Re: AFRINIC IP Block Thefts -- The Saga Continues

2020-11-18 Thread Paul Nash 
Any idea of the outcome?

> On Nov 17, 2020, at 4:54 PM, Valdis Klētnieks  wrote:
> 
> On Tue, 17 Nov 2020 10:02:01 -0800, Jay Hennigan said:
> 
>> In the old days on the NANAE newsgroup, such bogus threats of legal
>> action were categorized as one calling their "cartooney". People who
>> huff and puff and threaten to sue rarely do so. If someone actually
>> plans on suing you, your first hint is typically a knock on the door by
>> a process server, not repeated threats in an online forum.
> 
> Right.  The thing is that unless you're party to the lawsuit, you don't
> know if a process server has been involved.
> 
> Somebody else replied by private email and pointed where the AfriNIC
> CEO wrote that they had, in fact, actually been sued.   So whatever one
> might think of Elad Cohen, he's apparently not a cartooney.

Re: AFRINIC IP Block Thefts -- The Saga Continues

2020-11-16 Thread Paul Nash 
If you don’t have  coherent argument, take Trump’s approach with an incoherent 
ad-hominem attack.

I have been filling this issue with a lot of interest, and to date you have 
offered no evidence of anything, apart from your ability to spew vitriol.



> On Nov 16, 2020, at 10:04 AM, Elad Cohen  wrote:
> 
> Tom,
> 
> Until today all I wrote was facts and evidence, in the contrary to 
> Pore-spilling Ronald. When Ronald keeps defaming me here non-stop, Yes my 
> full right is to sue him, even if you prefer that my blood will be shed here 
> by his filthy soul and pores. And you can be sure that I will respond to any 
> of his defamation messages.
> 
> "No value to the community" - there is value to the community, anyone which 
> is following Pore-spilling Ronald is following the ancient snake, it is not 
> written in Old Testament, it is written in Old Scripture, go ahead and check, 
> Ronald visual appearance match one by one to the lawless one description 
> (lawless one is a term of New Testament) according to Old Scripture.
> 
> Go swim in Ronald juicy pores if you would like.
> 
> 
> From: Tom Beecher 
> Sent: Monday, November 16, 2020 4:54 PM
> To: Elad Cohen 
> Cc: nanog@nanog.org ; adm...@nanog.org 
> Subject: Re: AFRINIC IP Block Thefts -- The Saga Continues
>  
> I would like to formally request that Mr. Cohen's privileges to post to this 
> list be revoked, or otherwise curtailed.
> 
> It's one thing to dispute facts with evidence, or generally disagree on a 
> topic. However , threats of legal action and personal attacks citing Old 
> Testament mumbo jumbo, while creative, provide no value to the community. 
> 
> As Mr. Herrin stated well, we are all swimming in enough nutter butter 
> conspiracy theory nonsense every day. I hope we don't normalize it here too. 
> 
> On Mon, Nov 16, 2020 at 4:24 AM Elad Cohen  wrote:
> 
> If AfriNIC says your "purchases" are misappropriation you'll have to do a lot 
> better than conspiracy theories and phrenology in counter argument.
> 
> 
> Why are you using the word "purchases" with quotation marks, it seems that 
> you are a victim of your next paragraph, and I'm writing it with all due 
> respect.
> 
> Did I start legal proceedings with AfriNIC with conspiracy theories or with 
> facts and data?
> 
> Phrenology (and racism) is the field of Coconut Guilmette, according to his 
> own quotes right here in Nanog.
> 
> "If AfriNIC says" - AfriNIC, nor Spamhaus, nor Ops-Trust, nor MyBroadband, 
> are not the word of god and are not above law and justice.
> 
> To remind to everyone: AfriNIC filed a police complaint on themselves. And 
> AfriNIC CEO lied to the community in the following link when he wrote that I 
> was given a chance to respond when in reality all my emails were ignored. And 
> AfriNIC CEO is intentionally hiding from the community that any AfriNIC 
> policy is applied also to any legacy netblock that even don't have a signed 
> RSA (according to the legal proceedings against AfriNIC, and in contradiction 
> to AfriNIC "Legacy Resource Holders" webpage: 
> https://afrinic.net/membership/legacy-resource ), it have implications on 
> each and every legacy resource holder all over the world (that a RIR can just 
> delete a legacy netblock).
> 
> https://lists.afrinic.net/pipermail/community-discuss/2020-January/003458.html
>  - "We are also ensuring that the current holder/contact of the resources are 
> provided with the opportunity of proving their ownership."
> 
> 
> Besides the above, AfriNIC also have a financial motive in their actions, 
> approximately up to more $4M per year from assets that they illegaly and 
> unjustifiably took from me (by sub-allocating them to AfriNIC members), while 
> writing lies to their community and playing a long with the "community 
> pressure" game.
> 
> 
> I find the actions of AfriNIC to be very dangerous, because they are not 
> based on facts and data and law and justice, but only on community pressure. 
> Any network operator, that can elevate himself/herself from bad habits (like 
> enjoying seeing blood spilled and jealousy), would know that today it is me 
> but tomorrow it can be you.
> 
> 
> 
> From: NANOG  on behalf of William 
> Herrin 
> Sent: Monday, November 16, 2020 10:00 AM
> Cc: nanog@nanog.org 
> Subject: Re: AFRINIC IP Block Thefts -- The Saga Continues
>  
> On Sun, Nov 15, 2020 at 10:58 PM Elad Cohen  wrote:
> > Anyone that is interested to receive any answer from me, please email me 
> > directly, I will say that Ronald Guilmette is intentionally spreading lies, 
> > and for the sake of Nanog community I will not reply to him over and over 
> > in the same coin, I was gladly interested in the past to share all the 
> > information (including AfriNIC legal proceedings) with a person respected 
> > by the Nanog community (and I'm still interested to do so today), such as 
> > William Herrin, or to anyone else respected by the Nanog community.
> 
> Ugh. I don't suppose I can

PLEASE CHECK THE REPLY EMAIL ADDRESS -- Re: QB server hiccups

2020-10-22 Thread Paul Nash 
Typo in the first version copied this to a mailing list.

I sent a newer version shortly after copied to Brian instead :-)

Please delete the earlier one & only reply to the later one.

Thanks

paul

> On Oct 22, 2020, at 1:19 PM, Paul Nash  wrote:
> 
> After an outage yesterday, I am trying to streamline and simplify the St 
> Felix QB setup to make it more reliable and easier to administer.
> 
> The most critical factor that influences the overall design is the realistic 
> maximum number of simultaneous users.
> 
> If we can live with a maximum of two users logged on at any one time, I can 
> simplify the system dramatically, which will streamline operations and 
> improve reliability.  
> 
> If we need to have more than two users logged at any time, then we need the 
> current setup, with its various woes.  The problem are not insurmountable, 
> but the system is more complex.  FWIW, a quick check looks like Shan has been 
> the only active user for the past couple of months, but I may be wrong.
> 
> Either way, I need to overhaul some parts of the current setup, which was 
> thrown together in an enormous rush.  Once I know what parts we are going to 
> follow, I will make appropriate plans and let everyone know.
> 
> Yesterday’s problems were caused by the combination of Techsoup and 
> Microsoft.  Licenses that I ordered and paid for were not delivered 
> correctly, leading to the QB server shutting down at an inopportune time.  
> After restoring the server, reverting to trial licenses, I spoke to MS tech 
> support, who suggested that we start all over again purchasing the TS 
> licenses.  They also suggested that we just buy them directly from MS at full 
> retail price, which is not much more that the Techsoup price.
> 
> Right now, we should be good for a couple of months, but I want to prevent 
> any similar issues in future, and even the regular jumping-through-hoops that 
> I have been doing up until now to keen the current system running.
> 
> The first issue to resolving this and improving long-term reliability, is to 
> decide how many simultaneous users we realistically need.  The rest will flow 
> from that.
> 
> Regards
> 
>   paul

APOLOGIES: QB server hiccups

2020-10-22 Thread Paul Nash 
Autocorrect changed a misspelled recipient to “nanog”.

paul (grovelling for forgiveness)

QB server hiccups

2020-10-22 Thread Paul Nash 
After an outage yesterday, I am trying to streamline and simplify the St Felix 
QB setup to make it more reliable and easier to administer.

The most critical factor that influences the overall design is the realistic 
maximum number of simultaneous users.

If we can live with a maximum of two users logged on at any one time, I can 
simplify the system dramatically, which will streamline operations and improve 
reliability.  

If we need to have more than two users logged at any time, then we need the 
current setup, with its various woes.  The problem are not insurmountable, but 
the system is more complex.  FWIW, a quick check looks like Shan has been the 
only active user for the past couple of months, but I may be wrong.

Either way, I need to overhaul some parts of the current setup, which was 
thrown together in an enormous rush.  Once I know what parts we are going to 
follow, I will make appropriate plans and let everyone know.

Yesterday’s problems were caused by the combination of Techsoup and Microsoft.  
Licenses that I ordered and paid for were not delivered correctly, leading to 
the QB server shutting down at an inopportune time.  After restoring the 
server, reverting to trial licenses, I spoke to MS tech support, who suggested 
that we start all over again purchasing the TS licenses.  They also suggested 
that we just buy them directly from MS at full retail price, which is not much 
more that the Techsoup price.

Right now, we should be good for a couple of months, but I want to prevent any 
similar issues in future, and even the regular jumping-through-hoops that I 
have been doing up until now to keen the current system running.

The first issue to resolving this and improving long-term reliability, is to 
decide how many simultaneous users we realistically need.  The rest will flow 
from that.

Regards

paul

Re: Residential GPON last mile for network engineers (Telus AS852 and others)

2020-10-15 Thread Paul Nash 
I have a Bell Canada gig fibre connection.  My first attempt was to bridge 
their all-in-one box (disaster, unreliable as all hell), second was to set a 
bunch of rules for inbound traffic.  Apart from inbound access being *very* 
iffy, their device was s_l_o_w.

So I pulled the fibre GBIC, used a small switch to grab the correct VLAN and 
pointed that at a small Cisco box.  Way more flexible, faster and more reliable 
than Bell’s box.  DSLreports had all the info needed to get the correct VLANs

YMMV

> On Oct 13, 2020, at 9:56 PM, Eric Kuhnke  wrote:
> 
> Very interesting. Looks like the intention is to bypass the ONT entirely and 
> use a GPON ONT SFP in ones own choice of small home router. If the ISP wants 
> to do some weird TR069 provisioning or other stuff it could be seen as 
> interfering with the proper management of their network if you remove the CPE 
> entirely.
> 
> In an ideal world, personally I would be totally fine with keeping a telco 
> provided small ONT configured as a dumb L2 bridge, with one optical interface 
> single strand (SC/APC) going to the ISP, and 1000BaseT to my own router.
> 
> On Tue, Oct 13, 2020 at 6:51 PM Eric Dugas  wrote:
> I don't have any particular insights for Telus, but there is a huge thread 
> about bypassing Bell ONTs on DSLReports: 
> https://www.dslreports.com/forum/r32230041-Internet-Bypassing-the-HH3K-up-to-2-5Gbps-using-a-BCM57810S-NIC
> Cheers,
> Eric
> On Oct 13 2020, at 9:38 pm, Eric Kuhnke  wrote:
> With the growth of gigabit class single fiber GPON last mile services, I 
> imagine a number of people reading the list must have subscribed to such by 
> now.
> 
> Something that I have observed, and shared observations with a number of 
> colleagues, is that very often a person who works for ($someAS) lives in a 
> location where you are effectively singlehomed to ($someotherAS). Maybe you 
> bought your house before you got a job with your current employer, or maybe 
> the network you work for doesn't do residential last mile service at all. 
> Perhaps you work remotely for a regional sized entity that's a long distance 
> away from where you live.
> 
> Therefore necessitating a choice of service from whatever facilities based 
> consumer-facing ISP happens to service your home.
> 
> For example, in Seattle, a number of people discovered that they could keep 
> the Centurylink GPON ONT, and remove the centurylink-provided router/modem 
> combo device. Provided that they were able to configure their own router 
> (small vyatta, pfsense box, mikrotik, whatever) to speak a certain VLAN tag 
> on its WAN interface and be a normal PPPoE / DHCP client.
> 
> I'm sure there are a lot of people who prefer to run their own home router 
> and wifi devices, and not rely upon a ($big_residential_isp) provided 
> all-in-one router/nat/wifi box with opaque configuration parameters, or no 
> ability to change configuration at all.
> 
> Any insights as to what the configuration of the Telus AS852 GPON network 
> looks would be helpful. Or other observations in general on 
> technically-oriented persons who are doing similar with other ILECs.

Disney+ contacts or geolocation ideas

2020-07-22 Thread Paul Nash 
I’m looking for a technical contact at Disney regarding geo-location.  I have a 
client (apartment building) with a /24 (one IP per apartment).  We recently 
upgraded out Internet connection to give a much-needed speed boost.  Same 
connectivity provider, same IP addresses, just a bigger pipe.

Since then, a while bunch of people have been unable to get to Disney+, while 
some can.  Those that fail have existing D+ subscriptions, and get “error code 
73”, which allegedly relates to location and rights management.

The bandwidth provider has checked DNS, reverse DNS and contacted Disney, to no 
avail.  WhoIS shows it as being in Toronto, Canada.

Meanwhile, there is a lynch mob forming, and a scaffold being built in the 
parking lot :-).

Any pointers on how to find someone at Disney with clue, who will be able to 
tickle their geolocation databane.

The really irritating part is that everything worked until we had the bandwidth 
upgrade.

Re: 60ms cross continent

2020-07-12 Thread Paul Nash 
Not quite VSAT, but in the bad old SA days (pre-demicracy), I did some work for 
a company that used a UK-based satellite provider for data to the client (data 
was sent in the VBI), and dial-up for the traffic from the client.

Still relied on a local provider for the dial-up, though, so could be censored.

Before TICSA, I also looked at buying a private (pirate) satellite earth 
station.  The Russian government were selling off surplus 8-wheel-drive 
military satellite earth stations, and I was thinking of parking one in my back 
garden (I lived on a farm).

paul

> On Jul 9, 2020, at 12:44 PM, Mark Tinka  wrote:
> 
> 
> 
> On 9/Jul/20 17:51, Joel M Snyder wrote:
> 
>> Oh man I wish that were wholly true... Satellite/VSAT has another very
>> very important attribute: it's not subject to the whims of the local
>> government or regulators.  So when there's an election or some unrest or
>> coup or the prime minister has very bad flatulence, and some person says
>> "turn off the Internet," your non-terrestrial connection is there so
>> that you can continue to do business.
> 
> Very true, except there are still a few countries that require a single
> operator to have all "gateway" access out of the country, even via
> satellite. So yes, install, for sure. But if someone does the rounds and
> catches an "unlicensed" installation, that could be interesting.
> 
> 
>> (Plus, there are also still many places outside of capital cities in the
>> world where the Internet is truly awful and if you want bits, you have
>> to bring your own)
> 
> I did mention that use-case, already, in a previous post.
> 
> Simple applications such as ATM's in remote locations is still quite
> typical.
> 
> Mark.

Re: 60ms cross continent

2020-07-08 Thread Paul Nash 
When we started TICSA (Internet Africa/Verizon/whatever), we went with a 9600 
bps satellite link to New Jersey specifically because the SAT-2 fibre had just 
been installed and traffic was being moved off satellite.  The satellite folk 
were getting *very* nervous, and gave us a heavily discounted service provided 
we had a 5-year contract that specified that they service *had* to run over 
satellite.  Job insurance.

As our requirements grew, we added fibre connections.  Eventually the telco 
canceled the satellite connection as they were starting to focus on VSAT.

paul

> On Jul 8, 2020, at 3:05 AM, Mark Tinka  wrote:
> 
> 
> 
> On 7/Jul/20 21:58, Eric Kuhnke wrote:
>> Watching the growth of terrestrial fiber (and PTP microwave) networks
>> going inland from the west and east African coasts has been
>> interesting. There's a big old C-band earth station on the hill above
>> Freetown, Sierra Leone that was previously the capital's only link to
>> the outside world. Obsoleted for some years now thanks to the
>> submarine cable and landing station. I imagine they might keep things
>> live as a backup path with a small C-band transponder MHz commit and
>> SCPC modems linked to an earth station somewhere in Europe, but not
>> with very much capacity or monthly cost.
>> 
>> The landing station in Mogadishu had a similar effect.
> 
> The early years of submarine fibre in Africa always had satellite as a
> backup. In fact, many satellite companies that served Africa with
> Internet prior to submarine fibre were banking on subsea and terrestrial
> failures to remain relevant. It worked between 2009 - 2013, when
> terrestrial builds and operation had plenty of teething problems. Those
> companies have since either disappeared or moved their services over to
> fibre as well.
> 
> In that time, it has simply become impossible to have any backup
> capacity on satellite anymore. There is too much active fibre bandwidth
> being carried around and out of/into Africa for any satellite system to
> make sense. Rather, diversifying terrestrial and submarine capacity is
> the answer, and that is growing quite well.
> 
> Plenty of new cable systems that are launching this year, next year and
> the next 3 years. At the moment, one would say there is sufficient
> submarine capacity to keep the continent going in case of a major subsea
> cut (like we saw in January when both the WACS and SAT-3 cables got cut
> at the same time, and were out for over a month).
> 
> Satellite earth stations are not irrelevant, however. They still do get
> used to provide satellite-based TV services, and can also be used for
> media houses who need to hook up to their network to broadcast video
> when reporting in the region (even though uploading a raw file back home
> over the Internet is where the tech. has now gone).
> 
> Mark.
>

Re: free collaborative tools for low BW and losy connections

2020-03-31 Thread Paul Nash 
> Exactly. And there's no disconnect: usenet doesn't scale because each object 
> is copied to all core nodes rather than referenced, or copied-as-needed, or 
> other.  This design of distributed messaging platform will eventually break 
> as it grows.  

Usenet scales far more gracefully than the current web.

Each node sends content to a few downstream nodes.  This makes it easy to 
scale; there is no central mega-node that gets overwhelmed, connectivity is to 
a nearby upstream where there is a reasonabe amount of bandwidth. Last time I 
ran a server, the sender could filter based on newsgroup or message size, so 
avoid swamping links.  Content was mostly text.

It is possible to use offline transmission — certain groups dumped onto mag 
tape and mailed, get pulled in at the destination.  BTDT.

More demand = more client nodes which in turn distribute to other nodes, so 
each node does not need to talk to a large number of others.

We did this about 30 years ago in South Africa; Rhodes university brought in 
most groups, I brought in alt.*.  We each distributed to a select number of 
nodes, who distributed again.  Lather, rinse, repeat.  Usenet for the entire 
sub-continent (along with email) over 9600 bps dial-up circuits.

paul

Re: South Africa On Lockdown - Coronavirus - Update!

2020-03-25 Thread Paul Nash 
Don’t hold your breath :-(.

> On Mar 24, 2020, at 4:55 PM, Mark Tinka  wrote:
> 
> 
> 
> On 24/Mar/20 22:48, Randy Bush wrote:
> 
>> almost all our cultures have gaps; but some worse than others.  we will
>> all learn lessons in the coming many months of plague.  i know an office
>> which lost key engineers last year because they would not let them work
>> remotely.  now the entire company is working remotely, and successfully.
> 
> The Coronavirus is amplifying and accelerating the new economy that is
> burgeoning at the borders.
> 
> With some luck, those that need to pay attention, are.
> 
> Mark.

Re: DHS letters for fuel and facility access

2020-03-18 Thread Paul Nash 
You just have to make sure that you test the right thing.

In a former life I was an electrical engineer. My first job was with a 
consulting engineering firm; out biggest customer was the biggest supermarket 
chain in South Africa.  One of my tasks was to travel to one of their stores 
each Saturday after closing (those were the days when they closed at noon on a 
Saturday until Monday morning) and test their stand generators.

The manager’s idea was usually to press the start button, check that the big 
diesel started, then shut down and go home.  My idea was to pull the main 
incoming breaker.  9 times out of 10 on first visit, the diesel would start, 
and then die as soon as the load kicked in because of carbon buildup in the 
cylinders.

After discussions with the supermarket management, they decided to (a) have all 
the diesels serviced ASAP, and (b) adopt my protocol of start diesel, wait for 
it to come under load, run for at least 30 minutes to get up to heat and clear 
the carbon deposits.

I use a similar technique for failover tests on servers, routers, firewalls — 
pull the power cord and see what happens, pull the incoming network and see 
what happens.

This was stymied by a recent network outage where the ISP network was up and 
running, connected back to their local PoP and thence to their backbone, but 
connectivity from that network to the critical servers was down.  So now we 
test end-to-end that the server is reachable, and let the network fail over if 
not.

paul

> On Mar 18, 2020, at 11:56 AM, Karl Auer  wrote:
> 
> An untested emergency system has to be regarded as a non-existent
> emergency system.
> 
> No matter how painful it is to test, no matter how expensive it is to
> test, the pain and the expense are nothing compared to the pain and
> expense of having an actual emergency and discovering that the
> emergency system doesn't work...
> 
> Multiplied by infinity if it costs lives.
> 
> Regards, K.
> 
> -- 
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> 
> GPG fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170
> Old fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
> 
>

Re: DHS letters for fuel and facility access

2020-03-17 Thread Paul Nash 
September 2001.  Just after the 9/11 attacks, all of lower Manhattan was shut 
down.  Out link (IIRC) was to a satellite farm on Staten island, across the bay 
to 60 Hudson.  Power went off, diesels kicked in, fuel trucks was not allowed 
in, and a few days later we lost all international connectivity.

Lots of important people lost power as well, so the feds decided to let the 
diesel tankers in after a few days’ deliberations.

paul

> On Mar 17, 2020, at 11:21 AM, Mark Tinka  wrote:
> 
> 
> 
> On 17/Mar/20 17:15, Paul Nash wrote:
> 
>> That same fuel shortage killed all Internet traffic to sub-Saharan Africa.  
>> Took us a while to figure out what was wrong with the satellite link to the 
>> US.
> 
> What year was that :-)?
> 
> Mark.

Re: DHS letters for fuel and facility access

2020-03-17 Thread Paul Nash 
That same fuel shortage killed all Internet traffic to sub-Saharan Africa.  
Took us a while to figure out what was wrong with the satellite link to the US.

paul

> On Mar 16, 2020, at 5:12 PM, Ben Cannon  wrote:
> 
> We (Verizon not me) lost a central office during 9/11 because it ran out of 
> fuel - the tankers were staged but we’re not allowed to enter Manhattan.  
> 
> This clears that pathway for us now, and it’s fairly standard protocol since.
> 
> -Ben
> 
>> On Mar 16, 2020, at 1:20 PM, Sean Donelan  wrote:
>> 
>> 
>> On some other mailing lists, FCC licensed operators are reporting they have 
>> received letters from the Department of Homeland Security authorizing 
>> "access" and "fuel" priority.
>> 
>> Occasionally, DHS issues these letters after natural disasters such as 
>> hurricanes for hospitals and critical facilities.  I haven't heard of them 
>> issued for pandemics.
>>

Re: COVID-19 vs. our Networks

2020-03-15 Thread Paul Nash 
> … as soon as they enter the Province
> from outside Canada they are "requested" to self-isolate for 14-days.
> This is for citizens.  Don't know what the policy is for non-Canadians.

Maybe not so much in practice.  I landed at Pearson late last night, returning 
from South Africa via Amsterdam.  Other than the standard passport checks, no 
sign of any screening.  Yay Doug Ford and his merry men.

I’m in self-quarantine for the next 14 days, working from home, in case of any 
symptoms.  I obviously hope the there are none, and that I can go back to visit 
clients, but I feel that that would be a really stupid thing to do right now.

In the meantime, schools are shut down, and I have two children back home from 
university.

paul


> 
>> (Fortunately, I'm in a position to hide in my apartment and only
> emerge
>> for grocery shopping at 2AM until things wind down... Hope everybody
> else
>> has a good contingency plan)
> 
> Yeah, sounds like a plan.
> 
> -- 
> The fact that there's a Highway to Hell but only a Stairway to Heaven
> says a lot about anticipated traffic volume.
> 
> 
>

Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

2020-01-28 Thread Paul Nash 
Carrying on with the “first Internet connection” thread:

I forget how I found out about Usenet and UUCP email (lost in the mosts of 
time).  I ran a store and forward dial-up link from South Africa to DDSW1 in 
Chicago (Hi Karl!  Thanks!).  I cobbled together a package with a DOS-based 
mail reader and a DOS port of UUCP that several people used to get their email 
(including a local medical research establishment and the local veterinary 
college).  Demand grew, along with a request to relay email to the UNHCR in 
Northen Mozambique, so I scraped some money together to import a horribly 
expensive Telebit modem.  I ended up being the regional non-academic email hub 
for Southern Africa.

Just prior to the 1994 election, I got together with a two friends (Alan Barret 
and Chris Pinkham) and founded the first ISP in sub-Saharan Africa.  We managed 
to get a 64k satellite link at a very good price (the satellite folk were busy 
being retrenched and we were prepared to sign a contract specifically requiring 
satellite service for 5 years, which gave them some job security).  We borrowed 
a Cisco router from DiData (Cisco agents), skirted other telco regulations to 
link regions.

One of our early customers was a group of students who wanted to start a small 
dial ISP nearby.  We gave them service, bootstrapping what became our biggest 
competitor, Internet Solutions (now part of DiData, who never did ask for their 
router back).  Our little ISP grew and grew, and eventually merged with our 
biggest client, was sold, sold again, and so on.  Last time I looked, it had 
become Verizon Africa.

paul

> On Jan 28, 2020, at 6:40 PM, Forrest Christian (List Account) 
>  wrote:
> 
> So to add my two stories:
> 
> I provided the Idea and a whole bunch of time/labor/etc to start a dialup ISP 
> in our hometown back in 1994.   I remember having a big debate on whether to 
> bring in a single 56K leased line or 128K fractional T1.  We went with the 
> Fractional T1 just because it could be easily expanded over time.   (That T1 
> is now multiple 10GB circuits - yes the ISP is still running and I still am 
> involved).   So a single 128K fractional T1, a cisco 2501 (with external DSU, 
> those internal cards didn't exist yet), and 8 14.4 modems attached to a 
> single Sun Unix box.  Note that this was pre-web, and back in the days where 
> you pretty much knew at least generally everything which was on the internet.
> 
> Things grew quickly, don't remember how many lines.   At some point we moved 
> to having 56K modems on our end, which required a digital carrier to the 
> central office.   T1's were very expensive, so we did a bit of tariff 
> arbitrage.   One could obtain a 'metered' ISDN BRI line for like next to 
> nothing - the metering had to do with the fact they were going to charge you 
> by the minute for any calls, but here's the catch:  for outgoing calls only, 
> incoming calls were free which worked great for a dialup ISP.The problem 
> was that 56K dialin concentrators all wanted T1 lines.What we discovered 
> is that Adtran made a box which would take a whole bunch of ISDN BRI (each 
> with 2 channels), and combine them into a single T1.   And due to the retail 
> pricing difference for T1 vs BRI, we could pay for the box in a few months.   
>  So we took a whole truckload of ISDN BRI lines and combined them into a few 
> channelized T1's and ended up paying a lot less to the phone company.
> 
> Of course, things have grown past that (we have an extensive WISP network and 
> have an ever-growing amount of fiber in the ground).  But it's fun to think 
> about where we started.
> 
> On Mon, Jan 27, 2020 at 1:00 PM  wrote:
> 
> On January 27, 2020 at 22:57 ma...@isc.org (Mark Andrews) wrote:
>  > The hardware support was 2B+D but you could definitely just use a single 
> B.   56k vs 64k depended on where you where is the world and which style of 
> ISDN the telco offered. 
> 
> FWIW bulk dial-up lines were often brought in as PRIs which were 24
> ISDN 2B+D lines on basically a T1 (1.544mbps) and then you could break
> those out to serial lines.
> 
> The sort of cool thing was that you could get caller information on
> those even if the caller thought they blocked it with *69 or whatever
> it was and log it. I forget the acronym...no no, that's the usual
> caller-id this was...u, DNI? Something like that.
> 
> I won a court case with that data.
> 
> -- 
> -Barry Shein
> 
> Software Tool & Die| b...@theworld.com | 
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*
> 
> 
> -- 
> - Forrest

Re: akamai yesterday - what in the world was that

2020-01-27 Thread Paul Nash 
> first personal connection was a dedicated dialin using a telebit
> trailblazer at 9600 bps. that was a benefit of work.

The Telebits were awesome over impaired lines.  Their funky modulation scheme 
let them get through where nothing else would (like using barbed wire fences 
instead of phone wire).

I used them to link up the UNHCR in Northern Mozambique.  Only problems were 
when someone opened a gate in the fence to move cattle — no carried until they 
closed it again.

paul

Re: akamai yesterday - what in the world was that

2020-01-25 Thread Paul Nash 
> So, I grew up in South Africa, and one of the more fascinating /
> cooler things I saw was a modem which would get you ~50bps (bps, not
> Kbps) over a single strand of barbed wire -- you'd hammer a largish
> nail into the ground, and clip one alligator[0] clip onto that, and
> another alligator clip onto the barbed wire. Repeat the process on the
> other side (up to ~5km away), plug the modems in, and bits would
> flow... I only saw these used a few times, but always thought they
> were cool….

Do you remember anything about the actual type of modem?  Or where you deployed 
them?

In the days before the Internet came to SA, I ran a dial-up email link between 
the US and Pretoria, polled by various people locally (including CSIR, SAIMR).  
I also carried mail for the UNHCR in Northern Mozambique.  Mail came via Karl 
Deninger (DDSW1) in Chicago, IIRC.

They were missing several kilometres of phone wire, so connected the link to 
the fence on each side of the road.  We get about 1200bps on a good day IIRC, 
and would loose carrier whenever someone moved cattle from one field to another 
and opened a gate in the fence.

paul

Re: akamai yesterday - what in the world was that

2020-01-23 Thread Paul Nash 
> I find it both happy and disturbing.  I remember the first 2.4/2.5g links I 
> turned up as well as the first 10g and (eventually) the first 100g links.
> 
> I was leaving the house earlier this week thinking about how it used to be 
> Mbps of traffic that was a lot and now it’s Gbps and how that’s shifted to 
> Tbps.
> 
> While it makes me feel old, it’s also something that I marvel about 
> periodically.

A bit of perspective on bandwidth and feeling old.  The first non-academic 
connection from Africa (Usenet and Email, pre-Internet) ran at about 9600 bps 
over a Telebit Trailblazer in my living room.

The first non-academic IP connection was a satellite connection (64Kbps IIRC, 
not in my living room :-)).

Now we have a bajillion Gbps over submarine fibre landing pretty much 
everywhere, and my guess is that it is not enough bandwidth.

All this to bring such vital resources as Facebook and Netflix :-)

paul

Re: 5G roadblock: labor

2020-01-06 Thread Paul Nash 
> 
> There are some wi-fi vendors who I know (and am currently testing) that
> have developed very cool centralized management tools for their wi-fi
> AP's, that include very interesting AI logic. It is pricier than a
> simple standalone enterprise-grade AP, or an AP you'll get from down the
> store. But it's still way cheaper than dense 5G deployment.

Depending on what you are after, folk like Ruckus and Cisco have had 
centrally-managed enterprise WiFi for many years.  I manage a Ruckus 
installation for an apartment building where there is one SSID from about 150 
APs, users have a unique password per apartment, which lands them onto that 
apartment’s VLAN, regardless of where they are in the building.

Works really well. 

I have seen Ruckus installations like this on university campuses, where users 
get access to different VLANs depending on who they are (but all use the same 
SSID).  Cisco have also been doing this for a long, long time (at far higher 
cost).

Not sure about Cisco, but the Ruckus stuff is also used widely in hotels and 
caravan parks where folk can buy a “day pass” — a shareable password that is 
valid for a pre-determined amount of time and will get them onto the wifi 
anywhere in the facility.  I’ve mostly seen Cisco in hospitals and banks.

In theory this could easily be spread through an entire suburb using outdoor 
APs.

paul

Re: 5G roadblock: labor

2020-01-03 Thread Paul Nash 
> And more interestingly, if that city's residents and visitors had the
> option of connecting to active 5G or wi-fi, what do we think they'd choose?

They’d probably choose whichever popped un onto the device first.

FWIW, Rogers in Canada are moving to unlimited cellular data, with a monthly 
threshold, beyond which they reserve the right to throttle (but do not always 
throttle).  Bell probably do something similar.

The threshold increases with the number of devices on the account, and any 
throttling applies to all devices on that account.

paul

Re: Iran cuts 95% of Internet traffic

2019-12-30 Thread Paul Nash 
This was (not quite) how bits of sub-saharan Africa got netnews in the early 
days.  Store-and-forward, UUCP links over dial-ups, and the occasional mag tape 
couriered over.

paul

> On Dec 29, 2019, at 9:11 AM, Rich Kulawiec  wrote:
> 
> 
> And this is why, despite all the disdainful remarks labeling such
> things as "antiquated", mailing lists and Usenet newsgroups are vastly
> superior to web sites/message boards/et.al. when it comes to facilitating
> many-to-many communications between people.  Why?  Well, there are many
> reasons, but one of the applicable ones in this use case is that their
> queues can be written to media, physically transported in/out, and then
> injected either into an internal or external network seamlessly modulo the
> time delay.  And because the computing resources required to handle this
> are in any laptop or desktop made in the last decade, probably earlier.
> 
> If you're trying to get information in/out of a society that is raising
> network barriers to realtime communication, then you need methods that
> don't rely on a network and aren't realtime.
> 
> ---rsk
>

Re: HPE SAS Solid State Drives - Critical Firmware Upgrade Required

2019-11-27 Thread Paul Nash 
I’ve been bitten by these sorts of issues before, so I tend to swap one OEM 
drive in every RAID-1 pair with a retail drive from (if possible) a different 
vendor.  When I re-purpose servers, I try to use drives from two different 
vendors in each array.  That way, if a drive barfs for any intrinsic reason, 
things keep working.

This can impact performance, but is cheap insurance.

paul

> On Nov 26, 2019, at 3:45 PM, Patrick W. Gilmore  wrote:
> 
> I do not normally post about firmware bugs, but I have this nightmare 
> scenario running through my head of someone with a couple of mirrored HPE SSD 
> arrays and all the drives going POOF!  simultaneously. Even with an off-site 
> backup, that could be disastrous. So if you have HPE SSDs, check this 
> announcement.
> 
> https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
> 
> -- 
> TTFN,
> patrick
>

Re: modeling residential subscriber bandwidth demand

2019-04-03 Thread Paul Nash 
I am also surprised.  However, we have had a total of 5 complaints about 
network speed over a 3 year period.  

One possible reason is that because they own the infrastructure collectively 
and pay for the bandwidth directly (I just manage everything for them), they 
are prepared to put up with the odd slowdown to avoid the expense of an 
upgrade. 

Our original plan was to start with the 100M circuit so that they could make 
sure that everything would work, that we had reliable wifi delivery (about 95% 
of users only use a wifi connection to their computers/iDevices/whatever), and 
then to upgrade to 1G as soon as the dust started settling.  They have 
postponed the upgrade for 3 years now, with no complaints.

I guess that if they will be directly impacted by higher bandwidth costs, some 
people can make do with slower service (or something).

paul 

> On Apr 3, 2019, at 8:41 AM, Darin Steffl  wrote:
> 
> Paul,
> 
> I have hard time seeing how you aren't maxing out that circuit. We see about 
> 2.3 mbps average per customer at peak with a primarily residential user base. 
> That would about 575 mbps average at peak for 250 users on our network so how 
> do we use 575 but you say your users don't even top 100 mbps at peak? It 
> doesn't make sense that our customers use 6 times as much bandwidth at peak 
> than yours do. 
> 
> We're a rural and small town mix in Minnesota, no urban areas in our 
> coverage. 90% of our customers are on a plan 22 mbps or less and the other 
> 10% are on a 100 mbps plan but their average usage isn't really much higher.
> 
> 
> Enterprise environments can easily handle many more users on a 100 meg 
> circuit because they aren't typically streaming video like they would be at 
> home. Residential will always be much higher usage per person than most 
> enterprise users. 
> 
> On Wed, Apr 3, 2019, 2:46 AM Valdis Klētnieks  wrote:
> On Tue, 02 Apr 2019 23:53:06 -0700, Ben Cannon said:
> > A 100/100 enterprise connection can easily support hundreds of desktop 
> > users 
> > if not more.  It’s a lot of bandwidth even today.
> 
> And what happens when a significant fraction of those users fire up Netflix 
> with
> an HD stream?
> 
> We're discussing residential not corporate connections, I thought
>

Re: modeling residential subscriber bandwidth demand

2019-04-02 Thread Paul Nash 
Mixed residential (ages 25 - 75, 1 - 6 people per unit), group who worked 
together to keep costs down.  Works well for them.  Friday nights we get to 
about 85% utilization (Netflix), other than that, usually sits between 25 - 45%

paul

> On Apr 2, 2019, at 5:44 PM, Jared Mauch  wrote:
> 
> I would say this is perhaps atypical but may depend on the customer type(s).
> 
> If they’re residential and use OTT data then sure.  If it’s SMB you’re likely 
> in better shape.
> 
> - Jared
> 
> 
>> On Apr 2, 2019, at 5:21 PM, Paul Nash  wrote:
>> 
>> FWIW, I have a 250 subscribers sitting on a 100M fiber into Torix.  I have 
>> had no complains about speed in 4 1/2 years.  I have been planning to bump 
>> them to 1G for the last 4 years, but there is currently no economic 
>> justification.
>> 
>>  paul
>> 
>> 
>>> On Apr 2, 2019, at 3:21 PM, Louie Lee via NANOG  wrote:
>>> 
>>> Certainly.
>>> 
>>> Projecting demand is one thing. Figuring out what to buy for your backbone, 
>>> edge (uplink & peer), and colo (for CDN caches too!), for which 
>>> scale+growth is quite another.
>>> 
>>> And yeah, Jim, overall, things have stayed the same. There are just the 
>>> nuances added with caches, gaming, OTT streaming, some IoT (like always-on 
>>> home security cams) plus better tools now for network management and 
>>> network analysis.
>>> 
>>> Louie
>>> Google Fiber.
>>> 
>>> 
>>> 
>>> On Tue, Apr 2, 2019 at 12:00 PM Jared Mauch  wrote:
>>> 
>>> 
>>>> On Apr 2, 2019, at 2:35 PM, jim deleskie  wrote:
>>>> 
>>>> +1 on this. its been more than 10 years since I've been responsible for a 
>>>> broadband network but have friends that still play in that world and do 
>>>> some very good work on making sure their models are very well managed, 
>>>> with more math than I ever bothered with, That being said, If had used the 
>>>> methods I'd had used back in the 90's they would have fully predicted per 
>>>> sub growth including all the FB/YoutubeNetflix traffic we have today. The 
>>>> "rapid" growth we say in the 90's and the 2000' and even this decade are 
>>>> all magically the same curve, we'd just further up the incline, the 
>>>> question is will it continue another 10+ years, where the growth rate is 
>>>> nearing straight up :)
>>> 
>>> 
>>> I think sometimes folks have the challenge with how to deal with aggregate 
>>> scale and growth vs what happens in a pure linear model with subscribers.
>>> 
>>> The first 75 users look a lot different than the next 900.  You get 
>>> different population scale and average usage.
>>> 
>>> I could roughly estimate some high numbers for population of earth internet 
>>> usage at peak for maximum, but in most cases if you have a 1G connection 
>>> you can support 500-800 subscribers these days.  Ideally you can get a 10G 
>>> link for a reasonable price.  Your scale looks different as well as you can 
>>> work with “the content guys” once you get far enough.
>>> 
>>> Thursdays are still the peak because date night is still generally Friday.
>>> 
>>> - Jared
>

Re: modeling residential subscriber bandwidth demand

2019-04-02 Thread Paul Nash 
FWIW, I have a 250 subscribers sitting on a 100M fiber into Torix.  I have had 
no complains about speed in 4 1/2 years.  I have been planning to bump them to 
1G for the last 4 years, but there is currently no economic justification.

paul


> On Apr 2, 2019, at 3:21 PM, Louie Lee via NANOG  wrote:
> 
> Certainly.
> 
> Projecting demand is one thing. Figuring out what to buy for your backbone, 
> edge (uplink & peer), and colo (for CDN caches too!), for which scale+growth 
> is quite another.
> 
> And yeah, Jim, overall, things have stayed the same. There are just the 
> nuances added with caches, gaming, OTT streaming, some IoT (like always-on 
> home security cams) plus better tools now for network management and network 
> analysis.
> 
> Louie
> Google Fiber.
> 
> 
> 
> On Tue, Apr 2, 2019 at 12:00 PM Jared Mauch  wrote:
> 
> 
> > On Apr 2, 2019, at 2:35 PM, jim deleskie  wrote:
> > 
> > +1 on this. its been more than 10 years since I've been responsible for a 
> > broadband network but have friends that still play in that world and do 
> > some very good work on making sure their models are very well managed, with 
> > more math than I ever bothered with, That being said, If had used the 
> > methods I'd had used back in the 90's they would have fully predicted per 
> > sub growth including all the FB/YoutubeNetflix traffic we have today. The 
> > "rapid" growth we say in the 90's and the 2000' and even this decade are 
> > all magically the same curve, we'd just further up the incline, the 
> > question is will it continue another 10+ years, where the growth rate is 
> > nearing straight up :)
> 
> 
> I think sometimes folks have the challenge with how to deal with aggregate 
> scale and growth vs what happens in a pure linear model with subscribers.
> 
> The first 75 users look a lot different than the next 900.  You get different 
> population scale and average usage.
> 
> I could roughly estimate some high numbers for population of earth internet 
> usage at peak for maximum, but in most cases if you have a 1G connection you 
> can support 500-800 subscribers these days.  Ideally you can get a 10G link 
> for a reasonable price.  Your scale looks different as well as you can work 
> with “the content guys” once you get far enough.
> 
> Thursdays are still the peak because date night is still generally Friday.
> 
> - Jared

Re: automated site to site vpn recommendations

2016-06-29 Thread Paul Nash 
My biggest issue with Meraki is that their tech staff can run tcpdump on the 
wired or wireless interface of your Meraki box without having to leave their 
desk.  I have no reason to believe that they are malicious, or in the pay of 
the NSA, but I am too paranoid to allow their equipment anywhere near me.

Yes, they work well and the cloud control panel makes remote support a breeze; 
you have to decide how you feel about the insecurity.

paul

> On Jun 27, 2016, at 6:28 PM, Dan Stralka  wrote:
> 
> I would second Meraki for the situation you describe. I don't feel that
> they are the most capable platform, they're expensive, and don't always
> present you with all the information you'd need for troubleshooting.
> However, the VPN offers great dynamic tunneling, instant-on performance,
> and are by far the simplest platform to offer a field person.  They're also
> tenacious - I've had them connect to the cloud management platform and
> build a VPN under some trying circumstances.
> 
> From a security standpoint, they will offer features that will impress for
> the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN
> tunnel control), and we've found they punch above their weight and their
> APs perform fantastically.
> 
> We deploy them worldwide many times per year in similar use cases,
> sometimes with 150 users on the LAN. If your routing is simple, you can
> define your security policies, and don't need crazy throughput on your VPN,
> Meraki is the way to go.  Be careful though: they have to be continually
> licensed to work and can get pretty expensive if you go for the higher end
> gear.  Thus far, we've been able to stick to the cheaper stuff and
> accomplish our goals.
> 
> Dan
> 
> (end)
> On Jun 27, 2016 6:01 PM, "Karl Auer"  wrote:
> 
>> On Mon, 2016-06-27 at 13:08 -0700, c b wrote:
>>> In some cases...
>> 
>> The words "in some cases" are a problem with any supposedly plug and
>> play solution.
>> 
>>> We really could use a simple solution that you
>>> just flip on, it calls home, and works...
>> 
>> ...but still requiring someone to enter credentials of some sort,
>> right? Otherwise you have a device wandering about that provides look
>> -mum-no-hands access to your corporate network.
>> 
>> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB
>> for a wireless dongle or storage, and has a highly-scriptable operating
>> system. Not a bad platform.
>> 
>> Regards, K.
>> 
>> --
>> ~~~
>> Karl Auer (ka...@biplane.com.au)
>> http://www.biplane.com.au/kauer
>> http://twitter.com/kauer389
>> 
>> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>> 
>> 
>> 
>> 



smime.p7s
Description: S/MIME cryptographic signature

Re: Recommended wireless AP for 400 users office

2015-02-04 Thread Paul Nash 
It’s the “remote capture” that scares me.

I was testing some Meraki kit, called their NOC to try to debug some Radius 
issues, tech tells me “oh yes, I can see your traffic going hither and yon 
between the test client and test server that are both in your office, and 
looking at the packet contents I can see ….”

With Ruckus (or almost any other) gear, I have to either open up a hole through 
my firewall or grab the packet traces and send them to the tech folk.  They 
don’t have uncontrolled access to my internal traffic out of the box.

paul


 On Feb 4, 2015, at 8:31 AM, Ray Soucy r...@maine.edu wrote:
 
 Honestly, in a lot of cases you don't even need a device to support
 packet capture as a feature to add it as a feature once its
 compromised.  This is just FUD IMHO.
 
 On Wed, Feb 4, 2015 at 7:24 AM, Paul Nash p...@nashnetworks.ca wrote:
 I love the built-in remote packet captures,
 
 You, the NSA, and lots and lots of hackers, ALL love the remote packet 
 capture.  If Meraki support can turn it on, so can someone who penetrates 
 their systems (by getting a job there or by hacking), and then they get to 
 see everything happening INSIDE your network.  Not just your WAN traffic, 
 which would be bad enough.
 
paul
 
 
 
 -- 
 Ray Patrick Soucy
 Network Engineer
 University of Maine System
 
 T: 207-561-3526
 F: 207-561-3531
 
 MaineREN, Maine's Research and Education Network
 www.maineren.net

Re: Recommended wireless AP for 400 users office

2015-02-04 Thread Paul Nash 
 I love the built-in remote packet captures, 

You, the NSA, and lots and lots of hackers, ALL love the remote packet capture. 
 If Meraki support can turn it on, so can someone who penetrates their systems 
(by getting a job there or by hacking), and then they get to see everything 
happening INSIDE your network.  Not just your WAN traffic, which would be bad 
enough.

paul

Re: Recommended wireless AP for 400 users office

2015-02-01 Thread Paul Nash 
I have tried Meraki for a large deployment, and was significantly underwhelmed.

PF performance was poor compared to Ruckus, meshing was erratic, Radius auth 
only worked with one Radius server (a cloud-based service).  The final straw 
was when we were trying to debug the Radius auth problem with a Meraki tech, 
who started sniffing our network traffic from California or wherever, without 
us needing to do anything.

Can you say “security hole”?  Like “great gaping security chasm”?

As soon as they did that, I disconnected everything and shipped it back to 
them.  Never considered them for anything ever again.

paul

 On Feb 1, 2015, at 9:41 AM, Dennis Bohn b...@adelphi.edu wrote:
 
 We are substantially larger and use Aruba, but I am wondering why no one
 has mentioned Meraki (now cisco-meraki).  We tried one of their give-away
 aps and it seemed fine, with the 'cloud management.'   I am not advocating
 Meraki, just curious.
 best,
 
 
 Dennis Bohn
 Manager of Network and Systems
 Adelphi University
 b...@adelphi.edu
 5168773327
 
 On Fri, Jan 30, 2015 at 6:28 PM, Eric C. Miller e...@ericheather.com
 wrote:
 
 +1 Xirrus, especially for the multi radio arrays. Crowded common areas
 benefit from sector antennas attached to individual radios. Also, there XMS
 server is really useful for managing a large cluster. Ubiquiti UniFi is
 good for smaller installations, but I wouldn't trust them for enterprise
 level reliability.
 
 
 
 Eric Miller, CCNP
 Network Engineering Consultant
 (407) 257-5115
 
 
 
 
 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Lyon
 Sent: Thursday, January 29, 2015 12:17 AM
 To: Manuel Marín
 Cc: NANOG
 Subject: Re: Recommended wireless AP for 400 users office
 
 Check out Xirrus
 On Jan 28, 2015 9:08 PM, Manuel Marín m...@transtelco.net wrote:
 
 Dear nanog community
 
 I was wondering if you can recommend or share your experience with APs
 that you can use in locations that have 300-500 users. I friend
 recommended me Ruckus Wireless, it would be great if you can share
 your experience with Ruckus or with a similar vendor.  My experience
 with ubiquity for this type of requirement was not that good.
 
 Thank you and have a great day

Re: Recommended wireless AP for 400 users office

2015-01-29 Thread Paul Nash 
You can also VLAN allocation through RADIUS.  Our setup has a single SSID, 
250-odd user accounts.  User connects to the SSID  authenticates with their 
userid/password and is assigned to their VLAN, which connects them to the 
appropriate DHCP server, gateway, etc.

Makes management and segregation fairly trivial (for non-trivial values of 
trivial :-)).

paul


 On Jan 29, 2015, at 11:18 AM, Tyler Mills tylermi...@gmail.com wrote:
 
 Most of the issues are related to firmware.  Most of my UBNT experience was
 with the UAP-Pro and the UAP-AC, and it wasn't a good experience.
 Production firmwares seem to be of beta quality.
 
 For features, they can't compete with Ruckus.  One thing I can think of off
 the top of my head is support for tagging management on its own VLAN and
 tagging wired traffic onto another.  If you were to implement this on the
 UBNT products you would have to SSH into every single one and implement the
 features as you would on a linux box, and it might work.  Ruckus, you
 configure the VLAN's how you would want through the Zonedirector or the
 AP's GUI and it will just work.
 
 They cost more, but you get what you pay for.
 
 On Thu Jan 29 2015 at 10:54:44 AM Mike Hammett na...@ics-il.net wrote:
 
 Did you figure out why it was dropping out? All of it dropping out? Just
 some APs dropping? Just some users dropping?
 
 
 
 
 -
 Mike Hammett
 Intelligent Computing Solutions
 http://www.ics-il.com
 
 
 
 - Original Message -
 
 From: Paul Stewart p...@paulstewart.org
 To: Mike Hammett na...@ics-il.net, nanog@nanog.org
 Sent: Thursday, January 29, 2015 8:34:46 AM
 Subject: RE: Recommended wireless AP for 400 users office
 
 I had a bad experience with it one time at a tradeshow environment. 6
 access points setup for public wifi. The radio levels were quite good in
 various areas of the tradeshow however traffic would keep dropping out at
 random intervals as soon as about 300 users were online. It wasn't my idea
 to use UBNT but it definitely turned me off of their product after digging
 into their gear...
 
 Again as someone pointed out, for residential and perhaps SOHO
 applications it can probably work well - and in my opinion it's priced for
 that market.
 
 Paul
 
 
 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
 Sent: Thursday, January 29, 2015 8:23 AM
 To: nanog@nanog.org
 Subject: Re: Recommended wireless AP for 400 users office
 
 What problems have you had with UBNT?
 
 It's zero hand-off doesn't work on unsecured networks, but that's about
 the extent of the issues I've heard of other than stadium density
 environments.
 
 
 
 
 -
 Mike Hammett
 Intelligent Computing Solutions
 http://www.ics-il.com
 
 
 
 - Original Message -
 
 From: Manuel Marín m...@transtelco.net
 To: nanog@nanog.org
 Sent: Wednesday, January 28, 2015 11:06:39 PM
 Subject: Recommended wireless AP for 400 users office
 
 Dear nanog community
 
 I was wondering if you can recommend or share your experience with APs
 that you can use in locations that have 300-500 users. I friend recommended
 me Ruckus Wireless, it would be great if you can share your experience with
 Ruckus or with a similar vendor. My experience with ubiquity for this type
 of requirement was not that good.
 
 Thank you and have a great day

Re: Recommended wireless AP for 400 users office

2015-01-29 Thread Paul Nash 
Make that +2.  I am halfway through an install for about 800 users spread 
through a multi-story building with around 100 R700 access points and ZD 3000.  
Once you understand the basics, it is trivial to set up, easy to manage, 
performance is superb.

Using RADIUS auth you can assign different groups of users to different VLANs 
(all on a single SSID), just different username/password to connect.

Signal penetration is the best that I have ever seen, and makes the Cisco 
Aironet enterprise stuff look really really silly.

paul

 On Jan 29, 2015, at 4:46 AM, Eduardo Schoedler lis...@esds.com.br wrote:
 
 +1 Ruckus+ZoneDirector
 
 --
 Eduardo
 
 Em quinta-feira, 29 de janeiro de 2015, Tyler Mills tylermi...@gmail.com
 escreveu:
 
 Have had a lot of experience with Ruckus(and Unifi unfortunately).  The
 Ruckus platform is one of the best. If you will be responsible for
 supporting the deployment, it will save you a lot of frustration when
 compared with UBNT.
 
 On Thu Jan 29 2015 at 12:18:54 AM Mike Lyon mike.l...@gmail.com
 javascript:; wrote:
 
 Check out Xirrus
 On Jan 28, 2015 9:08 PM, Manuel Marín m...@transtelco.net
 javascript:; wrote:
 
 Dear nanog community
 
 I was wondering if you can recommend or share your experience with APs
 that
 you can use in locations that have 300-500 users. I friend recommended
 me
 Ruckus Wireless, it would be great if you can share your experience
 with
 Ruckus or with a similar vendor.  My experience with ubiquity for this
 type
 of requirement was not that good.
 
 Thank you and have a great day
 
 
 
 
 
 -- 
 Eduardo Schoedler

Re: Reliable Dedicated/VPS providers in Canada?

2014-02-11 Thread Paul Nash 
Depends what you’re looking for, what you want to pay.

I host dedicated machines for a bunch of clients, who get a realio-trulio 
machine (something like a DL360) with unlimited transfer and the OS of their 
choice.  If they want it, they even get maintenance and after-hours on-call 
tech staff who actually know what they are doing.

But it costs them more than the cheap $15/month we’ll-hosy-your-wesite 
packages, typically well north of $100/month for a fast machine with 
maintenance, somewhat less for an older, slower box unmaintained.  All housed 
at 151 Front, THE premier Canadian data centre.

Drop me a line if you are interested, and we can talk.

I have also been burned by the “cheap” (usually quality, not price) VPS 
instances on oversold hardware in someone’s basement.

paul

On Feb 11, 2014, at 3:01 PM, Carlos Kamtha kam...@ak-labs.net wrote:

 Hi, 
 
 I was wondering if anyone could share some experiences with providers
 in the great white north.
 
 We have a few providers now and not happy with them. Cheap flimsly
 virtual servers that charge .50cents a gig for BW overages.. :/
 
 Any feedback would be appreciated..
 
 Cheers, 
 Carlos. 
 



smime.p7s
Description: S/MIME cryptographic signature