Re: Outside plant - prewire customer demarc preference
On Wed, Dec 6, 2023 at 3:45 AM Sean Donelan wrote: > U.S. NEC does not require any mechanical protection for fiber cables. You > can run "bare" fiber cables through most residential spaces (with a few > exceptions for jacket material, i.e. direct burial cable not allowed > inside habital spaces). I also recall the requirement for "plenum rated cable" in some cases (but not typically in residential spaces as the ceilings are not typically part of the expect air circulation system, although, as with all else, your residence will vary).
Re: Outside plant - prewire customer demarc preference
On Fri, Dec 1, 2023 at 1:56 AM owen--- via NANOG wrote: > However, apparently ENT was a predecessor to that, I just hadn’t encountered > it until now. I don’t recall even seeing it in the aisles at local HDs. I’ll > have to look for it. Apparently I spend more time roaming the aisles of the big box home improvement supply stores than you do (I am not proud of that, I just do(*)). I have seen it, and all the associated connectors. and alternatives, for years, although for various reasons I prefer to use the local electrical supply stores when possible to source items (yes, they can be more expensive for some items, but they can also supply items that only the pro's know even exist, so I prefer supporting stores that have that deep competency and supply sourcing). (*) I do not visit the local big box home improvement stores more than once a month or so, but whenever I do I also walk down the aisles which include electrical items even if I have zero reason to purchase any items just to level-set me list of items they stock.
Re: Advantages and disadvantages of legacy assets
On Wed, Nov 22, 2023 at 8:14 PM William Herrin wrote: > It still seems unwise, but not entirely insane. I would expect that at some point in the future that many/all of the major players will require RIR validated routing information, and whether that is due to regulation or best practices for which the majors will not want to become liable for ignoring (and "think of the children") is hard to know. In the end I suspect we are likely just trying to discern when that date will be, not the eventual end result ("not today" is not, really, a valid target goal).
Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard
On Tue, Sep 20, 2022 at 5:40 PM Randy Bush wrote: > to remind, ROV is a safety mechanism, not a security mechanism. it is > proving, as intended, to mitigate mistakes. which is very cool. but it > does not mitigate attacks of any sophistication. Mitigating against mistakes has value, and in some cases so does being able to strongly suggest that there was a more sophisticated approach taken.
Re: questions about ARIN ipv6 allocation
On Mon, Dec 6, 2021 at 5:59 PM Owen DeLong wrote: > The situation is such that the current economic incentives would be most > advantageous to me to preserve my LRSA and abandon my RSA, which would > involve simply turning off IPv6. While the details are certainly yours to keep private, from other statements made, or implied, it sounded as if consolidating all your resources under a single RSA was the most financially advantageous to you *today* (as in saving you money *today*). And all that while allowing you to continue to be connected to the entire Internet (which includes IPv6), which I would presume you wish to be. Of course, it does go without saying, that no one can predict future fees, so whether one would continue to save with a combined RSA, and for how long, is unknowable. You place your bets and take your chances (in ten to twenty years we will know if moving to a consolidated RSA would have saved you money vs. separate accounts). That those that feel their admitted foolishness in the past may influence their future choices, is a given.
Re: questions about ARIN ipv6 allocation
On Sun, Dec 5, 2021 at 2:23 PM Owen DeLong via NANOG wrote: > The double billing (had it been present at the time) would have prevented me > from signing the LRSA for my IPv4 resources. There were some community participants that suggested that having a formal relationship with the ARIN organization by signing the LRSA was good for the resource holders, and good for the overall commons. There were other members that suggested that signing the LRSA would be potentially disadvantageous at some future time. While I still believe that having a formal relationship is the better approach, even if it costs a bit more(*), I do understand that some people may feel vindicated about not signing a LRSA, or have changed their opinion about whether they should have signed, or suggested others do so. Perhaps there are lessons to be learned here. (*) If the number resources no longer have value exceeding their fees for an organization, I understand there is a robust transfer market available :-)
Re: IPv6 and CDN's
On Sat, Nov 27, 2021 at 5:05 PM Oliver O'Boyle wrote: > On Sat., Nov. 27, 2021, 10:46 Scott Morizot, wrote: >> Since we are deploying BYO IPv6 in AWS, I can assure you they do offer it >> now. That was a blocker for us. > Wonderful! When did they start offering that? I believe it was announced back in the first half of 2020. As I recall it was limited to certain regions at the time of the original announcement (and being AWS it probably still has some region and/or resource specific availability limitations).
Re: DoD IP Space
On Mon, Feb 15, 2021 at 9:36 PM Joe Loiacono wrote: > V8! heh ... wow hadn't thought of that for a while ... ... Slaps forehead and says: "Wow, I could've had a V8!"
Re: Waste will kill ipv6 too
On Sat, Dec 30, 2017 at 2:31 AM, Michael Crapsewrote: > And if a medical breakthrough happens within the next 30 years? Nanobots > that process insulin for the diabetic, or take care of cancer, or repair > your cells so you don't age, or whatever, perhaps the inventor things ipv6 > is a good idea for such an endeavour. a nanobot is microns wide, and there > will be billions per person, hopefully not all on the same broadcast > domain.In fact, as you saay, we should treat /64s as a /32 and a /64 for > ptp. So each nanobot gets a /64. 10B nanobots per person times 20B people = > oh, crap, we've exhausted the entirety of ipv6 an order of magnitude ago. > Let alone the fact that actual usable ipv6 /64s is 2 orders of magnitude > below that. (the time has finally arrived) Obligatory xkcd ref: https://xkcd.com/865/
Re: phone fun, was GeoIP database issues and the real world consequences
On Thu, Apr 14, 2016 at 3:32 PM, Leo Bicknellwrote: . > So maybe 10% of all cell phones are primarly used in the "wrong" area? Obligatory xkcd ref: https://xkcd.com/1129/
Re: small automatic transfer switches
On Wed, Jan 27, 2016 at 9:16 PM, William Herrinwrote: > On Wed, Jan 27, 2016 at 3:29 PM, Chuck Anderson wrote: >> Does anyone have any recommendations for a small, cheap, reliable ATS? > > The APC SU042 series sell for dirt on ebay. Or the SU041 if you have some patience to wait for a motivated seller and only need/want NEMA 5-15. Although as all of these used devices are getting up there in age, the reliability number is likely going downwards (so, which two are the priority again?)
Re: Updated Ookla Speedtest Server Requirements
On Mon, Nov 9, 2015 at 9:38 PM, Dave Tahtwrote: > I dearly would like them to update the software to not require flash. Last I knew ookla still required flash, and one should just say no to flash. Dslreports (and other speed tests) work with modern browser technologies without flash or java.
Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6
On Mon, Jun 29, 2015 at 4:07 PM, Bob Evans b...@fiberinternetcenter.com wrote: It would not surprise me to find ARCnet (Datapoint's) still running in some corner somewhere. Possibly next to the system running Banyan VINES.
Re: Residential VSAT experiences?
On Fri, Jun 26, 2015 at 5:25 PM, William Herrin b...@herrin.us wrote: If you want to nitpick. ;) Well, if you are going to nitpick, the earth is modeled more closely (but still not precisely) as an oblate spheroid than a true sphere.
Re: certification (was: eBay is looking for network heavies...)
On Mon, Jun 8, 2015 at 4:31 AM, Tony Hain alh-i...@tndh.net wrote: Randy Bush wrote: but you can't move packets on pieces of paper. Or can you? RFC's 6214 2549 1149 But how many avian carriers would you need to move the packets current pushed around per second, and how many Mercedes' would have their paint ruined from that number of carriers, or would the number be large enough to collapse into a star (obligatory what-if xkcd reference: http://what-if.xkcd.com/99/)
Re: Verizon Policy Statement on Net Neutrality
On Sun, Mar 1, 2015 at 12:14 AM, Michael Thomas m...@mtcc.com wrote: If they wanted to shape DOCSIS to have better upstream, all they had to say is JUMP to cablelabs and the vendors and it would have happened. Like DOCSIS 3.1? If I recall correctly, theoretical upstream up to 2.5gb/s. Your implementation will vary (and so will your roll-out dates). I also seem to recall a Broadcom press release about chips and reference designs becoming available.
Re: Now that's an odd failure mode...
On Fri, Jan 30, 2015 at 10:31 PM, Larry Sheldon larryshel...@cox.net wrote: . HOW did they make it Maybe the woodpecker had a little help... Obligatory Friday xkcd ref: http://xkcd.com/614/
Re: Got a call at 4am - RAID Gurus Please Read
On Thu, Dec 11, 2014 at 2:25 AM, Randy Bush ra...@psg.com wrote: We are now using ZFS RAIDZ and the question I ask myself is, why wasn't I using ZFS years ago? because it is not production on linux, Well, it depends on what you mean by production. Certainly the ZFS on Linux group has said in some forums that it is production ready, although I would say that their definition is not exactly the same as what I mean by the term. which i have to use because freebsd does not have kvm/ganeti. There is bhyve, and virt-manager can support bhyve in later versions (but is disabled by default as I recall). Not exactly the same, of course. want zfs very very badly. snif. Anyone who really cares about their data wants ZFS. Some just do not yet know that they (should) want it. There is always Illumos/OnmiOS/SmartOS to consider (depending on your particular requirements) which can do ZFS and KVM.
Re: Shipping bulk hardware via freight
On Thu, Nov 6, 2014 at 6:07 PM, valdis.kletni...@vt.edu wrote: On Wed, 05 Nov 2014 23:11:23 -0500, William Herrin said: Ah yes, I recall watching them decommission the old Control Data Cyber 990 back at Georgia Tech. The mover slipped trying to get it on the liftgate and the whole cabinet dropped about a foot to the ground with a nice solid thud. I know of a case where somebody managed to drop an IBM Shark storage array off a forklift. Amazingly enough, it still kinda sorta worked after that And in the good ol' days (before the shark, actually) the IBM CE assigned to your site would have worked day and night getting it to work (and had fun doing it), replacing every part one by one if needed while still wearing the white shirts. But I date myself.
Re: Linux: concerns over systemd [OT]
On Wed, Oct 22, 2014 at 9:17 PM, Jeffrey Ollie j...@ocjtech.us wrote: I think that Debian's plan to allow multiple init systems (irregardless of which one is default) is a bad plan. The non-default ones won't get any love - at some point they'll just stop working (or indeed, work at all). Indeed. I believe that point was made during the debian technical committee discussions by one of the members of the TC (Russ, I think, although it was such a long discussion it could have been one of the other participants).
Re: IPv6 Default Allocation - What size allocation are you giving out
On Thu, Oct 9, 2014 at 1:18 AM, Erik Sundberg esundb...@nitelusa.com wrote: I am planning out our IPv6 deployment right now and I am trying to figure out our default allocation for customer LAN blocks. So what is everyone giving for a default LAN allocation for IPv6 Customers. I guess the idea of handing a customer /56 (256 /64s) or a /48 (65,536 /64s) just makes me cringe at the waste. A /48. There is waste, and there is waste. A /48 is not really significant waste because IPv6 address space is so large. If one believes in the truly connected home or enterprise, there will be a number of customer internal device delegations. Avoid having to renumber your customers when they do those internal networks of networks (yes, there are ways to do it transparently, but not having to do it means you avoid the pain of the transparent, which may not be transparent at all). As a residential customer, those that are handing me smaller blocks seem to be planning to charge extra for larger prefixes as a revenue stream (I presume just like one got a single IPv4 address, but could pay for more, now you get either a /64 or a /60, and get to pay for more for a /56 or /48). I consider that short sighted from a customer centric viewpoint, but I can see the revenue stream viewpoint. So, the only reason not to provide a /48 is if you think it is in your business plan to charge by the address (and hope your viable competitors in your market space follow a similar strategy, for I would always choose a provider that offers me more for the same, or less, money; I can even hear your competitors sales reps spiel Why build for obsolescence, we provide you all the space you will ever need at the same price and service level.
Re: IPv6 Default Allocation - What size allocation are you giving out
On Thu, Oct 9, 2014 at 4:45 AM, Faisal Imtiaz fai...@snappytelecom.net wrote: So, this is more of a 'opinion' / 'feel' (with all due respect) comment, and not something which has a (presently) compelling technical reasoning behind it ? Think of something like HIPnet https://tools.ietf.org/html/draft-grundemann-homenet-hipnet-00 http://www.cablelabs.com/the-future-of-home-networking-putting-the-hip-in-hipnet/ with multiple levels of home devices performing routing (prefix delegation), with multiple networks off of each. Even a /56 can easily end up being too little for multiple levels in a residence. If one believes in the IoT/IoE hype, everything will have a IPv6 address, and many of those devices might have multiple internal networks. So, yes, I assert based on a feel that a /48 is the right choice, because I am hoping to not make the same mistakes as with IPv4, and under estimate the growth of the network by the customers, resulting in all sorts of convoluted workarounds for not having enough addresses and options to do things right.
Re: IPv6 Default Allocation - What size allocation are you giving out
On Thu, Oct 9, 2014 at 5:16 AM, jamie rishaw j...@arpa.com wrote: (PS If I wake up in the morning and find out that someone has hacked my CatGenie litter boxes, I will hunt you down). I am sure any hacking will result in taking a dump.
Re: IPv6 Default Allocation - What size allocation are you giving out
On Thu, Oct 9, 2014 at 5:09 AM, jamie rishaw j...@arpa.com wrote: . These arguments and debates make me sad. I suppose it's my own fault for assuming that everyone in this ML is a forward thinker. Get used to disappointment.
Re: Owning a name
On Thu, Jul 31, 2014 at 12:10 AM, Owen DeLong o...@delong.com wrote: Wonder how long it is before we recognize the need for an international technical court for such matters where the guy on the bench has to be not just a lawyer, but a nerd, too. Can I nominate Judge William Alsup?
Re: Carrier Grade NAT
On Wed, Jul 30, 2014 at 5:22 AM, Owen DeLong o...@delong.com wrote: On Jul 29, 2014, at 4:13 PM, Mark Andrews ma...@isc.org wrote: . Add to that over half your traffic will switch to IPv6 as long as the customer has a IPv6 capable CPE. That's a lot less logging you need to do from day 1. That would be nice, but I’m not 100% convinced that it is true. For the 99.99% of the users who believe that facebook and twitter *are* the internet, at least facebook is IPv6 enabled. 50.00%(*)! Yes, I think we can all stipulate that those participating on this list are different, and have different expectations, and different capabilities, than those other 99.99%. Gary (*) If we are going to make up statistics, four significant digits looks better than one.
Re: Muni Fiber and Politics
On Mon, Jul 21, 2014 at 8:34 PM, Owen DeLong o...@delong.com wrote: . Whoever installs fiber first and gets any significant fraction of subscribers in any but the densest of population centers is a competition killer, _IF_ you let them parlay that physical infrastructure into an anti-competitive environment for higher layer services. I take it that on principal you would have petitioned against the proposed Google Fiber roll-out in the San Jose area and would have spoken out against it at the public hearing on June 17th in favor of an alternative municipal funded project if you were not otherwise engaged (the synopsis indicates no public comments from the floor from that meeting)? You may have missed an opportunity to be the one to stop Google Fiber in San Jose in preference to muni fiber, although there is never just one meeting for such large scale projects. I am sure you will have other chances to offer your opinion, and encourage the council to just say no.
Re: Muni Fiber and Politics
On Mon, Jul 21, 2014 at 9:37 PM, Jay Ashworth j...@baylink.com wrote: No, but I wasn't asserting All government sucks. Ugh; you were. All governments suck some of the time, and some governments suck all of the time. Your evaluation as to the level of vacuum will depend on how often your oxen pass the government goring centers (part of the you can not please all of the people all of the time theme).
Re: Muni Fiber and Politics
On Mon, Jul 21, 2014 at 10:13 PM, Jay Ashworth j...@baylink.com wrote: Cause my mailer isn't RFC 2919 compliant. Sorry. Zimbra has had open follow the damn RFC's tickets out there for a number of years. Perhaps it is past time to migrate away (fool me once, shame on you, fool me twice, shame on me. Fool me for three consecutive version upgrades)
Re: Net Neutrality...
On Fri, Jul 18, 2014 at 6:49 PM, Paul S. cont...@winterei.se wrote: For all intents and purposes, it actually does work fine -- yeah. I've got a few friends who bought it, it seems to work fine. This is way off topic, but This topic was covered back in the beginning of the year at: http://tiamat.tsotech.com/4k-is-for-programmers and the followup at: http://tiamat.tsotech.com/4k-is-for-programmers-redux The conclusion (in the case) was that for devs, the goods outweigh the bads. As always, your mileage will vary, and some settling occurred during transport. Note, too that Dell, Asus, and Lenovo have newer 4K models out there that address some of the issues (I have explicitly tried to avoid finding the reviews because I do not want to be forced, forced I say, to buy a 4K monitor).
Re: Ars Technica on IPv4 exhaustion
On Thu, Jun 19, 2014 at 10:47 PM, Owen DeLong o...@delong.com wrote: . Ideally, it would be nice if the UNH/IOL and/or CEA could come up with a meaningful definition of IPv6 support and a logo to go with it that we could tell consumers to look for on the box. Ideally, this would be a set of standards that users of the logo agree to abide by rather than a fee-based testing regime that excludes smaller players. You mean something like the IPv6 Ready logo at http://www.ipv6ready.org ?
Re: Credit to Digital Ocean for ipv6 offering
On Wed, Jun 18, 2014 at 11:37 PM, Daniel Ankers md1...@md1clv.com wrote: On 18 June 2014 19:05, Owen DeLong o...@delong.com wrote: OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s. Sad, really. Owen Is giving a /56 to residential customers REALLY screwing them over? Maybe, maybe not (it is, as much else, about perceptions) but /60 certainly seems to be screwing them over, and a /56 is the minimum would should see (with the ability to request at least up to a /48) IMHO. HIPnet ( http://tools.ietf.org/html/draft-grundemann-homenet-hipnet ) suggests that a /56 is the minimum one should expect in order to support multiple sub-delegations within the residence. Some $CABLECOs$ appear to be delegating only a /60 to residential customers (even though some of those same $CABLECOs$ have participated in the project; I guess that just proves the left hand and the right hand do not talk). Gary
Re: US patent 5473599
On Wed, May 7, 2014 at 5:18 PM, Rob Seastrom r...@seastrom.com wrote: Eygene Ryabinkin rea+na...@grid.kiae.ru writes: If you hadn't seen the cases when same VRIDs in the same network were used for both VRRP and CARP doesn't mean that they aren't occurring in the real world. We use CARP and VRRP quite extensively and when we first were hit by this issue, it was not that funny. +1 ... but choosing OUI from the VRRP space (hijacking that space) was clearly the poor design choice. Fullstop. +\infty Either it was an intentional conflict that was meant to cause operational problems or it was not. If it was, then a previous characterization of CARP as a trojan is spot on. If it was not (and I'm willing to be charitable here), then the take-away from this is that the folks who made this decision are utterly clueless about standards, the reason for standards, and operations. That would hardly be earth shattering news. To be slightly less charitable, since I am having hard time coming up with a third option, I am forced to choose between maliciousness and incompetence. And I never thought the OpenBSD team was incompetent. Perhaps I was wrong? But (presuming no adjustments) the patent is now expired, and the OpenBSD team could now release CARPv2 (or whatever they decide to call it) which would implement the standard, should they wish to work and play well with the standards bodies and community. Gary
Re: Residential CPE suggestions
On Mon, May 5, 2014 at 11:59 PM, Deepak Jain dee...@ai.net wrote: Any recommendation for a residential CPE that supports dual SFP uplinks (WAN) with either a routing protocol or a resilient Ethernet solution? Ideally, LAN port should be 100/1000 CAT5. I've looking at Mikrotik, Draytek and others. Looking something in a lower three-digit price point. Otherwise I might have to do a pair of media converters on a copper switch/router that can do it (ugly!). Thanks in advance! (No personal experience, but...) Have you looked at the EdgeRouter Pro? 2 SFP links, routing capability. http://www.ubnt.com/edgemax
Re: Requirements for IPv6 Firewalls
On Sat, Apr 19, 2014 at 2:29 PM, joel jaeggli joe...@bogus.com wrote: On 4/18/14, 7:04 PM, Jeff Kell wrote: PCI requirement 1.3.8 pretty much requires RFC1918 addressing of the computers in scope... It does not You are correct. In theory. However, for those organizations that have chosen to use a firewall with NAT rather than apply one of the other alternatives, the practice says that to implement IPv6, the firewall they want needs to do NAT. Again, telling someone that they are doing it wrong (and that they should change) will not be successful. Especially if the network people do not talk to the systems people, and do not talk to the applications people, and do not talk to the auditors Not that any organization would be so stove-piped. Perhaps there should be a I-D BCP about not stove-piping organizations too. And, while PCI compliance was the straw-man, I have seen other audit results that called out a lack of using NAT too (even though they, also, should not have done so; it was the policy that they should have called out. But that would require real understanding rather than a checklist). Gary
Re: Requirements for IPv6 Firewalls
On Fri, Apr 18, 2014 at 3:02 PM, William Herrin b...@herrin.us wrote: The main drivers behind the desire for NAT in IPv6 you've heard before, but I'll repeat them for the sake of clarity: 5. Some industries (PCI compliance) *require* NAT as part of the audit-able requirements. Yes, that should get changed. But until it does, (at least some) enterprises are going to be between a rock and a hard place. As Bill says, the place to get this fixed is not to tell the enterprises they are doing it wrong, but to change the requirements that auditors measure against. I would cheer the effort to engage those bodies to get them to understand that NAT is not the way (for it is not). This does not mean ignore the problem. It does not mean to tell people they are doing it wrong. It means active engagement with such organizations. And it is hard, policy type, work,
Re: A little silly for IPv6
On Wed, Mar 26, 2014 at 12:55 PM, rw...@ropeguru.com rw...@ropeguru.com wrote: . I want to see HIS source of hpow many atoms are actually on the earth. Somehow, I do not think anyone knows that answer. So his comparision is a joke. Obligatory xkcd ref: https://xkcd.com/865/
Re: Level 3 blames Internet slowdowns on Technica
On Tue, Mar 25, 2014 at 3:56 AM, Naslund, Steve snasl...@medline.com wrote: You are right but that is usually how it works with fiber because that last drop to the home is a pretty expensive piece that you don't usually want installed until it is needed. The LECS usually don't even light a building unless there is a service that requires it. I was trying to make the point that $700 - 800 per premise as quoted seems extremely low to me. If one believes the estimates from the Google Fibre rollout in Kansas City (and I suspect they are all wrong, but they probably have the magnitude right) the cost was (about) $600/premise passed. As you point out, the passed part is important, and did not include that last 100 yards of install and equipment. But that last 100 yards (and equipment) does not need to be spent until a subscriber signs on the dotted line. So the order of magnitude to pass a premise is roughly consistent between this known example of a recent build-out, and Jay's numbers, with all the right stars in alignment (I believe Google Fibre got agreements in advance regarding abbreviated and expedited zoning and permitting, which would likely have substantially decreased their costs (having seen how long/expensive that can take, I can understand why they wanted those agreements in place up front)). Now, whether a city would want to float a 30 year bond for city fibre, or for a new ballpark, or a new pier (or do all three and increase taxes by maybe 10%) and trust that if you build it, they will come is a different question.
Re: L6-20P - L6-30R
On Thu, Mar 20, 2014 at 4:00 PM, Rob Seastrom r...@seastrom.com wrote: Lamar Owen lo...@pari.edu writes: Actually, there is no NEC 384.16 any more, at least in the 2011 code. Guilty. I reflexively reached for my 2008 copy since that's the code of record here where I live. Glad we're not on 2011, wish we were still on 2005; a lot of stupidity has crept in since then. Tamper-resistant receptacles required in the unfinished basement shop? *really*? Think of the children! I hear the 2017 edition of NFPA 70 (aka NEC) may require one to turn off the power to the entire household in order to plug in a coffee maker to minimize potential arc flash hazard (just kidding). Gary
Re: NetSol opts domain customers into $1800 Security program?
On Wed, Jan 22, 2014 at 7:20 PM, Barry Shein b...@world.std.com wrote: P.S. Doing that, removing auto-renew, changes you to receiving urgent email from them once a week or so starting 90 days in advance about how your domain is ABOUT TO EXPIRE! Sort of reminds me of the late night TV ads for ginsu knives: So you don't forget, call before midnight tonight! Gary
Re: turning on comcast v6
On Fri, Jan 3, 2014 at 4:09 PM, Leo Bicknell bickn...@ufp.org wrote: Rogue RA's can take down statically IPv6'ed boxes. Rogue DHCP servers will never affect a statically configured IPv4 box. I believe that that would depend on whether your configuration of a static IPv6 address on your box also disabled accepting RA. On LInux, I believe it is something like net.ipv6.conf.if.autoconf=0 and net.ipv6.conf.if.accept_ra=0 (could easily be typos there, doing it from memory). As with much else, your devops scripts/processes may need to change for IPv6 vs IPv4 (which is why, especially for enterprises, it is not as easy as just turning it on).
Re: turning on comcast v6
On Fri, Dec 20, 2013 at 5:42 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Dec 20, 2013 at 12:30 AM, Owen DeLong o...@delong.com wrote: I'd like to encourage people to use prefix-hint=::/48. ... I think if I ask (via wide-dhcpv6-server) for more than is going to be sent I don't get anything configured at all :( I'm pretty sure I get sent a /64 in the response packet, but I don't install that.. which leads to busted v6 configuration on my device. I concur (with the request a /48, get a /64, not a /60). At least that is how I recall it used to work (I have not tried for some time at this point, and while I know Comcast has changed things in the interim, I am pretty sure I do not want to wait for Comcast to time out a /64 if that is what I end up getting). If someone has better information, I am willing to consider a test. Gary
Re: Caps (was Re: ATT UVERSE Native IPv6, a HOWTO)
On Mon, Dec 9, 2013 at 6:02 AM, Jeff Kell jeff-k...@utc.edu wrote: ... With 3270 you have little choice other than full screen transactions. It has been a long long time, but for the truly crazy, I thought it was possible to write single characters at a time (using a Set Buffer Address and then the character) as long as you had set up the field attributes previously. Lots of transactions, but one could appear to write out individual characters as slowly as the KSR 33 it replaced. Or perhaps my 3270 memory has finally faded away. Gary
Re: ATT UVERSE Native IPv6, a HOWTO
On Mon, Dec 2, 2013 at 11:47 PM, Owen DeLong o...@delong.com wrote: (Hint, NEST has already released an IPv4 smoke detector). And they really should have enabled IPv6 on it :-( But the processor should be able to handle it, if they update the firmware. I hear Tado does IPv6.
Re: ATT UVERSE Native IPv6, a HOWTO
On Thu, Nov 28, 2013 at 9:07 PM, Leo Vegoda leo.veg...@icann.org wrote: Is a /60 what is considered generous these days? I do not think so. I think that is more minimal than generous. I thought a /48 was considered normal and a /56 was considered a bit tight. What prefix lengths are residential access providers handing out by default these days? A /60 appears (by reports from ATT and Comcast customers) seems to be the current behavior for some residential access providers. I am sure one can find counter examples. And while I can rationalize the thinking (I suspect few home users currently use more than 16 internal networks), with solutions that will eventually depend on further prefix sub-delegation downstream (aka HIPNet), /60 feels a bit tight. I would certainly feel more comfortable seeing the providers start offering at least a /56, if not a /48, if requested by the customer. It is conceivable that the residential providers intend to offer more than a /60 at additional costs (as they offer more than one IPv4 address today), or to offer more than a /60 only to those that request it (to minimize some perceived waste of IPv6 numbers). I would expect that Business customers will almost certainly see different offerings (/48s?). It is also conceivable that the residential providers have not (yet) thought it all through. Gary
Re: OT: Below grade fiber interconnect points
On Fri, Nov 15, 2013 at 9:25 PM, Jay Ashworth j...@baylink.com wrote: ... Yeah; cranes are a bitch. :-) No, it is arranging for a rigging crew and the safety plan reviews for the lift (at least in any major company/institution which wants to stay on the happy side of OSHA; and has consul that suggests that the risks of not following the process is likely a CEE). Gary
Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
On Fri, Nov 1, 2013 at 4:43 AM, Anthony Junk anthonyrj...@gmail.com wrote: ... It seems as if both Yahoo and Google assumed that since they were private circuits that they didn't have to encrypt. I actually cannot see them assuming that. Google and Yahoo engineers are smart, and taping fibres has been well known for, well, forever. I can see them making a business decision that the costs would be excessive to mitigate against taping(*) that would be allowed under the laws in any event. Gary (*) A mitigation was run the fibre through your own pressured pipe which you monitored for loss of pressure, so that even a hot tap on the pipe itself would possibly be detected (and there are countermeasures to countermeasures to countermeasures of the various methods). And even then, you had to have a someone walk the path from time to time to verify its integrity. And I am pretty sure there is even an NSA/DOD doc on the requirements/implementation to do those mitigations.
Re: Urgent: rack mounting kit / rack shelf
On Fri, Jul 5, 2013 at 8:16 PM, Mike Lyon mike.l...@gmail.com wrote: Frys on Kifer Fry's is actually on Arques Ave in Sunnyvale. Not sure about all the Fry's, but the Sunnyvale store has re-imagined itself (no longer has rows upon rows of 8' shelves, they are now all about 5' tall, so you get a more open store experience) and no longer has quite the amount of rack stock on display it once had. I presume they have it in the back storeroom if one asks. +1 for Weirdstuff for random new-to-you racks and accessories (and I believe they have even more in their warehouse area, if you ask). Gary
Re: Security over SONET/SDH
On Mon, Jun 24, 2013 at 9:37 PM, Jamie Bowden ja...@photon.com wrote: Actually, you CAN do that, but you have to apply for ITAR exceptions. EXIM is complex and you really want a good legal team who are familiar with it hand holding you through it (and on extended retainer going forward...). We used to joke that our export control officer was the designated felon (in the case that the process/decision was wrong, that person was the one going to go to prison (and note the US Govt takes ITAR controls very very seriously; do not guess, do not even think about guessing; do not even think that the words in the regs mean what you think they mean)). Gary
Re: why haven't ethernet connectors changed?
On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: So why, oh why, nanog the omniscient do we still use rj45's? Because 8P8C connectors are well understood (both physically, and electrically)? And inertia matters. On some newer kit, Apple has removed the Ethernet port and uses a Thunderbolt - Ethernet dongle. Apple seems to link Ethernet ports are too big.
Re: Whats so difficult about ISSU
On Sun, Nov 11, 2012 at 1:45 AM, Saku Ytti s...@ytti.fi wrote: ... Or is GPL not really problematic issue, as you can hide your intellectual property in binary kernel modules? GPLv2, which governs the Linux Kernel, does tolorate use of binary kernel modules under some conditions (the classic example is the nVidia driver blob which uses a GPL shim). Regardless, most lawyers would advise a company to avoid being a test case for some of the poorly defined terms used in the license, including derivative work. A recent paper discussing the issue can be found at: LOADED QUESTION: EXAMINING LOADABLE KERNEL MODULES UNDER THE GENERAL PUBLIC LICENSE V2 http://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/1115/7WJLTA265.pdf?sequence=8 Gary
Re: Whats so difficult about ISSU
On Sun, Nov 11, 2012 at 7:31 AM, Felipe Zanchet Grazziotin fel...@starbyte.net wrote: ... If your silicon vendor supports BSD's, of course. From my (little) experience most vendors SDK will be available to Linux and vxWorks but not BSD. This limits companies that are building equipments based on third parties ASIC to use anything but Linux. You are right, of course, since the silicon vendors customers decide what they want the device to support, and that is (currently) Linux and VxWorks. Some BSD folk are trying to change that, by investing their time in the patches/ports needed to support additional embedded processor types/derivatives and make it a viable platform. There is even a Raspberry Pi port now available for FreeBSD as I recall. Ideally those efforts will produce a viable ecosystem for BSD in this space. Gary
Re: RPKI Pilot Participant Notice
On Wed, Sep 5, 2012 at 7:24 PM, Christopher Morrow morrowc.li...@gmail.com wrote: . a closer (by me) reading of: In order to access the production RPKI TAL, you will first have to agree to ARIN's Relying Party Agreement before the TAL will be emailed to you. To request the TAL after the production release, follow this link: http://www.arin.net/public/rpki/tal/index.xhtml; though kinda leads me into the hole randy/richard fell into... 'to poke the TAL and figure out where things are, you have to sign an agreement'. My interpretation was what Randy implied, and that ARIN wants an agreement with everyone who gets a (presumably unique to the agreement) TAL to protect ARIN. That would seem like a lot of overhead to maintain to me (since as I recall a TAL may never, ever (ok, very rarely) change), but then appropriate risk management has always been an interesting thing to watch in the (potentially litigious) ARIN region. Gary
Re: DNS caches that support partitioning ?
Re: LRU badness One approach is called adaptive replacement cache (ARC) which is used by Oracle/Sun in ZFS, and was used in PostgreSQL for a time (and slightly modified to (as I recall) to be more like 2Q due to concerns over the IBM patent on the algorithm). Unfortunately, we do not have any implementations of the OPT (aka clairvoyant) algorithm, so something like 2Q might be an interesting approach to experiment with. Gary
Re: US House to ITU: Hands off the Internet
On Fri, Aug 3, 2012 at 6:06 PM, Patrick W. Gilmore patr...@ianai.net wrote: Unanimous? I didn't think this congress could agree the earth is round unanimously. Perhaps because the earth is usually more properly described as an oblate spheroid... Gary
Re: EBAY and AMAZON
On Tue, Jun 12, 2012 at 4:33 PM, Michael R. Wayne wa...@staff.msen.com wrote: ... It is important to understand that there is nothing inherent in the Windows experience which prohibits security. Rather, it is a deliberate design choice on the part of MS. Windows. A strange game. The only winning move is not to play. How about a nice game of FreeBSD?
Re: CVV numbers
On Sun, Jun 10, 2012 at 8:02 AM, Owen DeLong o...@delong.com wrote: The skimmers can use CVV1 and bypass the CVV2 protection in most cases (though that requires them to gen up a fake or fraudulent card and do card present transactions which does add risk for them). Not so much for them, but the sacrificial mules that go to the (physical) stores (and the mules, at best, know the location to meet their handler, who is not even the person/group responsible for the acquisition of the numbers, but just another middle person). It costs almost nothing, so a few fraudulent transactions blocked is probably enough. That doesn't change the fact that I believe there have to be more effective methods that wouldn't cost much more. One of the CC industry think tanks (the think tank part of first data; to be honest, I am not sure that part still exists) has proposed various alternatives over the years (including a true non-traceable cash type of CC alternative that was sort of appealing), but the priority of the banks continues to be to insure convenience (with minimal losses for the banks), and almost all the of the alternative involved some sort of additional inconvenience to the customer. If you can come up with a good alternative, there are many many millions to be made. I am not smart enough to be able to come up with a clearly better alternative (other than a personal optimization to remember all the CC numbers, including the CVV2, as you stated you do). Gary
Re: WW: Colo Vending Machine
On Wed, Feb 22, 2012 at 08:09, Joel jaeggli joe...@bogus.com wrote: ... If we just stop printing things the problem goes away. I think Xerox promised me a paperless office (starting in the 1980s?). I am still waiting.
Re: Common operational misconceptions
On Fri, Feb 17, 2012 at 06:52, -Hammer- bhmc...@gmail.com wrote: Let me simplify that. If you are over 35 you know how to troubleshoot. Yes, I'm going to get flamed. Yes, there are exceptions in both directions. Necessity is the mother of invention Long before there was a Grainger (and Home Depot) in every city, and you could get parts shipped overnight, one had to make do, and making do meant being able to figure things out to be able to git r done with what you had on hand, or could figure out. When working on my Grandfather's farm, I did not look for work to do (actually, I looked for ways not to do any work :-), but if the project required pulling out the oxy-acetylene torch to cut and weld something onto the tractor to get something done, that is what you had to do, so you did it. If the TV went on the blink (they all did then), you opened up the back, looked for fried components, and if one of the resistors was smoking, you soldered in a replacement. Or you took the tubes down to the local drugstore and tested them. Even if you had no idea what you were doing, you were willing (and expected) to give it a shot, and try to fix it. More often than not you learned something along the way, even if it took hours to figure it out (and had to repair your repair a few times :-). For those without the capabilities, you took it to the shop, where someone else did the troubleshooting and repair. Along the line, the costs of technicians to do that type of work started to exceed the cost of simply replacing the entire unit (how many people remember when going to the auto dealer that the cost of the parts far exceeded the cost of the labor? Now it is the other way around). Troubleshooting became a lost art. Swap 'til you drop became the mantra. It became the cost effective way to do repairs. There are advantages to the new way of disposable devices, but almost no one knows how they work anymore, and they do not care to know. The members of this list are likely to be sufficiently self selected to be in the minority of actually wanting to know. There is a (small) backlash of people who are trying to get back into the world of actually building things, and understanding how they work (popularized by such things as Make magazine, and Maker Faires). Gary
Re: common time-management mistake: rack stack
On Thu, Feb 16, 2012 at 23:29, Jeff Wheeler j...@inconcepts.biz wrote: ... Imagine if the CFO of a bank spent a big chunk of his time filling up ATMs. Flying a sharp router jockey around to far-flung POPs to install gear is just as foolish. There is a theory of management that says a good manager needs to know nothing about the staff or the jobs he is managing, because his job is about returning profit to the shareholder, and not about what the company does. AFAIK, these theories are made in the academic halls of the business schools, which churn out MBAs, and, self-selected group that they are, believe in (more) managers, and (more) powerpoint business plans, and (more) theory. I happen to come from a different background, and believe that it has value to understand what the people who are working for you actually do. That does not mean the CEO should spend all day delivering the mail (or flipping burgers), but she had better have done it a few times, and it is a good idea to do it from time to time to see what has changed. It keeps the manager grounded with the reality. (I have been told that the reason that the commanders in the Army are reluctant to send their people to battle is that they have experienced it, and know it is hell. And the reason the people will go to hell for their commander is that the commander has the moral authority of having done it, experienced it, know that they are asking a lot, but it is for the common good. People will follow a leader who has been there, done that, and not so much when it is just an academic business plan on a powerpoint slide.)
Re: Common operational misconceptions
On Fri, Feb 17, 2012 at 18:06, George Bonser gbon...@seven.com wrote: Fry's wanted $55 for a 1 meter LC-LC multi-mode patch cord yesterday at the store on Arques in Sunnyvale. Admittedly high, but in the same store, one set of rows to the left (as you were looking at the fibres) they sell 12-24 rack screws for something like $10/bag of 12. Now *that* is markup.
Re: Colo Vending Machine
On Sat, Feb 18, 2012 at 01:02, George Herbert george.herb...@gmail.com wrote: Will IANA accept netblock transfers as an exchange medium for datacenter goodies vending machine payments? ... ;-) Joking while busy discouraged. s/IANA/ARIN/d'oh I suspect ARIN would follow its policy to recognize any transfer and update its records as long as the needs assessment was successfully completed, but any compensation between the seller and buyer of the resource is not part of the ARIN process. (This is a (bad?) joke reference to a currently ongoing discussion on the ARIN PPML list).
Re: LX sfp minimum range
On Thu, Jan 26, 2012 at 13:47, David Storandt dstora...@teljet.com wrote: You can put a 3dB or 5dB optical pad on the link if the receiver can't handle zero-distance optical power. As I recall, the problem may not only be the power (which can cause receiver saturation), but issue that fibre paths shorter than (around) 2-10m do not properly condition the light(*), which can result in some issues at the receiver. Gary (*) My memory says modal distribution issues. While 'single mode' fibre only supports one mode of transmission, it takes a short distance for the fibre to really be single mode. You can use a mode filter to address the problem, or just use fibres that are at least a few meters.
Re: AD and enforced password policies
On Tue, Jan 3, 2012 at 05:09, Greg Ihnen os10ru...@gmail.com wrote: A side issue is the people who use the same password at fuzzykittens.com as they do at bankofamerica.com. Of course fuzzykittens doesn't need high security for their password management and storage. After all, what's worth stealing at fuzzykittens? All those passwords. Second obligatory xkcd reference (Password reuse): http://xkcd.com/792/
Re: AD and enforced password policies
On Mon, Jan 2, 2012 at 22:32, Jimmy Hess mysi...@gmail.com wrote: The sole root cause for easily guessable passwords is not lack of technical restrictions. It's also: lazy or limited memory humans who need passwords that they can remember. Firstname1234! is very easy to guess, and meets complexity and usual length requirements. Obligatory xkcd reference: http://xkcd.com/936/ Gary
Re: IP addresses are now assets
On Sat, Dec 3, 2011 at 18:18, David Barak thegame...@yahoo.com wrote: Should the HAC be expected to manage the transition to HumorV6? I am not that familiar with Humorv6. Has Hv6 had sufficient operational input, or is it based on a philosophically pure redesign of humor making it theoretically funny, but in practice most of the humor falls flat. Does it require a redesign of the existing infrastructure (i.e. comedy clubs) in order to get the joke? And, of course, is the British implementation of HumourV6 compatible the American implementation of HumorV6? Gary
Re: IP addresses are now assets
On Fri, Dec 2, 2011 at 20:01, bmann...@vacation.karoshi.com wrote: . Suggestion received and needing confirmation: That ARIN or a party it designates assign one or more sense(s) of humour to the CEO. I believe this suggestion suffers from being too non-specific, and could lead to unintended consequences. ARIN could, for example, assign John a slapstick comedy sense of humor and all the chairs at the next meeting would have a whoopee cushion. And do you really want John taking on the role of a Don Rickles as an insult comedian? And, of course 87% percentage of the population believes that they already have an above average sense of humor (and 62% of the population believes any statement with a statistic in it). I would recommend that this suggestion be revised with community input into what type of humor can achieve a community consensus. Gary
Re: IP addresses are now assets
On Fri, Dec 2, 2011 at 03:52, Robert E. Seastrom r...@seastrom.com wrote: In any litigation, Counsel always wins. I often remind myself that there's still time to go to law school. :-) It may be too late. The glory days of getting a JD and then racking in the money are apparently over. I remember reading recently (in the NYTimes?) that newly minted lawyers are having a hard time finding employment, as the customers of the law firms are pushing back on the ever higher fees, and the firms are responding by a combination of outsourcing some research, and using non-lawyers for other work, reducing the demand for (and hiring of) new lawyers. Exceptions noted for the Harvard grads due to the OBN.
Re: Dynamic (changing) IPv6 prefix delegation
On Mon, Nov 21, 2011 at 22:18, Nathan Eisenberg nat...@atlasnetworks.us wrote: Look at the number that are refusing to make generous prefix allocations to residential end users and limiting them to /56, /60, or even worse, /64. Owen, What does Joe Sixpack do at home with a /48 that he cannot do with a /56 or a /60? Flexibility. With dhcpv6 prefix delegation, you are going to want devices to be able to request (at least) /60s for further delegation (and better yet /56s to allow them to delegate /60s with further delegation when needed). While Joe may not have as complex of an environment as his neighbor Sue, should we target the common Joe, or the advanced Sue? As I suspect Owen will say, there is no reason *not* to give out /48s (ipv6 space is huge), and this is good opportunity to enable the residential user to not have to work around artificial limits in the future. Gary
Re: Internet mauled by bears
On Tue, Sep 20, 2011 at 01:49, Richard Barnes richard.bar...@gmail.com wrote: And if they turn up the voltage on the fence high enough, dinner could be cooked by the time the crew gets there! Not quite. The point of the electric fence is to discourage moooving through it, but you do not want to kill (or seriously injure) your livestock. That, however does not always work as expected. Cows are really dumb creatures. And while an electric fence may discourage them, I have seen the extra special ones just lounge against the electric fence for a long time (I presume until the brain notices that something does not feel right, so perhaps they should consider, but only consider, being somewhere else). On a good day the cow goes (or does not go) where you want it. On a bad day you repair the electric fence. Gary
Re: East Coast Earthquake 8-23-2011
On Wed, Aug 24, 2011 at 05:55, JC Dill jcdill.li...@gmail.com wrote: On 23/08/11 3:13 PM, William Herrin wrote: A. Our structures aren't built to seismic zone standards. Our construction workers aren't familiar with*how* to build to seismic zone standards. We don't secure equipment inside our buildings to seismic zone standards. They should be. They should be. You should. Earthquakes can happen anywhere. There's no excuse to fail to build/secure to earthquake standards. I am not sure the original statement is completely accurate. At least for commercial construction, there are (now) seismic standards. It is true that the right coast did not change the building codes until (as I recall) the mid (to) late 1970s to account for earthquakes. I believe there are some differences in those codes from the left coast standards, to reflect the type and intensity of the quakes likely to occur (and the liquefaction issues are presumably different when the granite bedrock is practically under your feet). However, there are a *lot* of older buildings that predate the newer codes, and in general no monies are allocated for seismic retrofits (except, as in many jurisdictions, when you do major modifications and you then have to upgrade the building to the current codes). As far as securing equipment, I do remember some safety person coming around suggesting it at one point as a possibly improvement when I worked in that region in the 90's, but, not surprisingly, they were more worried about other safety improvements (like snow and ice removal, and repair of cracked sidewalks and stairs). Priorities for safety improvements will always be made. Gary (I am also not a geologist)
Re: What do you do when your Home ISP is down?
On Thu, Aug 18, 2011 at 18:09, Eric Wieling ewiel...@nyigc.com wrote: Obligatory xkcd http://xkcd.com/806/ Obligatory dilbert: http://www.youtube.com/watch?v=gc2Ks3lQew8 (the first part regarding tech support)
Re: Microsoft's participation in World IPv6 day
On Thu, Jun 2, 2011 at 21:42, Cameron Byrne cb.li...@gmail.com wrote: Pure speculation here, but these stats that you refer to are not a scientifically representative sample of the internet at large, this sample is a self selecting group of people who have chosen to run an ipv6 test. Commonly called sample bias. Good statistical analysis will address (and adjust for) such bias, but that can be (very) hard work. As with all the CNN polls, there should be a disclaimer on such sites that say this is not a scientific poll, but that would ruin the fun. Gary
Re: IPv6: numbering of point-to-point-links
On Mon, Jan 31, 2011 at 09:13, Blake Hudson bl...@ispn.net wrote: I setup a p2p /127 link and found that BGP would not peer over the link; Changing to /126 resolved the problem. I never looked into it further because I had intended to use /126 from the start. My guess is that while BGP should be a unicast IP, Cisco's implementation uses an anycast in some cases, disregarding the configured unicast address. Just one practical example... I suspect this is very platform/version specific, as I have run BGP on a Cisco 6500 (SXImumble) to a Juniper MX and we had no trouble with a /127 (although prepared to move to a /126 or whatever if needed). As always, your environment will vary. I would open a TAC case on the principal that it should work.
Re: anyone running GPS clocks in Southeastern Georgia?
NTP isn't going to be the only ripple. Most of the brand name GPS NTP solutions have a clock with is more than stable enough to survive without GPS lock for 45 minutes(*). Some of the more expensive units with temperature controlled oscillators have hold times in the many weeks. My guess is that the NTP ripples will be limited to those NTP servers just (or recently) booted which have not yet achieved a stable clock state. Gary (*) This presumes that this test results in loss of signal lock, and not intentionally injected false information.
Re: Want to move to all 208V for server racks
On Fri, Dec 3, 2010 at 22:28, Owen DeLong o...@delong.com wrote: ... This is easily done with AC and would be quite complex and inefficient (especially with the technology available at the time this decision was made) with DC. Correct. Now, of course, with switched mode conversion and power FET technology DC-to-DC converter efficiency can be greater than 95% in optimized designs, but back when Edison and Tesla were arguing the merits, DC conversion was very inefficient compared to AC.
Re: Want to move to all 208V for server racks
48V (and some more when batteries are full) are slightly below the limit of non harmfull voltage. I suspect you have never seen the pictures of a wrench that exploded/splattered all over someones body. 50V may not (usually, but your mileage will vary) be able to produce enough current in a body to kill via fibrillation, but as usually deployed it has enough joules to kill in other ways. 50V is the number in the regs below which certain controls are not required. In some jurisdictions, it also allows those that are not electricians to perform work. Anyone regularly working around that many joules, no matter the voltage, has either been properly trained in a safety regimen, or is extremely lucky. It is no different than people who work around high pressure compressed air/steam. There is a lot of stored energy there, and you need to treat it with respect (same with heavy weights suspended above your head, or lots of other examples). Gary
Re: Want to move to all 208V for server racks
On Thu, Dec 2, 2010 at 22:39, Seth Mattinen se...@rollernet.us wrote: ... Arc fault breakers are a very new code requirement which I believe is primarily targeted at sleeping areas. My place has them (built about 4 years ago) on the bedroom outlet circuits. If I spin the socket switch on one of the table lamps too fast it'll trip. The NFPA priority is to protect life (property/equipment are there too, but lower in priority). (Note that while NFPA 70 is not required, most jurisdictions eventually turn it into their law/codes. But exceptions exist, and your specific requirements may vary, and not all jurisdictions adopt the new rules immediately. Some still (only) require NFPA 70-2005, and not NFPA 70-2008. There is no known case where applying more recent practices has resulted in liability, so some contractors may build to 2008 when only 2005 is being enforced by the inspector). Now that most outlets are grounded, and GFCIs are in locations where people are likely to be the source to ground (wet areas), one of the bigger remaining issues for loss of life in the home due to electricity was in the bedroom with arcing between the hot/neutral when people were asleep (and could be overwhelmed by the smoke before they could get out of the house). Another addition to the code a few years ago was what I call child proofing the outlets(*). You will see all new (but not existing old stock) outlets having a (usually) mechanical cover for the slots which requires a plug to be pushed in (only the pressure from both prongs will open the cover) to protect against the inquisitive fork or finger problem. NFPA 70 does take into account industry recommendations (for the conspiracy theorists), and the perceived return on the costs (something that saves 1 life over 10 years but costs billions is not likely to make it into code). Gary (*) Technically, I think these are called Tamper-Resistant Receptacles, and are required in all new work as of NFPA 70-2008.
Re: Want to move to all 208V for server racks
On Fri, Dec 3, 2010 at 07:54, Chuck Anderson c...@wpi.edu wrote: On another note, how do you calculate N+1 power feeds in your racks? If you have 2 PDUs fed from two different branch circuits/UPSes/etc. do you just set your PDU load alarm thresholds at 50% of the max rating of each PDU and never load them beyond that point, so that if you lose one PDU/branch circuit/UPS and the dual-power servers transfer their load over to the other side, it doesn't get overloaded? That would be around 40%, not 50% (80% of 50%). Note that there are some caveats. Some power supplies are more or less efficient at different (low vs. high) utilizations, and depending on the design, you are running (with 2 power supplies) either each at (around) 50% of load, or 1 at 100% and the other at 0%. It is *possible* to be able to run near 60% on two UPS circuits if the power supplies are inefficient at 50%. But this requires a lot more design and evaluation work than the (easy to calculate) 40% target. Also note that *your* electrical engineer may de-rate the circuits capacity due to the fact that switching power supplies generate numerous artifacts on the lines. These are all advanced (electrical) engineering topics. Gary
Re: Want to move to all 208V for server racks
On Fri, Dec 3, 2010 at 04:02, John van Oppen jvanop...@spectrumnet.us wrote: ... GFCI breakers are often required on large services, most large (new) 480v services I have seen (1000A and larger) a have Ground fault breakers, Actually, my recollection is that large new services include arc suppression rather than ground fault (480V service may be floating in any case, since it would depend on delta-wye distribution). There has been strong efforts to protect the low voltage electricians (in common power distribution speak, 12K+ voltage is high voltage, less is considered low voltage; yes, this is a different point of view). Even with a 100Cal suit on, you really want arc suppression at those high joule ratings to protect a life (every master electrician has a story about arc flashes, and some stories include the outline of the ex-individual on the opposite wall). It is now common when doing work on downstream devices to reduce the arc limits so that ones life has increased protection. A protective trip is better than the alternative. in fact I have seen some bad outages on entire datacenters where the main breakers had a lower ground-fault current setting (for tripping) than a branch circuit that had a phase-to-ground fault resulting in the main breakers tripping instead of the branch circuit. *Proper* engineering is more than just putting in a breaker with a high enough rating. The days of nice resistive (think incandescent light bulbs) or inductive (motor/transformer) loads are long gone. Switching power supplies (or large pulse rectifiers) require a more careful analysis. I have seen too many upstream breakers being set at the wrong trip values (the larger breakers have internal adjustments), and trip first. Gary
Re: Want to move to all 208V for server racks
btw, one thing I do not recall seeing on this thread is that 208v avoids one of the common problems with 120v, which is the third harmonic issue. With the cheaper switching power supplies, one will often see significant 3rd harmonics in the waveforms(*). The 3rd harmonic, across a 3 phase circuit, are additive on the neutral. In worst case, your (common) neutral current may exceed the line currents. Proper engineering for significant 120v distribution in new DC construction often requires double sized neutrals to mitigate against this. Using 208v mitigates this particular issue. Gary (*) There are also other harmonics, but for this discussion, 3rd is what matters.
Re: Want to move to all 208V for server racks
On Thu, Dec 2, 2010 at 22:07, Ricky Beam jfb...@gmail.com wrote: ... I think they are now a violation of the NEC. And they were delisted by UL years ago. They pose a hazard as they will not react fast enough to prevent a fatal shock. (and the only one's I've ever seen were outlawed as the breaker itself was a fire hazard.) While I do not have a copy of NFPA 70-2011 (the latest latest, released a few months ago), my reading of NFPA 70-2008 still allows GFCI breakers (NFPA 70 is the official name for NEC). Personally, I prefer to specify and use GFCI outlets (and I tend to not daisy chain) so that the the fault is next to the use (and no collateral outages occur). Of course, specific breakers may not meet the newest requirements.
Re: Want to move to all 208V for server racks
On Thu, Dec 2, 2010 at 22:17, Antonio Querubin t...@lava.net wrote: ... You sure about that? GFCI breakers as well as their close cousins AFCIs are still being sold and bought at hardware stores. I am not sure I would call AFCIs a close cousin to the GFCI (except that they are both more expensive that a non-xFCI breaker). They serve different purposes. The (arc) faults that AFCIs are designed to interrupt would commonly be passed through the GFCI without notice. GFCIs are designed to protect people from shock, and AFCIs are designed to protect against fire from the arc (which also tends to protect people, but less directly).
Re: Did your BGP crash today?
On Mon, Aug 30, 2010 at 15:55, Jack Bates jba...@brightok.net wrote: ... As good a place to break in on the thread as any, I guess. Randy and others believe more testing should have been done. I'm not completely sure they didn't test against XR. They very likely could have tested in a 1 on 1 connection and everything looked fine. I don't know the full details, but at what point did the corruption appear, and was it visible? We know that it was corrupt on the output which caused peer resets, but was it necessarily visible in the router itself? Do we require a researcher to setup a chain of every vender BGP speaker in every possible configuration and order to verify a bug doesn't cause things to break? In this case, one very likely would need an XR receiving and transmitting updates to detect the failure, so no less than 3 routers with the XR in the middle. What about individual configurations? Perhaps the update is received and altered by one vendor due to specific configurations, sent to the next vendor, accepted and altered (due to the first alteration, where as it wouldn't be altered if the original update had been received) which causes the next vendor to reset. Then we add to this that it may pass silently through several middle vendor routers without problems and we realize the scope of such problems and why connecting to the Internet is so unpredictable. I am not aware that anyone has provided the complete details at this point which would include any test plans that may have been performed. From what I have been able to discern, it does seem likely that a test plan that would have caught this almost had to know of the specific issue in advance. More testing would have been better, but there is just too much variability out there to assure you can do a complete test. I am also not aware that the introduction of the attribute was announced to the usual operational lists in advance just in case (Ok, in this case, I mean NANOG). This, is my mind, is actually the bigger faux pas. An Oh S*** moment has happened to most of us. It probably will happen again to many of us. But letting people know in advance of scheduled changes is the important thing. I would hope that in the future researchers will commit to test plans to (at least) all the major vendor BGP speakers (which, I admit, would likely not have caught this issue), and that before introducing such new attributes into the Internet, they would announce it to the usual operational lists, again, just in case. But my hopes are often dashed. Gary
Re: DNSSEC and SSL
On Sat, Aug 21, 2010 at 18:00, ML m...@kenweb.org wrote: Would a future with a ubiquitous DNSSEC deployment eliminate the market for commercial CAs? Would functioning DNSSEC + self signed certs be more secure/trustworthy than our current system of trusted CAs chosen by OS/browser developers? See Dan Kaminski's presentation at this years BlackHat Defcon for a proposal, and the prototype glue that provides a proof of concept. http://www.recursion.com/talks.html (I seem to recall the X.509/CA part starts about 3/4 of the way through the deck). That said, Dan does not suggest that everything a CA does is obsolete, there will still be a market for making sure that BankOfAmerica.com really is the bank you want to do business with (branding).