 a previous post by Phil Fagan) to be a small number.
 
 It's relatively small when you consider there's something like 140M .com's
 So it's okay to screw over nearly fifty thousand customer domains because
 there are 140M .com's?  When talking about inadvertently effecting that
 many folks I don't think it is appropriate to trivialize the customer
 impact by calling it small when you're talking about a handful of large
 websites that aren't somehow magically shared over those 140M .coms.  Also
 it is untrue to limit it to only the websites given how many other things
 folks are likely to be using DNS for...
 
 .r'

Re: PDU recommendations

[Ryan - Lists]

Does anyone on list have experience with the APC AP7920 switched rack PDU, or 
any of the horizontal rack mountables with management? We're looking at these 
for our remote sites.

Sent from my iPhone

On Jun 24, 2013, at 6:10 AM, Måns Nilsson mansa...@besserwisser.org wrote:

 Subject: Re: PDU recommendations Date: Sun, Jun 23, 2013 at 09:32:00PM -0400 
 Quoting shawn wilson (ag4ve...@gmail.com):
 So, that's not a very good endorsement :)
 
 Idk why you'd use a fuse in a PDU.
 
 MCB units age.  Especially with vibration.  A 10A MCB becomes a 9A MCB after 
 some miles. 
 
 Fuses don't. 
 
 MCB units are good at protecting people since they trip quickly and 
 aggressively. 
 
 Fuses tend to linger before blowing, and thus are comparatively bad at 
 protecting
 people (longer shock) but better at protecting infrastructure (surge
 and switch-on-transient resistance).
 
 -- 
 Måns Nilsson primary/secondary/besserwisser/machina
 MN-1334-RIPE +46 705 989668
 There's a little picture of ED MCMAHON doing BAD THINGS to JOAN RIVERS
 in a $200,000 MALIBU BEACH HOUSE!!

Re: PDU recommendations

[Ryan - Lists]

Oh, absolutely. These would be secured on a separate, private network with very 
specific access controls.

These remote sites are more branch than data center. Looking at a very 
limited amount of equipment (1-2 open telco racks/site).

Sent from my iPhone

On Jun 24, 2013, at 3:01 PM, Alain Hebert aheb...@pubnix.net wrote:

Hi,
 
Yes.
 
They are good.
 
Nothing I would deploy in a large data center but for a few racks
 they are perfect.
 
Beware that they are not built to be connected straight to the
 internet =D.
 
The management module can reset depending on packet payload and
 overall traffic.  They should always be behind some sort of firewall
 with rules limiting its access.
 
PS: Ours are a few years old, I'm sure APC added some sort of
 security since then, you may want to look 'em up.
 
Happy 24th to all.
 
 -
 Alain Hebertaheb...@pubnix.net   
 PubNIX Inc.
 50 boul. St-Charles
 P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
 Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443
 
 On 06/24/13 14:41, Ryan - Lists wrote:
 Does anyone on list have experience with the APC AP7920 switched rack PDU, 
 or any of the horizontal rack mountables with management? We're looking at 
 these for our remote sites.
 
 Sent from my iPhone
 
 On Jun 24, 2013, at 6:10 AM, Måns Nilsson mansa...@besserwisser.org wrote:
 
 Subject: Re: PDU recommendations Date: Sun, Jun 23, 2013 at 09:32:00PM 
 -0400 Quoting shawn wilson (ag4ve...@gmail.com):
 So, that's not a very good endorsement :)
 
 Idk why you'd use a fuse in a PDU.
 MCB units age.  Especially with vibration.  A 10A MCB becomes a 9A MCB 
 after some miles. 
 
 Fuses don't. 
 
 MCB units are good at protecting people since they trip quickly and 
 aggressively. 
 
 Fuses tend to linger before blowing, and thus are comparatively bad at 
 protecting
 people (longer shock) but better at protecting infrastructure (surge
 and switch-on-transient resistance).
 
 -- 
 Måns Nilsson primary/secondary/besserwisser/machina
 MN-1334-RIPE +46 705 989668
 There's a little picture of ED MCMAHON doing BAD THINGS to JOAN RIVERS
 in a $200,000 MALIBU BEACH HOUSE!!
 
 

Re: small automatic transfer switches

[Velocity Lists]

If you are not looking for "monitoring" of it.
A DPDT 120v 10amp Relay with three power cords cut and attached will make
an ATS for under $30.


Velocity Online
850-205-4638

On Wed, Jan 27, 2016 at 4:16 PM, William Herrin  wrote:

> On Wed, Jan 27, 2016 at 3:29 PM, Chuck Anderson  wrote:
> > Does anyone have any recommendations for a small, cheap, reliable ATS?
>
> The APC SU042 series sell for dirt on ebay.
>
> -Bill
>
>
> --
> William Herrin  her...@dirtside.com  b...@herrin.us
> Owner, Dirtside Systems . Web: 
>

Re: Standard terminology for a dark fiber path?

[Velocity Lists]

+1 on span along with fiber count designation.
On Feb 25, 2016 8:52 PM, "Dave Cohen"  wrote:

> FWIW, at my $dayjob (a fiber-based service provider), the accepted term is
> "span", which accounts for any continuous segment between add/drop and/or
> regen locations (i.e. no provider or end user electronics in the middle,
> only at the endpoints). The most common alternate I come across is
> "segment".
>
> Re a couple of earlier suggestions - A patch between cables to provide
> continuity, as compared to a fusion splice, doesn't inherently change this
> view, as it has no bearing on the logical use of the span. Similarly,
> "strand" isn't favored as it assumes a single fiber only, where the vast
> majority of applications require a pair (or multiple pairs), so doesn't
> accurately reflect the logical use of the span. I think "1F Span" is the
> favored reference for a single-fiber deployment, for the sake of both
> consistency and clarity.
>
> On Thu, Feb 25, 2016 at 6:27 PM, Michael Loftis  wrote:
>
> > IDK what elsewhere uses but strand or (less common) span is the common
> > term I've seen specifically for a passive piece of glass between two
> > points.
> >
> > On Wed, Feb 24, 2016 at 12:55 PM, Fletcher Kittredge 
> > wrote:
> > > What is the standard terminology for strands of dark fiber spliced
> > together
> > > to form a continuous path between points A and Z?
> > >
> > > I have seen:
> > >
> > >- *fiber circuit* [but also seen used to denote a connection at the
> > >network layer over a physical fiber connection. This definition of
> > circuit
> > >would include the dark fiber path, the transmitters and receivers
> and
> > logic
> > >making up the data and network layers.]
> > >- *fiber loop *[ Does a loop define an electrical circuit with two
> > >physically separate positive and negative strands? In that case, is
> > this a
> > >Bellhead remnant? ]
> > >
> > > I am particularly interested in last mile systems, but I don't see any
> > > reason that the term wouldn't be the same in the middle mile.
> > >
> > > thanks,
> > > Fletcher
> > >
> > > --
> > > Fletcher Kittredge
> > > GWI
> > > 8 Pomerleau Street
> > > Biddeford, ME 04005-9457
> > > 207-602-1134
> >
> >
> >
> > --
> >
> > "Genius might be described as a supreme capacity for getting its
> possessors
> > into trouble of all kinds."
> > -- Samuel Butler
> >
>
>
>
> --
> - Dave Cohen
> eM: craetd...@gmail.com
> AIM: dCo says
>

PlayStation Network blocking an IP

[Velocity Lists]

Can someone form Sony's Playstation network give me call or contact me
offlist.

One of our apartment complexes has been reporting errors of PS4s not
working for a few days then they start working again.

PSN Support is telling the users to call us.
We have diagnosed it and PSN is blocking the IP of the complex and it has
nothing to do with us.


Velocity Online
Rodger Lewis rcle...@velocityonline.net
850-205-4638 x201

XO routing issue?

[Velocity Lists]

I am looking for an XO contact,
I appear to be having a routing issue with my traffic going through their
network.


Velocity Online
850-205-4638

Re: Excessive Netflix DNS Traffic?

[Velocity Lists]

Did (Netflix) find an issue?

Velocity Online
850-205-4638

On Mon, Oct 17, 2016 at 12:05 PM, Dave Temkin <d...@temk.in> wrote:

> We (Netflix) are investigating this now.
>
> -Dave
>
>
>
>
>
> On Sat, Oct 15, 2016 at 12:44 PM -0500, "Velocity Lists" <
> voli...@staff.velocityonline.net> wrote:
>
> We have seen it as well.
>> In our cases it is all TCP DNS traffic as well.
>>
>> Velocity Online850-205-4638
>>
>> On Fri, Oct 14, 2016 at 11:43 AM, Eamon Bauman
>> wrote:
>>
>> > We're rate limiting it now, but it's definitely bad behavior. When I open
>> > the flood gates, over a 5-min sample from a single host I received well
>> > over 61,000 queries.
>> > The size of the records being requested cause this to be an (unintended)
>> > amplification attack, as a 30Mbps inbound sum is getting amplified to
>> > 150-200Mbps outbound.
>> >
>> > On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds
>> > wrote:
>> >
>> > > Same here :)
>> > >
>> > > On Oct 13, 2016 1:09 PM, "Ryan, Spencer"  wrote:
>> > >
>> > >> I was going to point you to the reddit thread about it, but it looks to
>> > >> be your thread :)
>> > >>
>> > >>
>> > >> Spencer Ryan | Senior Systems Administrator | sr...@arbor.net >> 
>> > >> sr...@arbor.net>
>> > >> Arbor Networks
>> > >> +1.734.794.5033 (d) | +1.734.846.2053 (m)
>> > >> www.arbornetworks.com
>> > >>
>> > >>
>> > >> 
>> > >> From: NANOG  on behalf of Eamon Bauman <
>> > >> ea...@eamonbauman.com>
>> > >> Sent: Thursday, October 13, 2016 10:26:57 AM
>> > >> To: nanog@nanog.org
>> > >> Subject: Excessive Netflix DNS Traffic?
>> > >>
>> > >> Hi all,
>> > >>
>> > >> Is anyone seeing excessive DNS traffic from game consoles (Xbox One,
>> > PS4)
>> > >> running Netflix? Starting 9/29 we have been seeing significant volume of
>> > >> DNS traffic from game consoles on our campus to our caching recursive
>> > >> boxes. Logs show repeated requests for api-global.netflix.com and
>> > >> nrdp.nccp.netflix.com.
>> > >>
>> > >> Anyone else experiencing this?
>> > >>
>> > >> Eamon
>> > >>
>> > >
>> >
>>
>>

Re: Excessive Netflix DNS Traffic?

[Velocity Lists]

We have seen it as well.
In our cases it is all TCP DNS traffic as well.

Velocity Online
850-205-4638

On Fri, Oct 14, 2016 at 11:43 AM, Eamon Bauman 
wrote:

> We're rate limiting it now, but it's definitely bad behavior. When I open
> the flood gates, over a 5-min sample from a single host I received well
> over 61,000 queries.
> The size of the records being requested cause this to be an (unintended)
> amplification attack, as a 30Mbps inbound sum is getting amplified to
> 150-200Mbps outbound.
>
> On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds 
> wrote:
>
> > Same here :)
> >
> > On Oct 13, 2016 1:09 PM, "Ryan, Spencer"  wrote:
> >
> >> I was going to point you to the reddit thread about it, but it looks to
> >> be your thread :)
> >>
> >>
> >> Spencer Ryan | Senior Systems Administrator | sr...@arbor.net >> sr...@arbor.net>
> >> Arbor Networks
> >> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> >> www.arbornetworks.com
> >>
> >>
> >> 
> >> From: NANOG  on behalf of Eamon Bauman <
> >> ea...@eamonbauman.com>
> >> Sent: Thursday, October 13, 2016 10:26:57 AM
> >> To: nanog@nanog.org
> >> Subject: Excessive Netflix DNS Traffic?
> >>
> >> Hi all,
> >>
> >> Is anyone seeing excessive DNS traffic from game consoles (Xbox One,
> PS4)
> >> running Netflix? Starting 9/29 we have been seeing significant volume of
> >> DNS traffic from game consoles on our campus to our caching recursive
> >> boxes. Logs show repeated requests for api-global.netflix.com and
> >> nrdp.nccp.netflix.com.
> >>
> >> Anyone else experiencing this?
> >>
> >> Eamon
> >>
> >
>

Re: Waste will kill ipv6 too

[ops . lists]

A very familiar pattern. Pretty soon, our children will be 
going to intergalactic governance fora debating v6 exhaustion and dusting off 
Jim Fleming’s ipv9
-srs



—srs





On Thu, Dec 21, 2017 at 8:48 PM +0530, "Jason Iannone" 
 wrote:










M plays into this too.  By my calculations, CenturyLink controls at
least 17 million /48s.  How many sites does CenturyLink provide
service to?  I'm gonna go out on a limb and say it's not 17 million.


3 acquisitions rolled up into AS209:

as3549
2605:a300::/32
2001:450::/32

as4323
2604:6680::/32
2602:ff99::/36
2620:12e:6000::/40
2620:10e:8000::/40
2620:124:8000::/44
2001:506:8::/48
2620:75::/48
2620:f:4000::/48
2620:3b:4000::/48
2620:c5:4000::/48

as3356
2607:6e00::/32
2606:8a00::/32
2604:3a00::/32
2605:1280::/32
2605:4680::/32
2605:c680::/32
2604:24c0::/32
2602:ffeb::/36
2602:ffe1::/36
2620:109::/40
2620:123:d000::/40
2620:12d:c000::/44
2620:42:4000::/48
2620:87:4000::/48
2620:8d:c000::/48
2620:ba:c000::/48
2620:f8:c000::/48
2604:5200:1007::/48
2620:6:e000::/48

as209
2602::/24
2606:5000::/32
2605:c680::/32
2602:ff5f::/36
2620:123:3000::/40
2620:12e:6000::/40
2620:9c:4000::/44
2620:122:4000::/44
2620:123:b000::/44
2001:428:902::/48
2001:428:7001::/48
2001:428:7004::/48
2001:428:4004::/48
2001:428:3000::/48
2001:428:2403::/48
2001:428:7005::/48
2001:428:939::/48
2001:428:6803::/48
2001:428:5003::/48
2001:428:e203::/48
2001:428:3804::/48
2620:0:2280::/48
2620:0:2b20::/48
2001:428:4c04::/48
2001:428:4c05::/48
2001:428:5004::/48
2001:428:1403::/48
2001:428:1404::/48
2001:428:6804::/48
2001:428:2502::/48
2001:428:2501::/48
2001:428:200c::/48
2001:428:480a::/48
2620:d9:8000::/48
2001:428:5804::/48
2001:428:2406::/48
2001:428:1804::/48
2001:428:2405::/48
2001:428:2408::/48
2001:428:1c03::/48
2001:428:6403::/48
2001:428:1803::/48
2001:428:7009::/48
2001:428:5806::/48
2620:42:4000::/48
2001:428:1405::/48
2001:428:3c03::/48
2001:428:e204::/48
2001:428:e205::/48
2001:428:1806::/48
2001:428:6805::/48
2001:428:1808::/48
2001:428:1809::/48
2001:428:a403::/48
2001:428:4407::/48
2001:428:3807::/48
2001:428:c0c::/48
2001:428:4003::/48
2001:428:4803::/48
2001:428:1003::/48
2001:428:3808::/48
2001:428:30::/48
2620:ac:c000::/48
2001:428:700c::/48
2001:428:5803::/48
2001:428:380b::/48
2001:428:380c::/48
2001:428:380d::/48
2001:428:4403::/48
2001:428:aa03::/48
2001:428:4404::/48
2001:428:2407::/48
2001:428:240b::/48
2001:428:4c09::/48
2001:428:700a::/48
2001:428:c08::/48
2001:428:2004::/48
2001:428:2404::/48
2001:428:7007::/48
2001:428:7405::/48
2001:428:c0b::/48
2001:428:4406::/48
2001:428:c05::/48
2001:428:c06::/48
2001:428:3805::/48
2001:428:4c07::/48
2001:428:2003::/48
2001:428:2005::/48
2001:428:6404::/48
2001:428:7404::/48
2001:428:240a::/48
2001:428:4405::/48
2001:428:4c08::/48
2001:428:2002::/48
2001:428:c09::/48
2001:428:240e::/48
2001:428:4408::/48
2001:428:380e::/48
2001:428:4005::/48
2001:428:4409::/48
2001:428:a404::/48
2001:428:1004::/48
2001:428:8c03::/48
2001:428:9e03::/48
2001:428:3810::/48
2001:428:700d::/48
2001:428:2006::/48
2001:428:6405::/48
2001:428:a405::/48
2001:428:8c04::/48
2001:428:5805::/48
2620:74:c040::/48
2620:6:e000::/48
2001:428:1805::/48
2001:428:b003::/48
2001:428:3c04::/48
2001:428:6400::/48
2001:428:8c00::/48
2001:428:9e00::/48
2001:428:1c00::/48
2001:428:7006::/48
2001:428:4c00::/48
2001:428:2400::/48
2001:428:7008::/48

source: source:
http://irrexplorer.nlnog.net/static/dumps/arin-whois-originas.json.bz2

Jason

On Wed, Dec 20, 2017 at 8:47 PM, Mark Andrews  wrote:
> The RIR’s assignment to ISPs assume relatively dense assignment of /48 to 
> customers.  ISPs still have to justify the allocation based on the number of 
> customers sites for shorter than a /32.  RIR assignments to non ISPs are also 
> relatively dense.  If you have multiple sites you don’t need contiguous 
> addresses.
>
> Automatic assignment in homenet does dense assignment.
>
>> On 21 Dec 2017, at 12:27 pm, William Herrin  wrote:
>>
>> On Wed, Dec 20, 2017 at 4:57 PM, Mark Andrews  wrote:
>> Handing out /48’s to homes was never ever going to cause us to run out of 
>> IPv6 space.  Even if the homes are are connected to multiple providers there 
>> isn’t a issue.
>>
>> Hi Mark,
>>
>> No single assignment practice would. Sadly no IPv6 addresses reach your 
>> computer directly from IANA. Multiple layers of assignment practices are 
>> happen along the way, each with
>> it's own cumulative consumption. Most of those layers were designed with the 
>> independent assumption that "we have so many IPv6 addresses, let's just not 
>> worry about how many bits are consumed at this step." With a cumulative 
>> effect on the consumption of IPv6 space.
>>
>> Regards,
>> Bill Herrin
>>
>>
>>
>> --
>> William Herrin  her...@dirtside.com  b...@herrin.us
>> Dirtside Systems . Web: 
>
> --
> Mark Andrews, ISC
> 1 

Hulu Contact

[rob-lists]

Can someone from Hulu reach out to me? 

We are getting several customers complaining about receiving proxy/vpn
errors from one of our subnets.

Thanks!
Robert Haas
BPS Networks
573-293-2638

Re: OT: Re: Younger generations preferring social media(esque) interactions.

[Sec Lists]

Hi,

On 23.03.2021 14:49, Mark Tinka wrote:

[...]
Keeping it simple so you can reach your result faster and most 
efficiently is often understood more by the kids than us geezers. 
While we are fighting about whether Discourse or Mailman are 
appropriate, the kids have probably dumped both and found something 
that gets them to the promised land 5 seconds after they install the 
app.


...only to end up with yet another account at yet another data mining 
(future) monopolist butchering standards... I'm all for moving with 
the flow and embrace new things as long as it's based on open 
standards, open protocols, does not lock people in to a specific 
platform, etc., is decentralised and federated and gives users the 
choice (e.g. choice of MUA / MTA, or XMPP client, etc.). The trend 
to force everything to web-based or only THAT particular app is a 
fundamental step backwards towards significant less of choice on 
the internet.


To just give in (or up) and say, well, that's what the youngsters now 
prefer is to move even more towards a world dominated by a few global 
monopolistic players who don't give a darn about open standards, open 
protocols, not locking people in, decentralisation and fedaration... 

And youngsters - as with anything in life - need to be educated and 
made aware of that (spoken as a former teacher).


Sec

Re: junos config commit question

[mike+lists]

On 2/16/22 9:56 AM, Owen DeLong via NANOG wrote:

You can also do:
config

commit
rollback 1
commit

And still get back to where you were before 



It is exactly this feature of the junos cli, over and above everything 
else, that really solidified junos for me as my new preferred platform 
over IOS. In my case, a central pain point had been the 'immediate 
punishment' of cli commands taking effect, the inability to 'test' 
before commit, and the inability to rollback if error. I have made some 
fat finger mistakes that required dispatching to hours away locations to 
regain administrative control for example, and while rare, these are now 
a thing of the past (as long as you are using "commit confirmed").


Mike-

Need multipe 10Gs at 111 8th ave in under 30 days

[alex-lists-nanog]

Site doing between 4G/sec and 27G/sec out of 111 8th Ave and another
90-120G/sec via CDNs is looking to change distribution of its traffic by
taking more traffic off CDNs

Looking for the following:

- Handoffs - 10G (multiple 10G preferred) in TelX or Internap at 111 8th per
  provider.
- Good european connectivity 
- BGP with communities 
- Low CIR + low
- IPv6 capability over the same path preferred but not required
- Quick turn up

Spam me.

Alex

Nanog Webcast Equipment

[Israel Lopez-LISTS]

Hello There,

I was hoping someone from the NANOG team could comment on what 
equipment/software they use for the live meeting broadcasts.  I am 
looking to do the same for another professional association and could 
use some pointers.


You can reply off-list if you wish.

-Israel

Re: Nanog Webcast Equipment

[Israel Lopez-LISTS]

Thanks to everyone for commenting on this issue.

It's shed light on what it would take to put on a bitchin' live show.  
For now we are going to do our best with what we have, run the pilot and 
take it from there.


If people are interested about watching the live event watch this space: 
http://www.uuasc.org/oc.html


Thanks again!

-Israel

Anyone connected to AR2.PHI1 of GlobalCrossing?

[alex-lists-nanog]

If there's anyone getting transit of AR2.PHI1 of Global Crossing,
could you kindly drop me an email off-list?

Thanks,
Alex

Nanog Mentioned in TED Video: Jonathan Zittrain

[Israel Lopez-LISTS]

Remember when youtube went down?
Mr. Zittrain briefly mentions nanog during his TED talk in July 2009.

http://www.ted.com/talks/jonathan_zittrain_the_web_is_a_random_act_of_kindness.html

Enjoy.

Fiber in Atlantic City, NJ

[alex-lists-nanog]

Hello,

If anyone has/knows of contacts among the fiber providers in Atlantic City,
NJ as close to the Broadwalk as possible ( especially those that might have
a leg to Philadelphia, PA ), could you kindly reply off list?

Thank you,
Alex

Google Public DNS contact

[alex-lists-nanog]

Hello,

If anyone has a contact in the Google Group that deals with Google's
Public DNS servers ( i.e. the 8.8.8.8/8.8.4.4 creatures ) could that person
kindly drop me an email off list? 

I believe there might be an issue with some of the servers.

Thanks,
Alex

Re: Database backed DNS Management Solutions

[Israel Lopez - Lists]

At the last place I worked at we had an installation of NicTool v1.2.  
We pushed out DNS updates for our hosting company over 4 servers, two 
local and two off-site.  It was very nice to work with, but I havent 
used it in the 2.x iteration.


http://www.nictool.com/ - Give it a look-over.  Supports BIND, TinyDNS, 
and PowerDNS.


-Israel

Ross Dmochowski wrote:

Dear NANOG:

I hope I can solicit some feedback from this venerable group. :-)

Currently, my group operates 16 BIND servers across 5 datacenters,
handling internal and external namespace duties. These servers are
responsible for both internal and external forward and reverse
name and IP spaces.

There are also a number of Windows AD servers that hold their own namespaces,
that the BIND servers slave from this info from, so names resolve between these 
domains. Windows AD forwards queries for internal zones it does not own
to the appropriate namespace holder. 


So Windows DNS server interoperability is a business requirement.

Some of these zones are dynamic, some are static. 
None of the dynamic zones are populated via DHCP, but by self-registration.


We have heretofore used some in-house scripts for managing this, but
obviously, the thought of keeping and managing this data in something
other than its current form has caught on in our minds, and 
so therefore we are looking at a proposal put forth, to replace all 
of our BIND servers with a PowerDNS infrastructure.


BIND has been the backbone of the Internet, and so many of us are 
wary of replacing BIND, when in essence, BIND itself is not the issue, 
nor is it broken.


Has anyone done any in house comparance of PowerDNS versus BIND-DLZ?
Googling has led to some useful info but no useful side by side
comparances that are not obviously partisan.

I favor something like ProBIND2, that keeps the data in the DB, but does not
tie the serving of the data, etc to anything other than BIND.

Any success/horror stories from implementing BIND management solutions is
very welcome.

If anyone has any success/horror stories about PowerDNS, BIND-DLZ, or 
a system like ProBind2 or NetDB (from Stanford) to manage BIND and its configurations

in a DB, I would be very interested in hearing them. :-)

Thank you.

Best Regards,
Ross S. Dmochowski
Sr. Linux Administrator
IGN/Gamespy/Fox Interactive Media
r...@ign.com
  

Re: UC phone system for Haiti (was Katrina Response)

[Israel Lopez-LISTS]

Hey guys,

Just to add to the thread, I am helping run the LA/OC Event.  We just 
started a google group called CRISISTELECOM right now its in alpha 
stage; the more expertise we have the better we can discuss how to help 
now and for future situations.


http://groups.google.com/group/crisistelcom?hl=en

http://crisiscamphaitila2.eventbrite.com/ - the LA Event

We are hosting this today at UCI we hope to go 10am-10pm, and if we get 
enough telecom/network guys in one place, we may breakout into a 
separate room to discuss what we can do.


-Israel

Matthew Petach wrote:

On Thu, Jan 21, 2010 at 6:53 PM,  chaim.rie...@gmail.com wrote:
  

We had a major turnout this past weekend here in southern cal.

Shout out to the uc system and people.



Yahoo is hosting a Crisis Camp to help support the Haiti relief
efforts here in silicon valley tomorrow:

http://crisiscamphaitisiliconvalley.eventbrite.com/

If you have some spare time, please consider bringing your laptop
and coming over to help with supporting relief efforts in Haiti.

Thanks!

Matt


(and for those not in sunnyvale, there's similar efforts going on in other
cities around the globe:)

http://www.colombiassh.org/site/CrisisCamp
Haiti, Bogota, Colombia
http://www.eventbrite.com/event/541831633 CrisisCamp Haiti, Boston
http://crisiscampboulderdenver.eventbrite.com/ CrisisCamp Haiti,
Boulder/Denver
http://crisiscamphaitila2.eventbrite.com/   CrisisCamp
Haiti, Los Angeles
http://crisiscampmiami.eventbrite.com/ CrisisCamp Haiti, Miami
http://crisiscampmontreal.wordpress.com/about/   CrisisCamp Haiti, Montreal
http://crisiscampnola.eventbrite.com/CrisisCamp
Haiti, New Orleans
http://www.eventbrite.com/event/543649069   CrisisCamp Haiti, New York
http://crisiscamphaitipdx.eventbrite.com/   CrisisCamp
Haiti, Portland
http://www.eventbrite.com/event/542966026/?ref=esdgCrisisCamp
Haiti, Seattle
http://crisiscamphaitiwdc.eventbrite.com/   CrisisCamp
Haiti, Washington, DC

  

EC2 issues starting at about 9am Eastern

[alex-lists-nanog]

Hello,

Is anyone seeing any EC2 issues? We started seeing them as of about 9:01am
today. The issues are manifesting with different instances sporadically not
being able to connect to each other or connect to hosts ourside EC2.

Thanks,
Alex

RE: China Showdown Huawei vs ZTE

[Colin Stanners (lists)]

Colton, can you post some examples of the Whitebox/OS examples that you were 
looking at in that performance tier?

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Colton Conor
Sent: Friday, April 20, 2018 7:46 AM
To: Josh Reynolds 
Cc: NANOG 
Subject: Re: China Showdown Huawei vs ZTE

Josh,

I like the whitebox route, but I can't find anything that will come close price 
wise.

Example, Huawei S6720 with 24 10G ports, 2 40G ports, and full MPLS operating 
system from Huawei is $3500 out the door with a lifetime warranty. I can't even 
find a whitebox hardware, not even accounting for the OS, that is close to that 
price. Most 48 Port 10G with 6 40G uplinks (so double this huawei unit) are in 
the $5k range, and then you have to buy an operating system costing a couple 
more grand. Choices are limited on whitebox operating systems that support MPLS.

There might be some FibeStore models that come close to this price, but FS.com 
is a Chinese company too, so that's no better than ZTE or Huawei.



On Fri, Apr 20, 2018 at 7:34 AM, Josh Reynolds  wrote:

> Why not just go the whitebox route and pick your NOS of choice?
>
> Far cheaper, and far more flexible.
>
> On Fri, Apr 20, 2018, 7:28 AM Colton Conor  wrote:
>
>> Of the two large Chinese Vendors, which has the better network 
>> operating system? Huawei is much larger that ZTE is my understanding, 
>> but larger does not always mean better.
>>
>> Both of these manufactures have switches and routers. I doubt we will 
>> use their routing products anytime soon, but the switching products 
>> with MPLS are what we are exploring. Price wise both of these vendors 
>> seem to have 10G MPLS capable switches that are a 1/4 of the price of 
>> a Cisco or Juniper wants to charge.
>>
>> On the Huawei side looks like the S6720 is a fit.
>> On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
>>
>> Has anyone had experience with either of these two switches? How do 
>> they compare?
>>
>> Also, for each independent brand, is their switching network 
>> operating system the same as their routing network operating system 
>> that their routers run?
>>
>

RE: Effects of Cold Front on Internet Infrastructure - U.S. Midwest

[Colin Stanners (lists)]

Out here in Manitoba we use unheated/no-electricity OSP fiber patch panel 
pedestals in some locations, those work without issue down to the occasional 
-40. Note that that’s using all high-quality components.

 

For Fletcher’s case, it’s also possible that:

-there had been water intrusion in a splice case or cable on the way – but then 
that tends to cause complete failure, either on the first occasion or not long 
after, and not repeating temperature-dependent fade.

-there’s a bad fusion splice on the way whose characteristics are affected by 
temperature.

 

My first step in such a case would be to OTDR the line (renting an OTDR if we 
were a company that didn’t own one) to see approximately where the issue is and 
to get an idea what kind of issue it is – Fletcher, I guess that your company 
did not do so at that time?

 

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mel Beckman
Sent: Thursday, January 31, 2019 12:26 PM
To: Fletcher Kittredge 
Cc: North American Network Operators' Group 
Subject: Re: Effects of Cold Front on Internet Infrastructure - U.S. Midwest

 

Fletcher, 

 

I don’t think that’s true. I find no specs on fiber dB loss being a function of 
ambient temperature. I do find fiber optic application data sheets for extreme 
temperature applications of -500F and +500F (spacecraft). You’d think if 
temperature affected fiber transmission characteristics, they’d see it in space.

 

What you likely were seeing was connector loss, owing either to improper 
installation, incorrect materials, or unheated regen enclosures.

 

Insertion loss (IL) failures, for instance, in the cold are a direct result of 
cable termination component shrinkage. That’s why regen and patch enclosures 
need to be heated as well as cooled. 


All fiber termination components have stated temperature limits. As 
temperatures approach -40F, the thermoplastic components in a cable's breakout, 
jacketing, and fiber fanout sections shrink more than the optical glass. 
Ruggedized connectors help somewhat, but the rule is that you can’t let optical 
connectors and assemblies get really cold (or really hot).

 

A typical spec for a single-mode OSP connector is:

 

Operating -30C (-22F) to +60C (+140F)

 

The range for the corresponding Single Mode fiber is:

 

Operating -55C (-67F) to +70C (+158F)
Storage -60C (-76F) to +70C (+158F)
Installation -30C (-22F) to +50C (+122F)

All professional outside plant engineers know these requirements. So if you’re 
seeing failures, somebody is breaking a rule.

 

 -mel

 

 

On Jan 30, 2019, at 3:05 PM, Fletcher Kittredge mailto:fkitt...@gwi.net> > wrote:

 

 

Cold changes the transmission characteristics of fiber. At one point we were 
renting some old dark fiber from the local telephone company in northern Maine. 
When it would get below -15%-degree F the dB would get bad enough that the link 
using that fiber would stop working. The telephone company was selling us dark 
fiber because regulation required them to. They refused to give us another 
fiber nor inspect/repair. They took the position they were required to sell us 
fiber, not working fiber.

 

 

On Wed, Jan 30, 2019 at 11:41 AM Mark Tinka mailto:mark.ti...@seacom.mu> > wrote:

For anyone running IP networks in the Midwest, are you having to do anything 
special to keep your networks up?

For the data centres, is this cold front a chance to reduce air conditioning 
costs, or is it actually straining the infrastructure?

I'm curious, from a +27-degree C summer's day here in Johannesburg.

Mark.




 

-- 

Fletcher Kittredge
GWI
207-602-1134

www.gwi.net  

 

DNS cache Validation

[Justin Wilson (Lists)]

What are you folk doing to validate your DNS cache server configs and 
operation? In other words, what are you doing to make sure they are performing 
well, not just alive.

Justin
—
https://blog.j2sw.com

Re: Gaming Consoles and IPv4

[Justin Wilson (Lists)]

There are many things going on with gaming that makes natted IPv4 an issue when 
it comes to consoles and gaming in general.   When you break it down it makes 
sense.

-You have voice chat
-You are receiving data from servers about other people in the game
-You are sending data to servers about yourself
-If you are using certain features where you are “the host” then you are 
serving content from your gaming console.  This is not much different than a 
customer running a web server.  You can’t have more than one customer running a 
port 80 web-server behind nat.
-Streaming to services like Twitch or YouTube

All of these take up standard, agreed upon ports. It’s really only prevalent on 
gaming consoles because they are doing many functions.  Look at it another way. 
 You have a customer doing the following.

-Making a VOIP call
-Streaming a movie
-Running a web server
-Running bittorrent on a single port
-Having a camera folks need to access from the outside world

This is why platforms like Xbox developed things like Teredo.

Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Sep 27, 2020, at 9:33 PM, Daniel Sterling  
> wrote:
> 
> Matt Hoppes raises an interesting question,
> 
> At the risk of this being off-topic, in the latest call of duty games I've 
> played, their UDP-NAT-breaking algorithm seems to work rather well and should 
> function fine even behind CGNAT. Ironically turning on upnp makes this 
> *worse*, because when their algorithm probes to see what ports to use, upnp 
> sends all traffic from the "magical xbox port" to one box instead of letting 
> NAT control the ports. This does cause problems when multiple xboxes are 
> behind one NAT doing upnp. If upnp is on and both xboxes are fully powered 
> off and then turned on one at a time, things do work. But when upnp is off 
> everything works w/o having to do that.
> 
> There are many other games and many CPE NAT boxes that may do horrible 
> things, but CGNAT by itself shouldn't cause problems for any recent device / 
> gaming system.
> 
> It is true that I've yet to see any FPS game use ipv6. I assume that's cuz 
> they can't count on users having v6, so they have to support v4, and it 
> wouldn't be worth their while to have their gaming host support dual-stack. 
> just a guess there
> 
> -- Dan
> 
> 
> 
> On Sun, Sep 27, 2020 at 7:29 PM Mike Hammett  > wrote:
> Actually, uPNP is the only way to get two devices to work behind one public 
> IP, at least with XBox 360s. I haven't kept up in that realm.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions 
>   
>  
>  
> 
> Midwest Internet Exchange 
>   
>  
> 
> The Brothers WISP 
>   
> 
> From: "Matt Hoppes"  >
> To: "Darin Steffl" mailto:darin.ste...@mnwifi.com>>
> Cc: "North American Network Operators' Group"  >
> Sent: Sunday, September 27, 2020 1:22:51 PM
> Subject: Re: Gaming Consoles and IPv4
> 
> I understand that. But there’s a host of reasons why that night not work - 
> two devices trying to use UPNP behind the same PAT device, an apartment 
> complex or hotel WiFi system, etc. 
> 
> On Sep 27, 2020, at 2:17 PM, Darin Steffl  > wrote:
> 
> 
> This isn't rocket science.
> 
> Give each customer their own ipv4 IP address and turn on upnp, then they will 
> have open NAT to play their game and host. 
> 
> On Sun, Sep 27, 2020, 12:50 PM Matt Hoppes  > wrote:
> I know the solution is always “IPv6”, but I’m curious if anyone here knows 
> why gaming consoles are so stupid when it comes to IPv4?  
> 
> We have VoIP and video systems that work fine through multiple layers of PAT 
> and NAT. Why do we still have gaming consoles, in 2020, that can’t find their 
> way through a PAT system with STUN or other methods?
> 
> It seems like this should be a simple solution, why are we still opening 
> ports or having systems that don’t work?
> 

Re: Gaming Consoles and IPv4

[Justin Wilson (Lists)]

It is coming back to that, but you still have so much going on that you need 
the open ports.  I don’t gt why people fight IPV6 so much.  


Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Sep 28, 2020, at 8:34 AM, Mike Hammett  wrote:
> 
> Why stray away from how PC games were 20 years ago where there was a 
> dedicated server and clients just spoke to servers?
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp> 
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> From: "Justin Wilson (Lists)" mailto:li...@mtin.net>>
> To: "North American Network Operators' Group"  <mailto:nanog@nanog.org>>
> Sent: Monday, September 28, 2020 7:22:28 AM
> Subject: Re: Gaming Consoles and IPv4
> 
> There are many things going on with gaming that makes natted IPv4 an issue 
> when it comes to consoles and gaming in general.   When you break it down it 
> makes sense.
> 
> -You have voice chat
> -You are receiving data from servers about other people in the game
> -You are sending data to servers about yourself
> -If you are using certain features where you are “the host” then you are 
> serving content from your gaming console.  This is not much different than a 
> customer running a web server.  You can’t have more than one customer running 
> a port 80 web-server behind nat.
> -Streaming to services like Twitch or YouTube
> 
> All of these take up standard, agreed upon ports. It’s really only prevalent 
> on gaming consoles because they are doing many functions.  Look at it another 
> way.  You have a customer doing the following.
> 
> -Making a VOIP call
> -Streaming a movie
> -Running a web server
> -Running bittorrent on a single port
> -Having a camera folks need to access from the outside world
> 
> This is why platforms like Xbox developed things like Teredo.
> 
> Justin Wilson
> j...@mtin.net <mailto:j...@mtin.net>
> 
> —
> https://j2sw.com <https://j2sw.com/> - All things jsw (AS209109)
> https://blog.j2sw.com <https://blog.j2sw.com/> - Podcast and Blog
> 
> On Sep 27, 2020, at 9:33 PM, Daniel Sterling  <mailto:sterling.dan...@gmail.com>> wrote:
> 
> Matt Hoppes raises an interesting question,
> 
> At the risk of this being off-topic, in the latest call of duty games I've 
> played, their UDP-NAT-breaking algorithm seems to work rather well and should 
> function fine even behind CGNAT. Ironically turning on upnp makes this 
> *worse*, because when their algorithm probes to see what ports to use, upnp 
> sends all traffic from the "magical xbox port" to one box instead of letting 
> NAT control the ports. This does cause problems when multiple xboxes are 
> behind one NAT doing upnp. If upnp is on and both xboxes are fully powered 
> off and then turned on one at a time, things do work. But when upnp is off 
> everything works w/o having to do that.
> 
> There are many other games and many CPE NAT boxes that may do horrible 
> things, but CGNAT by itself shouldn't cause problems for any recent device / 
> gaming system.
> 
> It is true that I've yet to see any FPS game use ipv6. I assume that's cuz 
> they can't count on users having v6, so they have to support v4, and it 
> wouldn't be worth their while to have their gaming host support dual-stack. 
> just a guess there
> 
> -- Dan
> 
> 
> 
> On Sun, Sep 27, 2020 at 7:29 PM Mike Hammett  <mailto:na...@ics-il.net>> wrote:
> Actually, uPNP is the only way to get two devices to work behind one public 
> IP, at least with XBox 360s. I haven't kept up in that realm.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://ww

AS hijacking (Philosophy, rants, GeoMind)

[Justin Wilson (Lists)]

One of the companies I work for recently had an issue with AS 2 (University of 
Delaware) hijacking a prefix.  Due to Origin AS, good upstreams, and the like 
this has not really affected the traffic to the legit blocks.  However, GeoMind 
picked this up almost immediately it seems.  The IP blocks when you go to 
speedtest.net come back to the university of Delaware. This seems to be the 
only issue at the moment so we are working through contacting the peers of AS2 
and asking them to look into this.  We had also contacted University of 
Delaware.

Here is where the philosophy comes into play.  The very terse e-mail we 
received back was basically “As2 gets hijacked a lot and it’s not our problem”. 
So my question for the NANOG folks.  At what point do you say “it’s not your 
problem” when it involves your ASN?

Rant
I almost always have issues with GeoMind and others when it comes to IP space.  
Several of my folks have received allocations from Arin in March.  A few are 
still fighting with geolocation stuff with a few of the providers.  So why does 
GeoMind atomically accept a hijacked prefix as correct? All the right boxes 
have been ticked.  Origin Validiation, registry sets, etc.

Happy Friday! 



Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

Re: [EXT] AS hijacking (Philosophy, rants, GeoMind)

[Justin Wilson (Lists)]

I will probably just get another link to https://isbgpsafeyet.com/ 
<https://isbgpsafeyet.com/> like I did in the first e-mail. LOL


Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On May 29, 2020, at 11:57 AM, Chuck Anderson  wrote:
> 
> Go back to them and tell them that a hijacked prefix is different from a 
> hijacked AS.
> 
> On Fri, May 29, 2020 at 11:39:46AM -0400, Justin Wilson (Lists) wrote:
>> One of the companies I work for recently had an issue with AS 2 (University 
>> of Delaware) hijacking a prefix.  Due to Origin AS, good upstreams, and the 
>> like this has not really affected the traffic to the legit blocks.  However, 
>> GeoMind picked this up almost immediately it seems.  The IP blocks when you 
>> go to speedtest.net come back to the university of Delaware. This seems to 
>> be the only issue at the moment so we are working through contacting the 
>> peers of AS2 and asking them to look into this.  We had also contacted 
>> University of Delaware.
>> 
>> Here is where the philosophy comes into play.  The very terse e-mail we 
>> received back was basically “As2 gets hijacked a lot and it’s not our 
>> problem”. So my question for the NANOG folks.  At what point do you say 
>> “it’s not your problem” when it involves your ASN?
>> 
>> Rant
>> I almost always have issues with GeoMind and others when it comes to IP 
>> space.  Several of my folks have received allocations from Arin in March.  A 
>> few are still fighting with geolocation stuff with a few of the providers.  
>> So why does GeoMind atomically accept a hijacked prefix as correct? All the 
>> right boxes have been ticked.  Origin Validiation, registry sets, etc.
> 

RE: SaoPaolo to Frankfurt

[Colin Stanners (lists)]

Looking at the Wikipedia article, it claims that  Atlantis-2 “can already be 
upgraded with current technology to 160Gbit/s”. Would be interesting why that 
wasn’t already done on this 20-year-old cable – assuming that the underground 
infrastructure (repeaters) are compatible with the newer modulations (or 
additional wavelengths, but that would have necessitated much more design), the 
upgrade cost should be small compared to the cable’s value.

 

From: NANOG [mailto:nanog-bounces+colin-lists=highspeedcrow...@nanog.org] On 
Behalf Of Rubens Kuhl
Sent: Sunday, July 12, 2020 10:19 AM
Cc: Nanog 
Subject: Re: SaoPaolo to Frankfurt

 

 

 

On Sun, Jul 12, 2020 at 12:06 PM Max Tulyev mailto:max...@netassist.ua> > wrote:

Hi All!

Who can provide a VLAN from SaoPaolo to Frankfurt for remote IX.BR 
<http://IX.BR>  
participation? Please contact me off-list.

I see there is only one undersea cable going directly from Brazil to 
Europe. Why?

 

And this single cable, Atlantis-2, has very little capacity so its usage is 
mostly voice traffic. 

There is a new cable in construction called EllaLink (https://ella.link/) that 
when installed will add plenty of capacity to this route, but most Brazil - 
Germany traffic goes thru the US nowadays. 

 

Alternative routes before EllaLink comes into operation would be one of the 
Brazil-Africa cables (one to Cameroon, the other to Angola) and then to Europe. 

 

 

Rubens

 

Sonicwall GEoIP Database

[Justin Wilson (Lists)]

Does anyone know what GEoIP database sonic wall uses? Their tech 
support has been horrid.  We are not a customer but getting customers who are 
getting blocked by some sonic walls due to “unknot” country for GeoIP.  I have 
checked the ips against the database providers listed at: 
https://thebrotherswisp.com/index.php/geo-and-vpn/ 


All checkout okay so looking for what SOnicWall uses.



Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

AWS contact?

[Justin Wilson (Lists)]

What is the best avenue for contacting support for AWS? I have several 
ISPs experiencing reachability issues with AWS hosted sites.  These are from 
different backbones, different gear, etc.  The common denominator is AWS. 

Been googling around and can’t seem to find a contact.



Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

1950 Stemmons Meet me rooms?

[Justin Wilson (Lists)]

Who knows about the meet me rooms at 1950 Stemmons in Dallas? I need to get 
from the cologix meet me room to someone inside Equinix.  Our Equnix rep has 
been less than helpful. I was told

"We really don’t have a building meet me room there anymore since we bought the 
building.  Also, I don’t think we have connectivity to Cologix but I will check 
on this.”

Can anyone shed some light on this? Anyone on list that has some dark fiber 
between Cologix and Equinix? Replies off list are fine so I am not cluttering 
up the list.



Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

Problems with newish IP block assignment issues from ARIN

[Justin Wilson (Lists)]

Folks,
Have a gremlin we have been chasing around for several months now and it’s 
becoming a major issue as we are getting tighter on IPV4 and needing to give 
some provider assigned space back.

In June we received a /22 from ARIN.  As is my workflow I started announcing it 
but waited a month while I checked out the geolocation databases for correct 
info, did testing ,etc. All this time our test accounts could browse web-sites, 
etc. 

We put one of the pools into production and things ran good for awhile.  Then 
we started getting the occasional web-site was not working.  After several of 
these we started assigning the customer an IP out of one of our other ARIN 
blocks and the web-site would be fine and reachable. The issue seems to reside 
just on this /22.  We have other blocks from ARIN and they are just fine.  We 
can assign an IP out of this new block and can’t reach certain web-sites.  We 
turn around and assign out of another block and web-site works just fine.

We have two upstreams and an IX on this network.  We have tried withdrawing the 
route on this particular /22 and isolating to one upstream alone and the 
problems still persist. 

Many of the web-sites in question are government (both state and local), online 
universities, and the occasional local news station.  They are diverse enough 
to not be traced down to a common point, except the IP block.  

We announce the IP block via BGP the same exact way we announce the other 
blocks. Traceroutes show the path going the same way no matter what IP block 
the customer has.

It acts like the IP block was blacklisted at some point and got on some bad 
lists but I don’t want ti limit myself to that theory.  I have opened up a 
ticket with ARIN asking for any guidance.  Has anyone ran into this with new 
space assigned? Any tools, sites, etc. I can use to do further troubleshooting. 
 The IP block does not appear to have any blacklisted IPs according to MX 
toolbox, and some others.

The block in question is 134.195.44.0/22.  It has been RPKI certified and has 
IRR entries.

Thanks in advance


Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

Re: Problems with newish IP block assignment issues from ARIN

[Justin Wilson (Lists)]

I enabled 134.195.47.1 on one of our routers.

Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Feb 8, 2021, at 3:46 PM, Job Snijders via NANOG  wrote:
> 
> Dear Justin,
> 
> On Mon, Feb 08, 2021 at 03:14:47PM -0500, Justin Wilson (Lists) wrote:
>> It acts like the IP block was blacklisted at some point and got on
>> some bad lists but I don’t want ti limit myself to that theory.
>> I have opened up a ticket with ARIN asking for any guidance. Has
>> anyone ran into this with new space assigned? Any tools, sites, etc. I
>> can use to do further troubleshooting.  
> 
> Here are some useful tools:
> 
>ping.pe
>example: http://ping.pe/www.openbsd.org
> 
>https://ring.nlnog.net/
>good introduction here: 
> https://labs.ripe.net/Members/martin_pels_3/10-years-of-nlnog-ring
> 
>https://atlas.ripe.net/
> 
>> The block in question is 134.195.44.0/22. 
> 
> Is there any specific IP address in the range that should always respond
> to ICMP Echo Requests? This will help others see if they can reach you
> or not.
> 
>> It has been RPKI certified and has IRR entries.
> 
> Indeed, nice :-) http://irrexplorer.nlnog.net/search/134.195.44.0/22
> 
> Kind regards,
> 
> Job
> 

Ip space Dilemma

[Justin Wilson (Lists)]

Folks,
We have an IP block I have asked about help on a few times on here.  
This is a block we received from ARIN in June of 2020.  We have several state 
networks here in Indiana dropping this traffic at their firewalls. I have been 
working with them since we discovered this issue in September.  I am not 
getting anywhere with them and was finally told we were not a priority.

I am at the point I need to give the space back because it is unusable 
to the ISP customers. Does anyone have any creative ideas on how to fix this? 



Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

Re: Is there an established method for reporting/getting removed a company with 100% false peeringdb entries?

[Justin Wilson (Lists)]

I see from peering db:  2020-07-01T14:22:01Z
According to the bg.he.net link
AS18894 has not been visible in the global routing table since November 28, 2020
The information displayed is from that time.


Are they causing you or someone issues Eric? Maybe they went out of business? 
Many businesses don’t worry about peering db entries. Looks like the website 
has been under constructions since 2020.

Sounds to me like they made a splash, and faltered.  


Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Mar 4, 2021, at 7:14 PM, Eric Kuhnke  wrote:
> 
> First, take a look at this:
> 
> https://www.peeringdb.com/asn/18894
> 
> 
> Now look at these (or use your own BGP table analysis tools):
> 
> https://bgp.he.net/AS18894
> 
> https://stat.ripe.net/18894
> 
> The claimed prefixes announced, traffic levels and POPs appear to have no 
> correlation with reality in global v4/v6 BGP tables.
> 
> It is also noteworthy that I have inquired with a number of persons I know 
> who are active in network engineering in NYC, and nobody has ever encountered 
> this company.
> 
> 
> 
> 

Re: Famous operational issues

[Justin Wilson (Lists)]

I remember when the big carriers de-peered with Cogent in the early 2000s.  The 
underestimated the amount of web-sites being hosted by people using cogent 
exclusively. 


Justin Wilson
j...@j2sw.com

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Feb 17, 2021, at 10:29 AM, Miles Fidelman  
> wrote:
> 
> John Kristoff wrote:
>> Friends,
>> 
>> I'd like to start a thread about the most famous and widespread Internet
>> operational issues, outages or implementation incompatibilities you
>> have seen.
>> 
> Well... pre-Internet, but the great Northeast fiber cut comes to mind 
> (backhoe vs. fiber, backhoe won).
> 
> Miles Fidelman
> 
> -- 
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
> 
> Theory is when you know everything but nothing works. 
> Practice is when everything works but no one knows why. 
> In our lab, theory and practice are combined: 
> nothing works and no one knows why.  ... unknown

AT& T peering Contact?

[Justin Wilson (Lists)]

Folks, 
I need an ATT Wireless/ATT Mobility peering contact.  The emails on 
their peeringdb entries bounce back as non existent.  Have a problem with a 
prefix that works everywhere except when folks are on AT LTE.


Justin Wilson
j...@mtin.net

—
https://j2sw.com (AS399332)
https://blog.j2sw.com - Podcast and Blog

Re: maximum ipv4 bgp prefix length of /24 ?

[Justin Wilson (Lists)]

I think it is going to have to happen.  We have several folks on the IX and 
various consulting clients who only need 3-6 Ips but have to burn a full /24 to 
participate in BGP. I wrote a blog post awhile back on this topic 
https://blog.j2sw.com/data-center/unpopular-opinion-bgp-should-accept-smaller-than-a-24/




Justin Wilson
j...@mtin.net

—
https://j2sw.com (AS399332)
https://blog.j2sw.com - Podcast and Blog

> On Sep 30, 2023, at 1:48 PM, Randy Bush  wrote:
> 
>> About 60% of the table is /24 routes.
>> Just going to /25 will probably double the table size.
> 
> or maybe just add 60%, not 100%.  and it would take time.
> 
> agree it would be quite painful.  would rather not go there.  sad to
> say, i suspect some degree of lengthening is inevitable.  we have
> ourselves to blame; but blame does not move packets.
> 
> randy, who was in the danvers cabal for the /19 agreement
> 

2 Byte ASNs??

[Justin Wilson (Lists)]

Whats the availability of two byte asns look like? Anyone able to obtain one 
recently? I have a network that is all Mikrotik and the route targets are 
messing with them.  They can’t use communities with their 4 bytes asn.  It’s 
one of those it really isn’t a big deal but I thought I would ask.  




Justin Wilson
j...@mtin.net

—
https://j2sw.com (AS399332)
https://blog.j2sw.com - Podcast and Blog

Locating Cambium's Chinese plastics supplier

[Colin Stanners (lists)]

Greetings NANOG, a rare request here, I apologize that it is distanced from
the usual network routing/design/administration areas of focus... posted on
AFMUG too but NANOG seems to have many more people knowledgeable in the
upstream manufacturing of devices. If there's anywhere else where there is a
concentration of such knowledge please let me know.

 

I'm looking to purchase a large number of Cambium's e501s (outdoor WI-FI AP)
mounting  brackets, which they don't sell individually (reasonable enough
due to low demand).

A while ago on one of our packages from (passed through) Cambium, I noticed
the name of a Chinese supplier that I didn't recognize. I visited their
website and they seemed to be Cambium's plastics supplier, among other
wireless and Wi-Fi I products. But I didn't consider that information worth
saving. Has anyone noticed that name so that I can attempt to buy a number
of brackets directly, if they are allowed to sell them?

Reasoning: I'm trying to put together a "super-fast event Wi-Fi
re-deployment" design. Basically, at the many locations where we offer Wi-Fi
once or twice a year, we'd have existing e501S slide-on mounts, also
terminated RJ45 ends with the cable glands in a tough plastic bag ziptied to
the tower. All events would have the routers/PoE switches left onside with a
standardized IP/VLAN/etc setup. The idea is that we can tell the techs "grab
15 event APs", which don't need to be programmed by the office as they have
a standard config, and after climb the techs spend <1min per AP to slide on
and plug in. So with these and other optimizations, an event of e.g. 5 sites
x 3 APs per site can be fully re-deployed in 1-2hours, instead of the 1-2
days that we normally spend organizing, programming, attaching mounts,
cabling, etc.

 

Smaller than a /24 for BGP?

[Justin Wilson (Lists)]

Have there been talks about the best practices to accept things smaller than a 
/24? I qm seeing more and more scenarios where folks need to participate in BGP 
but they do not need a full /24 of space.  Seems wasteful.  I know this would 
bloat the routing table immensely.  I know of several folks who could split 
their /24 into /25s across a few regions and still have plenty of IP space.



Justin Wilson
j...@j2sw.com

—
https://blog.j2sw.com - Podcast and Blog
https://www.fd-ix.com

Re: Standard DC rack rail distance, front to back question

[Justin Wilson (Lists)]

I have not seen a standard on cabinets.  I have gear in a wide variety of 
racks.  Some of are real shallow.  Some are deep.  I use these to generically 
solve the sagging issue.


https://www.amazon.com/dp/B00XXDJASY?ref=nb_sb_ss_w_as-reorder-t1_k1_1_11==EFCM0EZP8BMA==navpoint+ra
NavePoint Universal 1U Rack Mount 4-Post Shelf Rail for Dell Compaq IBM HP APC 
- 33.5 Inches deep
amazon.com





Justin Wilson
j...@mtin.net

—
https://j2sw.com (AS399332)
https://blog.j2sw.com - Podcast and Blog

> On Apr 27, 2023, at 9:51 AM, Chuck Church  wrote:
> 
> Hey all.  Question about standard 4 post racks.  We bought some that are 
> adjustable.  Unfortunately, the posts are very flimsy, as these are some 
> fancy cabinets with spacing on the sides for vertical patch panels, etc.  We 
> found that 2 post mounting of most Cisco devices (namely Cat 9500 1RU 
> switches) are sagging quite bad.   We’re used to the new server type rails 
> that extend to support most reasonable distances front rails to back for 4 
> post mounting.  However, for a Cisco ASA1001, there aren’t rails, but rather 
> front and back ‘ears’ you use to hit both front and back posts.  These would 
> appear to not have any adjustability, the front to back post distance would 
> seem to need to match the ears, I assume they don’t adjust placement on the 
> router much.  Is there a ‘standard’ distance between front and back rails 
> that devices usually adhere to?  Googling didn’t find an answer readily.  
> These are 19” wide cabinets by the way.  
>  
> Thanks,
>  
> Chuck

Lumen @ Nano. Need to meet

[Justin Wilson (Lists)]

If there anyone at NANOG from Lumen? I need to meet on a client of a client 
matter. ‘'


Justin Wilson
j...@mtin.net

—
https://j2sw.com (AS399332)
https://blog.j2sw.com - Podcast and Blog

Re: Fastly Peering Contact

[Justin Wilson (Lists)]

We have sent them some inquiries in markets we are with no reply.  Just figured 
they weren’t interested.




Justin Wilson
j...@mtin.net
jus...@fd-ix.com
Https://www.fdi-ix.com

> On Dec 5, 2023, at 4:14 PM, Peter Potvin via NANOG  wrote:
> 
> Looking for someone on the Fastly peering team to reach out regarding peering 
> on a couple mutual IXPs - sent an email to the peering contact as listed on 
> PeeringDB and never heard back, and also have a few colleagues who have 
> experienced the same issue.
> 
> Regards,
> Peter Potvin | Executive Director
> --
> Accuris Technologies Ltd.
> 

Re: ipv6 address management - documentation

[Justin Wilson (Lists)]

Netbox or PHPipam. Phpipam allows you to break down subnets easier IMHo.


Justin Wilson
j...@j2sw.com

—
https://j2sw.com (AS399332)
https://blog.j2sw.com - Podcast and Blog

> On Nov 16, 2023, at 1:09 PM, Jason Biel  wrote:
> 
> My recommendation:
> 
> https://github.com/netbox-community
> 
> 
> On Thu, Nov 16, 2023 at 12:04 PM Aaron Gould  > wrote:
>> For years I've used an MS Excel spreadsheet to manage my IPv4 
>> addresses.  IPv6 is going to be maddening to manage in a spreadsheet.  
>> What does everyone use for their IPv6 address prefix management and 
>> documentation?  Are there open source tools/apps for this?
>> 
>> -- 
>> -Aaron
>> 
> 
> 
> --
> Jason

Re: Cell Tower Database

[Snow Pond Tech Group lists]

https://www.cellmapper.net/map


They have a free app for Android too. Used yesterday while installing an 
external antenna for a national ISP while on the roof of a federal gov't 
building.


Regards,


Joshua Zukerman

Snow Pond Technology Group Inc.

Office 207-692-2415


From: NANOG  on behalf of Robert DeVita 

Sent: Thursday, February 7, 2019 6:29:09 PM
To: nanog@nanog.org
Subject: Cell Tower Database


Does anyone know of a FREE cell tower database where I can search for cell 
towers?



Thanks in advance..



Rob



[photo]


[https://s3.amazonaws.com/images.wisestamp.com/symbols/frames/frame_bubble_left_top_part.png]


Robert DeVita
Managing Director, Mejeticks


[https://dn3tzca2xtljm.cloudfront.net/social_icons/24px/linkedin.png]


[https://dn3tzca2xtljm.cloudfront.net/social_icons/24px/twitter.png]



[https://s3.amazonaws.com/images.wisestamp.com/symbols/grey/small/phone2.png]  
214-305-2444



[https://s3.amazonaws.com/images.wisestamp.com/symbols/grey/small/mobile.png]  
469-441-8864


[https://s3.amazonaws.com/images.wisestamp.com/symbols/grey/small/email1.png]  
radev...@mejeticks.com



[https://s3.amazonaws.com/images.wisestamp.com/symbols/grey/small/website.png]  
www.mejeticks.com



[https://s3.amazonaws.com/images.wisestamp.com/symbols/grey/small/address1.png] 
 1919 McKinney Ave, Dallas, TX 75201

Re: DSL\POTS Testing Equipment

[Snow Pond Tech Group lists]

VeEx VePAL isn't a bad unit. Touchscreen with flip screen protector, fairly 
rugged, rechargable battery, test results can be saved to USB I believe, fairly 
quick to boot up. I have the ADSL2+ version, but I think they make a VDSL 
version. It has no VOM functions though, so I separately use a Sidekick T 
analog test unit. I got the VePAL used on eBay, even though the unit was 
practically new. I'm told the JDSU units are pretty nice and those can include 
VOM functions so that might eliminate the Sidekick. They have interchangeable 
modules so that might be worth the investment, so you can test copper, fiber, 
and coax stuff you need it. When I did contract work for a CLEC, I liked to use 
the same test equipment as the LEC. So their technicians couldn't point any 
fingers and proof of circuit issues was in front of their face.


Regards,


Joshua Zukerman

Snow Pond Technology Group Inc.

Office 207-692-2415


From: NANOG  on behalf of Mike Hammett 

Sent: Wednesday, May 1, 2019 11:50:02 AM
To: NANOG
Subject: DSL\POTS Testing Equipment

We've got an EXFO Colt-250 and an EXFO CableSHARK P3. They're 10 - 15 years 
old, but as far as I know they work. Practically, what am I missing out on by 
not getting a newer tester?

I'd like the CableSHARK's features in a smaller unit, but it seems like we're 
looking at a minimum of $2k to get something that does that.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

Re: Tips on dealing with illicit BGP announcements

[Justin Wilson (Lists) via NANOG]

I second the ease on contacting RADB.  They are very easy to work with in cases 
like this.  Have done it several times over the past few months.


Justin Wilson
j...@mtin.net

—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Jul 24, 2020, at 2:05 AM, Randy Carpenter  wrote:
> 
> 
> I am working with a client that has recently purchased and transferred an 
> IPv4 block.
> 
> Sometime in between when the purchase and research was done and when the 
> transfer was actually complete, an entity in Asia started illicitly 
> announcing a larger block that includes the block in question. They even have 
> gotten an RADB entry in place for it.
> 
> Does anyone have some tips on how to deal with this? I have a feeling that 
> dealing directly with the offending entity will not be very fruitful.
> 
> thanks,
> -Randy
>