Re: Networks ignoring prepends?
On Tue, Jan 23, 2024 at 03:37:25PM -0800, William Herrin wrote: > Nevertheless, in the protocol's design, the one expressed in the > RFC's, AS path length = distance. Bill, The protocol was also developed at a time when everyone utilized the same transit provider, and all other ASes were regional or local in scope. Still, I'm not sure your assertion is true. There are senior network engineers on this list who weren't even alive when 1105 was published, and express contemplation of AS path as a tiebreaker doesn't come into it until 1164: "1. An AS can minimize the number of transit ASs. (Shorter AS paths can be preferred over longer ones.)" Note the can...hardly a MUST, or a SHOULD. AS hop count was never intended as a large hammer, and it has never been one in practice, since most people are making their decisions based on local preference, which for the last couple of decades is typically set based on internal community tagging. --msa
Re: 99% of HK internet traffic goes thru uni being fought over?
On Wed, Nov 20, 2019 at 04:41:13PM -0500, b...@theworld.com wrote: > Thanks everyone for the replies. My conclusion is that no one here > knows whether HKIX handles 99% of internet traffic for HK or not. Barry, While it's absolutely a number we don't have, it's also worth asking what we are trying to measure. 99% of HK traffic by volume... Or 99% of HK traffic by "doesn't touch the mainland, or increasingly corruptible US companies that also engage in censorship." --msa
Re: Cogent sales reps who actually respond
On Sun, Sep 15, 2019 at 04:13:55PM -0400, n...@as37662.com n...@as37662.com wrote: > Do any orgs here have experience with a good Cogent rep? The rep we got > via Cogent's website is unresponsive to even basic questions. It feels > like we are dealing with a bot and copy-pasted replies. Just put your real phone number in WHOIS and wait. --msa
Re: 44/8
On Thu, Jul 18, 2019 at 11:47:21PM -0400, Christopher Morrow wrote: > Also, who's this 'we'.. I don't live in california... I presume UC is > getting funding from california, not virginia. (mostly) > It seems though that 44/8 was being used in some research project at > UC so... maybe this is just that still at play. > less nefarious and more 'meh, why change if we don't have to?' [Off-NANOG] Chris, Remember that state college systems receive federal education funding; some of your dollars are in this pot, too. --msa
Re: 44/8
On Thu, Jul 18, 2019 at 11:21:58PM -0400, Christopher Morrow wrote: > who knows? probably? not really my personal concern I guess. If they're using taxpayer supported networks to provide transit to a private, for profit entity, we should all care. > I'm not sure how you're quite going in this direction... In order to sell something, you must own it...if you pop up, claim responsibility for it, sit on it a while, and then sell it.. did you truly own it? If you represent a community, in theory, and sell something without prior discussion, are there ethical concerns around that? There are some potential legal title questions around this, and if ARIN is facilitating transactions with questionable history, that is something the Internet community might be concerned about. Certainly, facilitating questionable transfers makes the idea of an RIR sponsored registry that controls routing less palatable to some individuals. And this is why I'd love some additional color from the participants. Perhaps this is all explicable -- but that blog entry did not assuage my concerns. --msa
Re: 44/8
On Thu, Jul 18, 2019 at 11:02:40PM -0400, Christopher Morrow wrote: > So.. this is/was a legacy allocation, right? with some 'not great' > contact/etc info... It's been announced by UCSD as a /8, consistently available, with tunnel services and rDNS available on a consistent basis, for a long time. The folks involved are not hard to find and never have been. Amusingly, they still seem to be advertising the covering aggregate, so I guess the Cal system is going to provide transit to Amazon? Do the Regents know about this arrangement? > the ARIN folk could have said: "Well sure! if the current folk who > control access can positively show they do AND they don't mind parting > with a /10... ok?" ... I'm not sure this would make the 44/8 allocation anything but a bogon, or ARIN WHOIS & RPKI a reliable resource for the community. Potentially quite the contrary. If I start advertising space, and can show I thusly "control" it, can I monetize it, too? I could use "some millions." --msa
44/8
Apparently isn't 44/8 anymore: NetRange: 44.192.0.0 - 44.255.255.255 CIDR: 44.192.0.0/10 NetName:AT-88-Z NetHandle: NET-44-192-0-0-1 Parent: NET44 (NET-44-0-0-0-0) NetType:Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate:2019-07-18 Updated:2019-07-18 Ref:https://rdap.arin.net/registry/ip/44.192.0.0 Some additional color is available at: https://www.ampr.org/amprnet/ What's interesting about this is it was not an ARIN allocation, and the ARDC folks are not the original registrant. This IANA /8 was initially delegated to a community, not an organization. So, to the individuals listed in the blog, that I've excerpted below, what do you have to say about this? Brian Kantor kc claffy Phil Karn Paul Vixie [I've omitted those I don't know to be NANOG familiar.] ARIN also appears to have a role here. Any comment, ARIN folks? --msa P.S.I've been licensed as a ham since prior to the organization of ARDC in 1992 -- where's my check?
Re: Time and Timing Servers
On Thu, Jul 11, 2019 at 09:50:48AM -0500, Mike Hammett wrote: > Isn't a major problem with CDMA-based sources that the networks > they depend on are getting shut down? Domestically, yes. Not only are you dependant on Sprint if you go that route (Verizon is already pulling the plug on CDMA this year.), it was never any better than +/- 10 ms or so. You can get that via NTP pointed at the Internet. At best, all you were doing with CDMA was relying on a cell site's GPS receiver and holdover characteristics -- which were totally opaque to you. At least you can monitor NTP. --msa
Re: Time and Timing Servers
On Thu, Jul 11, 2019 at 09:29:46AM -0500, Mike Hammett wrote: > There were a lot of NTP threads several weeks ago, but I didn't get an answer > to my question amongst all of the other chatter. > > I'm looking for a device that can receive GPS inside a building without the > assistance of an external antenna (Frontier says they no longer allow > external antenna), will provide traditional NTP services, and will provide > a timing signal that my Metaswitch can work with. Unfortunately, L band satellite signals are incredibly weak by the time they reach the surface. It's very unlikely this is going to work for you (unless it's a wood framed single story building.) Generally, I try to ensure that a GNSS antenna is built into the contract, to avoid games like this. You have two options: A) Find a new colocation provider. This may already be on your to-do list for other reasons. B) Rely on the Internet for timing, using NTP or PTP from another location to backfeed the site, and use a box with a good stable oscillator to keep time (this can actually be a commercial time server with decent holdover characteristics. If you're just looking for alternatives to Microsemi, I highly recommend talking to the fine folks at Meinberg. --msa
Re: historical BGP announcements? (pre-1997)
On Mon, May 06, 2019 at 01:47:24PM -0600, John Osmon wrote: > I've got a need to look for some announcements from the mid 1990s. > The oldest I've found at at the University of Oregon Route Views > Project, but the earliest I can find there appears to be November of > 1997. > > Anyone have pointers to date from earlier? Collected announcements? None that I know of. A possible proxy for them? Maybe. Dig through the NSFNET NACR archives, and you can at least build a list of possible announcements. (The same is probably true of any old PRDB data kicking around out there, and the NSS configs.) --msa
Re: Network Atlas End of Year 2018 Update
On Sat, Dec 01, 2018 at 05:31:48PM -0800, Mehmet Akcin wrote: > Next up, let me address the elephant in the room. As many of you know, > Network Atlas’ Kickstarter for $100K for 2019 funding came up short of > meeting its goal(we cancelled it before the time because many of you > reached out wanting to support directly not via Kickstart). However, it was > an excellent learning experience, as it provided a chance to interact with > potential donors and hear their questions. One of those questions was if > Network Atlas could show its 3-year plan for the project. In the interest > of transparency, I would like to share with you Network Atlas’ proposed > 3-year operating budget as of today. > > You can see this as details in our blog - > https://www.networkatlas.org/blog/eoy2018 Hey Mehmet, Thanks for putting together this resource for the community. Can you expand on some of these line items? I'm at a bit of a loss as to how a community funded, crowd-sourced service likes this needs 18% of its budget allocated to travel. What am I missing? Thanks! --msa
Re: NTP problems/time.windows.com?
On Tue, Apr 04, 2017 at 01:23:58AM +, Jay R. Ashworth wrote: > I haven't personally seen anything about this across my fleet; anyone here > seeing tracks from it? -snip- > > http://www.ibtimes.com/how-change-ntp-server-microsofts-timewindowscom-causes-computers-display-wrong-time-2519884 -snip- "One explanation that has gained traction online as users scramble for answers is the suggestion that a cluster of time servers may have lost connection with an external source that syncs the time and date." Haven't seen it, but if people are reporting sudden hour offsets, on the first Monday in April, I'd bet on a DST implementation bug that hijacked the system clock on their servers. This doesn't look like the sort of error you'd get with a free running clock. --msa
Re: WWV Broadcast Outages
On Wed, Feb 22, 2017 at 04:59:53AM -0800, Hal Murray wrote: > Any suggestions for gear and/or software that works with WWV (or CHU)? > Or general suggestions for non GPS sources of time? Hey Hal! In North America, WWV and CHU are pretty much it for accessible backups these days. Unfortunately time and frequency distribution is a niche that tends to get neglected (if not actively gutted) in US budgets. > Dave Mills had a driver in ntpd that used a PC audio port to listen to WWV. > I don't know anybody who ever used it. I think there was code to tell some > brand of receiver with a serial/USB port how to change frequencies so you > could use the one that worked best for that time of day. You do now. The WWV and CHU audio drivers work fine. If you want the auto-tuning functionality, you need to use an Icom receiver that supports their CI-V protocol. (This can be a full fledged tabletop like the R-75, or a more compact receiver like their PCR-100 or 1000. Some of these are no longer produced, but they're easy to come by on the secondary markets. I picked up multiple PCR-100s off eBay at $25 ea a while ago.) You can always use any shortwave receiver, and just tune it to a good frequency. There are also kit and prebuilt 10 MHz receivers out there in the $30-$40 range which will work. You accept a slight loss in daily coverage by selecting a compromise frequency, but it's better than nothing and independent of GPS. If you (or anyone else on NANOG) needs some help getting the audio refclocks working; drop me a line. > There used to be WWVB (60 KHz) receivers. The good ones phase locked > to the carrier. The general rise in EMI made those close to useless > in most locations. NIST finished the job when they changed the > modulation format a few years ago. As far as I know, there aren't any > replacements for the old gear that take advantage of the new modulation > format. GPS works too well. It's not so much that GPS works so well, as there's no way to produce a commercial receiver that uses the enhanced format. By gifting the developed IP back to the developer as part of the SIPR grant, it is all sitting under a patent umbrella. Unfortunately, the startup that developed it appears to have failed (at least, they've mostly vanished, folks seem to have moved on, and they're late on corporate reports at this point.) -- leaving the new format only usable by hackers and not something that can be rolled into a commercial timing receiver. My biggest beef with the new format was the rollout, 5 years ago now, before a commercial receiver was available on the market. I'm not sure why NIST has stuck with it. > There are some boxes that recover the time from nearby cell phone towers. I > think they will stop working as the towers get upgraded to the newer > protocols that use a different form of timing. That will probably take many > years. But the cell phone towers depend on GPS. (You can ususlly spot the > conical antenna(s) if you look around a bit.) CDMA was only ever good to +/- 10ms anyway, at least any of the boxes I ever used. You can actually outperform it with classic WWV or CHU, and those get you a real backup, rather than an indirect dependancy on GPS. --msa
Re: WWV Broadcast Outages
On Tue, Feb 21, 2017 at 11:21:09AM -0500, Sean Donelan wrote: > If any network operators still use WWV for time synchronization. I wouldn't expect this to cause any serious synchonization problem; anyone using HF for time has to have the ability to hold over for a miniumum of several hours anyway due to the vagaries of normal shortwave propagation. (Even 24-48 hour disruptions aren't uncommon after a large solar event.) That said, I and many others "still use" WWV -- there aren't exactly a surplus of suitable backup methods to GPS these days. But if anyone needs it, consider using the fine HF time service provided by our friendly neighbors to the north: http://www.nrc-cnrc.gc.ca/eng/services/time/short_wave.html --msa
Re: Recent NTP pool traffic increase
On Fri, Dec 30, 2016 at 02:08:50PM -0500, Allan Liska wrote: > In the United States that would the United States Naval Observatory > (USNO) Master Clock (http://tycho.usno.navy.mil/). You can read more > about it here: > http://motherboard.vice.com/read/demetrios-matsakis-and-the-master-clock One of the things I have learned as a time hobbyist is that if something involves time, and you think there is a simple answer, you are probably wrong. :) USNO is our military time keeper -- NIST keeps time for civil purposes, and while they coordinate to stay in reasonably close proximity, even they don't agree. Even better, the GPS clocks are run by (and corrections distributed) by the Air Force, not the Navy. And they have made mistakes in recent memory. From an international perspective, BIPM is responsible for UTC, but it is only figured well after the fact. We distribute "UTC" via NTP, but it's not true UTC since that is not figured in real time, it's much, much coarser, and everyone's local views differ anyway. For an idea just how many components there are, take a look at BIPM's Circular T: ftp://ftp2.bipm.org/pub/tai//Circular-T/cirthtm/cirt.347.html But back to the point...while UTC is an international time scale, individual national labs and institutions keep their own views of it, and correct periodically...then they distribute these timescales, and in some fashion we attempt to get a coarse version of it onto the Internet in real time. There is no one authority responsible for this, and you may take time from any one (or more) of them that you choose. And for this reason, there is no single authority for time distribution on the Internet -- because there is none for the world as a whole, either. We /can/ have an authoritative system for something like host naming, where it's comparatively easy to produce a single authoritative source. Timing is not nearly such a simple subject. Cheers, --msa
Re: Recent NTP pool traffic increase
On Thu, Dec 22, 2016 at 11:31:08PM -0500, Laurent Dumont wrote: > What I mostly meant is that there should be a regulated, industry-wide > effort in order to provide a stable and active pool program. With the > current models, a protocol that is widely used by commercial devices is > being supported by the time and effort of volunteers around the world. Who's authoritative for time? Even the national labs aren't -- UTC is figured well after the fact. Thing about the pool is -- you may use it, you don't have to. You're welcome to provide your own services, including to your customers. There has to be one sole DNS -- there isn't one sole source of time. --msa
Re: IPv6 Residential Deployment Survey
On Sun, May 22, 2016 at 04:32:11AM +, John Curran wrote: > NANOGers - > > If you are providing residential Internet service with IPv6 (or > are a customer of same), please take a moment to complete > Jordi’s survey - this will help provide insight into the actual > technical practices being used in residential IPv6 deployment. John, Allow me to suggest an additional survey: If you're a customer of a provider that currently provides IPv6, and are not using it, please tell us why. In my case, on my consumer connection at home, I cannot utilize IPv6 because my provider does not wish to provide more than a /64 to a subscriber, and my equipment vendor (Juniper) does not support DHCPv6 PD delegation hints, so I'll always get a /64 that does not scale well to the >1 subnet I have internally. (4: Managment, Media, Guest, & Internal.) --msa
Re: NIST NTP servers
On Wed, May 11, 2016 at 03:24:43PM +, Jay R. Ashworth wrote: > We're all aware this project is underway, right? > > https://www.ntpsec.org/ Despite the name, I'm not aware of any significant protocol changes. It's just a recent fork of the reference implementation minus the refclocks, which isn't particularly helpful if you /don't/ trust network time sources. Long term, be looking at NTS: https://datatracker.ietf.org/doc/draft-ietf-ntp-network-time-security/ In the meanwhile, I'd recommend something along the following lines: - Several nearby upstream servers configured per time server, per site (As diversely as possible.) - Diverse reference clocks (I run everything from WWV to GPS here.) providing authenticated time to your servers. - That all your time servers in all sites be configured in an authenticated full mesh of symmetric peers, allowing the other sites to provide time to a site that has lost its upstream servers or for whatever reason does not trust them at the moment. And of course, ensure any hosts whose clocks you care about are talking to at least a few of these, and preferably several. I know the common case configuration is either default/ntp-pool, or "we have two time servers in this site and everything just chimes from them," but neither is that great of a configuration. --msa
Re: NIST NTP servers
On Tue, May 10, 2016 at 03:08:16AM +, Mel Beckman wrote: > NTP has vulnerabilities that make it generally unsuitable for > provider networks. I strongly recommend getting a GPS-based > time server. These are as cheap as $300. Here is one I use quite a bit: So how does this stop from distributing time to their customers via NTP? GPS doesn't save the protocol, in particular where the S1 clocks involved are embedded devices with rather coarse clocks and timestamping. --msa
Re: REMINDER: LEAP SECOND
On Wed, Jun 24, 2015 at 08:33:14AM +0200, Tore Anderson wrote: Leap years and DST ladjustments have never caused us any major issues. It seems these code paths are well tested and work fine. I've seen quite a few people that for whatever reason insist on running systems in local time zones struggle with the DST reverse step. It's not nearly as much of a non-issue as you claim. The leap second in 2012 however ... total and utter carnage. Application servers, databases, etc. falling over like dominoes. All hands on deck in the middle of the night to clean up. It took days before we stopped finding broken stuff. Total and utter carnage is a bit of a stretch. Linux hosts that ran applications dependant on nanosleeps needed reboots. Note that this wasn't an issue in 2009, because the poorly tested change in question hadn't yet been made to the Linux kernel. (Even in 2012, my personal hosts, running a different operating system sailed through it just fine.) At any time, you might have a bad operational day for any number of reasons. Sure, that one was annoying, but to my knowledge nobody died, and a lot of hosts that probably needed one anyway got a reboot. Certainly, lately, I've seen a lot of Linux hosts rebooted more than once for security patching. #opslife? Cheers, --msa
Re: REMINDER: LEAP SECOND
On Fri, Jun 19, 2015 at 06:29:34PM +, Mel Beckman wrote: The universal workaround is to simply disable NTP on your devices sometime on Leap-Second eave. This will let the clocks free-run over the one-second push, an event of which they will be blissfully ignorant. When you re-enable NTP after The Leap, normal, non-destructive, NTP convergence will occur. randyI encourage all my competitors to use this approach./randy If you're more than 128 ms off when NTP is flipped back on, it will still probably step the clock, then start slewing it. So you've skipped the leap per se, but your clocks will still jump forward quite a bit. This might isolate you from any leap second related failures, but it does not protect you against the system clock being stepped. If the leap pending information data persists, you might not even be isolated from any leap second failures. You could manage to upset the system clock even more. Are your time servers correctly armed for the leap? Better, if you have a master NTP site clock, you need only disable it’s upstream NTP feed to isolate all the subsidiary devices. If you don’t have such a master clock, this is an excellent time to set one up one. I have found the Time Machines TM1000A GPS time server very inexpensive and super reliable: http://www.newegg.com/Product/Product.aspx?Item=0N6-001Y-7 $20 says that doesn't leap correctly. A lot of the inexpensive units appear to be using NMEA speaking GPS modules, and there's no real way to get leap information out of them. Many of them may ignore the timestamps and just use the PPS, in which case they may persist a second behind the world for quite some time. --msa
Re: Verizon Policy Statement on Net Neutrality
On Fri, Feb 27, 2015 at 10:45:11AM -0600, Mike Hammett wrote: What about ISPs that aren't world-class dicks? The punishments will continue until they either fold or sell to the duopoly which is large enough to buy whatever act of Congress, court or FCC ruling they require... --msa
Re: Marriott wifi blocking
On Fri, Oct 03, 2014 at 10:57:29PM -0500, Daniel Seagraves wrote: It?s not just Marriott doing this; A friend of mine went to a convention near DC and found the venue was doing something like this. I don?t know if the method was the same, but he reported that any time he connected to his phone he would be disconnected ?nearly immediately. He mentioned this to a con staffer and was told you had to rent internet access from the venue, it cost several hundred dollars per day. Same for electricity, about which he I've seen this in a few places, but if anyone encounters similar behavior, I suggest the following: - Document the incident. - Identify the make and model of the access point, or controller, and be sure to pass along this information to the FCC's OET: http://transition.fcc.gov/oet/ Vendors really need to start losing their US device certification for devices that include advertised features that violate US law. It would put a stop to this sort of thing pretty quickly. --msa
Re: Scotland ccTLD?
On Tue, Sep 16, 2014 at 12:45:07PM -0300, Rubens Kuhl wrote: sc is Seychelles. Available s* include sf, sp, sq, su and sw. They should pick .sf, use .scot for in-country domains and sell all .sf domains to San Francisco residents. su is not available. --msa
Re: Erroneous Leap Second Introduced at 2014-06-30 23:59:59 UTC
On Tue, Jul 01, 2014 at 12:20:12PM -0700, Tim Heckman wrote: Our systems all have loopstats and peerstats logging enabled. I have those log files available if interested. However, when I searched over the files I wasn't able to find anything that seemed to indicate this was the peer who told the system to introduce a leap second. That said, I might just not know what to look for in the logs. Look at the status word in peerstats; if the high bit is set, that's your huckleberry. See: http://www.eecis.udel.edu/~mills/ntp/html/decode.html Correct, I was hoping to determine which peer it was so I can reach out to them to make sure this doesn't bleed in to the pool at the end of the year. I was also more-or-less curious how wide-spread of an issue this was, but I'm starting to think I may have been the only person to catch it in the act. :) You might want to upgrade to current 4.2.7 development code, wherein a majority rule is used to qualify the leap indicator. Cheers, --msa
Re: Erroneous Leap Second Introduced at 2014-06-30 23:59:59 UTC
On Mon, Jun 30, 2014 at 05:33:52PM -0700, Tim Heckman wrote: I just was alerted to one of the systems I managed having a time skew greater than 100ms from NTP sources. Upon further investigation it seemed that the time was off by almost exactly 1 second. Looking back over our NTP monitoring, it would appear that this system had a large time adjust at approximately 00:00 UTC: Okay. Do you have any logging configured (peerstats, etc?) for ntpd? A few of our systems did alert early this morning, indicating they were going to be receiving a leap second today. However, I was unable to determine the exact cause for NTP believing a leap second should be added. And after some time a few of the systems were no longer indicating that a leap second would be introduced. This can happen if a server is either passing along a leap notification that it received, or is configured to use a leapseconds file that is incorrect. This specific system is hosted in AWS US-WEST-2C and uses the 0.amazon.pool.ntp.org pool. 0 is just one server in the pool (whichever you draw by rotation); is this the only server you have configured? --msa
Re: Recommendation on NTP appliances/devices
On Thu, Apr 03, 2014 at 06:55:02PM -0400, David Hubbard wrote: Anyone have recommendations on NTP appliances; i.e. make, model, gps vs cell, etc.? Roof/outdoor/window access not available. Would ideally need to be able to handle bursts of up to a few thousand simultaneous queries. Needs IPv6 support. Without roof access I'd suggest CDMA instead of GPS: http://www.endruntechnologies.com/ntp-server.htm Appears to fit your requirements. --msa
Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)
On Fri, Mar 28, 2014 at 02:04:30AM +, John Curran wrote: Internet routing registries are a fine example; one could argue that it should be integrated with the number resource registry, but we also have examples of independent routing registries in active use (and I can see some potential reasons why operators might even want there to be a healthy separation between those functions.) Speaking for myself, only here: I'll be happy to let ARIN manage routability of assignments, once they guarantee routability of said assignments. Cheers, --msa
Re: Need trusted NTP Sources
On Fri, Feb 07, 2014 at 01:14:09PM -0500, Jared Mauch wrote: If you want something that is cheap as in you for your home, I can recommend this: ~$350 w/ antenna, etc.. http://www.netburnerstore.com/product_p/pk70ex-ntp.htm You can get the whole thing going quickly. Majdi has also had good luck with this unit (perhaps he wants to chime-in, heh pun unintended) regarding a few other devices. The Netburner NTP sample app works well enough for basic home use, although I get better timing performance out of a fleet of hand modified Soekrii. I've been modifying NET4801s to include internal Motorola Oncore timing receivers (this is a tight fit, but doable, in the factory cases), or to break out their second serial port for connections to external reference clocks. (I have one connected to a TrueTime TL-3 to use WWV as a backup to GPS, but it can also be a travelling GPS NTP server with, say, a Garmin GPS18lvc connected.) You can make your own sub-$150 NTP server -- I'll spare the list the details, but those that are interested should see: http://puck.nether.net/~majdi/ntp/ Feedback is appreciated -- I've only spent about an hour on this doc, and it assumes a lot of familiarity with FreeBSD. I will try to flesh it out more as I have time. Cheers, --msa
Re: TWC (AS11351) blocking all NTP?
On Tue, Feb 04, 2014 at 02:28:22PM -0500, William Herrin wrote: Verizon Business is willing to do settlement-free peering with you but you won't agree to a reciprocal penalty if either allows its customers to forge packets? I call that a weed-out factor. Weed out the bad actors because anyone else would consider that peering arrangement too valuable to pass up. Bill, Are you willing to warrant the source, destination and lawful purpose of every single frame exiting your network? (Insert usual encouraging of competition to do same, etc., etc.) --msa
Re: TWC (AS11351) blocking all NTP?
On Mon, Feb 03, 2014 at 03:50:03PM -0500, John R. Levine wrote: I believe you, but I don't believe that the set of ntp.org servers changes so rapidly that it is beyond the ability of network operators to handle the ones on their own networks as a special case. I think you'd be surprised. I have to say I've been shocked at how little most network operators appear to understand about how NTP actually works, and how little thought is going into the consequences of suggested filtering techniques. Has anyone considered the implications of a world where your customers cannot correlate timestamps on abuse reports because you decided you knew better than they did how, and which sources of time they would be allowed to use? NTP works best with a diverse set of peers. You know, outside your little bubble, or walled garden, or whatever people in this thread appear to be trying to build. I'm not sure what to call it, but it's definitely not the Internet. --msa
Re: /25's prefixes announced into global routing table?
On Fri, Jun 21, 2013 at 01:56:02PM -0600, Michael McConnell wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? RAM != FIB. The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. You couldn't even consider such a thing until after that pain point. --msa
Re: chargen is the new DDoS tool?
On Tue, Jun 11, 2013 at 07:52:02PM -0400, Ricky Beam wrote: All of the above plus very poorly managed network / network security. (sadly a Given(tm) for anything ending dot-e-d-u.) a) why are *printers* given public IPs? and b) why are internet hosts allowed to talk to them? I actually *very* surprised your printers are still functional if the whole internet can reach them. You've never worked for one, have you? Guess what, they have /16s, they use them, and they like the ability to print from one side of campus to the other. Are you suggesting gigantic NATs with 120,000 students and faculty behind them? I have a hard time blaming a school for this. I have an easy time wondering why printer manufacturers are including chargen support in firmware. --msa
Re: Cat-5 cables near 200 Paul, SF
On Fri, May 31, 2013 at 06:25:54PM +, Warren Bailey wrote: We walked up the counter all the time, however that was in Alaska so the rules may be different down here. You can walk up with a credit card, terms just make it easier to place orders in advance for pickup. Anyway, as noted, from 200P, Graybar is your closest and best bet, Central Computer doesn't always have the quantities that people on this list sometimes require. --msa
Re: Cat-5 cables near 200 Paul, SF
On Fri, May 31, 2013 at 12:06:50PM -0700, Tim M Edwards wrote: Needs to be a Corporate CC though. Nahh, they take my personal card in Phoenix and SF all the time. --msa
Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.
On Fri, Dec 14, 2012 at 04:42:46PM +, Nick Hilliard wrote: Jason, You've just given 3 weeks notice for a component change in one of the few critical part of the Internet's infrastructure, at a time when most networks have entered a configuration freeze (which will usually finish at the end of 2013 week one or week two), and where two of those weeks are holiday / slack periods in large parts of the world where many people won't be working. Nick, I feel compelled to point out that the new service address is available now, and the old one will be available for another six months. Feel free to wait until after the holidays to make your changes. Cheers, --msa
Re: NTP Issues Today
On Wed, Nov 21, 2012 at 10:41:01AM -0500, Jay Ashworth wrote: ... against multiple [Stratum 1] sources... Baby, if you've ever wondered... whether it matters whether your sources are strat 1 or not, now you know -- since there's no real way to get provenance on down-strat time sources that I'm aware of. Does the NTP code, people who know, give any extra credence to strat-1 sources in it's byzantine code? Not in a way that matters if one of them suddenly becomes a falseticker. If a reference clock goes insane, it's pretty easily detected provided you have at least two more servers (or even peers configured.) Stratum 1 just means it thinks it has a reference clock attached, but those clocks fail, go into holdover, what have you all the time. NTP will happily select a stratum 2 or lower clock instead provided it appears stable (low jitter, responded to our last 255 queries, and is an eligible candidate.) To get an idea what your NTP server will do, try ntpq -p: msa@paladin:/home/msa (582)$ ntpq -p remote refid st t when poll reach delay offset jitter == -nist1.symmetric .ACTS. 1 u 304 1024 3775.1403.271 0.581 +nist1-sj.ustimi .ACTS. 1 u 307 1024 3777.8435.227 0.729 +64.147.116.229 .ACTS. 1 u 414 1024 3779.4065.742 0.068 *usno.pa-x.dec.c .USNO. 1 u 540 1024 3771.3734.242 0.032 -pegasus.latt.ne 64.250.177.145 2 u 304 1024 377 61.3835.920 6.578 -pyramid.latt.ne 216.171.124.36 2 u 361 1024 3771.0764.181 0.066 This is a stratum 2 server in the public pool. It's peering with two other stratum 2 servers that I run. Those two are deselected (-). The server marked with a * is selected, and those with a + are included in a weighted averdage used to maintain the system clock. If the primary selected server does something wonky, it's going to select one of the candidates marked with a +. In this case it has enough stratum 1 servers that it's not likely to fall back to its peers, but it can do so if those servers suddenly give it a set of unexpected replies. --msa
Re: Picking outside NTP servers (Re: NTP Issues Today)
On Tue, Nov 20, 2012 at 04:53:39PM -0500, Jay Ashworth wrote: For myself, I usually pick the first three in us.pool.ntp.org, tick and tock, time.nist.gov, and a couple of regionally appropriate large universities. I'd advise going through the RR for a while, and pick servers close to you. ntpd won't select a server that's more than 128ms away. It also degrades accuracy. Select for minimum latency, as well as a diverse set of sources. [Watch their refid over time, and make sure they aren't slaving to the same set of servers, as well as others you may be using.] It requires a bit of effort, but over time you get an idea what public time servers are close to each of your locations, and diverse from each other. --msa
Re: 169.254.0.0/16
On Wed, Oct 17, 2012 at 06:59:09PM +0100, Darren O'Connor wrote: I've just set up a vpn tunnel to Amazon's AWS and as part of the config they required me to configure to /30 tunnels using addressing from the 169.254.0.0/16 space. Yeah, they do that for Direct Connect. RFC3927 basically says that this address should only be used as a temp measure until the interface has a proper private or public address. So? :) So what's the consensus then? Is their a problem using this space as link-local address for routers here and there (I mean we have 65K addresses wasted in this block) or is it a strict no-no? And if no, why is Amazon using it? RFCs are just paper. As for why they use it.. the common private use reserved blocks (10/8, 172.16/12, 192.168/16) are all in use internally in their customers networks. This is probably the easiest way to avoid addressing conflicts. Since these networks are all isolated, I don't see a great deal of harm in it (probably less than overlapping more commonly used private blocks.) --msa
Re: F-ckin Leap Seconds, how do they work?
On Tue, Jul 03, 2012 at 11:33:22PM +0100, Tony Finch wrote: Keith Medcalf kmedc...@dessus.com wrote: You are assuming facts not in evidence. The rotation is merely irregular within the capabilities of our scheme of measurement, calculation, and observation. There is LOTS of evidence that the earth's rotation is irregular. VLBI, laser ranging of the moon, etc. This was known long before the atomic clock was invented, and it is why the definition of the second was changed from one based on earth rotation to one based on Newcomb's ephemerides, before the change to an atomic second. This. Shoot, seismic activity has a measurable effect. The best we can do is approximate it and align the timescales as needed. There's no lack of understanding here, just a changing planet. Now, changing your kernel's leap second handler and not testing it, well, you can't blame that one on the ITU or the aforementioned planet. --msa
Re: F-ckin Leap Seconds, how do they work?
On Tue, Jul 03, 2012 at 11:33:35PM -0400, Tyler Haske wrote: 4 years. These things are supposed to be synced to a NTP source anyway. Easiest solution is just remove leap second functionality from mainline code, and make it something you have to special-compile for. Please reconcile these two statements. Thanks, --msa
Re: F-ckin Leap Seconds, how do they work?
On Tue, Jul 03, 2012 at 04:53:32PM -0700, Owen DeLong wrote: UTC (and the system clock) should not move backwards, but, rather they repeat second 59. UTC goes 58-59-00 most of the time, but during a leap second, it should go 58-59-59-00). It's not so much going backwards as dropping a chime. Owen, ...that is going backwards, since we'll repeat 59.XX. Which is really bad for a lot of applications, system timers, pretty much any database, sleep mechanisms, locking mechanisms, etc. What happens if you were trying to execute some code at 59.5926725? Has it already happened or is it yet to come? Looking back at two financial transactions, which came first? I've had an environment where large reverse steps occured with some regularity -- you don't want to go there. At all. There is a LOT more software that wigs out when you reverse step the clock (which you will be, if you 'repeat' a second.) than does when a leap occurs. In part because it shouldn't actually do so. It should simply chime 59 twice. You must have written some NMEA code in a past life. I'd be fine with rolling TAI for systems use, but it does not make much sense to condemn the leap second in UTC for this. We've had a fair number of them, in the Internet age, without this much trouble. This is about bad software development. If you change something like the leap second handler in your code, please test it. If not right away, before 2 more leap seconds have occured several years down the road. Also, people that build production environments on operating systems that do not receive that sort of testing, do so at their own risk. That's their fault, despite any fist shaking/angry tweeting at 23:59:60. It's pathetic that advertising clocks in public places can get this right (and did in 2008) and 'the Internet' cannot: http://www.youtube.com/watch?v=PJ4TWChcKpI --msa
Re: strat-1 gps
On Tue, Jun 26, 2012 at 01:54:37PM -0400, Steve Meuse wrote: FreeBSD, Trimble Thunderbolt and a TAPR FatPPS? Thing with the Thunderbolts is not all revisions of the firmware seem to play nice with ntpd. And yes, the PPS is quite narrow and would have to be conditioned as well. I think I'd start somewhere else unless you also needed the frequency reference. Good news is, the 2100-GPS used a 5-12VDC antenna with no downconversion, so it should work with just about anything. Randy, what's your budget for this? ( and space) Does it have to be 1U, or is a 1U GPS receiver and 1U time server acceptable? --msa
Re: strat-1 gps
On Tue, Jun 26, 2012 at 04:33:35PM -0400, Robert E. Seastrom wrote: Word around the campfire is that the 18x is jittery compared to the 18. The 18x is much worse than the 18LVC. Thankfully I still have 2 18LVCs... but that said, given the hockey puck design, and that Randy already has an antenna, I wouldn't recommend this approach anyway. It's really only suitable next to a window, or in a short, wooden structure. Also, we've got a leap second pending, and at least the 18LVCs...do not appear to handle those gracefully. Mine freaked out pretty badly in 2008 and had to be reset and reconfigured. I've also seen them lose their configuration (which has to be reset using a Garmin utility.) For this reason I can't recommend running them unattended. Does anyone have any experience with the Veracity VTN-TN? I don't, but it looks somewhat interesting. --msa
Re: AS209/CenturyLink NOC email?
On Tue, Mar 06, 2012 at 03:21:59PM -0500, Wallace Keith wrote: Have you tried looking under Qwest? Generally speaking, emailing a Qwest address is useless these days. You'll get some sort of redirect message, in many cases to a new address that doesn't work. Rebranding for the win... --msa
Re: time sink 42
On Thu, Feb 16, 2012 at 01:08:46PM -0800, Randy Bush wrote: ok, this is horribly pragmatic, but it's real. yesterday i was in the westin playing rack and stack for five hours. an horrifyingly large amount of my time was spent trying to peel apart labels made on my portable brother label tape maker, yes peeling the backing from a little label so remote hands could easily confirm a server they were going to attack. Randy, Personally, I got tired of buying batteries, and expensive label tapes, and tend to stick with Avery labels from the office supply store (or Brady labels for cabling), and preprinting. Either can be run through a typewriter, and the Avery labels tend to run through a standard office printer just fine. Then I just have to peel a standard label off of wax paper, which is much easier than dealing with plastic tape that appears to be fused to its backing at the factory. The split back variety is a little better, but even then it can be hard to get your fingernails under the other side. We haven't really improved much on labeling technology in decades. --msa
Re: [Nanog-futures] Admission for Committee Members
On Fri, Sep 02, 2011 at 10:19:34AM -0500, Jorge Amodio wrote: As others said you are doing a public service to the rest of the community and if you give a nice and valuable talk you will get the recognition of the NANOG community and your colleagues, and we can put into consideration including a gold star sticker for your service. Field observations suggest that presenters are more likely to be heckled than recognized for said service to the NANOG community. (c: As hard as it can be to find good talks for the program, giving people incentive to take time out of their busy work schedules to prepare a good talk does not seem unreasonable. It will be really unfair for those paying (even if their companies do it for them or don't care because they have a mountain of cash) if there is a special benefit for some so they don't pay. So far the speaker exemption doesn't seem to have been very contentious unless I've missed something. --msa
Re: New Natural Disaster! 8/27/2011 Hurricane Irene
On Fri, Aug 26, 2011 at 09:55:10PM -0400, Andrew Kirch wrote: The US Airforce has sent most of the fighters from the East Coast to Indiana, what are you doing to prepare for the storm of the next 2 days? Ready, Set, DISCUSS! Personally, I was very happy to hear that Equinix had laid in stores of MREs, and so, with luck, nobody we know there will have to resort to cannibalism or being cannibalized. (Although they may wish they had, depending on the age and type of MRE.) --msa
Re: How dynamic is a dynamic IPv6 address?
On Tue, Jul 26, 2011 at 04:24:21PM -0700, Leo Bicknell wrote: How dynamic will dynamic addresses be under IPv6? With or without privacy extensions enabled? --msa
Re: estimation of number of DFZ IPv4 routes at peak in the future
On Wed, Mar 09, 2011 at 12:44:05PM +0900, Randy Bush wrote: i am more of a pessimist. i suspect that there will be enough v4-only destinations out there that multi-homed enterprises fronting onto dual-stack backbones will announce teenie bits of v4 so they can nat64. I'll take this one a little further. I suspect that as we reach exhaustion, more people will be forced to break space out of their provider's v4 aggregates, and announce them, and an unfiltered DFZ may well approach the 'million' entries some vendors now claim to support. Conveniently, we've given them enough ASes to do so, with four byte support. At least if our vendors get that working correctly. If we get there, or even close (anything beyond 0.5M), I expect we'll see some of the native dual stack networks actually acquire transport specifically for v6 and start running parallel 4/6 networks to deal with hardware forwarding limitations, particularly those involving v6. Of course, I'd really, really, really love to be wrong here. It'd be great if v4 traffic fell off quickly enough people wouldn't deagg for TE purposes, or v4 growth fell off, and a widespread forwarding problem could be avoided. --msa
Re: Mac OS X 10.7, still no DHCPv6
On Mon, Feb 28, 2011 at 04:00:16PM -0800, Owen DeLong wrote: Ready or not, IPv6-only (or reasonably IPv6-only) residential customers are less than 2 years out, so, well within your 5-year planning horizon, whether those ISPs see that or not. Denial is an impressive human phenomenon. Denial is indeed impressive: v6 only is not the only option for residential customers already used to functioning behind NAT. I, for one, welcome our new CGN overlords... In five years we should be just about ready to start deprecating IPv4, if not already beginning to do so. Considering it's taken us 15 years to get this far... I think that's pretty optimistic. Anyone care to start the IPv4 dead pool, Price is Right style, for when the last v4 NLRI is removed from the DFZ? --msa
Re: A pragmatic issue with running out of v4 :)
On Fri, Feb 25, 2011 at 09:27:35AM -0800, Owen DeLong wrote: Apparently not: [owen-delongs-macbook-pro:~] owen% host www.skynet.net www.skynet.net has address 66.165.165.53 [owen-delongs-macbook-pro:~] owen% host -t www.skynet.net www.skynet.net has no record Owen, Does this mean you won't be joining Skynet either? --msa
Re: Leasing of space via non-connectivity providers
On Thu, Feb 10, 2011 at 01:13:49AM -0600, Jimmy Hess wrote: Perhaps the RIRs should personally and directly ask each /8 legacy holder to provide account of their utilization (which portions of the allocation is used, how many hosts), and ASK for each unused /22 [or shorter] to be returned. And then they (read: their attorneys) fire back a okay, who are you, and why do you have the right to ask us this question? Or they cheerfully engage in some vigorous handwaving. Most of us living in a dual stack world really do not need any more prefixes advertised, so cutting a bunch of discrete /22s out of a /8 is not helpful. The only people this benefits are the very few that might get some of the space. Even in the best possible situation (an entire /8 returned,) which they'd be under NO obligation to consider doing -- it'd last a few weeks. Under your scenario, you might scrounge together enough /22s to last an RIR a couple of days. Then what? That's an awful lot of pain for not much benefit. Can we move on and stop trying to squeeze prefixes from legacy holders? What's done is done. --msa
Re: Membership model
On Mon, Feb 07, 2011 at 12:40:41PM -0800, Owen DeLong wrote: I'll happily join Newnog/NANOG and pay my dues when I can reach the web site ot do so on IPv6 rather than legacy IPv4. I noticed that too, but shoot, I'm not even sure their host supports it. Besides, you'd still be v4 to Paypal. I opted to use IPv0 and mail them a check. --msa
Re: Leasing of space via non-connectivity providers
On Sun, Feb 06, 2011 at 04:51:26PM -0800, Randy Bush wrote: it is both amusing and horrifying to watch two old dogs argue about details of written rules as if common sense had died in october 1998. what is good for the internet? what is simple? what is pragmatic? if the answer is not simple and obvious, we should go break something else. Randy, I'll bite. I'll take Who cares? Let's keep on' keepin' on... for $200. Deck chairs indeed. --msa
Re: quietly....
On Tue, Feb 01, 2011 at 10:27:45AM -1000, Paul Graydon wrote: insignificant changes between v4 and v6. There is nothing on line that isn't accessible over IPv4 so there has been no critical app outside the infrastructure to spur such changes yet either. Paul, You're speaking for yourself here, as some of us have hosts with no A record. If your business requires connectivity, you're not going to have a choice, so you might as well get with the program. It's less about making a business case for v6, and more about risk management at this point. It's not as if we haven't had 15 years to get it together... Cheers, --msa
Re: anyone running GPS clocks in Southeastern Georgia?
On Fri, Jan 21, 2011 at 12:35:32PM -0500, Jack Carrozzo wrote: As I understand it, they're trying to get the WAAS sat back online and working properly after it went on walkabout some time ago. It's currently in a nonstandard orbit while they work on it. I suppose it's just pure speculation that they'd only be working on the WAAS service since the NOTAM doesn't say anything about it, but if that were the case there wouldn't be any effect to timing. Nahh, that was the western WAAS sat, IIRC. This is...Something Else Entirely. --msa
Re: IPv6 Routing table will be bloated?
On Tue, Oct 26, 2010 at 12:45:45PM -0700, George Bonser wrote: But how do they multihome without an ASN? Well, get space from one of your providers, and an LOA to get the other to announce the deaggregate for you. Or they've got legacy space, and never had an AS; just get their providers to announce it for them. If they have an ASN, how did they get it without going to an RIR and paying a fee? Legacy assignment...acquisition... And maybe they did, but just because they pay their RIR for an ASN doesn't mean they want to step up into the fees and documentation headaches of getting their own space. () Some are even singlehomed with an ASN. (I can think of at least two regional providers that had an ASN while being singlehomed because they had downstream BGP speaking customers.) Just because you don't do it, doesn't mean someone else doesn't. It's a big world. --msa
Re: ipv6 vs. LAMP
On Thu, Oct 21, 2010 at 01:53:49PM -0700, Christopher McCrory wrote: Network operations content: Will We're running MySQL and Postgress servers that do not support IPv6 be a valid reason for rejecting IPv6 addresses from ISPs or hosting providers? First, it's not like the flag day is tomorrow. And then, I think if you're running SQL over the public Internet, you have bigger problems than whether or not you're going to be able to get v4 addressing and transit. --msa
Re: ARIN recognizes Interop for return of more than 99% of 45/8 address block
On Wed, Oct 20, 2010 at 03:23:48PM -0700, Jeroen van Aart wrote: I remember writing (complaining) about it in a thread back in April, appreciated. I still don't know why anyone would complain, although I do thank Interop for their generosity. Here's some truth: 1) At most, we buy ourselves a few months. 2) Specified transfer is really just a way for those that would have to renumber to free up space, to be compensated for their expense in doing so. 3) We can reclaim parts of every /8 we want, and the only thing we'll do is give those that are slow to migrate to v6 an excuse to stall a bit longer. We're gonna hit the wall. Delaying the inevitable, is not really in anyone's interest. The sooner we hit the wall, the sooner that v6 deployment clue is imparted.* --msa * And I say this as one of the people that spent many years bitching about v6's flaws -- however, we no longer have time to debate them, or try to switch horses midstream, 6rd style. That ship sailed. Suck it up and go native, already. Sheesh. If you work for an MSO, I am *really* talking to you, especially if your name starts with a C and ends with an x. Thanks for listening.
Re: Mikrotik OC-3 Connection
On Sat, Jul 03, 2010 at 07:32:48PM -0400, Scott Berkman wrote: I really wouldn't use the word legacy to describe SONET and OC-3's. It's around 25 years old (work started in 1985, first standards published in 1988) and we now have a ratified 100G Ethernet standard. Much of it is being used to transport subrate links, some of which are derived from even older transport standards. If not legacy, what word WOULD you use? --msa
Re: legacy /8
On Fri, Apr 02, 2010 at 02:01:45PM -0700, Jeroen van Aart wrote: I am curious. Once we're nearing exhausting all IPv4 space will there ever come a time to ask/demand/force returning all these legacy /8 allocations? I think I understand the difficulty in that, but then running out of IPs is also a difficult issue. :-) For some reason I sooner see all IPv4 space being exhausted than IPv6 being actually implemented globally. Because it's no more than a delaying action. Even presuming you get people to cooperate (and they really, have no incentive to because they don't necessarily have any agreement covering the space with the RIRs) rather than fire up their legal department A couple of /8s doesn't last long enough to really make a dent in the pain. You might buy yourself a few months at most. It might actually do more harm than good, by convincing people that they can still get v4 space rather than worry about what they are going to do in the future. --msa
Re: legacy /8
On Fri, Apr 02, 2010 at 05:19:12PM -0500, Joe Johnson wrote: Maybe encourage people like Apple, Xerox, HP or Ford to migrate their operations completely to IPv6 and return their /8? How are they going to completely migrate to v6 while there is a demand for v4 space (specifically, THEIR v4 space.)? As long as the beast is getting fed, there will be customers without v6, and they're not going to isolate themselves for the commercial benefit of an unrelated third party. And even if they did, it's only going to buy you a few months. --msa
Re: legacy /8
On Fri, Apr 02, 2010 at 05:48:44PM -0500, John Palmer (NANOG Acct) wrote: On the topic of IP4 exhaustion: 1/8, 2/8 and 5/8 have all been assigned in the last 3 months yet I don't see them being allocated out to customers (users) yet. Is this perhaps a bit of hoarding in advance of the complete depletion of /8's? Doubt it. 1/8 is still being evaluated to determine just how usable portions of it are, thanks to silly people of the world that decided 1.1.1.x and the like were 1918 space. As for the others, the RIR requests it when they are running low, but certainly not exhausted, and as slow as people are to update their bogon filters, it sounds like general good practice not to assign out of a new /8 until pre-existing resources are exhausted. Can we put the tinfoil hats away and let this thread die now? --msa
Re: What happened to Quick Eagle?
On Tue, Nov 17, 2009 at 07:09:22PM +, Peter Hicks wrote: I have a Quick Eagle DL087E here, but Quick Eagle's website has fallen off the planet: p...@angel:~$ host -t any www.quickeagle.com Host www.quickeagle.com not found: 3(NXDOMAIN) Their phones go to a reorder too. I'm guessing the T1 DSU market is not as robust as it used to be. Can anyone help me out with a firmware update and/or PDF manuals? While they did have an update mechanism, I don't remember ever really having to update the code on a DL08x. Once configured, they tended to just work. I did manage to find these: http://cliffbrooks.com/Samples/soloselectt1_qwk.pdf http://www.interlinkweb.com/quickeagle/manuals%5CPrelude-T1-Quick-Start-Guide.pdf (Your best bet is probably looking for DL087, followed by DL080 or Digital Link on Google, with the filetype:pdf modifier.) It's been a little while since I had to use one of these. The menued interface is really easy to deal with, so just get consoled into it and go -- odds are you don't even need the docs. DIP switch guide used to be on a decal on the bottom -- if not, it's on page 19 of the first PDF I linked above. I used to have a very large quantity of these in service, so if you have any questions, fire me an email off-list and I'll see if I can remember the answer. --msa
Re: Anyone notice strange announcements for 174.128.31.0/24
On Mon, Jan 12, 2009 at 12:40:42PM -0600, Michienne Dixon wrote: I'm not entirely certain what is going on but has anyone noticed some strange announcements for 174.128.31.0/24? I received a hijack notice that my AS (AS11708) was announcing the above IP range. I verified that I was not when I started noticing some strange announcements for that range. Around 10 Am CST AS11911 was announcing it (AS_PATH: 1239 2914 3130 11911) then around 11:30 AM CST I observed AS12083 announcing it (AS_PATH: 1239 2914 3130 12083). Interestingly enough, ARIN indicates this is a part of range they have assigned for reachability testing. http://ws.arin.net/whois/?queryinput=174.128.31.0 randy lied but no packets died enough now More seriously, this is indeed reachability research. Try emailing the AS 3130 contacts although I'd imagine Randy will see this. Thanks, --msa
Re: Leap second tonight
On Tue, Jan 06, 2009 at 01:30:51AM +0900, Adrian Chadd wrote: This begs the question - how the heck do timekeepers and politicians get away with last minute time changes? Surely there's -some- pushback from technology related interest groups to try and get more than four weeks warning? :) Try six months. NTP itself sets the leap indicator by 28 days prior to the leap and clears it before the end of the following day, so in theory the appliance itself had at least 4 weeks notice and the rest of us had an additional five months. IERS announces a pending leap second six months in advance. The announcement for this one was dated July 4th. System vendors have only had 37 years since the first leap second to figure this out; please be patient. However, I can't excuse them for bugs surrounding the final day of a leap year. The Julian calendar is not exactly a new phenomenon. --msa
Re: Leap second tonight
On Wed, Dec 31, 2008 at 04:41:39PM -0600, Kevin Day wrote: I've been told that some of the causes of these problems are fixed on any reasonably recent ntp distribution, but just in case, you might wanna keep an eye out if you're seeing any weirdness. The worst damage I'd heard from anyone after that event was their clock being significantly off for several hours. One note, if you're using ntpd along with an HF receiver and the CHU reference driver, you'll either need to manually retune your receiver to 7850 kHz or update your ntpd. As of approximately one hour ago, CHU has moved from 7335 kHz, where it has been for several decades up to 7850 kHz due to increasing shortwave broadcast interference. Also note that many reference clocks, including GPS derived ones, do not handle leap seconds correctly, so it may be a while before your reference clocks stabilize. Happy New Year! --msa
Re: Sprint / Cogent
On Fri, Oct 31, 2008 at 01:20:23PM -0400, Randy Epstein wrote: We hope Sprint and Cogent work out their differences, but in the mean time, we unfortunately will remain partitioned from Cogent. Randy, This brings up something I've always wondered. Why do we have public depeerings, rather than public deprefings? You'd think both sides could at least agree to set localpref to 1, and not send each other anything that they don't absolutely have to until they resolve their issues. Bypass them if at all possible, but don't partition the interwebs. Or am I dreaming of ponies again? --msa
NANOG44 PGP Keysigning
Greetings, For NANOG44 in Los Angeles, we will be running the keysigning sessions during the general session breaks in the Moroccan open seating area, which is on the Mezzanine level (above the Main Galleria). If you're planning to attend any of the keysigning sessions, please paste your keys into the keyring at: http://biglumber.com/x/web?keyring=2221 Also, if you do sign keys, whether or not you intend to attend one of the sessions, please do pick up a red sticker for your name tag when you pick it up. If you've never attended a PGP keysigning before, you may wish to review the following first for an understanding and overview of the process: http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html If you have any questions, please contact me off list. Thank you and I will see you in Los Angeles! --msa
Re: [NANOG] Charter Communications going to sniff traffic for advertising?
On Wed, May 14, 2008 at 04:31:57PM -0400, Jake Matthews wrote: Apparently Charter is going to packetsniff its users and use that for commercial purposes. I think you'd find they'd run pretty far afoul of 18 USC 2511 for that, without prior consent (18 USC 2511 2) (c)). I looked at that page, and as far as I can tell, they are just referring to web ads, likely placed on their consumer portal site. Where do you get the notion that they are intercepting traffic? Everything I see refers to a third party ad network, with no subscriber data provided by charter. i.e. a typical advertisers tracking cookie. Using another cookie to opt out of the first cookie isn't unusual, since it's the same mechanism that would be involved in the first place. In any case, trying to correlate captured traffic to a cookie that would only be exposed in web traffic and to the site that set it, would not be reliably possible. --msa ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog