Re: Unimus as NCM (Network Configuration Management) Tool

[Chris Boyd]

> On Apr 4, 2024, at 2:06 AM, Mark Tinka  wrote:
> On 4/4/24 08:25, Mike Lyon wrote:
> 
>> I use it for config backups, diffs, etc. Love it.
>> 
>> Theres others such as Rancid but im not sure if it works on anything other 
>> than Vendor C.
> 
> RANCID works perfectly for Cisco, Juniper, Arista, Brocade (Foundry) and HP.

Also works well for Dell S series switches. I use it on S4128s and S4048s.

Re: Without further comment:

[chris]

ROFL. networking is a stream of zeros and one's. You are either 0 or 1 :))

On Sat, Mar 30, 2024, 5:31 PM Josh Luthman 
wrote:

> Don't assume my gender.  You'll offend me.
>
> That's a lot of manual work lol...
>
> On Sat, Mar 30, 2024, 11:22 AM William Herrin  wrote:
>
>> On Sat, Mar 30, 2024 at 7:38 AM Josh Luthman
>>  wrote:
>> > How do you know the poster's gender??
>>
>> Howdy,
>>
>> As Josh is an uncommon female name, I'm going to play the odds and say
>> that like Bill and I, you're male. Am I mistaken?
>>
>> Regards.
>> Bill Herrin
>>
>>
>>
>> --
>> William Herrin
>> b...@herrin.us
>> https://bill.herrin.us/
>>
>

Re: Best TAC Services from Equipment Vendors

[Chris Adams]

Once upon a time, michael brooks - ESC  said:
> Strap in for an "I remember when" ...

My Cisco TAC experiences (which were few) were not great... probably
around 2000 I opened a case with all the details, it was assigned, and
promptly closed "can't reproduce".  I didn't have a real lab setup, but
I hauled a spare 7500 and 2924 to my cube, loaded the exact versions in
the ticket, set the config from the ticket, and easily reproduced.
Reopened the ticket and that time they could reproduce it (I believe
they didn't even try the first time) and eventually I got a fix.

The early days of Juniper were much better; I hit a bug and ended up on
a call with the actual developer.  I did have to read an RFC section to
them, but they did then acknowledge the mistake and fix it.  My SE sent
me an SSG for that one. :)  Later Juniper could be hit or miss; I did
have a JTAC engineer go extra to help me with a work-around to an
obscure issue.

-- 
Chris Adams 

Re: Meta outage

[Chris K]

see: Status and outages of Meta business products 
(metastatus.com)

From: NANOG  on behalf of Kain, Becki 
(.) via NANOG 
Sent: Tuesday, March 5, 2024 11:23 AM
To: Jay Ashworth ; nanog@nanog.org 
Subject: RE: Meta outage


Does meta keep a board somewhere to tell the world it’s down?



From: NANOG  On Behalf Of Jay Ashworth
Sent: Tuesday, March 05, 2024 11:06 AM
To: nanog@nanog.org
Subject: Meta outage



WARNING: This message originated outside of Ford Motor Company. Use caution 
when opening attachments, clicking links, or responding.



It's making the general press this hour so of course you already know about it 
but my question is this: who peers with meta and have you seen BGP sessions 
drop or the like? Do you operate meta CDN nodes in your network? Are they 
screaming for help?

This doesn't sound like it's a network layer problem but I'm curious.

Cheers,
-- jra

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Any info on AT Wireless Outage?

[Chris K]

Could it be someone fat fingered in preparation of this?

"Starting in March, FirstNet will be the first and only wireless network to 
provide America’s first responders with always-on priority and preemption 
across 5G, expanding to include all AT 5G commercial spectrum. "

https://www.firstnet.gov/newsroom/press-releases/firstnet-authority-att-announce-10-year-investment-transform-americas
FirstNet Authority, ATT Announce 10-Year Investment to Transform America’s 
Public Safety Broadband Network | First Responder Network 
Authority
The First Responder Network Authority is launching the next phase of FirstNet 
through a series of strategic investments totaling more than $8 billion over 10 
years. The FirstNet Authority and its network partner, ATT, join to unveil 
the latest network investment of $6.3 billion, delivering full 5G capabilities 
on FirstNet, expanded mission-critical services, and enhanced coverage.
www.firstnet.gov


From: NANOG  on behalf of Brandon 
Jackson 
Sent: Thursday, February 22, 2024 8:06 PM
To: Patric Morgan 
Cc: NANOG 
Subject: Re: Any info on AT Wireless Outage?

If it's AT wireless Home broadband Service then it would be affected just the 
same.

It's still a cellular modem. It still has a SIM card. It's no different than a 
hotspot really, or just about any other cellular mobile device on the network.

If it's wireline service though, that had nothing to do with this and would 
have been some separate issue.

On Thu, Feb 22, 2024, 14:42 Patric Morgan 
mailto:patric.morg...@gmail.com>> wrote:
I have several friends in the Nashville area who did not have AT Home 
broadband service this morning, could be unrelated but would point to a 
different issue than the SIMs.

On Thu, Feb 22, 2024 at 1:16 PM John Councilman 
mailto:jcouncil...@gmail.com>> wrote:
From what I've read, they lost their database of SIM cards.  I could be wrong 
of course.

On Thu, Feb 22, 2024 at 2:02 PM Dorn Hetzel 
mailto:d...@hetzel.org>> wrote:
As widespread as it seemed to be, it feels like it would be quite a trick if it 
were a single piece of hardware.  Firmware load that ended badly, I wonder?


On Thu, Feb 22, 2024 at 1:51 PM Leato, Gary via NANOG 
mailto:nanog@nanog.org>> wrote:

Do you have the ability to expand on this at all? Do you mean a hardware 
failure of some kind IE router, optitcs, etc?



From: NANOG 
mailto:advance-trading@nanog.org>>
 On Behalf Of R. Leigh Hennig
Sent: Thursday, February 22, 2024 8:17 AM
To: Robert DeVita mailto:radev...@mejeticks.com>>
Cc: nanog@nanog.org
Subject: Re: Any info on AT Wireless Outage?



Word around the campfire is that it’s a Cisco issue.



On Feb 22, 2024, at 8:03 AM, Robert DeVita 
mailto:radev...@mejeticks.com>> wrote:



Reports have it starting at 4:30 a.m.. SOS on all phones..







[X]

Robert DeVita

CEO and Founder

t: (469) 581-2160

 |

m: (469) 441-8864

e: radev...@mejeticks.com

 |

w: mejeticks.com

a:

2323 N Akard Street

,

Dallas

,

75201

[X]

[X]

[X]

[X]




The risk of trading futures and options can be substantial. All information, 
publications, and material used and distributed by Advance Trading Inc. shall 
be construed as a solicitation. ATI does not maintain an independent research 
department as defined in CFTC Regulation 1.71. Information obtained from 
third-party sources is believed to be reliable, but its accuracy is not 
guaranteed by Advance Trading Inc. Past performance is not necessarily 
indicative of future results.

Re: The Reg does 240/4

[Chris Adams]

Once upon a time, Christopher Hawker  said:
> The idea to this is to allow new networks to emerge onto the internet, 
> without potentially having to fork out substantial amounts of money.

There is a substatial amount of money involved in trying to make 240/4
usable on the Internet.  Network equipment vendors, software vendors,
and companies and users currently operating on the Internet will have to
spend time and money to make that happen.

So basically, you are looking for everyone currently involved in the
Internet operations to subsidize these theoretical new companies, which
may be competitors, may or may not succeed (lots of new companies fail
for reasons unrelated to IPv4 address space cost), etc.

Are you also looking for new rules to impose additional limits on
transfers of 240/4 space?  Because since you want this space to go to
new companies, a bunch of them will fail (as a lot of companies do not
succeed) and be bought out by existing larger companies, just shifting
that 240/4 space right back into the same hands.  In fact, it would be
an obvious incentive to start a venture that can qualify for 240/4
space, only to turn around and sell the business to a pre-existing
company that wants more IPv4 space.

If you want 240/4 to be reserved for these new companies, you haven't
identified ANY reason for ANY existing company or user to exert any
resources, other than "but I want it".
-- 
Chris Adams 

Re: The Reg does 240/4

[Chris Adams]

Once upon a time, richey goldberg  said:
> They support /31s and have for some time.   The trick we found is that the 
> Mikrotik has to be the higher numbered IP and network address has to be the 
> lower

I would not classify that as "support /31s" - that's "there's a
work-around that handles 50% of cases".  Can you have two Mikrotiks
connected to each other with a /31?  If not, they don't support using
/31s.

-- 
Chris Adams 

Re: Networks ignoring prepends?

[Chris Adams]

The basic disconnect here is that you seem to think that BGP is to be
used to dictate policy to other networks on how to reach your network.
That is not and has never been the case.

When I learned BGP back in the 1990s, it was explicitly said that you
control your outbound traffic with your BGP policy, but that all you can
do is try to influence the decisions of other networks for your inbound
traffic (using a combination of prepends, communities, and somtimes
other tricks), but sometimes they'll take a path that isn't what you'd
prefer (and you just have to accept that).  Just like your outbound
policy is 100% in your control, so it is with every other network.

We always took that kind of thing into account when choosing where to
buy transit.  When not buying from a "big guy" with a well-connected
nationwide network, we'd check BGP announcements and traceroutes to see
where things went.

-- 
Chris Adams 

Re: Networks ignoring prepends?

[Chris Adams]

Once upon a time, William Herrin  said:
> On Tue, Jan 23, 2024 at 4:00 PM Chris Adams  wrote:
> > Once upon a time, William Herrin  said:
> > > Nevertheless, in the protocol's design, the one expressed in the
> > > RFC's, AS path length = distance.
> >
> > The RFC doesn't make any equivalence between AS path length and
> > distance.  You are the one trying to make that equivalence,
> 
> Respectfully Chris, you are mistaken.
> 
> https://datatracker.ietf.org/doc/html/rfc4271#section-9.1.2.2
> 
> "a) Remove from consideration all routes that are not tied for having
> the smallest number of AS numbers present in their AS_PATH
> attributes."
> 
> So literally, the first thing BGP does when picking the best next hop
> is to discard all but the routes with the shortest AS path.

That's literally not the first thing - you skipped section 9.1.1.

It also literally says nothing about distance.

-- 
Chris Adams 

Re: Networks ignoring prepends?

[Chris Adams]

Once upon a time, William Herrin  said:
> Nevertheless, in the protocol's design, the one expressed in the
> RFC's, AS path length = distance.

The RFC doesn't make any equivalence between AS path length and
distance.  You are the one trying to make that equivalence, but that's
not how BGP is used on the Internet.  You're about 30 years too late to
have any influence on that.

-- 
Chris Adams 

Re: Networks ignoring prepends?

[Chris Adams]

Once upon a time, William Herrin  said:
> Because big operators think it reasonable to localpref distance routes
> ahead of nearby ones so long as the distant routes arrive from
> customers. I'll remember that the next time folks complain about the
> size of the routing table. This one you did to yourselves.

This isn't some "big operators" conspiracy... it's how lots of networks
with BGP customers work (even small networks).  BGP has no knowledge of
the distance you keep emphasizing, and path prepends have always been
known to be down the decision tree.

When you receive a route over a paid link, it's not unreasonable to
assume it's because your paying customer wants that traffic from you.
It's been pretty standard practice to localpref up routes from your
customers for a long time, and then (often but not always) provide
communities for said customers to override the localpref.  Being a
customer of a customer makes that harder, but then it's basically on you
to choose your connections with that in mind.
-- 
Chris Adams 

Re: Stealthy Overlay Network Re: 202401100645.AYC Re: IPv4 address block

[Chris Adams]

Once upon a time, sro...@ronan-online.com  said:
> I am curious if anyone has ever given you positive feedback on this idea? So 
> far
> all I’ve seen is the entire community thinking it’s a bad idea. Why do you
> insist this is a good solution?

Because people keep responding.
-- 
Chris Adams 

Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC)

[Chris Adams]

Once upon a time, Grant Taylor  said:
> I don't know if today's test is the same thing or not, but I
> remember in the last X years where there was a presidential test of
> the EAS and there was supposedly no way to disable it short of
> turning your device off.

IIRC it is mandated that the vendors don't allow you to turn off the
Presidential Alert class.

However... if you have an Android device supported by LineageOS, you can
turn them all off.  Which I forgot to do, so an old no-SIM phone I use
for some random things went off (curiously, it didn't go off until 8
minutes after my "regular" phone, and then only showed the Spanish
version).

-- 
Chris Adams 

Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC)

[Chris Adams]

Once upon a time, Grant Taylor  said:
> Is this by chance a Specific Area Message Encoding (S.A.M.E.)
> filtering / lack of data issue?

At least in my radio, I can't disable certain classes of things (the
high and immediate impact warnings like tornado).  I would expect the
Presidential Alert class to be the same, if it exists.

> Can anyone corroborate NOAA weather radios not alerting?

My weather radio went off for the regular weekly test a couple of hours
before the national alert test, and did not go off for the national
alert.

-- 
Chris Adams 

Re: maximum ipv4 bgp prefix length of /24 ?

[Chris Hills]

On 02/10/2023 14:19, t...@pelican.org wrote:

If the FIB is full, can we start making controlled and/or smart decisions about 
what to install, rather than either of the simple overflow conditions?


There is a project [1] that make use of sflow to install the top n 
prefixes by traffic, presuming there is a default route for the remainder.


Chris

[1] https://github.com/sflow-rt/active-routes

Re: SMTP-friendly VPS provider where I can also get a BGP feed

[Chris Adams]

Once upon a time, Grant Taylor  said:
> N.B. you will need to tweak IPv6 routing to favor the new dedicated
> /64 over the shared /64.

Yeah, it appears Linode implements the dedicated /64 by routing it to
the shared /64 address, so you can't just remove the shared /64.

And unfortunately, for Linux distributions that use NetworkManager
(which is probably most current releases), NM changed which v6 address
is "preferred" at one point; in old versions, it was the last specified
address, but then it changed to the first specified address (which
probably makes more sense but was still an annoying change).

-- 
Chris Adams 

Re: SMTP-friendly VPS provider where I can also get a BGP feed

[Chris Adams]

Once upon a time, Jay R. Ashworth  said:
> I've run a mail server on Linode for 6 or 7 years now; no technical problems.

Same, although for about 15 years now.  One suggestion I'd make is to
use IPv6 and get a dedicated /64 (free on request) - it can help a
little with "unclean neighborhood" reputation (an issue with any VPS as
they can't police everything).

-- 
Chris Adams 

Re: what is acceptible jitter for voip and videoconferencing?

[Chris Boyd]

> On Sep 20, 2023, at 2:46 AM, Saku Ytti  wrote:
> 
> skype uses Silk
> (maybe teams too?).  

We run Teams Telephony in $DAYJOB, and it does use SILK.

https://learn.microsoft.com/en-us/microsoftteams/platform/bots/calls-and-meetings/real-time-media-concepts

mail.nanog.org broken v6 reverse DNS

[Chris Adams]

While wondering at high spam scores for NANOG mail, I noticed that it's
in part because of broken reverse DNS for mail.nanog.org's IPv6 address.

The address is 2001:1838:2001:8::20, with reverse delegated to
ns1.scservers.com and ns2.scservers.com... but those hostnames don't
resolve.  The auth servers for scservers.com return SERVFAIL.

-- 
Chris Adams 

Re: MX204 Virtual Chassis Setup

[Chris]

No, but they do however work just great as an active-active pair of routers
when cross linked and iBGP peered to each other and everything downstream
connected to each one.

Chris

On Mon, Aug 21, 2023 at 9:43 AM Pascal Masha  wrote:

> Hello,
>
> Does the MX204 support virtual chassis setup?
>
> Regards,
> Paschal Masha
>

Re: Dodgy AS327933 ...?

[Chris Cappuccio]

Mike Hammett [na...@ics-il.net] wrote:
> I'd say it's probably the best router UI ever, but I suppose now we'll find 
> ourselves in a religious argument. 
> 

If that's truly how you feel, I would want to talk with you on Signal and get a 
better idea for what you like and don't like.

Re: Dodgy AS327933 ...?

[Chris Cappuccio]

Mike Hammett [na...@ics-il.net] wrote:
> Most people I know don't even use the CLI. They use Winbox. 
> 

Which is also terrible.

Re: Dodgy AS327933 ...?

[Chris Cappuccio]

Tom Beecher [beec...@beecher.cc] wrote:
> >
> > It should be a huge embarrasment to the designers. They survive on low
> > price and unique features. It would be quite amazing to have a CLI without
> > the nonsense.
> >
> 
> That ship sailed years ago. Even though the legal precedent was set after
> Cisco vs Arista that CLI elements that are of common , standard usage
> aren't copyrightable, nobody wants to take the risk. So they come up with
> other ways that tend to be not good.
> 

That's a terrible excuse for the shitty concepts behind MikroTik's CLI.

I'm not saying my stuff is much better, but yeah, actually I am.

Re: Dodgy AS327933 ...?

[Chris Cappuccio]

Mark Tinka [mark@tinka.africa] wrote:
> 
> It is not terribly clever of Mikrotik to have two commands that do different
> things be that close in syntax.
> 

It should be a huge embarrasment to the designers. They survive on low price 
and unique features. It would be quite amazing to have a CLI without the 
nonsense.

Re: NTP Sync Issue Across Tata (Europe)

[Chris Adams]

Once upon a time, Jay Hennigan  said:
> Both GPS and WWVB are over-the-air. There has been concern expressed
> of a bad actor spoofing or jamming GPS. Comparatively speaking,
> jamming or spoofing WWVB is a trivial joke.

WWVB is not generally useful for precision timing applications, due to
the distance and wave reflections.  Also, from a security point of view,
I have read that it is legal to have your own low-power transmitter on
the WWVB frequency, and there are instructions for doing it with a Pi,
so it would be very cheap and easy to mess with somebody's WWVB signal.
-- 
Chris Adams 

Re: NTP Sync Issue Across Tata (Europe)

[Chris Adams]

Once upon a time, Mark Tinka  said:
> On 8/5/23 19:51, Andreas Ott wrote:
> >See for yourself how his pool server scores at
> >https://www.ntppool.org/scores/197.224.66.40
> >
> >I am not sure why it would be inserted into DNS answers for a
> >worldwide pool like 0.freebsd as it clearly does have connectivity
> >issues from some of the pool project's own sensors.
> 
> Many thanks, Andreas.
> 
> I'll take this up with the FreeBSD folk.

It's the NTP pool people you need to talk to - the .freebsd. bit is just
a vendored entry into the pool (more for load tracking and management).

-- 
Chris Adams 

Shaw peering contact

[Chris McDonald]

Anybody have a responsive peering contact at Shaw?  I need to resolve a routing 
problem. Thx!

Re: Treasurydirect.gov unreachable over IPv6?

[Chris Adams]

Once upon a time, Jay Hennigan  said:
> On 5/17/23 12:19, Jesse Rehmer wrote:
> > From Spectrum, I'm able to hit port 80, but the redirect to 443 fails.
> 
> Smells like broken PMTUD to me.

Yeah.  From Google Fiber, IPv4 works.  IPv6 connects on port 80, gets
redirected to HTTPS, which connects on port 443 but fails in SSL
negotiation.

I wonder if some over-zealous network admin blocked all ICMPv6.
-- 
Chris Adams 

Re: Standard DC rack rail distance, front to back question

[Chris Marget]

On Thu, Apr 27, 2023 at 9:53 AM Chuck Church  wrote:

> for a Cisco ASA1001, there aren’t rails, but rather front and back ‘ears’
> you use to hit both front and back posts.
>

Front *and* back ears? I'm not sure what an ASA 1001 is (ASR?) but my
experience with these boxes is that they have a single pair of ears which
can be mounted front OR back.

The heavier / deeper 1RU devices do tend to sag alarmingly.


>  Is there a ‘standard’ distance between front and back rails that devices
> usually adhere to?
>

If you're thinking of setting the front/back distance to accommodate a
specific device, table 2 might be of some interest:
https://i.dell.com/sites/doccontent/business/solutions/engineering-docs/en/Documents/rail-rack-matrix.pdf

Re: Reverse DNS for eyeballs?

[Chris Adams]

Once upon a time, heasley  said:
> I view complete DNS coverage to be a basic function.  All used addresses
> should have forward and matching reverse records.

But why?  It's not like anybody can trust what's in a reverse DNS
string, even if it has matching forward.  If I'm looking for
"ownership", I'm going to registries, not DNS.  Since it can't be
guaranteed (or even flagged as) maintained, you can't trust any
information in that string.

-- 
Chris Adams 

Re: Reverse DNS for eyeballs?

[Chris Adams]

Once upon a time, Forrest Christian (List Account)  said:
> I have a feeling that I might be stepping into a can of worms by asking
> this,  but..
> 
> What's the current thinking around reverse DNS on IPs used by typical
> residential/ small business customers.

I don't see any benefit to programmatically-generated reverse DNS.  I
stopped setting it up a long time ago now.  Really, reverse DNS these
days is mostly only useful for:

- mail servers (where it shows a modicum of control and clue)
- infrastructure/router IPs (so mtr/traceroute can show useful info)

-- 
Chris Adams 

Re: ABQNOG -- May 4, 2023

[Chris Grundemann]

Thanks for sharing, John. I'm excited for this event, long overdue!

See everyone there - find me wherever the green chile is being served. =)

~Chris



On Mon, Apr 3, 2023 at 8:58 PM John Osmon  wrote:

> For folks that might be in the southwest US (and any that want to
> visit!), we're going to hold an operators group meeting on May 4,
> 2023 in Albuquerque, New Mexico.
>
> Come to the land of green chile chessburgers, and meet some of the
> local operators.  This inaugural meeting is free.  We hope to
> see you in May!
>
> http://abqnog.org
>
>
>
>

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Searchable archives of the list?

[Chris Adams]

Once upon a time, Josh Luthman  said:
> Why wouldn't one use the link that's provided in the message?

The request is right there in the Subject... "Searchable".  Traditional
pipermail archives have no search function, and being subdivided into
months makes manual searching tedious to impractical.

-- 
Chris Adams 

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Wed, Mar 1, 2023 at 9:12 AM Tom Beecher  wrote:

> Fair play, Tom. All I can say is that after 20 years of working on, in,
>> and around the Internet, I'm sure as hell not going to ruin my reputation
>> now.
>>
>
> Apologies if I implied anything like that. Wasn't my intent to do so.
>

Thanks Tom - I just wanted to assure you and all participants that I will
not be using this survey as a jumping off point for a sales pitch; and I
won't be sharing the email addresses nor any identifiable data with anyone
else.

>
>
>> And whether we engineers like it or not, one of the best ways to measure
>> trends is in the relative amount of money organizations spend on them...
>>
>
> I am not sure I completely agree with that assertion honestly.
>
> Seen plenty of projects that saw dumptrucks of time/money thrown at only
> to never be completed or implemented. Have also seen plenty of projects
> that didn't get much investment, yet ended up yielding massive benefits in
> productivity and money.
>
> There is of course some merit there , but I would disagree that spend
> itself is a good barometer.
>
>
Fair points again - my take is that spend is one data point worth looking
at, along with staffing, and of course along with the self reporting on
what things are automated and to what degree. I hope that this combination
of metrics will come together to paint an interesting and informative
picture. And I can say that based on the responses so far - they do!

Cheers,
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Tue, Feb 28, 2023 at 1:09 PM Lou D  wrote:

> Chris ,
>
> Competed the survey , I think I understand why some might feel issues with
> the financial questions but it’s a fair point to understand on how there
> can be avenues to maximize savings for one services if you can get
> automation rolled in with it . All the best with the survey
>

Thanks, Lou!

Savings is one potential aspect, but truly the spend numbers are mostly
about helping to determine how "serious" companies are taking automation.
Along with the other questions, they are a clue to how much automation is
actually out there in the real world.

Cheers,
~Chris


> On Tue, Feb 28, 2023 at 2:37 AM Chris Grundemann 
> wrote:
>
>> On Mon, Feb 27, 2023 at 2:30 PM Tom Beecher  wrote:
>>
>>> Having the opt out is nice, but if I am being completely honest, it
>>> gives me pause as to what the intent of this survey is in the first place.
>>>
>>> I perhaps may be hyper cynical, but those feel like a straight line
>>> towards the standard salesperson line of "look at what you are spending now
>>> on FOO , you could save X if you used BAR".
>>>
>>
>> Fair play, Tom. All I can say is that after 20 years of working on, in,
>> and around the Internet, I'm sure as hell not going to ruin my reputation
>> now.
>>
>> The intent of the survey is exactly as I stated: To report network
>> automation trends back to the community.
>>
>> And whether we engineers like it or not, one of the best ways to measure
>> trends is in the relative amount of money organizations spend on them...
>>
>> HTH,
>> ~Chris
>>
>>
>>> On Mon, Feb 27, 2023 at 4:12 PM Chris Grundemann 
>>> wrote:
>>>
>>>> On Mon, Feb 27, 2023 at 12:15 PM Tom Beecher 
>>>> wrote:
>>>>
>>>>>
>>>>> I was also off put by some of the financial questions in there.
>>>>>
>>>>
>>>> The financial questions (2 of them) both allow opt-out if that is a
>>>> sticking point. They are also both as vague as possible (large ranges, not
>>>> exact figures) while still providing something to baseline against.
>>>>
>>>>
>>>>
>>

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Mon, Feb 27, 2023 at 2:30 PM Tom Beecher  wrote:

> Having the opt out is nice, but if I am being completely honest, it gives
> me pause as to what the intent of this survey is in the first place.
>
> I perhaps may be hyper cynical, but those feel like a straight line
> towards the standard salesperson line of "look at what you are spending now
> on FOO , you could save X if you used BAR".
>

Fair play, Tom. All I can say is that after 20 years of working on, in, and
around the Internet, I'm sure as hell not going to ruin my reputation now.

The intent of the survey is exactly as I stated: To report network
automation trends back to the community.

And whether we engineers like it or not, one of the best ways to measure
trends is in the relative amount of money organizations spend on them...

HTH,
~Chris


> On Mon, Feb 27, 2023 at 4:12 PM Chris Grundemann 
> wrote:
>
>> On Mon, Feb 27, 2023 at 12:15 PM Tom Beecher  wrote:
>>
>>>
>>> I was also off put by some of the financial questions in there.
>>>
>>
>> The financial questions (2 of them) both allow opt-out if that is a
>> sticking point. They are also both as vague as possible (large ranges, not
>> exact figures) while still providing something to baseline against.
>>
>>
>>

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Mon, Feb 27, 2023 at 11:57 AM Denis Fondras  wrote:

> Le Mon, Feb 27, 2023 at 11:16:13AM -0700, Chris Grundemann a écrit :
> > Update: The survey has received almost 4 dozen responses already!
> >
> > Of course, for the most meaningful results possible, I'd like to see that
> > about 10x higher.
> >
>
> Don't expect too much when you need a Google account to answer a survey :)
>

For better or worse, some form of SPAM protection is needed for publically
available surveys. A free account seems like a low bar - but I acknowledge
that it is a bar.

If you would like a private survey to complete without requiring a Google
account, please let me know directly and I will find a way to make that
happen. This is an open invite to all who share Denis' concern.


>
> > If you help run a network and have not yet responded, please consider
> doing
> > so - it really should only take a few minutes, and we'll all be better
> off
> > having the additional data point:
> >
> https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link
> >
> >
> > Thanks so much!
> > ~Chris
> >
>

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Mon, Feb 27, 2023 at 12:15 PM Tom Beecher  wrote:

>
> I was also off put by some of the financial questions in there.
>

The financial questions (2 of them) both allow opt-out if that is a
sticking point. They are also both as vague as possible (large ranges, not
exact figures) while still providing something to baseline against.

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

Update: The survey has received almost 4 dozen responses already!

Of course, for the most meaningful results possible, I'd like to see that
about 10x higher.

If you help run a network and have not yet responded, please consider doing
so - it really should only take a few minutes, and we'll all be better off
having the additional data point:
https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link


Thanks so much!
~Chris



On Mon, Feb 20, 2023 at 6:06 PM Chris Grundemann 
wrote:

> Hail NANOGers!
>
> For those of you who were unable to attend my lightning talk las Wednesday
> (link below) I would like to ask that you all complete the 2023 State of
> Network Automation Survey:
>
> https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link
>
> I did my best to make it as short as possible while collecting enough data
> to be useful. I will share the analysed and anonymized results with all
> respondents, as well as (assuming the talk is accepted) at the next NANOG
> meeting.
>
> Feel free to send any questions directly, although I hope the survey is
> self-explanatory.
>
> For a bit more context, the lightning talk can be viewed here:
> https://youtu.be/p7rlhkmlDog
>
> Thanks in advance for your participation!
>
> Cheers,
> ~Chris
>
>
> --
> @ChrisGrundemann
> http://chrisgrundemann.com
>


-- 
@ChrisGrundemann
http://chrisgrundemann.com

2023 State of Network Automation Survey

[Chris Grundemann]

Hail NANOGers!

For those of you who were unable to attend my lightning talk las Wednesday
(link below) I would like to ask that you all complete the 2023 State of
Network Automation Survey:
https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link

I did my best to make it as short as possible while collecting enough data
to be useful. I will share the analysed and anonymized results with all
respondents, as well as (assuming the talk is accepted) at the next NANOG
meeting.

Feel free to send any questions directly, although I hope the survey is
self-explanatory.

For a bit more context, the lightning talk can be viewed here:
https://youtu.be/p7rlhkmlDog

Thanks in advance for your participation!

Cheers,
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Typical last mile battery runtime (protecting against power cuts)

[Chris Adams]

Once upon a time, Mark Tinka  said:
> I'd struggle to see how a 20kW generator struggles to to run a home,
> unless you've also got heated floors, saunas, steam baths, water and
> space heaters, electric stoves and ovens all running at the same
> time :-).

My house isn't very big, and I live alone (so less demand for hot water
for example), and I hit a peak demand of 15kW a couple of months ago
during a cold snap (I've seen it higher, maybe 16kW IIRC, just didn't
dig any deeper).  I probably took a hot shower while the heat was
running, but I didn't cook anything that day, which could easily pulled
another 1-2kW (oven, microwave, etc.).  And that's without any
water/septic pumps.

Electric heat pumps are great for power efficiency until the temperature
drops and they switch over to pure electric heat.

-- 
Chris Adams 

Re: Smaller than a /24 for BGP?

[Chris]

I would suggest that this is trying to solve the wrong problem.  To me this
is pressure to migrate to v6, not alter routing rules.

Kind Regards,
Chris Haun

On Tue, Jan 24, 2023 at 12:21 PM Justin Wilson (Lists) 
wrote:

> Have there been talks about the best practices to accept things smaller
> than a /24? I qm seeing more and more scenarios where folks need to
> participate in BGP but they do not need a full /24 of space.  Seems
> wasteful.  I know this would bloat the routing table immensely.  I know of
> several folks who could split their /24 into /25s across a few regions and
> still have plenty of IP space.
>
>
>
> Justin Wilson
> j...@j2sw.com
>
> —
> https://blog.j2sw.com - Podcast and Blog
> https://www.fd-ix.com
>

RE: Smaller than a /24 for BGP?

[Chris J. Ruschmann]

How do you plan on getting rid of all the filters that don’t accept anything 
less than a /24?

In all seriousness If I have these, I’d imagine everyone else does too.



From: NANOG  On Behalf Of Justin 
Wilson (Lists)
Sent: Tuesday, January 24, 2023 9:19 AM
To: nanog@nanog.org
Subject: Smaller than a /24 for BGP?

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Have there been talks about the best practices to accept things smaller than a 
/24? I qm seeing more and more scenarios where folks need to participate in BGP 
but they do not need a full /24 of space.  Seems wasteful.  I know this would 
bloat the routing table immensely.  I know of several folks who could split 
their /24 into /25s across a few regions and still have plenty of IP space.



Justin Wilson
j...@j2sw.com

—
https://blog.j2sw.com - Podcast and Blog
https://www.fd-ix.com

RE: Starlink routing

[Chris J. Ruschmann]

Don’t quote me on this, but I wouldn’t say they are doing anything different 
than you or I can do and have access to on the routing layer. It's probably 
just Nokia and Arista and whatever those systems provide. Stuff like Tunneling, 
ECMP, BFD and VxLan... Think spatially coordinated Zerotier and not based on 
latency. They also have a pretty good team of experts that have experience with 
large scale networking and automation they've plucked from various places.

How the Satellites talk to the end users is where all the magic is. But my 
understanding is that it's all custom developed networking as code that handles 
all the frequency coordination and hand offs with the ground.

-Original Message-
From: NANOG  On Behalf Of Michael 
Thomas
Sent: Sunday, January 22, 2023 1:43 PM
To: nanog@nanog.org
Subject: Starlink routing

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



I read in the Economist that the gen of starlink satellites will have the 
ability to route messages between each satellite. Would conventional routing 
protocols be up to such a challenge? Or would it have to be custom made for 
that problem? And since a lot of companies and countries are getting on that 
action, it seems like fertile ground for (bad) wheel reinvention?

Mike

RE: SDN Internet Router (sir)

[Chris Wright]

I love that we can't even get a full week into the new year without beating the 
"let's overhaul BGP" drum. Some things never change. <3

Chris


-Original Message-
From: NANOG  On 
Behalf Of Joe Maimon
Sent: Thursday, January 5, 2023 5:51 PM
To: Mel Beckman ; Mike Hammett 
Cc: NANOG 
Subject: Re: SDN Internet Router (sir)

And here is another interesting approach Ive left open in my browser window for 
who knows how long

https://inog.net/files/iNOG14v_oliver_sourcerouting.pdf

The problem with BGP is that local actors can exact global costs trivially by 
consuming as many routing slots as they can get away with, add together BGP 
path decisions and Most Specific traffic-engineering is the goto knob. 
Sometimes you just want to say this is the route, do not accept any more 
specifics, unless this route is no longer the route. But you want that done 
automatically and correctly, reliably.

This is also why all the multi-homing approaches that do not involve global 
routing havent really taken off in any way to blunt table growth. 
And likely wont.

See the aggregation factor in the routing report for how bad this is.

There have been lots of BGP protocol and feature updates, but unless your going 
to uniformly run new systems and enterprise systems that support all of them, 
its hard to decide to build your entire routing strategy around them.

That BGP unlike EIGRP never tried to tie together performance indicators with 
routing metrics feature or misdesign, you could debate that but it was always 
intentional. And opex has pretty much fallen down on the side of against 
IGP->BGP redistribution of prefixes, let alone performance metrics.

That eBGP prefix has no good reliable way of indicating that an advertised 
route sucks so bad that you should never attempt to use it unless as last 
resort, thats why we have AS-paths wrapping screen lines.

"finish IPv6 migration"? Letting IPv6 migration state factor as decision input 
on anything not directly related to IPv6 migration was never logical, just 
naively optimistic, and should be stamped out wherever encountered. If its 
good, use it now and Ipv6 will adopt it as well. If it isnt, why wait to find 
out?

Joe

Mel Beckman wrote:
> Mike,
>
> Thanks for that useful example. On a side note, Netflix is a thorn in 
> all our sides :) You could put a localpref filter route to override 
> the default for Netflix prefixes, but this impacts resilience. Since 
> you peer with Netflix, I suspect we probably agree that Netflix’s 
> ideas on traffic engineering are pretty one sided.
>
> I think it’s safe to say that BGP, which has scaled amazingly well, 
> didn’t anticipate some of the big gorilla content systems. I don’t 
> really see, though, how injecting FIB entries helps more than other 
> methods. And as others have pointed out, the risk of creating routing 
> loops is significant.
>
> Perhaps it is time to migrate to a new version of BGP.  Projects like 
> MBGP and FP-7‘s 4WARD are working on new follow-on routing models, but 
> nothing is on the immediate horizon. I think we all thought we should 
> finish IPv6 migration first :)
>
> -mel via cell
>
>> On Jan 5, 2023, at 1:11 PM, Mike Hammett  wrote:
>>
>> 
>> I hesitated to get too specific in examples because someone is going 
>> to drag the conversation into the weeds.
>>
>> Let's take the the Dallas - New Orleans - Atlanta example where I 
>> have a connection from New Orleans to Dallas and a connection from 
>> New Orleans to Atlanta.
>>
>> Let's say I peer with Netflix in both markets. Netflix chooses to 
>> serve me out of Atlanta, for whatever reason. Say my default route 
>> sends my traffic to Dallas. That's not where Netflix wanted it, so 
>> now I have to go from Dallas to Atlanta, whether that's my circuit or 
>> across the public Internet. Potentially, it's on MPLS and it rides 
>> back through the New Orleans router to get back to Atlanta. That's a 
>> long trip when I already had a better path, the less-than-full-fib 
>> router just didn't know about it. Given that Netflix is a sizable 
>> amount of traffic in an eyeball ISP, that's a lot of traffic to be 
>> going the wrong way. If the website for Viktor's Arctic Plunge in 
>> Siberia was hosted in Atlanta, I wouldn't give two craps that the 
>> traffic went the wrong way because A), I'll probably never go there 
>> and B) when someone does, it won't be meaningfully enough traffic to 
>> accommodate.
>>
>> Someone's going to tell me to put a full-table router in New Orleans. 
>> Maybe I should. Okay, so maybe I have a POP in Ashford, Alabama. It 
>> has transport to New Orleans and Atlanta. There aren't enough grains 
>> of sugar in Ashford, Alabama to justify a current

Re: Google Speed Test

[Chris Adams]

Once upon a time, Robert Webb  said:
> None of them are accurate. The one from a Google search gave me around
> 280Mbps, the stadia gave me 39Mbps, and Ookla gave me close to 500Mbps..

Browser-based speed testing is a crapshoot for anything above about
100M... Ookla has a native client for just about every client OS that
tends to be much more accurate.

-- 
Chris Adams 

Re: Alternative Re: ipv4/25s and above Re: 202211232221.AYC

[Chris Welti]

Hi Abe,

the problem is that the AMS-IX data only covers the public fabric, but 
the peering connections between the big CDNs/clouds and the large ISPs 
all happen on private dedicated circuits as it is so much traffic that 
it does not make sense to run it over a public IX fabric (in addition to 
local caches which dillute the stats even more). Thus that data you are 
referring to is heavily biased and should not be used for this 
generalized purpose.


Regards,
Chris

On 24.11.22 18:01, Abraham Y. Chen wrote:

Hi, Eduard:

0) Thanks for sharing your research efforts.

1) Similar as your own experience, we also recognized the granularity 
issue of the data in this particular type of statistics. Any data that 
is based on a limited number of countries, regions, businesses, 
industry segments, etc. will always be rebutted with a counter example 
of some sort. So, we put more trust into those general service cases 
with continuous reports for consistency, such as AMS-IX. If you know 
any better sources, I would like to look into them.


Regards,


Abe (2022-11-24 11:59 EST)


On 2022-11-24 04:43, Vasilenko Eduard wrote:

Hi Abraham,
Let me clarify a little bit on statistics - I did an investigation 
last year.


Google and APNIC report very similar numbers. APNIC permits drilling 
down deep details. Then it is possible to understand that they see 
only 100M Chinese. China itself reports 0.5B IPv6 users. APNIC gives 
Internet population by country - it permits to construct proportion.
Hence, it is possible to conclude that we need to add 8% to Google 
(or APNIC) to get 48% of IPv6 preferred users worldwide. We would 
likely cross 50% this year.


I spent a decent time finding traffic statics. I have found one DPI 
vendor who has it. Unfortunately, they sell it for money.
ARCEP has got it for France and published it in their "Barometer". 
Almost 70% of application requests are possible to serve from IPv6.
Hence, 70%*48%=33.6%. We could claim that 1/3 of the traffic is IPv6 
worldwide because France is typical.
My boss told me "No-No" for this logic. His example is China where we 
had reliable data for only 20% of application requests served on IPv6 
(China has a very low IPv6 adoption by OTTs).
My response was: But India has a much better IPv6 adoption on the web 
server side. China and a few other countries are not representative. 
The majority are like France.
Unfortunately, we do not have per-country IPv6 adoption on the web 
server side.
OK. We could estimate 60% of the application readiness as a minimum. 
Then 60%*48%=28.8%.
Hence, we could claim that at least 1/4 of the worldwide traffic is 
IPv6.


IX data shows much low IPv6 adoption because the biggest OTTs have 
many caches installed directly on Carriers' sites.


Sorry for not the exact science. But it is all that I have. It is 
better than nothing.


PS: 60% of requests served by web servers does not mean "60% of 
servers". For servers themselves we have statistics - it is just 
20%+. But it is for the biggest web resources.


Eduard
-Original Message-
From: NANOG 
[mailto:nanog-bounces+vasilenko.eduard=huawei@nanog.org] On 
Behalf Of Abraham Y. Chen

Sent: Thursday, November 24, 2022 11:53 AM
To: Joe Maimon
Cc: NANOG;b...@theworld.com
Subject: Re: Alternative Re: ipv4/25s and above Re: 202211232221.AYC

Dear Joe:

0) Allow me to share my understanding of the two topics that you 
brought up.


1) "...https://www.google.com/intl/en/ipv6/statistics.html, it looks 
like we’ve gone from ~0% to ~40% in 12 years ":  Your numbers may 
be deceiving.


    A. The IPv6 was introduced in 1995-12, launched on 2012-06-06 and 
ratified on 2017-07-14. So, the IPv6 efforts have been quite a few 
years more than your impression. That is, the IPv6 has been around 
over quarter of a century.


    B. If you read closely, the statement  "The graph shows the 
percentage of users that access Google over IPv6." above the graph 
actually means "equipment readiness". That is, how many Google users 
have IPv6 capable devices. This is similar as the APNIC statistics 
whose title makes this clearer. However, having the capability does 
not mean the owners are actually using it. Also, this is not general 
data, but within the Google environment. Since Google is one of the 
stronger promoters of the IPv6, this graph would be at best the cap 
of such data.


    C. The more meaningful data would be the global IPv6 traffic 
statistics. Interestingly, they do not exist upon our extensive search.
(If you know of any, I would appreciate to receive a lead to such.) 
The closest that we could find is % of IPv6 in AMS-IX traffic 
statistics (see URL below). It is currently at about 5-6% and has 
been tapering off to a growth of less than 0.1% per month recently, 
after a ramp-up period in the past. (Similar saturation behavior can 
also be found in the above Google graph.)


https://stats.ams-ix.net/sfl

Re: BCP38 For BGP Customers

[Chris Adams]

Once upon a time, Charles Rumford  said:
> I would like to hear what others are doing for BCP38 deployments for
> BGP customers. Are you taking the stance of "if you don't send us
> the prefix, then we don't accept the traffic"? Are you putting in
> some kind of fall back filter in based on something like IRR data?

In the case of Juniper, you can use the same prefix-list in your BGP
policy (you are applying a filter to your customers' BGP announcements,
right?) and the uRPF exception list.

-- 
Chris Adams 

RE: juniper.net down?

[Chris Wright]

Works for me on the east coast.

Chris

From: NANOG  On 
Behalf Of aar...@gvtc.com
Sent: Tuesday, October 18, 2022 2:13 PM
To: nanog@nanog.org
Subject: juniper.net down?

juniper.net down?



Aaron
aar...@gvtc.com<mailto:aar...@gvtc.com>

RE: ServiceNow

[Chris Wright]

I guess now's a good time to recommend this handy site for when you'd like a 
view from the outside:

https://ping.pe

No issues at this time reaching that address from pretty much anywhere.

-

Chris


From: NANOG  On 
Behalf Of Mann, Jason via NANOG
Sent: Wednesday, August 31, 2022 1:59 AM
To: nanog@nanog.org
Subject: ServiceNow

Anyone else having issues getting to service now? We use it for ticketing: 
montana.servicenowservices.com [149.96.184.230]. Im not seeing it in our 
internet routers nor on a couple of looking glass servers.

RE: BGP Visualization with Software Galaxies

[Chris Wright]

BGPLay works pretty well.

https://stat.ripe.net/about/


From: NANOG  On 
Behalf Of Jacques Latour
Sent: Tuesday, August 23, 2022 2:17 PM
To: NANOG 
Subject: BGP Visualization with Software Galaxies

I was looking for a functional version of a BGP visualisation tool like the one 
at NTT http://as2914.net/, it does not seem to work or be updated.

Is there a public facing functional tool somewhere? I like this tool to show 
the complexity of our internet from a spaceship point of view COOL 


  *   
https://github.com/anvaka/pm/tree/master/about#software-galaxies-documentation

Thanks!

Jacques

RE: IPv6 internet broken, cogent/telia/hurricane not peering

[Chris Wright]

The reply must've been stuck in Cogent's network for the past 13 years. 

Chris

-Original Message-
From: NANOG  On 
Behalf Of Chris Adams
Sent: Thursday, August 11, 2022 10:17 AM
To: nanog@nanog.org
Subject: Re: IPv6 internet broken, cogent/telia/hurricane not peering

Once upon a time, Niels Bakker  said:
> * volki...@gmail.com (VOLKAN KIRIK) [Thu 11 Aug 2022, 15:52 CEST]:
> >hello
> 
> You're replying to a thread from 2009. Please advise.

Maybe they're a Cogent sales rep that, when trying snipe a customer's customer, 
got push-back on "can I get to Google and HE on IPv6 on your circuit?".
--
Chris Adams 

Re: IPv6 internet broken, cogent/telia/hurricane not peering

[Chris Adams]

Once upon a time, Niels Bakker  said:
> * volki...@gmail.com (VOLKAN KIRIK) [Thu 11 Aug 2022, 15:52 CEST]:
> >hello
> 
> You're replying to a thread from 2009. Please advise.

Maybe they're a Cogent sales rep that, when trying snipe a customer's
customer, got push-back on "can I get to Google and HE on IPv6 on your
circuit?".
-- 
Chris Adams 

RE: IoT - The end of the internet

[Chris Wright]

That’s just humans in general, and it certainly isn’t limited to our outlook on 
the future of the internet. Big advancements will always take us by surprise 
because our lizard brains have a hard time comprehending exponential growth. 
Someone please stop me here before I get on my Battery-EV soapbox. :D

Chris

From: NANOG  On 
Behalf Of Tom Beecher
Sent: Wednesday, August 10, 2022 9:25 AM
To: Christopher Wolff 
Cc: NANOG 
Subject: Re: IoT - The end of the internet

It always amazes me how an industry that has , since its inception, been 
constantly solving new problems to make things work, always finds a way to 
assume the next problem will be unsolvable.

On Tue, Aug 9, 2022 at 10:23 PM Christopher Wolff 
mailto:ch...@vergeinternet.com>> wrote:
Hi folks,

Has anyone proposed that the adoption of billions of IoT devices will 
ultimately ‘break’ the Internet?

It’s not a rhetorical question I promise, just looking for a journal or other 
scholarly article that implies that the Internet is doomed.

RE: Question re. operator tools - somewhere betwixt fast failover and TE

[Chris Wright]

I’m not entirely certain these are problems that operators necessarily concern 
themselves with. Datacenters and specialized service networks, perhaps, but not 
internet service providers. Mainly because the internet is a relatively lossy 
beast with several performance inhibitors that constantly lie outside an 
operator’s control (i.e. bad filters seem to break the entire United States 
eastern seaboard at least once a year.) I’d wager most of us are not concerned 
with the kind of failure scenario you’re describing simply because there is no 
demand from our customers for sub-millisecond remediation. At least not from 
the ones who are willing to pay for it. 

---

Chris

From: NANOG  On 
Behalf Of Matthew Nance Hall
Sent: Friday, August 5, 2022 12:24 PM
To: nanog@nanog.org
Cc: 'Ramakrishnan Durairajan' ; 'PAUL R BARFORD' 
; klaus-tycho.foers...@tu-dortmund.de
Subject: Question re. operator tools - somewhere betwixt fast failover and TE

You don't often get email from 
mh...@cs.uoregon.edu<mailto:mh...@cs.uoregon.edu>. Learn why this is 
important<https://aka.ms/LearnAboutSenderIdentification>

Hello,

I'm Matthew Nance-Hall (Matt), a PhD Candidate at the University of Oregon 
working with Prof. Ram Durairajan (UO), Prof. Paul Barford (UW-Madison) and 
Prof. Klaus-Tycho Foerster (TU Dortmund).

I was hoping someone could shed operator perspective on a research question 
we're exploring. We're interested in the timescales and mechanisms used to 
adjust data paths and wondering where gaps might exist between traffic 
engineering (TE), fast fail-over, and routing.

We're specifically curious about spatio-temporal characteristics where gaps 
might exist. For example, the topological scope of an event (congestion or 
outage) and the timescale for adjustments to be made. I'm aware there are 
operator tools such as fast fail-over and TE for making changes confined to 
single links or across the whole network but wonder if there is a place for 
events that have broader scope (beyond a single link but less than the whole 
network) where new inquiry and exploration would be welcome.

Thank you,
Matt

Re: Equinix IX support contact me please

[Chris]

I'd personally recommend logging into the portal and opening a case, this
will give you the fastest result.  If you really want to email
servicedesk...@eu.equinix.com should be right assuming you're using the
fabric in Germany like your email address suggests. Otherwise, check
https://www.equinix.com/contact-us/customer-support for the appropriate
country contact.

Chris

On Thu, Aug 4, 2022 at 5:16 AM Elmar K. Bins  wrote:

> Hi folks at Equinix,
>
> your peeringdb entry contact address (servicesupp...@equinix.com) bounces.
> Please contact me right away to fix a MAC filter.
>
> Elmar.
>
>

Re: NANOG List posts and DMARC

[Chris Adams via NANOG]

Once upon a time, Bryan Fields  said:
> The list is configured to wrap anyone posting from a domain with a  with a
> DMARC Reject/Quarantine Policy (dmarc_moderation_action).  If you don't have
> this set on your domain, the list will not wrap your message (which is the
> correct behavior as it breaks other things).

That is not the case right now; it appears to be modifying ALL senders
since earlier today (about 12:20pm CDT) .  Your message has "From: Bryan
Fields via NANOG " even though you have no DMARC record
at all.

-- 
Chris Adams 

Re: NANOG List posts and DMARC

[Chris Adams via NANOG]

Once upon a time, Chris Adams  said:
> Once upon a time, Jared Mauch  said:
> > Can someone flip the option in Mailman for DMARC please, it’s problematic 
> > as if one posts and does DMARC and has feedback on, our messages are  
> > possibly rejected, and the feedback from a post is quite large.
> 
> The list is doing the DMARC handling (From rewrite) for senders with a
> DMARC p=reject.

Oh, or someone just changed the config per your request. :)  I have
p=none but my From got rewritten on this message.
-- 
Chris Adams 

Re: NANOG List posts and DMARC

[Chris Adams via NANOG]

Once upon a time, Jared Mauch  said:
> Can someone flip the option in Mailman for DMARC please, it’s problematic as 
> if one posts and does DMARC and has feedback on, our messages are  possibly 
> rejected, and the feedback from a post is quite large.

The list is doing the DMARC handling (From rewrite) for senders with a
DMARC p=reject.
-- 
Chris Adams 

Re: 400G forwarding - how does it work?

[Chris Adams]

Once upon a time, James Bensley  said:
> The obvious answer is that it's not magic and my understanding is
> fundamentally flawed, so please enlighten me.

So I can't answer to your specific question, but I just wanted to say
that your CPU analysis is simplistic and doesn't really match how CPUs
work now.  Something can be "line rate" but not push the first packet
through in the shortest time.  CPUs break operations down into a series
of very small operations and then run those operations in a pipeline,
with different parts of the CPU working on the micro operations for
different overall operations at the same time.  The first object out of
the pipeline (packet destination calculated in this case) may take more
time, but then after that you keep getting a result every cycle/few
cycles.

For example, it might take 4 times as long to process the first packet,
but as long as the hardware can handle 4 packets in a queue, you'll get
a packet result every cycle after that, without dropping anything.  So
maybe the first result takes 12 cycles, but then you can keep getting a
result every 3 cycles as long as the pipeline is kept full.

This type of pipelined+superscalar processing was a big deal with Cray
supercomputers, but made it down to PC-level hardware with the Pentium
Pro.  It has issues (see all the Spectre and Retbleed CPU flaws with
branch prediction for example), but in general it allows a CPU to handle
a chain of operations faster than it can handle each operation
individually.

-- 
Chris Adams 

Re: FCC proposes fines against 73 applicants of Rural Digital Opportunity Fund

[Chris Adams]

Once upon a time, William Herrin  said:
> The overwhelming majority of the penalties were in the 4 and low 5
> figures -- pocket change for a network business. The exceptions were:

Some of these companies are very small rural outfits, where a 5 figure
fine isn't exactly pocket change.

I wonder how the supply chain issues are affecting this.  I know a rural
electric company that had a (just before pre-RDOF) grant for setting up
Internet that couldn't get the routers they'd ordered and paid for; they
were back-ordered for months.  They had to scramble and get loaners out
of a reseller's demo pool to meet their grant timeline requirements.

-- 
Chris Adams 

RE: What say you, nanog re: Starlink vs 5G?

[Chris Wright]

The term "5G" among technical circles started vague, became better defined over 
the course of several years, and is becoming vague again. This nuance was never 
well understood in the public eye, nor by mass publications like CNN. This is a 
battle for 12GHz, not 5G.

Chris


-Original Message-
From: NANOG  On 
Behalf Of John Levine
Sent: Thursday, June 23, 2022 9:45 PM
To: nanog@nanog.org
Subject: Re: What say you, nanog re: Starlink vs 5G?

It appears that Eric Kuhnke  said:
>Adding a terrestrial transmitter source mounted on towers and with CPEs 
>that stomps on the same frequencies as the last 20 years of existing 
>two way VSAT terminals throughout the US seems like a bad idea. Even if 
>you ignore the existence of Starlink, there's a myriad of low bandwidth 
>but critical SCADA systems out there and remote locations on ku-band 
>two way geostationary terminals right now.

I think the original thought was that the satellite service would be used in 
rural areas and 5G in cities so there'd be geographic separation, but Starlink 
is selling service all over the place.

Re: Bgpmon alternative

[Chris Cummings]

For the security/hijacking side (though it can be used in creative ways for
other operational data) check out ARTEMIS.

https://bgpartemis.org



Nick Buraglio and I recorded a podcast with Vasileios (a main person behind
ARTEMIS) that gives (in my incredibly biased view) a good overview of the
ARTEMIS tool.

https://www.modem.show/post/s01e08/



On Wed, Jun 15, 2022 at 15:47 Mehmet Akcin  wrote:

> Hi there
>
> What are the best alternatives to BGPmon these days?
>
> Goal is to try to monitor bgp routing changes for specific prefixes.
>
> Mehmet
> --
> Mehmet
> +1-424-298-1903
>
-- 
Chris Cummings
907.209.3940

Re: Upstream bandwidth usage

[Chris Hills]

On 10/06/2022 00:31, Mel Beckman wrote:

Your point on asymmetrical technologies is excellent. But you may not be aware 
that residential optical fiber is also asymmetrical. For example, GPON, the 
latest ITU specified PON standard, and the most widely deployed, calls for a 
2.4 Gbps downstream and a 1.25 Gbps upstream optical line rate.


Not all residential fiber is asymmetric. Nokia XGS-PON supports 9.953 
Tx/Rx (e.g. LTF7226 transceiver).

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

[Chris Adams]

Once upon a time, Michael Thomas  said:
> I meant downloads as in gigantic games. If you give them more
> bandwidth it just encourages the game makes to build bigger game
> downloads.

I don't buy that - users are still constrained on storage, especially on
consoles.
-- 
Chris Adams 

Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

[Chris Adams]

Once upon a time, Mike Hammett  said:
> Most households have no practical use for more than 25 megs. More is better, 
> but let's not just throw money into a fire because of a marketing machine. 

4K TVs are cheap, and 4K streaming content is plentiful, and usually
runs 15-20 Mbps.  The average household has more than one person, and
they may want to watch different content.

And that's today.  Gaming streaming is ramping up (which needs both good
bandwidth and low latency), and there'll always be things you haven't
considered popping up.

Saying most people don't need more than 25 Mbps is like saying 640k is
enough for anybody.
-- 
Chris Adams 

Re: fs.com Ethernet switches

[Chris Adams]

Once upon a time, Richard Angeletti  said:
> Wondering if anyone on the list has any experiences with fs.com Ethernet
> switches that they are willing to share (good or bad)?
> 
> We're looking for some cost effective L2 only 10Gb-T switches and their
> S58XX switches have come up as a potential option.

I set up a couple of S5850s for a sever cluster recently, with MC-LAG
and a bit of L3 for a management network.  They worked fine.

The only issue I had was getting ACLs applied to limit device and
management net access; they had a couple of extra steps needed.  The
typical IOS-ish "ip access-group" command is accepted on an interface,
but it doesn't actually work that way - you have to do a policy-map that
references a class-map that references an access-list, and then apply
the policy-map to the interface.

Also, putting an ACL on "line vty" only applied after authentication (so
you could SSH and authenticate, only to then be denied access, which
makes it susceptible to password scanners).  Instead you configure an
ACL on the SSH service itself.

-- 
Chris Adams 

Re: "Permanent" DST

[Chris Adams]

Once upon a time, Owen DeLong  said:
> You’re right… Two changes to a single file in most cases:
> 
> 1.Set the correct new timezone (e.g. MST for California).

And now your system displays wrong info 100% of the time, since as I
understand it, the zones will be changed (e.g. for me, CST will change
from UTC-0600 to UTC-0500).  How will you distinguish between "old" MST
and "new" MST when you see it listed?

-- 
Chris Adams 

Re: "Permanent" DST

[Chris Adams]

Once upon a time, Jay R. Ashworth  said:
> This also, as I understood it, why high-school is always the first grade
> level which starts, and ends, the school day (often 7a-2p or so).

Not "always"... high school starts 30-40 minutes later than the younger
kids here.
-- 
Chris Adams 

Re: "Permanent" DST

[Chris Adams]

Once upon a time, Dave  said:
> Folks for most systems, this is a change to a single file. Not a really hard 
> thing to accomplish

For lots of up-to-date servers running a current and well-maintained
operating system, this will be mostly easy (except that if you maintain
hundreds of servers, it's still non-trivial, because even with
automation, there's testing involved to make sure all services are
properly updated).  It's definitely more than "a change to a single
file" though.

If that's all that existed, that'd be great.  However, there are tons of
not up-to-date servers, running unmaintained operating systems.  There
are tons of embedded systems that never get updates.  The last time
Congress messed with the time zones and DST, it was a huge PITA, and I'd
wager there are way more problem systems now than there were then.

This is a huge waste of time to address, all because some businesses
think their hours are nailed for all eternity, and the world must change
instead.

-- 
Chris Adams 

Re: [EXTERNAL] Re: Flow collection and analysis

[Chris Adams]

Once upon a time, Laura Smith  said:
> I don't know about anyone else here, but frankly in 2022 TLS support should 
> be a first class citizen.
> 
> If I have to mess around with running something else as a proxy in front of 
> it then that's the end of my software evaluation.
> 
> Crypto is no longer "nice to have" option these days.

Having every thing under the sun trying to implement the complexities of
TLS leads to lots of failures and security issues... so lots of web
things are designed to be simple and only implement HTTP, listen on
localhost, and let a well-optimized front-end (e.g. nginx) handle the
crypto side (as well as all the weird things browsers do).

It also makes it easier from an system admin point of view, because
handling cert updates in nginx is easy and well-known, so you don't have
to figure out 27 different ways alternate software handles certs and
updates.

-- 
Chris Adams 

Re: home router battery backup

[Chris Adams]

Once upon a time, Dave Taht  said:
> I tend also to hang a good gps off a second usb port, if available.
> There's a topic for geeks - does anyone else really know (or care)
> what time it really is?

25 (or 6) to 4?

Running GPS over USB for timing makes me twitch though - too much
jitter! :)  Use a proper serial or GPIO port, with that you can get down
to sub-microsecond accuracy.
-- 
Chris Adams 

Re: home router battery backup

[Chris Adams]

Once upon a time, Dave Taht  said:
> Also, I *hate* the beeps. It's dark out, I know the powers off, darn
> it, no need to beep. That's why I buy 'smart' upses because you can
> tell them not beep.

You can tell ANY UPS to not beep... sometimes it just requires more
force (and wire cutters).
-- 
Chris Adams 

Re: home router battery backup

[Chris Adams]

Once upon a time, Brandon Martin  said:
> AT and Comcast don't seem to provide battery by default if you buy
> voice service from them.

The only major power outage I've experienced at my house (I've been here
over 20 years) was the May 2011 tornado outbreak, when TVA lost hundreds
of distribution towers, and my local utility lost all feeds.  At the
time, I had AT POTS, Comcast cable/Internet, and T-Mobile cell.

I have all my stuff on UPS, so I could see for a little while that
Comcast dropped almost immediately; it looked like they had no (or dead)
batteries in their distribution system.  T-Mobile stayed up but got
congested (because lots of people switched to cells for Internet), and
AT POTS was up the whole time (they have batteries in all the remotes,
with natural gas generators in a lot of them, and rolled generator
trucks around to charge things up).

I left town the next morning to somewhere with electricity, and came
back several days later, before my power had been restored (it came back
that night).  IIRC Comcast was dead, AT was up, and T-Mobile was up
but slow.

I've got Google Fiber now, on local utility fiber, and I haven't
experienced any outage when there's a power outage, but we also haven't
had any extended outage.  Since the fiber network is run by the utility,
the huts are at substations, so it would take a substation outage to
knock out power to the hut (and I think they may still also have
generators at the huts).

-- 
Chris Adams 

Re: Linode and/or Google Fiber contacts?

[Chris Adams]

Once upon a time, Chris Adams  said:
> Anybody here from Linode and/or Google Fiber that can help out with
> packet loss between these networks at NYIIX peering?  It's been going on
> for almost a week... opened a Linode case and they looked at the VM
> host, also opened a Google Fiber case and got zero response (don't think
> front-line support on either side is really getting it).

Got some folks from Google Fiber looking at their side now, thanks!  If
anybody from Linode could check too, that'd still be nice.
-- 
Chris Adams 

Linode and/or Google Fiber contacts?

[Chris Adams]

Anybody here from Linode and/or Google Fiber that can help out with
packet loss between these networks at NYIIX peering?  It's been going on
for almost a week... opened a Linode case and they looked at the VM
host, also opened a Google Fiber case and got zero response (don't think
front-line support on either side is really getting it).

I can MTR in each direction and the path appears symmetric, through
NYIIX peering IPs (on both v4 and v6), and each sees packet loss at the
first hop into the other network.  I'm guessing one side or the other is
having errors or has a congested port, but the regular support channels
aren't getting this to the right people.

Off-list contact is fine.

-- 
Chris Adams 

Re: Redploying most of 127/8 as unicast public

[Chris Adams]

Once upon a time, Masataka Ohta  said:
> It merely means IPv6 is not deployable with the real reason.

Except that is provably wrong.  A significant number of people are using
IPv6 (and probably don't even know it, because it works without notice).
Almost everything you do on the US cell networks is IPv6.  I'm running
over IPv6 to send this message, or when I go to Google or Facebook or
Netflix for example.

I didn't have to do anything special to get any of that to work; I use
my own CPE (which I didn't have to configure special to get IPv6), but
my provider-provided CPE also supported IPv6 out of the box.  The common
client OSes all support IPv6 out of the box (only major snag I'm aware
of is Android and DHCPv6, c'mon Google, but typical residential CPE does
RA anyway so this only affects larger businesses with managed networks).

Non-general-purpose devices are lagging some, but on the game system
front, Xbox (at least) supports IPv6.  IPv6 support is even in things
like my home audio receiver (Internet connected for streaming music,
which Pandora and Spotify at least support IPv6) and 5+ year old injket
printer.

Could I run IPv6 only today?  No, not quite.  But it's getting closer to
that point every day.  Providers running CG-NAT see that getting IPv6
dual-stack deployed reduces the IPv4 bandwidth (so reduces the CG-NAT
costs) because so much is IPv6-enabled already.

-- 
Chris Adams 

Re: OpenDNS contact

[Chris Murray]

Hi Mark,

I can help. I'll reach out to you directly.

Thanks, Chris

On Fri, Nov 19, 2021 at 5:40 AM Mark Costlow  wrote:
>
> Does anyone have a contact within OpenDNS?  A friend's business is in
> extreme pain because a false-positive blacklisting and he hasn't been
> able to find a human to appeal to.
>
> The source of the bad initial report has retracted it and the usual "remove
> me from this blacklist" form has been filled out, but they're still hurting.
>
> Thanks,
>
> Mark
> --
> Mark Costlow| Southwest Cyberport | Fax:   +1-505-232-7975
> che...@swcp.com | Web:   www.swcp.com | Voice: +1-505-232-7992

RE: ARIN POC RegDate...

[Chris Wright]

That's just the Unix epoch time. Your info is missing for that field so the 
32-bit integer is a string of 0's, which renders out to 00:00:00 UTC January 
1st 1970.



-Original Message-
From: NANOG  On 
Behalf Of b...@theworld.com
Sent: Sunday, October 24, 2021 8:59 PM
To: nanog@nanog.org
Subject: ARIN POC RegDate...


Perhaps silly but am I the only one with an ARIN POC RegDate of 1970-01-01? 
I've been in that db a long time but not quite that long.

Does it matter? I have no idea what the correct date might be so the 
instructions to correct don't help.

If I needed that info I'd consult the ARIN DB but I guess not.

I guess I'm wondering if it's just their temporary DB glitch so I should ignore 
it.

The rest of the info is perfect beyond my wildest dreams.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

RE: Linux WiFi Package Issues

[Chris J. Ruschmann]

I have the same issues with a Lenovo when connecting to a wifi6 that does 8x8 
and 4x4 Mimo

Moving back to Wifi5 access point and I don’t have the issues anymore.


Hope this helps.


From: NANOG  On Behalf Of Pascal 
Masha
Sent: Tuesday, October 12, 2021 3:22 AM
To: nanog@nanog.org
Subject: Linux WiFi Package Issues

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Hello All,

I have been wondering whether there is any known issue with the Linux WiFi 
package since the last 3 days or so? I'm Ubuntu 20.04.3 LTS 64bit Distro and 
WiFi has been dropping almost every 5 minutes. A colleague on another Linux 
Disto also contacted me about the same thing. Has anyone in the community 
experienced the same issue?

Regards
Paschal Masha

Re: facebook outage

[chris]

Hopefully this will show people they can enjoy life and survive without it
and that it will be just like myspace some day :)

On Mon, Oct 4, 2021 at 5:31 PM Jeff Shultz  wrote:

> Now they just need to get the site itself back up.
>
> On Mon, Oct 4, 2021 at 2:25 PM Bill Woodcock  wrote:
>
>>
>>
>> > On Oct 4, 2021, at 11:10 PM, Bill Woodcock  wrote:
>> >
>> > They’re starting to pick themselves back up off the floor in the last
>> two or three minutes.  A few answers getting out.  I imagine it’ll take a
>> while before things stabilize, though.
>>
>> nd we’re back:
>>
>> WoodyNet-2:.ssh woody$ dig www.facebook.com @9.9.9.9
>>
>> ; <<>> DiG 9.10.6 <<>> www.facebook.com @9.9.9.9
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32839
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 512
>> ;; QUESTION SECTION:
>> ;www.facebook.com.  IN  A
>>
>> ;; ANSWER SECTION:
>> www.facebook.com.   3420IN  CNAME
>> star-mini.c10r.facebook.com.
>> star-mini.c10r.facebook.com. 6  IN  A   157.240.19.35
>>
>> ;; Query time: 13 msec
>> ;; SERVER: 9.9.9.9#53(9.9.9.9)
>> ;; WHEN: Mon Oct 04 23:20:41 CEST 2021
>> ;; MSG SIZE  rcvd: 90
>>
>>
>> -Bill
>>
>>
>
> --
> Jeff Shultz
>
>
> Like us on Social Media for News, Promotions, and other information!!
>
> [image:
> https://www.instagram.com/sctc_sctc/]
> 
> 
> 
>
>
>
>
>
>
>
>  This message contains confidential information and is intended only
> for the individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. E-mail transmission cannot be
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message, which arise as a result of e-mail
> transmission. 
>

Re: massive facebook outage presently

[chris]

yeah we are seeing same, appears that none of their NS are responding to
dns queries affecting all their properties, whatsapp, facebook,
instagram etc

chris

On Mon, Oct 4, 2021 at 12:06 PM Eric Kuhnke  wrote:

> https://downdetector.com/status/facebook/
>
> Normally not worth mentioning random $service having an outage here, but
> this will undoubtedly generate a large volume of customer service calls.
>
> Appears to be failure in DNS resolution.
>
>

Re: IPv6 woes - RFC

[Chris Adams]

Once upon a time, Andy Smith  said:
> On Sat, Sep 25, 2021 at 08:44:00PM -0400, Valdis Klētnieks wrote:
> > 19:17:38 0 [~] ping 2130706433
> 
> "ping 01770001" and "ping 0x7F01" also fun ones :)

More than once, I've had to explain why zero-filling octets, like
127.000.000.001 (which still works) or 008.008.008.008 (which does not),
is broken.

-- 
Chris Adams 

Re: Rack rails on network equipment

[Chris Adams]

Once upon a time, Niels Bakker  said:
> * c...@cmadams.net (Chris Adams) [Sat 25 Sep 2021, 00:17 CEST]:
> >Which - why do I have to order different part numbers for back to
> >front airflow?  It's just a fan, can't it be made reversible?
> >Seems like that would be cheaper than stocking alternate part
> >numbers.
> 
> The fan is inside the power supply right next to the high-voltage
> capacitors. You shouldn't be near that without proper training.

I wasn't talking about opening up the case, although lots of fans are
themselves hot-swappable, so it should be possible to do without opening
anything.  They are just DC motors though, so it seems like a fan could
be built to reverse (although maybe the blade characteristics don't work
as well in the opposite direction).

-- 
Chris Adams 

Re: Rack rails on network equipment

[Chris Adams]

Once upon a time, William Herrin  said:
> I care, but it bothers me less that the inconsiderate air flow
> implemented in quite a bit of network gear. Side cooling? Pulling air
> from the side you know will be facing the hot aisle? Seriously, the
> physical build of network equipment is not entirely competent.

Which - why do I have to order different part numbers for back to front
airflow?  It's just a fan, can't it be made reversible?  Seems like that
would be cheaper than stocking alternate part numbers.
-- 
Chris Adams 

Re: Never push the Big Red Button (New York City subway failure)

[Chris Kane]

True EPO story; maintenance crew carrying new drywall into the data center
backed into the EPO that didn't have a cover on it. One of the most
eerie sounds in networking...a completely silent data center.

-chris

On Fri, Sep 10, 2021 at 2:48 PM Christopher Morrow 
wrote:

>
>
> On Fri, Sep 10, 2021 at 1:49 PM Matthew Huff  wrote:
>
>> Reminds me of something that happened about 25 years ago when an
>> elementary school visited our data center of the insurance company where I
>> worked. One of our operators strategically positioned himself between the
>> kids and the mainframe, leaned back and hit it's EPO button.
>>
>>
> Or when your building engineering team cuts themselves a new key for the
> 'main breaker' for the facility... and tests it at 2pm on a tuesday.
> Or when that same team cuts a second key (gotta have 2 keys!) and tests
> that key on the same 'main breaker' ... at 2pm on the following tuesday.
>
> 
>
> not fakenews, a real story from a large building full of gov't employees
> and computers and all manner of 'critical infrastructure' for the agency
> occupying said building.
>
> Matthew Huff | Director of Technical Operations | OTA Management LLC
>>
>> Office: 914-460-4039
>> mh...@ox.com | www.ox.com
>>
>> ...
>>
>> -Original Message-
>> From: NANOG  On Behalf Of Sean
>> Donelan
>> Sent: Friday, September 10, 2021 12:38 PM
>> To: nanog@nanog.org
>> Subject: Never push the Big Red Button (New York City subway failure)
>>
>> NEW YORK CITY TRANSIT RAIL CONTROL CENTER POWER
>> OUTAGE ISSUE ON AUGUST 29, 2021
>> Key Findings
>> September 8, 2021
>>
>>
>>
>> https://www.governor.ny.gov/sites/default/files/2021-09/WSP_Key_Findings_Summary-for_release.pdf
>>
>> Key Findings
>> [...]
>>
>> 3. Based on the electrical equipment log readings and the manufacturer’s
>> official assessment, it was determined that the most likely cause of RCC
>> shutdown was the “Emergency Power Off” button being manually activated.
>>
>> Secondary Findings
>>
>> 1. The “Emergency Power Off” button did not have a protective cover at
>> the
>> time of the shutdown or the following WSP investigation.
>>
>> [...]
>> Mitigation Steps
>>
>> 1. Set up the electrical equipment Control and Communication systems
>> properly to stay active so that personnel can monitor RCC electrical
>> system operations.
>>
>> [...]
>>
>

-- 
Chris Kane

Re: Xfi Advances Security (comcast)

[Chris Boyd]

> On Sep 10, 2021, at 9:31 AM, Jason Kuehl  wrote:
> 
> For whatever reason Comcast Xfinity is blocking my VPN URL. I've started the 
> process to unblock, and I'm trying to get a hold of their security team to 
> resolve this. I've been bounced around all morning. 
> 
> Does anyone have a contact at Comcast that can whitelist a URL or get me to a 
> team that can understand what is going on for the block to happen?

Why is Comcast blocking things? That seems like it’s out of scope for an ISP.

—Chris

Re: Reminder: Never connect a generator to home wiring without transfer switch

[Chris Boyd]

> On Aug 25, 2021, at 1:30 PM, b...@theworld.com wrote:
> 
> 
> 
> Except maybe that one guy at Harvard who came to replace what turned
> out to be a 100+ year old, home made, "breaker" which fed our machine
> room which was hidden in a narrow dark hallway winding around our
> machine room behind an unmarked metal, locked doorway. I had no idea
> it existed but we had no power so I called for help.
> 
> It was just a single copper bar about the size of a small candy bar
> tensioned into hot clips. Probably 400A but who remembers.
> 
> He removed the old one confidently enough, grabbed the new one with
> rubber-handled pliers and gloves and...
> 
>  Him: Have you ever played football?
> 
>  Me: Actually, yes, I have, why?
> 
>  Him: If something doesn't look right when I put this thing in just
>  tackle me clear of it as hard and as fast as you can.
> 
>  Me: Um, ok.
> 
> It all worked out fine and I wrote a memo that maybe Harvard could
> spring for a proper $500 breaker box?
> 
> 

When I was working at the MCI training facility in 1994, I went into the power 
facility classroom where they had battery strings, rectifiers, transfer 
switches, etc for students to learn on. I noticed that every 8-10 feet there 
was an 8 foot long 3/4 inch PVC pipe with about 16 feet of rope threaded 
through it. When I asked what those were for, the instructor said “We will use 
those to pull people off the electricity in case anyone gets shocked.”

I never heard that they were used, so that’s good.

—Chris

Amazon Contact?

[Chris Cappuccio]

Looking to see if I can get someone at Amazon to help. Amazon Video is starting 
to think our CGN exit range is a VPN service (It isn't)

Chris

Re: "Tactical" /24 announcements

[Chris Cummings]

I prefer the approach of disaggregating only when needed, not as a
preventative measure. There are tools that can help with automating this
disaggregation (ARTEMIS can do this, for example).

—
Chris


On Mon, Aug 9, 2021 at 10:50 AM Billy Croan 
wrote:

> How does the community feel about using /24 originations in BGP as a
> tactical advantage against potential bgp hijackers?
>
> All of our allocations are larger and those prefixes we announce for
> clients as well usually are.  But we had a request recently to
> originate everything as distinct /24 prefixes, to reduce the effect of
> a potential bgp hijack.  It seemed a little bit like a tragedy of the
> commons situation.
>
> Is this seen as route table pollution, or a necessary evil in today's
> world?
> How many routers out there today would be affected if everyone did this?
> Are there any big networks that drop or penalize announcements like this?
>

Re: Equinix Sales Rep

[chris]

RIP Ryan's inbox

On Fri, Jul 30, 2021, 5:25 PM Ryan Finnesey via NANOG 
wrote:

> I know this might flood my inbox on a Friday, but I am looking for
> recommendations on  sales rep at Equinix that understand the carrier
> space.  I need to find out more information about their Equinix Fabric
> product and it has been about 10 years since I have worked with Equinix
>

Re: aggregation tool that allows a bit of fuzz to aggregating ?

[Chris Hartley]

I guess something like this... maybe? Surely someone has already done this
much better, but I thought it might be a fun puzzle.

# Let's call it aggregate.py.  You should test/validate this and not trust
it at all because I don't.  It does look like it works, but I can't promise
anything like that.  This was "for fun."  For me in my world, it's not a
problem that needs solving, but if it helps someone, that'd be pretty
cool.  No follow-up questions, please.

./aggregate.py gen 10 ips.txt # Make up some random IPs for testing
./aggregate.py aggregate 2 ips.txt # Aggregate...  second argument is the
"gap", third is the filename...

Most are still going to be /32s.
Some might look like this - maybe even bigger:
27.151.199.176/29
33.58.49.184/29
40.167.88.192/29
63.81.88.112/28 # This is your example set of IPs with a gap (difference)
of 2.
200.42.160.124/30

"max gap" is the distance between IP addresses that can be clustered... an
improvement might include "coverage" - a parameter indicating how many IPs
must appear (ratio) in a cluster to create the aggregate (more meaningful
with bigger gaps).

#!/your/path/to/python
import random
import sys

def inet_aton(ip_string):
   octs = ip_string.split('.')
   n =  int(int(octs[0]) << 24) + int(int(octs[1]) << 16) +
int(int(octs[2]) << 8) + int(octs[3])
   return n

def inet_ntoa(ip):
   octs = ( ip >> 24, (ip >> 16 & 255), (ip >> 8) & 255, ip & 255 )
   return str(octs[0]) + "." + str(octs[1]) + "." + str(octs[2]) + "."
+ str(octs[3])

def gen_ips(num):
ips = []
for x in range(num):
ips.append(inet_ntoa(random.randint(0,pow(2,32)-1)))
# To make sure we have at least SOME nearlyconsecutive IPs...
ips +=
"63.81.88.116,63.81.88.118,63.81.88.120,63.81.88.122,63.81.88.124,63.81.88.126".split(",")
# I added your example IPs.
return ips

def write_random_ips(num,fname):
ips = gen_ips(int(num))
f = open(fname,'w')
for ip in ips:
f.write(ip+'\n')
f.close()

def read_ips(fname):
return open(fname,'r').read().split('\n')

class Cluster():
def __init__(self):
self.ips = []
def add_ip(self,ip):
self.ips.append(ip)

def find_common_bits(ipa,ipb):
for bits in range(0,32):
mask = pow(2,32)-1 << bits & (pow(2,32)-1)

if ipa & mask == ipb & mask:
return 32-bits
else:
pass # print(f"{ipa} & (pow(2,{bits})-1) == {ipa &
(pow(2,bits)-1)} ==!=== {ipb} & (pow(2,{bits})-1) == {ipb &
(pow(2,bits)-1)}")

if len(sys.argv) == 4 and sys.argv[1] == "generate":
write_random_ips(sys.argv[2],sys.argv[3])
elif len(sys.argv) == 4 and sys.argv[1] == "aggregate": # TODO: Let's
imagine a "coverage" field that augments the max_gap field... does the
prefix cover too many IPs?
max_gap = int(sys.argv[2])
fname = sys.argv[3]

ips = [ inet_aton(ip) for ip in read_ips(fname) if ip!='' ] # ... it'd
be a good idea to make sure it looks like an IP.  Oh, this only does IPv4
btw.

ips.sort()

clusters=[Cluster()] # Add first (empty) cluster.. is this necessary?
Who cares, moving on
last_ip=None
for ip in ips:
if last_ip != None:
#print(f"Gap of {ip-last_ip} between {ip} and {last_ip}...
{inet_ntoa(ip)} / {inet_ntoa(last_ip)}")
if ip - last_ip <= max_gap:
#print(f"Gap of {ip-last_ip} between {ip} and {last_ip}...")
clusters[-1].add_ip(ip)
else:
cluster=Cluster()
cluster.add_ip(ip)
clusters.append(cluster)
last_ip = ip

for cluster in clusters:
if len(cluster.ips) == 0:
continue
if len(cluster.ips) > 1:
first_ip=cluster.ips[0]
last_ip=cluster.ips[-1]
num_bits = find_common_bits(first_ip,last_ip)
mask = pow(2,32)-1 << (32-num_bits) & (pow(2,32)-1)
network = first_ip & mask
print(f"{inet_ntoa(network)}/{num_bits}")
else:
print(f"{inet_ntoa(cluster.ips[0])}/32")
else:
print("Usage:")
print("{0} generate [number of IPs] [file name] # Generate specified
number of IPs, save to [file name]")
print("{0} aggregate [max gap] [file name] # Aggregate prefixes based
on overlapping subnets/IPs per the max gap permitted...")

Re: Muni broadband sucks (was: New minimum speed for US broadband connections)

[Chris Adams]

Once upon a time, William Herrin  said:
> A comparable Internet setup would be where the municipality implements
> a local network distribution service and then you buy from the
> Internet provider of your choice.

That's sort of how it works where I live.  The city-owned non-profit
utility company wanted to build out a network to support smart metering,
better monitoring, etc.  They contracted out to someone to build fiber
to the curb throughout the city, got their piece for the smart meters
and such, and then leased access to anyone that wants it.

They signed Google Fiber as the initial carrier, who then has people
come run the fiber from the curb to the house and install the ONT and
router.  I think GFiber is the only company selling service city-wide on
it, although I think there are some companies doing business services in
some areas.

It's not quite the same as the multi-vendor electricity setup, where
only one company actually delivers the amps to your house, but kind of
close.

So far, the old-school carriers (AT, Comcast, and WoW) I think have
ignored the utility's network.  About three months after the utility
fiber was buried on my street and I got Google Fiber, AT came through
digging up yards again to run their own fiber.  They then advertised
promotional rates that were $20/month more than GFiber (and the AT
rate required a bundle and a contract, while GFiber required neither).
I can't imagine they got many takers except from people who just stay
with AT out of momentum.

I'd think that eventually, AT/Comcast/WoW would switch over to the
utility's network, at least in new developments, but who knows.  I have
no idea how the prices works out for them vs. building and maintaining
their own thing.

We've had two cable TV companies available at most addresses since the
mid-1980s, which meant we had some of the lowest cable prices in the
country for a long time.  About the time Dish/DirecTV cranked up, I
think both recognized they could get away with raising their rates to
something competitve with the satellite providers.  No actual collusion
or anything (probably), but our cable rates went up really fast there
for a while.

-- 
Chris Adams 

RE: New minimum speed for US broadband connections

[Chris Adams (IT)]

This short term mindset is part of the problem. I’ve seen projects around me 
using CAF funds that push DSLAMs further into the network to get users up to 
100mbps, but they are already at their ceiling as soon as they are installed. I 
admire providers who invest beyond the short term into something that is future 
proof. 100mbps shouldn’t be the goal, it should be the baseline. It’s 
particularly troubling knowing how much federal tax money is subsidizing these 
installs that have no headroom on day 1. In my case, my neighbors get 25/1.5 on 
ADSL that loses sync half the time when it rains, partially in credit to the 
30+ year old copper plant it runs on. Putting a DSLAM within 3000ft only fixes 
a small part of the problem.

Starlink won’t have the capacity to fix all rural broadband, but It will be 
interesting to see whether it applies pressure to the incumbents, or if it 
stunts capital investment in less dense areas as users flee the decrepit 
service available.

I am at least grateful that Auction 904 weighted and prioritized awards based 
on speeds delivered.

Chris


From: NANOG  On Behalf Of 
james.cut...@consultant.com
Sent: Tuesday, June 1, 2021 2:14 PM
To: Mike Hammett 
Cc: nanog list 
Subject: Re: New minimum speed for US broadband connections

CAUTION: This email originated from outside the University of North Georgia. Do 
not click links or open attachments unless you recognize the sender and know 
the content is safe. If you suspect this message is fraudulent, please forward 
to s...@ung.edu<mailto:s...@ung.edu?subject=%5BSPAM%20REPORT%5D> or contact the 
IT Service Desk at 706-864-1922.
On Jun 1, 2021, at 1:33 PM, Mike Hammett 
mailto:na...@ics-il.net>> wrote:

"Why is 100/100 seen as problematic to the industry players?"

In rural settings, it's low density, so you're spending a bunch of money with a 
low probability of getting any return. Also, a low probability that the 
customer cares.

Of course, this is because the “industry” is driven short term profits and can 
not vision the eventual dispersion of remote workers begun in earnest about a 
year and which could result in longer term return on investment.

Re: New minimum speed for US broadband connections

[Chris Adams]

Once upon a time, Mike Hammett  said:
> "Bad connection" measures way more than throughput. 
> 
> What about WFH or telehealth doesn't work on 25/3? 

More than one person in a residence, home security systems (camera,
doorbell, etc.) uploading continuously, and more.

I know multiple people that had issues with slow Internet during the
last year as two adults were working from home and 1-3 children were
also schooling from home.  Parents had to arrange work calls around
their kids classroom time and around each other's work calls, because of
limited bandwidth.

The time of the Internet being a service largely for consumption of data
is past.  While school-from-home may be a passing thing as the pandemic
wanes, it looks like work-from-home (at least part time) is not going to
go away for a whole lot of people/companies.

-- 
Chris Adams 

RE: New minimum speed for US broadband connections

[Chris Adams (IT)]

I’d be interested to understand the rationale for not wanting to change the 
definition. Is it strictly the business/capital outlay expense?


Thanks,

Chris Adams

From: NANOG  On Behalf Of Jason 
Canady
Sent: Friday, May 28, 2021 8:39 AM
To: nanog@nanog.org
Subject: Re: New minimum speed for US broadband connections

CAUTION: This email originated from outside the University of North Georgia. Do 
not click links or open attachments unless you recognize the sender and know 
the content is safe. If you suspect this message is fraudulent, please forward 
to s...@ung.edu<mailto:s...@ung.edu?subject=%5BSPAM%20REPORT%5D> or contact the 
IT Service Desk at 706-864-1922.

I second Mike.


On 5/28/21 8:37 AM, Mike Hammett wrote:
I don't think it needs to change.


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ics-2Dil.com=DwMDaQ=FbBevciwIvGuzsJQdDnze9uCWRSXekJosRCbxNiCfPE=2xyWjaGAJiQBS60SNfJGVrkSN3JvZBCiAkWZBLNrNQA=hLl3tE5IUFeCnGVaq9aENU6Cb0VwUJSMovT2ACT74-I=S2l1XV98d5g-7uCPfcvNNU5WuML3uo1LVamsKRY-JHE=>

Midwest-IX
http://www.midwest-ix.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.midwest-2Dix.com=DwMDaQ=FbBevciwIvGuzsJQdDnze9uCWRSXekJosRCbxNiCfPE=2xyWjaGAJiQBS60SNfJGVrkSN3JvZBCiAkWZBLNrNQA=hLl3tE5IUFeCnGVaq9aENU6Cb0VwUJSMovT2ACT74-I=qGvndXaVQIOyFcKDLyED-Ufmklruq9Q3pArgVVFK1A8=>


From: "Sean Donelan" <mailto:s...@donelan.com>
To: nanog@nanog.org<mailto:nanog@nanog.org>
Sent: Thursday, May 27, 2021 7:29:08 PM
Subject: New minimum speed for US broadband connections


What should be the new minimum speed for "broadband" in the U.S.?


This is the list of past minimum broadband speed definitions by year

year  speed

1999  200 kbps in both directions (this was chosen as faster than
dialup/ISDN speeds)

2000  200 kbps in at least one direction (changed because too many service
providers had 128 kbps upload)

2010   4 mbps down / 1 mbps up

2015   25 Mbps down / 3 Mbps up (wired)
 5 Mbps down / 1 Mbps up (wireless)

2021   ??? / ??? (some Senators propose 100/100 mbps)

Not only in major cities, but also rural areas

Note, the official broadband definition only means service providers can't
advertise it as "broadband" or qualify for subsidies; not that they must
deliver better service.

Intro and Invitation to SANOG

[Chris Grundemann]

Hail NANOGers!

As I must assume you are all aware, NANOG is one of many NOGs & NOFs
around the world these days.

One of the oldest of those NOGs that many of you may not have heard of
is SANOG - the South Asian Network Operators Group. SANOG has been
running strong since 2003. And their community has done amazing work
in their region, from the jungles of Sri Lanka to the mountaintops of
Nepal and a whole lot more.

Learn more about SANOG here: https://sanog.org/

But why am I telling you this?

Well, I'm on the PC for their next meeting (SANOG 37), which will be
held virtually from Colombo.

"Virtually" means you have an opportunity to share your knowledge with
an international audience, without getting on a plane! Present on a
topic that will support the SANOG community with your expertise and
experience from the comfort of your own home/office!

Call for Papers is open:
https://sanog.org/sanog37/

Feel free to hit me with questions.

Cheers,
~Chris

--
@ChrisGrundemann
http://chrisgrundemann.com

Verizon Wireless

[Chris Whelan]

Hello everyone, I know this is a long shot, but I'm hoping someone on here
works for Verizon Wireless or knows someone that is in a position to assist
us.  Recently, a change to call routing occurred and Verizon Wireless calls
are now being delivered across our tandem instead of a SIP peer.  Ideally,
I would like to establish a SIP trunk to Verizon Wireless but changing the
call flow is the short term goal.  Thanks in advance for your help!




Christopher Whelan

Director of Network Engineering

GWI

office 207-602-1115

*cell* 207-751-5013
www.gwi.net

Cox Outage - a little humor for the day

[Chris Moody]

Apologies in advance for the random message to the board, but it IS
provider-related and gave me a good chuckle.

Sometimes the timing of events just presents it's own humor in beautiful
ways.

My wife's office just lost all connectivity and they received a status
notification from Cox Communications.




While checking the company's twitter for any status announcements, Cox
had posted the following webinar just an hour ago.




Cheers,
-Chris

-- 
Node-Nine, Inc.
ch...@node-nine.com
619.354.6463



OpenPGP_signature
Description: OpenPGP digital signature

Re: OVH datacenter SBG2 in Strasbourg on fire ????

[Chris Cariffe]

On Thu, Mar 11, 2021 at 7:40 PM Randy Bush  wrote:

> It surprises that important sites don't do mirroring.
>
> depends on what you mean by 'mirroring.' think latency.
>
> randy
> --
>
> Though a best effort to mirror would be acceptable.  Maybe not up to the
> minute but at least a recovery.
>