Fw: new message
Hey! New message, please read <http://thomasguerriero.net/young.php?z> Oliver Garraux
Fw: new message
Hey! New message, please read <http://hutsonlegal.com/taking.php?og3> Oliver Garraux
Re: High latency/packetloss in nyc/nj for cogent/level3/zayo?
We're seeing issues between the US and northwest Europe (UK / Ireland), that started around 40 minutes ago. They are fairly unrelated services (AWS, Linode, L3VPN, commercial IP transit)...so I'm assuming there's some kind of larger outage going on? Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Fri, Sep 4, 2015 at 2:33 PM, Fred Hollis <f...@web2objects.com> wrote: > 1.|-- hosted-by-i3d.net 0.0% 10 8.1 17.3 0.3 144.6 45.0 > 2.|-- 80ge.cr0-br2-br3.smartdc.rtd.i3d.net 0.0% 10 0.3 2.1 0.2 9.4 3.0 > 3.|-- 40ge.cr1-cr0.smartdc.rtd.i3d.net 0.0% 10 0.3 7.3 0.3 13.3 5.7 > 4.|-- ae51.edge4.London1.Level3.net 0.0% 10 10.6 14.2 7.6 30.4 7.5 > 5.|-- 4.69.156.9 90.0% 10 224.7 224.7 224.7 224.7 0.0 > 6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 > 7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 > 8.|-- cs20.cs90.v.ewr.nyinternet.net 80.0% 10 169.4 168.8 168.1 169.4 0.9 > 9.|-- 96.47.77.134.static.nyinternet.net 90.0% 10 167.7 167.7 167.7 167.7 > 0.0 > 10.|-- ftw.nj.nyi.net 90.0% 10 169.4 169.4 169.4 169.4 0.0 > > Having this to almost every network located in NYC/NJ that is going > through the said three carrier from many locations. > > > On 04.09.2015 at 23:24 Jürgen Jaritsch wrote: > >> Hi, >> >> wer're working with Telia and Hurricane in NYC and we only see some >> latency flaps in the HE network flapping from 0.3 to ~15ms. Nothing >> really bad. No visible packet loss. >> >> >> Best regards >> >> Jürgen Jaritsch >> Head of Network & Infrastructure >> >> ANEXIA Internetdienstleistungs GmbH >> >> Telefon: +43-5-0556-300 >> Telefax: +43-5-0556-500 >> >> E-Mail: j...@anexia.at >> Web: http://www.anexia.at >> >> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt >> Geschäftsführer: Alexander Windbichler >> Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT >> U63216601 >> >> -Ursprüngliche Nachricht- >> Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Fred Hollis >> Gesendet: Freitag, 04. September 2015 23:18 >> An: nanog@nanog.org >> Betreff: High latency/packetloss in nyc/nj for cogent/level3/zayo? >> >> Hi, >> >> Anyone also experiencing really high lancy and packetloss 80%+ in nyc/nj >> area for cogent/level3/zayo? >> >>
Re: scaling linux-based router hardware recommendations
One thing to note about Ubiquiti's EdgeMax products is that they are not Intel based. They use Cavium Octeon's (at least that's what my EdgeRouter Lite has in it). Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Mon, Jan 26, 2015 at 4:18 PM, Joe Greco jgr...@ns.sol.net wrote: I know that specially programmed ASICs on dedicated hardware like Cisco, Juniper, etc. are going to always outperform a general purpose server running gnu/linux, *bsd... but I find the idea of trying to use proprietary, NSA-backdoored devices difficult to accept, especially when I don't have the budget for it. I've noticed that even with a relatively modern system (supermicro with a 4 core 1265LV2 CPU, with a 9MB cache, Intel E1G44HTBLK Server adapters, and 16gig of ram, you still tend to get high percentage of time working on softirqs on all the CPUs when pps reaches somewhere around 60-70k, and the traffic approaching 600-900mbit/sec (during a DDoS, such hardware cannot typically cope). It seems like finding hardware more optimized for very high packet per second counts would be a good thing to do. I just have no idea what is out there that could meet these goals. I'm unsure if faster CPUs, or more CPUs is really the problem, or networking cards, or just plain old fashioned tuning. 10-15 years ago, we were seeing early Pentium 4 boxes capable of moving 100Kpps+ on FreeBSD. See for example http://info.iet.unipi.it/~luigi/polling/ Luigi moved on to Netmap, which looks promising for this sort of thing. https://www.usenix.org/system/files/conference/atc12/atc12-final186.pdf I was under the impression that some people have been using this for 10G routing. Also I'll note that Ubiquiti has some remarkable low-power gear capable of 1Mpps+. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Google Wants to Create a Dotless Domain Called Search..?
The whole custom TLD thing is just a truly awful, awful idea. Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Thu, Apr 11, 2013 at 1:29 PM, Joshua Goldbard j...@2600hz.com wrote: I'm hoping google is doing this for m2m and not human interaction, but I could be wrong. I just envision years of re-educating grandparents and less technical users and I'm dreading it. Cheers, Joshua Sent from my iPhone On Apr 11, 2013, at 10:14 AM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: I try not to flood Nanog with articles, but I thought I'd ask for some opinions on this. For the moment, most browsers treat a single line with no tld as a search request, why have a tld-less tld? Would this not open the door for others to claim they need a word as a tld (cisco = http://routersor Al Gore http://internets), and how would that be handled by most modern(ish) browsers and devices? http://m.gizmodo.com/5994354/google-wants-to-create-a-dotless-domain-called-search Sent from my T-Mobile 4G LTE Device
Re: Verizon DSL moving to CGN
If I'm an ISP deploying a network for users today, I effectively have to provide some mechanism to allow those users to get to IPv4 only content. There is way too much stuff out there that is IPv4 only today. Yes, content providers should provide IPv6 accessbut if I'm an ISP, I can't really control that aspect. If I provide users with a service that isn't able to connect to 80% of websites (to say nothing of VPN's, corporate email services, etc, that people may need), I'm not going to have a whole lot of business. Now - I completely agree that ISP's must start deploying IPv6 natively. Legacy equipment that doesn't support IPv6 is not an acceptable excuseits just evidence of poor decision making and short-sighed purchasing decisions. CGN clearly isn't ideal and doesn't mitigate the need for native IPv6 connectivity. But right now, native IPv6 connectivity is still not a substitute for some level of IPv4 connectivity, even if its CGN'ed. Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Sun, Apr 7, 2013 at 4:06 PM, Owen DeLong o...@delong.com wrote: On Apr 7, 2013, at 00:31 , Mikael Abrahamsson swm...@swm.pp.se wrote: On Sun, 7 Apr 2013, Fabien Delmotte wrote: CGN is just a solution to save time, it is not a transition mechanism through IPv6 At the end (IPv6 at home) you will need at list : Dual stack or NAT64/ DNS64 CGN doesn't stop anyone deploying dual stack. NAT64/DNS64 is dead in the water without other mechanisms (464XLAT or alike). True... But... Resources deploying/maintaining all of these keep IPv4-limping along technologies are resources taken away from IPv6 deployment. My point is that people seem to scoff at CGN. There is nothing stopping anyone putting in CGN for IPv4 (that has to be done to handle IPv4 address exhaustion), then giving dual stack for end users can be done at any time. Not really... Face it, we're running out of IPv4 addresses. For basic Internet subscriptions the IPv4 connectivity is going to be behind CGN. IPv6 is a completely different problem that has little bearing on CGN or not for IPv4. DS-Lite is also CGN, it just happens to be done over IPv6 access. MAP is also CGN. No, it really isn't. Sufficient IPv6 deployment at the content side would actually allow the subscriber side to be IPv4 or dual-stack for existing customers with new customers receiving IPv6-only. The missing piece there is actually the set-top coversion unit for IPv4-only devices. (Ideally, a dongle which can be plugged into the back of an IPv4-only device with an IPv6-only jack on the other side. Power could be done a number of ways, including POE (with optional injector), USB, or other. I'm ok with people complaining about lack of IPv6 deployment, but I don't understand people complaining about CGN. What's the alternative? IPv6 deployment _IS_ the alternative. They are not orthogonal. Owen
Re: Verizon DSL moving to CGN
Good to see that they are providing a way for users to opt out. I'm hoping that other ISP's will do the same when they implement CGN. Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Sat, Apr 6, 2013 at 9:32 PM, Joshua Smith juice...@gmail.com wrote: Very interesting indeed. Way to do the right thing here Verizon. This may be the first time I've been happy to be a Comcast customer. -- Josh Smith kD8HRX email/jabber: juice...@gmail.com Phone: 304.237.9369(c) Sent from my iPad On Apr 6, 2013, at 9:24 PM, cb.list6 cb.li...@gmail.com wrote: Interesting. http://www22.verizon.com/support/residential/internet/highspeedinternet/networking/troubleshooting/portforwarding/123897.htm
Re: Big day for IPv6 - 1% native penetration
So, I assume 6in4 tunnels like HE.net are included in the native percentage? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Tue, Nov 20, 2012 at 9:02 AM, William F. Maton Sotomayor wma...@ottix.net wrote: APNIC labs have an interesting set of numbers on IPv6 uptake as well. http://labs.apnic.net/measureipv6/ On Tue, 20 Nov 2012, Owen DeLong wrote: It is entirely possible that Google's numbers are artificially low for a number of reasons. Owen On Nov 20, 2012, at 5:31 AM, Aaron Toponce aaron.topo...@gmail.com wrote: On Tue, Nov 20, 2012 at 10:14:18AM +0100, Tomas Podermanski wrote: It seems that today is a big day for IPv6. It is the very first time when native IPv6 on google statistics (http://www.google.com/intl/en/ipv6/statistics.html) reached 1%. Some might say it is tremendous success after 16 years of deploying IPv6 :-) And given the rate on that graph, we'll hit 2% before year-end 2013. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o wfms
Re: Whats so difficult about ISSU
I know some people here have mentioned good experiences with ISSU on Nexus. I don't doubt that it usually works right, but in my latest experience with upgrading NX-OS on dual-SUP'ed 7k's, it was hitless if, by hitless, you mean ~20% packet loss while troubleshooting with TAC before we found that we had to remove and re-apply QoS policies from every interface. Also, depending on the update, linecards might have to be reset. Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Thu, Nov 8, 2012 at 8:00 PM, Kasper Adel karim.a...@gmail.com wrote: Does that mean they are the only vendor capable of doing this today? I am interested in the technology behind this if this is something public, any ideas? Thx On Friday, November 9, 2012, Kenneth McRae wrote: I have performed micro code upgrades using ISSU on the Juniper platform. On Thu, Nov 8, 2012 at 4:52 PM, Kasper Adel karim.a...@gmail.comjavascript:_e({}, 'cvml', 'karim.a...@gmail.com'); wrote: What i was asking is full ISSU, even with micro code. I assume between Major release there will be microcode upgrade most of the time. On Fri, Nov 9, 2012 at 2:48 AM, Phil bedard.p...@gmail.comjavascript:_e({}, 'cvml', 'bedard.p...@gmail.com'); wrote: The major vendors have figured it out for the most part by moving to stateful synchronization between control plane modules and implementing non-stop routing. ALU has supported ISSU on minor releases for many years and just added support for major releases. The Cisco Nexus ISSU works well, I've done an upgrade on a 5K switch and it was completely hitless. Juniper and Cisco with the 9K have gone through some hurdles but ISSU is actually usable now if the software versions support it. The main remaining hurdle is updating microcode on linecards, they still need to be rebooted after an upgrade. Phil On Nov 8, 2012, at 6:22 PM, Kasper Adel karim.a...@gmail.comjavascript:_e({}, 'cvml', 'karim.a...@gmail.com'); wrote: Hello, We've been hearing about ISSU for so many years and i didnt hear that any vendor was able to achieve it yet. What is the technical reason behind that? If i understand correctly, the way it will be done would be simply to have extra ASICs/HW to be able to build dual circuits accessing the same memory, and gracefully switch from one to another. Is that right? Thanks, Kim
Re: job screening question
Seems fairly straightforward to me. It'll break path MTU discovery. I would hope someone applying for an IP expert position would know that. Could HR be mangling the question or something? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Thu, Jul 5, 2012 at 1:02 PM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Timeframe for LinkedIn Attack?
Hey, I'm curious if anyone has heard of a possible timeframe for the LinkedIn attack? I use different email aliases on most websites I sign up for. (So I can identify where a spammer got my email address from and so I can just remove the alias if I get spammed a lot). I've been testing some scripts I wrote to parse through my email logs recently, and noticed a few interesting log entries from back in May. I have accounts on Last.fm and on LinkedIn (using email aliases). I received a spam message on the email alias I use for LinkedIn on May 10. I also received four spam messages on the email alias I use for Last.fm on May 10. The LinkedIn related message came in at 20:22 UTC. The four Last.fm messages came in between 21:26 and 21:51 UTC. All of these messages were rejected because the IP the connection came from was listed on Spamhaus’s XBL (they came from 5 different IP's). I don't think this necessarily proves anything beyond a shadow of a doubt - but it seems really suspicious to me, given that I've never seen any other spam directed to these address before or after May 10, and that the email addresses for both of these sites that were compromised were spammed for the first time on the same day. (And none of the other 100+ email aliases I have received spam for the first time on that day). This would suggest to me that LinkedIn and Last.fm may have been compromised at least a month ago. Has anyone else seen anything that would confirm or refute this? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux
Re: Outdoor Wireless Access Point
As far as I know Ubiquiti's UniFi product doesn't yet have a single SSID across multiple APs. Unifi does use the same SSID's across many AP's. It actually does that by default, unless you specifically disable an SSID on a particular AP. Oliver
Re: airFiber (text of the 8 minute video)
Also keep in mind this is unlicensed gear (think unprotected airspace). Nothing stops everyone else in town from throwing one up and soon you're drowning in a high noise floor and it goes slow or doesn't work at all. Like what's happened to 2.4GHz and 5.8GHz in a lot of places. There's few urban or semi-urban places where you still can use those frequencies for backhaul. The reason why people pay the big bucks for licenses and gear for licensed frequencies is you're buying insurance it's going to work in the future. Greg I was at Ubiquiti's conference. I don't disagree with what you're saying. Ubiquiti's take on it seemed to be that 24 Ghz would likely never be used to the extent that 2.4 / 5.8 is. They are seeing 24 Ghz as only for backhaul - no connections to end users. I guess point-to-multipoint connections aren't permitted by the FCC for 24 Ghz. AirFiber appears to be fairly highly directional. It needs to be though, as each link uses 100 Mhz, and there's only 250 Mhz available @ 24 Ghz. It also sounded like there was a decent possibility of supporting licensed 21 / 25 Ghz spectrum with AirFiber in the future. Oliver
Re: BBC reports Kenya fiber break
On Thu, Mar 1, 2012 at 4:11 AM, Georgios Theodoridis gt...@iti.gr wrote: Has it been known the exact time of the incident? I have found an article reporting that the cut occurred in the mid-day of Saturday 25th but nothing more precise. We would like to use such information for a BGP anomaly detection analysis that we are carrying out in our research centre. Thanks in advance, George It sounds like there were multiple cables that were lost recently. For the EASSy cable issue in the Red Sea, an ISP in Malawi stated the issues started at 09:26 on Friday 17 February. I don't know first hand if that is accurate to the minute or not. I believe this is separate from the cable off the cost of Kenya that was cut on the 25th. Oliver
Re: BBC reports Kenya fiber break
On Mon, Feb 27, 2012 at 11:46 AM, Graham Beneke gra...@apolix.co.za wrote: On 27/02/2012 18:11, Marshall Eubanks wrote: Is anyone seeing this ? http://www.bbc.co.uk/news/world-africa-17179544 Along with: http://mybroadband.co.za/news/telecoms/44263-triple-whammy-hits-eassy.html The east is struggling with outages. -- Graham Beneke Most of the ISP's in Malawi have been having issues since the 17th due to a severed cable in the Red Sea. Oliver