Re: Thoughts on the Services Offered

[Glenn Kelley]

We use all of them and highly recommend them



On Sat, Oct 1, 2022 at 4:07 PM Mann, Jason via NANOG 
wrote:

> Anyone using the below or any plus/negatives for the using these services?
>
>
>
> Community Services | Team Cymru (team-cymru.com)
> 
>
>Nimbus Threat Monitor | Team Cymru (team-cymru.com)
> 
>
>DDOS Mitigation using UTRS | Team Cymru (team-cymru.com)
> 
>
>Bogon Reference | Team Cymru (team-cymru.com)
> 
>
>
>
>
>
>
>
>
> *---*
>
>
>
>
>
> *Jason Mann*
>
> LAN/WAN Engineer
>
> State Information Technology Services Division
>
> Department of Administration
>
> *DESK* 406.444.1786 * FAX* 406.444.5545
>
> *sitsd.mt.gov* *  |  **map*
>  * |  jam...@mt.gov
>   |  **Facebook* 
>
>
>
> *SERVICE FIRST!*
>
> *Submit an Incident*
> *
>  |
> **Search our Knowledge Base*
>  * |  **Request
> a Service*
> 
>
>
>
>
>
>
>
-- 

*Glenn S. Kelley, *I am a Connectivity.Engineer
Text and Voice Direct:  740-206-9624


a Division of CreatingNet.Works 
IMPORTANT: The contents of this email and any attachments are confidential.
They are intended for the named recipient(s) only. If you have received
this email by mistake, please notify Glenn Kelley, the sender, immediately
and do not disclose the contents to anyone or make copies thereof.

Re: Thoughts on the Services Offered

[TJ Trout]

we use all 3 and love them

On Sat, Oct 1, 2022 at 1:10 PM Mann, Jason via NANOG 
wrote:

> Anyone using the below or any plus/negatives for the using these services?
>
>
>
> Community Services | Team Cymru (team-cymru.com)
> 
>
>Nimbus Threat Monitor | Team Cymru (team-cymru.com)
> 
>
>DDOS Mitigation using UTRS | Team Cymru (team-cymru.com)
> 
>
>Bogon Reference | Team Cymru (team-cymru.com)
> 
>
>
>
>
>
>
>
>
> *---*
>
>
>
>
>
> *Jason Mann*
>
> LAN/WAN Engineer
>
> State Information Technology Services Division
>
> Department of Administration
>
> *DESK* 406.444.1786 * FAX* 406.444.5545
>
> *sitsd.mt.gov* *  |  **map*
>  * |  jam...@mt.gov
>   |  **Facebook* 
>
>
>
> *SERVICE FIRST!*
>
> *Submit an Incident*
> *
>  |
> **Search our Knowledge Base*
>  * |  **Request
> a Service*
> 
>
>
>
>
>
>
>

Thoughts on the Services Offered

[Mann, Jason via NANOG]

Anyone using the below or any plus/negatives for the using these services?

Community Services | Team Cymru 
(team-cymru.com)
   Nimbus Threat Monitor | Team Cymru 
(team-cymru.com)
   DDOS Mitigation using UTRS | Team Cymru 
(team-cymru.com)
   Bogon Reference | Team Cymru 
(team-cymru.com)



---
[cid:image001.jpg@01D8D59E.E7CE0FA0]


Jason Mann
LAN/WAN Engineer
State Information Technology Services Division
Department of Administration
DESK 406.444.1786  FAX 406.444.5545
sitsd.mt.gov  |  
map  |  jam...@mt.gov  |  
Facebook

SERVICE FIRST!
Submit an Incident 

  |  Search our Knowledge 
Base  |  Request a 
Service

RE: Changing upstream providers, opinions/thoughts on 123.net and cogent

[Aaron Gould]

I’ve never heard of 123

 

I’ve used Cogent for several years now… 

 

Price was good

10 gig link… for a few years

20 gig (2) 10 gigs lagged… for a year or so…

100 gig link for past few months…

 

The support is quick and easy to deal with.

 

DDOS RTBH is nice quick and easy (but different than other SP’s with 
communities…. Cogent ddos rtbh is a separate bgp neighbor session)… I like it

 

IPv6 has issues with Google and HE I think still….been years now.

 

Attacks come as often through cogent as any of my sp’s, but probably more on 
cogent than others…. Telia is catching up.

 

-Aaron

 

Re: Changing upstream providers, opinions/thoughts on 123.net and cogent

[Neader, Brent]

Looks like they already are?

https://bgp.he.net/AS14374

Depending on which peer you might be replacing 123.net or cogent with, that 
could possibly change someone’s opinion.  However, at least from past topics on 
this, given cogent history with peering issues (such as HE.net cake), I think 
one would certainly want to understand what impact peering/routing quirks would 
cause them and their ability to work around them before selecting cogent.

Given I doubt your international reach is a big deal, and given 123.net is more 
of a tier2 (https://bgp.he.net/AS12129) with local and regional peering ( 
https://www.peeringdb.com/net/3899 ), they could be better suited for your 
traffic patterns and local customers?

Also if you are not already interconnected with 123.net from a transport 
perspective, given their footprint in the state, there could be opportunities 
for an NNI to expand your reach to help interconnect your customer’s locations 
(aka customer has a branch office inside and outside your direct footprint and 
wants ELAN type service).

I have looked at them before but never got serious, and thus cannot offer any 
input on their actual service or support.

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ben Cannon
Sent: Friday, January 4, 2019 8:16 PM
To: Aaron Henderson 
Cc: nanog@nanog.org
Subject: EXT_Re: Changing upstream providers, opinions/thoughts on 123.net and 
cogent

Run BGP and use multiple upstream providers as soon as you can.
-Ben

On Jan 4, 2019, at 4:57 AM, Aaron Henderson 
mailto:ahender...@avci.net>> wrote:
I work for a rural ISP and the powers that be have been thinking about changing 
our upstream providers. The big names on the table right now are 
123.net<http://123.net/> and Cogent.

I, along with the people in my circle, do not have any experience with these 
providers and all we are getting is what sales are dishing us.

I was hoping some of you here might have experience with these providers and 
could share your experiences and opinions.

Thanks,

A

Re: Changing upstream providers, opinions/thoughts on 123.net and cogent

[Brandon Martin]

To reiterate what's been said...

I would not want to be single-homed to Cogent.  They're fine (and 
generally useful and a reasonable use of your operating money) in a blend.


I'm not familiar with 123.net, but looking briefly at them, they appear 
to be a regional blend.  Much preferable compared to your other option 
assuming they competently operate their network.


FWIW, I wouldn't WANT to be single-homed to anyone, but I'll do it when 
it's the right choice.


If you have to be single-homed, you really have to go with a quality 
upstream, and you're going to pay for it.  If you have the volume and 
connectivity to be multi-homed, do it.  It'll be better in just about 
every way.

--
Brandon Martin

Re: Changing upstream providers, opinions/thoughts on 123.net and cogent

[William Herrin]

On Fri, Jan 4, 2019 at 5:40 PM Aaron Henderson  wrote:
> I work for a rural ISP and the powers that be have been thinking about 
> changing our upstream providers. The big names on the table right now are 
> 123.net and Cogent.
>
> I was hoping some of you here might have experience with these providers and 
> could share your experiences and opinions.

Hi Aaron,

I don't know anything about 123.net.

Google "Cogent cake," "cogent sprint," and "cogent telia" for
explanations and examples of how relying on Cogent as your sole
transit provider is likely to bite you in the behind. Using them as a
secondary transit provider in a BGP-managed mix is arguably more
acceptable.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: Changing upstream providers, opinions/thoughts on 123.net and cogent

[Ben Cannon]

Run BGP and use multiple upstream providers as soon as you can.

-Ben

> On Jan 4, 2019, at 4:57 AM, Aaron Henderson  wrote:
> 
> I work for a rural ISP and the powers that be have been thinking about 
> changing our upstream providers. The big names on the table right now are 
> 123.net and Cogent.
> 
> I, along with the people in my circle, do not have any experience with these 
> providers and all we are getting is what sales are dishing us.
> 
> I was hoping some of you here might have experience with these providers and 
> could share your experiences and opinions.
> 
> Thanks,
> 
> A
> 

Changing upstream providers, opinions/thoughts on 123.net and cogent

[Aaron Henderson]

I work for a rural ISP and the powers that be have been thinking about
changing our upstream providers. The big names on the table right now are
123.net and Cogent.

I, along with the people in my circle, do not have any experience with
these providers and all we are getting is what sales are dishing us.

I was hoping some of you here might have experience with these providers
and could share your experiences and opinions.

Thanks,

A

PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Bob Evans]

Nice of you to check Jim. This brings up the old idea - A long time ago I
had an INOC phone by PCH.NET - It never rang, as we filter our outbound
with detail everywhere we announce. ISPs need to provide us their address
list.

And the few times I needed to use it , no one ever answered. ( It was a
decade ago before NANOG membership.) So after a while I too ignored it.
Maybe this was an idea ahead of it's time ? From this painful mishap, it
could have been a great solution for NOC Engineers to help each. I find
peeringdb often outdated as companies change around and sluggish return
call if at all.  Most are like a sales line number post.

I see now a long list of registered networks in the PCH directory. Are
networks actually paying attention and using it. Is it time to take
another look ?  At midnight in your organization could you get a NOC
person with " proper BGP skills and access " to answer and care about a
bad announcement ?

https://inoc-dba-web.pch.net/inoc-dba/console.cgi?op=show_pubdir=org
 Link above shows lots more networks listed on the
 INOC-DBA Public Directory: Organizations

But have you used it? Did it work for you when you needed it ?
Any further comments are appreciated.

This seems like a very good proper civil approach - maybe this or
something like it ARIN might help promote and endorse as a benefit to the
community ? Be nice if with the cash they did something simple like this
and got all of us to use it? Special line forwarding ? A Emergency Only
NOC App for our phones for just this kind of situation - one that
registers a specific ASN and pin code we set on the registration page ?

Thank You
Bob Evans
CTO




>
>
> On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen"
>  wrote:
>
>>On 9/28/15 20:19, Martin Hannigan wrote:
>>>
>>>Is this related to 104.73.161.0/24? That's ours. :-)
>>>
>>>We'll take a look and get back to you.  Thanks for caring!
>>>
>>
>>
>>Yep, that's one of the affected prefixes.
>>
>>~Seth
> Hi Seth, which market was this occurring?  Was this already removed?  I'm
> not seeing it this morning.  I would like to figure out what went wrong
> here.  We shouldn't be nailing up any static configuration to have caused
> a situation like this.
>
>

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Bob Evans]

A friend is not someone that allows their company to hijack your prefixes.
A friend is one that can get it to stop. Dude - wake up and drink some
coffee.

Thank You
Bob Evans
CTO




> Hi Bob,
>
> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
>> This seems like a very good proper civil approach - maybe this or
>> something like it ARIN might help promote and endorse as a benefit to
>> the community ? Be nice if with the cash they did something simple
>> like this and got all of us to use it? Special line forwarding ? A
>> Emergency Only NOC App for our phones for just this kind of situation
>> - one that registers a specific ASN and pin code we set on the
>> registration page ?
>
> In this day and age people use IRC or Facebook to quickly get to a
> friend of a friend of a friend to get to a good contact. Get on with the
> times :-)
>
> Kind regards,
>
> Job
>

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Royce Williams]

On Tue, Sep 29, 2015 at 7:12 AM, Job Snijders  wrote:
>
> Hi Bob,
>
> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
> > This seems like a very good proper civil approach - maybe this or
> > something like it ARIN might help promote and endorse as a benefit to
> > the community ? Be nice if with the cash they did something simple
> > like this and got all of us to use it? Special line forwarding ? A
> > Emergency Only NOC App for our phones for just this kind of situation
> > - one that registers a specific ASN and pin code we set on the
> > registration page ?
>
> In this day and age people use IRC or Facebook to quickly get to a
> friend of a friend of a friend to get to a good contact. Get on with the
> times :-)

This seems lossy and unscriptable to me.  There are maxint different
flavors of $social, so it's not suitable for escalation, IMO.  Also,
many people opt out of half of them when they're not on the clock.
And, many of them have "I don't know you so I'll bury your message"
options, which makes being tickled by a stranger for emergency
purposes hard.  And their "APIs", so to speak, are constantly
shifting.

But we already have a reliable, widespread, high-SNR channel: this
list.  It's the place that people go when they can't get an answer any
other way.  Email works when many other things are broken.

What if all NOCs used their NOC email distro/alias to subscribe,
filter for posts containing their own ASes/admin-domains/prefixes,
plus the string "problem|issue|etc", and flag them as higher priority.
A junior NOCling could check it manually every couple of hours, and
maybe a public web archive of the list, in case of filter failures.

I would expect most NOCs worth their salt to be monitoring nanog
anyway.  Why not leverage it?

A sibling list could be spun off -- nanog-panic-button? ;) -- if that
would be preferable.

Royce

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Job Snijders]

Hi Bob,

On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
> This seems like a very good proper civil approach - maybe this or
> something like it ARIN might help promote and endorse as a benefit to
> the community ? Be nice if with the cash they did something simple
> like this and got all of us to use it? Special line forwarding ? A
> Emergency Only NOC App for our phones for just this kind of situation
> - one that registers a specific ASN and pin code we set on the
> registration page ?

In this day and age people use IRC or Facebook to quickly get to a
friend of a friend of a friend to get to a good contact. Get on with the
times :-)

Kind regards,

Job

Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

[Jay Ashworth]

I entirely disagree, Job.

The idea of a private tieline network that is connected, by SIP, to a line 
appearance in the NOC of each AS, and no one else is on it, seems like a
fine idea to me.

And that was INOC-DBA's original goal, as I understand it:

You're having a problem?  It's coming from some specific AS?

Pick up the phone, mash the red INOC line button, dial the AS 
number, and you're talking to their NOC.

And that's *authenticated*: since it's low enough churn to set up
by hand, it's authenticated by humans.

Show of hands: who has it set up, correctly, right now?

- Original Message -
> From: "Job Snijders" <j...@instituut.net>
> To: "Bob Evans" <b...@fiberinternetcenter.com>
> Cc: nanog@nanog.org
> Sent: Tuesday, September 29, 2015 11:12:43 AM
> Subject: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
> Hi Bob,
> 
> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
> > This seems like a very good proper civil approach - maybe this or
> > something like it ARIN might help promote and endorse as a benefit
> > to
> > the community ? Be nice if with the cash they did something simple
> > like this and got all of us to use it? Special line forwarding ? A
> > Emergency Only NOC App for our phones for just this kind of
> > situation
> > - one that registers a specific ASN and pin code we set on the
> > registration page ?
> 
> In this day and age people use IRC or Facebook to quickly get to a
> friend of a friend of a friend to get to a good contact. Get on with
> the
> times :-)
> 
> Kind regards,
> 
> Job

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Bob Evans]

I have actually found this NANOG email to be more effective than a chat or
mombook public service. We need something more private like that.

Thank You
Bob Evans
CTO




> A friend is not someone that allows their company to hijack your prefixes.
> A friend is one that can get it to stop. Dude - wake up and drink some
> coffee.
>
> Thank You
> Bob Evans
> CTO
>
>
>
>
>> Hi Bob,
>>
>> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
>>> This seems like a very good proper civil approach - maybe this or
>>> something like it ARIN might help promote and endorse as a benefit to
>>> the community ? Be nice if with the cash they did something simple
>>> like this and got all of us to use it? Special line forwarding ? A
>>> Emergency Only NOC App for our phones for just this kind of situation
>>> - one that registers a specific ASN and pin code we set on the
>>> registration page ?
>>
>> In this day and age people use IRC or Facebook to quickly get to a
>> friend of a friend of a friend to get to a good contact. Get on with the
>> times :-)
>>
>> Kind regards,
>>
>> Job
>>
>
>
>

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

[Niels Bakker]

* j...@baylink.com (Jay Ashworth) [Tue 29 Sep 2015, 17:31 CEST]:

The idea of a private tieline network that is connected, by SIP, to a line
appearance in the NOC of each AS, and no one else is on it, seems like a
fine idea to me.


Until you take into account that SIP doesn't work through many
firewalls, that people generally don't give a second thought to
timezones, that network engineers generally dislike having to mess
with voice systems, etc. etc.

2 out of 3 INOC-DBA calls I ever received were silent on their end
(presumably) due to firewalls; the third call was a test.



And that was INOC-DBA's original goal, as I understand it:

You're having a problem?  It's coming from some specific AS?

Pick up the phone, mash the red INOC line button, dial the AS
number, and you're talking to their NOC.

And that's *authenticated*: since it's low enough churn to set up
by hand, it's authenticated by humans.


In other words, it wasn't secure, it wouldn't scale and churn killed it.



Show of hands: who has it set up, correctly, right now?


No.  There is nothing I'd do after receiving a phone call that I
wouldn't do via email anyway.


-- Niels.

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

[Bob Evans]

Neils, do you actually work at in a NOC operation with BGP operations and
policies you can change - a backbone with customers? If not - I would
understand why email is fast enough for you.

Maybe SIP iNOC phone isn't the right answer - but it seems to work fine
everywhere I go. There just has to be a better way of communicating other
than posting an email to a board - which isn't focused on a live network
emergency. Something that's self filtered by all of us for a specific use.

SayAn email/ text might work well or even better than SIP - if we had
an APP that noticed a specific key or coded line plus your ASN to then
ring my phone with an urgent ring tone.hence, the idea of an NOC APP
for that.

Something other than "No I won't do anything different" - an idea or
concept something you would embrace for such a moment. The iNOC phone
wasn't embraced. Maybe a APP is a better idea than a phone.

Thank You
Bob Evans
CTO




> * j...@baylink.com (Jay Ashworth) [Tue 29 Sep 2015, 17:31 CEST]:
>>The idea of a private tieline network that is connected, by SIP, to a
>> line
>>appearance in the NOC of each AS, and no one else is on it, seems like a
>>fine idea to me.
>
> Until you take into account that SIP doesn't work through many
> firewalls, that people generally don't give a second thought to
> timezones, that network engineers generally dislike having to mess
> with voice systems, etc. etc.
>
> 2 out of 3 INOC-DBA calls I ever received were silent on their end
> (presumably) due to firewalls; the third call was a test.
>
>
>>And that was INOC-DBA's original goal, as I understand it:
>>
>>You're having a problem?  It's coming from some specific AS?
>>
>>Pick up the phone, mash the red INOC line button, dial the AS
>>number, and you're talking to their NOC.
>>
>>And that's *authenticated*: since it's low enough churn to set up
>>by hand, it's authenticated by humans.
>
> In other words, it wasn't secure, it wouldn't scale and churn killed it.
>
>
>>Show of hands: who has it set up, correctly, right now?
>
> No.  There is nothing I'd do after receiving a phone call that I
> wouldn't do via email anyway.
>
>
>   -- Niels.
>

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

[Hugo Slabbert]

On Tue 2015-Sep-29 11:19:57 -0400, Jay Ashworth  wrote:

:


Show of hands: who has it set up, correctly, right now?


I had this in my to-do, and this thread poked me again to get on with it.  
Sadly, https://inoc-dba-web.pch.net/inoc-dba/console.cgi?op=new_account 
gives me:


Account sign up is disabled.

Please wait for the new system! 


:'(

--
Hugo


signature.asc
Description: Digital signature

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Jay Ashworth]

Well, there *is* outa...@outages.org... :-)

- Original Message -
> From: "Royce Williams" <ro...@techsolvency.com>
> To: nanog@nanog.org
> Sent: Tuesday, September 29, 2015 11:31:54 AM
> Subject: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
> On Tue, Sep 29, 2015 at 7:12 AM, Job Snijders <j...@instituut.net>
> wrote:
> >
> > Hi Bob,
> >
> > On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote:
> > > This seems like a very good proper civil approach - maybe this or
> > > something like it ARIN might help promote and endorse as a benefit
> > > to
> > > the community ? Be nice if with the cash they did something simple
> > > like this and got all of us to use it? Special line forwarding ? A
> > > Emergency Only NOC App for our phones for just this kind of
> > > situation
> > > - one that registers a specific ASN and pin code we set on the
> > > registration page ?
> >
> > In this day and age people use IRC or Facebook to quickly get to a
> > friend of a friend of a friend to get to a good contact. Get on with
> > the
> > times :-)
> 
> This seems lossy and unscriptable to me. There are maxint different
> flavors of $social, so it's not suitable for escalation, IMO. Also,
> many people opt out of half of them when they're not on the clock.
> And, many of them have "I don't know you so I'll bury your message"
> options, which makes being tickled by a stranger for emergency
> purposes hard. And their "APIs", so to speak, are constantly
> shifting.
> 
> But we already have a reliable, widespread, high-SNR channel: this
> list. It's the place that people go when they can't get an answer any
> other way. Email works when many other things are broken.
> 
> What if all NOCs used their NOC email distro/alias to subscribe,
> filter for posts containing their own ASes/admin-domains/prefixes,
> plus the string "problem|issue|etc", and flag them as higher priority.
> A junior NOCling could check it manually every couple of hours, and
> maybe a public web archive of the list, in case of filter failures.
> 
> I would expect most NOCs worth their salt to be monitoring nanog
> anyway. Why not leverage it?
> 
> A sibling list could be spun off -- nanog-panic-button? ;) -- if that
> would be preferable.
> 
> Royce

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

[Pete Mundy]

On 30/09/2015, at 6:19 AM, Matthew Walster  wrote:

> ​"lolz" as the kids say.​

Current stats indicate it's actually only the old-timers that say lolz now 
days! ;)

http://www.huffingtonpost.com/entry/facebook-study-laughter_55c8b148e4b0f1cbf1e5857e

Pete

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[John Todd]

Since it’s come up on the list and we haven’t given a public update 
recently, I thought I’d just write a quick note on the state of 
INOC-DBA.  For those who aren’t familiar with it, INOC-DBA is a 
SIP-based hotline communications system between NOCs and CERTs:


https://www.pch.net/services/INOC_DBA

https://en.wikipedia.org/wiki/INOC-DBA

PCH has been the secretariat for INOC-DBA for the past thirteen years as 
a function of our not-for-profit purpose, serving network operators.  
During that time, the INOC-DBA back-end and self-provisioning systems 
have been completely replaced three times, and we’re currently at work 
on moving from the SER-driven 3.0 series of releases to a more modern 
BE7k-driven 4.0 system.  Because INOC-DBA has only been intermittently 
directly grant-funded, sometimes, like now, it is funded entirely out of 
our overhead budget, so progress can be slow.  The consequence is that, 
in order to make headway on the 4.0 transition, we’ve had to move 
people off of active support of the old 3.0 self-provisioning system.  
So, it’s fine for people who are already using it, but there’s not 
currently a way to create a new user within the 3.0 system, nor for 
existing users to make significant changes to call routing.


ASNs have proven to be a good identifier, allowing network operators to 
communicate with each other in a way that’s vetted, while avoiding 
putting PCH in the position of judging who qualifies to join and who 
doesn't.  Whether you know the name of a network, or where it’s 
located, or even what timezone they’re in, you know them by their ASN. 
 And a hotline system that bypasses directories and receptionists and 
escalation chains is a quick and low-friction way of reaching someone 
who has the authority and access to resolve a problem.


While email is the most venerable and well-known communication method it 
is often filtered, missed, or funneled through helpdesks that don’t 
have sufficient clue, or are stymied by dealing with someone who isn’t 
one of their own customers.  Facebook and general-purpose chat systems 
are less than ideal as well, as they’re un-vetted and quickly suffer 
the same fate as email: if they’re paid attention to at all, filters 
or automated systems are put in place to block the noise.  So, a closed 
network for voice, video, presence and chat has proven to be an 
immediate, low-noise way for those network operators who choose to use 
it, to communicate with each other.  In the 4.0 system, XMPP chat using 
the same identifiers in the same closed network is a natural extension 
and the new feature that, though hardly revolutionary, we’re most 
looking forward to releasing.


The technical issues that were discussed in this thread about NAT/PAT 
problems are certainly valid, but can be circumvented in a number of 
different ways, some of which are addressed in our documentation. SIP 
and RTP can work through NAT if correctly configured in simple 
circumstances, or in the presence of a NAT-traversal server, such as is 
included in INOC-DBA.  An organization may have multiple INOC-DBA users 
and opt to have a SIP-capable system at the border of their network with 
one side facing the public Internet, and one side facing their private 
network, and which manages call flow and media handling (Asterisk, 
Freeswitch, or any one of a number of free or commercial SIP PBX-like 
systems will do this fairly easily; again, there are tutorials in our 
documentation).  This also allows after-hours routing to PSTN lines or 
to call groups as needed, controlled by a local administrator.  We also 
have considered keeping the media path through our servers, which aids 
the NAT traversal issue while not precluding local SIP enclaves as 
described above.


One of the things that we struggle with is maintaining an appropriate 
balance between, on the one hand, keeping the network operations 
community informed of the status of the system, so they don’t feel 
compelled to ask on NANOG, versus not pro-actively over-sharing on lists 
and making a nuisance of ourselves.  Admittedly, if the 4.0 transition 
were going faster, this would be less of an issue.


So, we’re glad of the continued interest (particularly in the NANOG 
community, where INOC-DBA is not as widely used as in, for instance, the 
LACNIC community), and we apologize for the slow transition to the new 
4.0 back-end and self-provisioning system.  As always, you can contact 
us directly about INOC-DBA related stuff on opera...@pch.net


JT


---
John Todd - jt...@pch.net - +1-415-831-3123



On 29 Sep 2015, at 8:05, Bob Evans wrote:

Nice of you to check Jim. This brings up the old idea - A long time 
ago I
had an INOC phone by PCH.NET - It never rang, as we filter our 
outbound
with detail everywhere we announce. ISPs need to provide us their 
address

list.

And the few times I needed to use it , no one ever answered. ( It was 
a
decade ago before NANOG membership.) So after a while I too 

Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)

[Matthew Walster]

On 29 September 2015 at 17:13, Bob Evans 
wrote:

> Neils, do you actually work at in a NOC operation with BGP operations and
> policies you can change - a backbone with customers?


​"lolz" as the kids say.​



> SayAn email/ text might work well or even better than SIP - if we had
> an APP that noticed a specific key or coded line plus your ASN to then
> ring my phone with an urgent ring tone.hence, the idea of an NOC APP
> for that.
>

​This isn't an iPhone developers conference, the answer is very rarely
"there's an app for that". The chance of that being integrated with ISP
phone systems is slim to none.

Email works. When it doesn't IRC works. It has done for a decade, it will
for the next decade. Yes, even when the 200 people post to Outages saying
"XYZ is down for me, anyone else" or the far more annoying "can someone
from XYZ contact me offlist" posts to NANOG.

M​

Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115

[Aaron]

We have a big, red rotary phone that sits in our NOC that we have 
attached to a VoIP box just to use for that. :)


On 9/29/2015 10:05 AM, Bob Evans wrote:

Nice of you to check Jim. This brings up the old idea - A long time ago I
had an INOC phone by PCH.NET - It never rang, as we filter our outbound
with detail everywhere we announce. ISPs need to provide us their address
list.

And the few times I needed to use it , no one ever answered. ( It was a
decade ago before NANOG membership.) So after a while I too ignored it.
Maybe this was an idea ahead of it's time ? From this painful mishap, it
could have been a great solution for NOC Engineers to help each. I find
peeringdb often outdated as companies change around and sluggish return
call if at all.  Most are like a sales line number post.

I see now a long list of registered networks in the PCH directory. Are
networks actually paying attention and using it. Is it time to take
another look ?  At midnight in your organization could you get a NOC
person with " proper BGP skills and access " to answer and care about a
bad announcement ?

https://inoc-dba-web.pch.net/inoc-dba/console.cgi?op=show_pubdir=org
  Link above shows lots more networks listed on the
  INOC-DBA Public Directory: Organizations

But have you used it? Did it work for you when you needed it ?
Any further comments are appreciated.

This seems like a very good proper civil approach - maybe this or
something like it ARIN might help promote and endorse as a benefit to the
community ? Be nice if with the cash they did something simple like this
and got all of us to use it? Special line forwarding ? A Emergency Only
NOC App for our phones for just this kind of situation - one that
registers a specific ASN and pin code we set on the registration page ?

Thank You
Bob Evans
CTO






On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen"
 wrote:


On 9/28/15 20:19, Martin Hannigan wrote:

Is this related to 104.73.161.0/24? That's ours. :-)

We'll take a look and get back to you.  Thanks for caring!



Yep, that's one of the affected prefixes.

~Seth

Hi Seth, which market was this occurring?  Was this already removed?  I'm
not seeing it this morning.  I would like to figure out what went wrong
here.  We shouldn't be nailing up any static configuration to have caused
a situation like this.







--

Aaron Wendel
Chief Technical Officer
Wholesale Internet, Inc. (AS 32097)
(816)550-9030
http://www.wholesaleinternet.com

Re: Thoughts On Cheap Chinese xDSL Testers

[Joshua Zukerman]

There are some downsides with the Colt-250+ units (as I have one almost
daily to do installs for a CLEC).

1. The Colts require 4 high amperage AA batteries. I used to purchase
Duracell Ultra batteries which worked, but life span was a couple of weeks
to maybe a month and now I cannot seem to find them in stores. I now use
Lithium batteries and they seem to last a few months now.
2. They will only sync up for 100 Seconds max. Not helpful when you're
trying to diagnose a flapping circuit.
3. They won't stay sync'd up on circuits with Occam DSLAMs. They randomly
drop after a few seconds. Not a condition of the circuit. Some type of
incompatibility with Occams.
4. As others said, not a Layer 3 or 2 (I think).
5. Does not provide any additional details like Far end errors, Near end
Errors, FEC/HEC, etc.

On the plus side:
1. They boot up really quick, as quick as you can press 2 buttons you can
start a test. (my understanding is Sunrise units take a couple of minutes
to bootup)
2. Relatively lightweight.
3. Can use regular 6p4c line cords in case you lose the nice
Angled-Bed-of-Nails/6p4c test cable it comes with (like I accidentally did).
4. Can be purchased for cheap on eBay. I got mine years ago for less than
$150.00

On Mon, Jun 29, 2015 at 9:23 PM, Robert Glover robe...@garlic.com wrote:

 The local ILEC (Verizon) use Colt 250+.  They are pretty cool.  They do
 not do layer 3 like the meter you referenced.
 I'm actually looking for a cost-effective meter that does ADSL+ / VDSL2 /
 e.SHDSL.  it's easy to find one that does the first two, but not all three.

  Original message 
 From: Lyndon Nerenberg lyn...@orthanc.ca
 Date: 06/29/2015  5:50 PM  (GMT-08:00)
 To: North American Network Operators' Group nanog@nanog.org
 Subject: Thoughts On Cheap Chinese xDSL Testers

 I've been poking around looking for an inexpensive xDSL circuit tester to
 do some measurements on my home DSL line, in opposition to the telco. $2K+
 is not in the budget, so I'm curious about the accuracy of the $300 Chinese
 units kicking around eBay (e.g. the ST332B).  Anyone out there have
 experience with them?  Are they even remotely close to accurate?

 --lyndon

 ​




-- 
Joshua Zukerman
President
Snow Pond Technology Group Inc.
www.snowpondtech.com

Re: Thoughts On Cheap Chinese xDSL Testers

[Faisal Imtiaz]

We have some sunrise telecom test set's which we don't use any more.
Will be willing the sell them, let me know off list.

Regards.

Faisal Imtiaz
Snappy Internet  Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -
 From: Lyndon Nerenberg lyn...@orthanc.ca
 To: North American Network Operators' Group nanog@nanog.org
 Sent: Monday, June 29, 2015 8:50:43 PM
 Subject: Thoughts On Cheap Chinese xDSL Testers
 
 I've been poking around looking for an inexpensive xDSL circuit tester to do
 some measurements on my home DSL line, in opposition to the telco. $2K+ is
 not in the budget, so I'm curious about the accuracy of the $300 Chinese
 units kicking around eBay (e.g. the ST332B).  Anyone out there have
 experience with them?  Are they even remotely close to accurate?
 
 --lyndon
 
 

Re: Thoughts On Cheap Chinese xDSL Testers

[Joe Hamelin]

The Westel A90-750045-07 Frontier branded DSL router has some amazing DSL
status screens if you dig in the menu deep enough.  I always kept one in
the truck when I was doing some service work.  Check the local
Goodwill/Value Village.

--
Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474

On Mon, Jun 29, 2015 at 6:23 PM, Robert Glover robe...@garlic.com wrote:

 The local ILEC (Verizon) use Colt 250+.  They are pretty cool.  They do
 not do layer 3 like the meter you referenced.
 I'm actually looking for a cost-effective meter that does ADSL+ / VDSL2 /
 e.SHDSL.  it's easy to find one that does the first two, but not all three.

  Original message 
 From: Lyndon Nerenberg lyn...@orthanc.ca
 Date: 06/29/2015  5:50 PM  (GMT-08:00)
 To: North American Network Operators' Group nanog@nanog.org
 Subject: Thoughts On Cheap Chinese xDSL Testers

 I've been poking around looking for an inexpensive xDSL circuit tester to
 do some measurements on my home DSL line, in opposition to the telco. $2K+
 is not in the budget, so I'm curious about the accuracy of the $300 Chinese
 units kicking around eBay (e.g. the ST332B).  Anyone out there have
 experience with them?  Are they even remotely close to accurate?

 --lyndon

 ​

Thoughts On Cheap Chinese xDSL Testers

[Lyndon Nerenberg]

I've been poking around looking for an inexpensive xDSL circuit tester to do 
some measurements on my home DSL line, in opposition to the telco. $2K+ is not 
in the budget, so I'm curious about the accuracy of the $300 Chinese units 
kicking around eBay (e.g. the ST332B).  Anyone out there have experience with 
them?  Are they even remotely close to accurate?

--lyndon



signature.asc
Description: Message signed with OpenPGP using GPGMail

RE: Thoughts On Cheap Chinese xDSL Testers

[Robert Glover]

The local ILEC (Verizon) use Colt 250+.  They are pretty cool.  They do not do 
layer 3 like the meter you referenced.
I'm actually looking for a cost-effective meter that does ADSL+ / VDSL2 / 
e.SHDSL.  it's easy to find one that does the first two, but not all three.

 Original message 
From: Lyndon Nerenberg lyn...@orthanc.ca 
Date: 06/29/2015  5:50 PM  (GMT-08:00) 
To: North American Network Operators' Group nanog@nanog.org 
Subject: Thoughts On Cheap Chinese xDSL Testers 

I've been poking around looking for an inexpensive xDSL circuit tester to do 
some measurements on my home DSL line, in opposition to the telco. $2K+ is not 
in the budget, so I'm curious about the accuracy of the $300 Chinese units 
kicking around eBay (e.g. the ST332B).  Anyone out there have experience with 
them?  Are they even remotely close to accurate?

--lyndon

​

RE: why haven't ethernet connectors changed? (Ramdom thoughts)

[Brandt, Ralph]

I have seen the sixty or so messages about this and have marveled how
many can major on the minutia and ignore the obvious which Brielle
brings out.  

First, Ethernet connectors have changed - Thicknet (RG8) with
transceiver cables, thinnet, and now CAT series cables. Yep, I have
bored in the vampire taps and crimped thinnet.

In another venue I work we still have millions maybe billions of lines
of COBOL code. Why?  Because it works.  Because the cost of conversion
to something else is prohibitive.  It is being done by attrition and I
might say, painfully.  One organization I am aware of was to have been
extracted from the tar baby of its COBOL code that was originally
written in 1968 in COBOL D before Y2K had to fix all of that to run
properly over the millennium.  And one company I am aware of had to
convert its COBOL F to COBOL II to get there. I haven't followed it
since 2003 but they were still working on getting free from COBOL then
when I was offered a job helping them extricate from the mess.  I was
having too much fun with WAN's. BTW, I am retiring 2/28/13 - if anyone
has a COBOL and/or CICS job out there with the right location and
situation I may be interested.  I am fantastic as translating COBOL into
a language JAVA coders can understand.  I write JAVA, I do not call JAVA
coders programmers.  Programming is the next thing to retirement.

And RJ-45 has some of the same characteristics. It works.  There are
trillions of them out there in use and on equipment (the corresponding
jacks).  There are millions of techs who can put them on. Well, maybe
that is going a little too far.  I have seen too many techs who claim to
know how who should be hung with their cabling.  They are used for
everything so nearly every wiring discipline knows them.  There are
millions of sets of tools to attach them.  

I just saw an installation where a ham radio transmitter was set up in a
hospital in case everything else fails and they put the transmitter at
the roof, ran a 20 foot pre-made coaxial cable with PL259's to the
antenna and two CAT-5's down to the operator area where they put the
control.  The transceiver allows separation of the control head and the
transceiver. The one cat 5 carries the controls - the connectors on the
units are RJ-45.  The other CAT-5?  They made one pair out of the CAT5,
tied 4 wires together to get enough copper to handle the speaker.
Reason?  The hospital wiring staff did not know how to put on a PL259 on
RG-213. (Similar to RG-8). But they could run CAT-5 and put on RJ-45's.


So to change we have to provide training, tools, adapters (another
nightmare), labor to convert and for what?  There is no other connector
I am aware of and I haven't heard of any serious contender from anyone
here.  That means 30 million dollars development (my estimate) and five
years till we get the beta models. And for what?  I can't see any way we
could get more than a 20% higher density, even ignoring noise and
crosstalk issues.  And even if we can get 50% more would it be worth it?


Answer, MAYBE in some very specialized and/or badly designed situations
(concentrating too much copper in one place rather than distributing to
close up switches with fiber) where a higher density would be of
value, yes.  But now we create another set of adapters.  

I am a Ham Radio Operator - Extra Class.  I work with Emergency
Communications.  Having one more connector type is one more big
headache.  Yes, if there is a real advantage, fine.  Most ham hand held
transceivers went from the venerable and solid BNC to the SMA a few
years ago.  They screw a 18 inch antenna on an SMA!  Guess what?  They
break when you are lucky, otherwise they go intermittent.  And just to
make it more interesting one of the Chinese suppliers of very inferior
HT's uses an SMA male on the radio, not an SMA female like everyone
else.  So now instead of having three antenna connector types in general
use, N, PL259, BNC, each with their strengths and weaknesses and reasons
to use in certain places, we have 5 with no serous reason for two of
them. Note that HT's have used BNC and SMA, mobiles and bases are
generally N, PL259 with a few BNC.  I have standardized on bas/mobile at
PL259 and SMA male for HT to maintain sanity.  And to be able to work
with others who have a dukes mixture I carry a small box of adapters.

The IT industry trail is littered with computer languages that were
written to fix some non-existent problem and all that did was create
more confusion.  Many claimed to allow anyone to code programs,
something that is true but when you use people who really do not know
how to program you produce tons of shit code that is nasty to make
changes to - and maintenance of programs is usually 90% of life cycle
costs.  It is the same in a wire room when you let someone who doesn't
know how to properly place wire do it.  PASCAL is one example I can
cite.  It had absolutely no advantage over several other languages
existing at the time but 

Re: v4/v6 dns thoughts?

[Owen DeLong]

On Aug 10, 2011, at 9:01 PM, Andrew Parnell wrote:

 On Tue, Aug 9, 2011 at 7:36 PM, Owen DeLong o...@delong.com wrote:
 
 I also don't recommend doing the foo.v4/foo.v6 thing in your forwards. 
 There's
 really no advantage to do it. Most tools either have separate IPv4/IPv6 
 variants
 or have command-line switches for address-family control if you care.
 
 For most tools that I ordinarily use, I would certainly agree with
 this.  The only exception might be from a web browser; while there are
 ways that they can be reconfigured to only use certain IP versions in
 certain cases, it is probably more straightforward to use
 www.ipvN.domain.tld or a similar name.
 

In a web browser, I don't care unless I'm troubleshooting.

If I'm troubleshooting, my web browser of choice is probably wget rather
than one of the kitchen sink GUI based browsers. It turns out that wget
supports the flag in question.

Owen

Re: v4/v6 dns thoughts?

[Andrew Parnell]

On Tue, Aug 9, 2011 at 7:36 PM, Owen DeLong o...@delong.com wrote:

 I also don't recommend doing the foo.v4/foo.v6 thing in your forwards. There's
 really no advantage to do it. Most tools either have separate IPv4/IPv6 
 variants
 or have command-line switches for address-family control if you care.

For most tools that I ordinarily use, I would certainly agree with
this.  The only exception might be from a web browser; while there are
ways that they can be reconfigured to only use certain IP versions in
certain cases, it is probably more straightforward to use
www.ipvN.domain.tld or a similar name.

For reverse DNS, I completely agree that there is no reason to use a
different name.

Re: v4/v6 dns thoughts?

[Måns Nilsson]

Subject: Re: v4/v6 dns thoughts? Date: Thu, Aug 11, 2011 at 12:01:15AM -0400 
Quoting Andrew Parnell (and...@parnell.ca):
 On Tue, Aug 9, 2011 at 7:36 PM, Owen DeLong o...@delong.com wrote:
 
  I also don't recommend doing the foo.v4/foo.v6 thing in your forwards. 
  There's
  really no advantage to do it. Most tools either have separate IPv4/IPv6 
  variants
  or have command-line switches for address-family control if you care.
 
 For most tools that I ordinarily use, I would certainly agree with
 this.  The only exception might be from a web browser; while there are
 ways that they can be reconfigured to only use certain IP versions in
 certain cases, it is probably more straightforward to use
 www.ipvN.domain.tld or a similar name.
 
 For reverse DNS, I completely agree that there is no reason to use a
 different name.

While I am no enemy to /56 allocations (cross-thread alert!) I for the
most part tend to agree with Owen and would so here too. Possibly with the
addition of separate names in a subdomain for trouble-shooting. Selecting
protocol is something best done slightly lower in the stack. I did so
with $INCLUDE directives[0] at a former employer. For routers, where it
matters much more than for end-user stuff like web servers.
 

-- 
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
DIDI ... is that a MARTIAN name, or, are we in ISRAEL?


[0] Like so: 
$ORIGIN isp.tld.
$INCLUDE file-with--records-without-FQDN
$INCLUDE file-with-A-records-without-FQDN
$ORIGIN v4.isp.tld.
$INCLUDE file-with-A-records-without-FQDN
$ORIGIN v6.isp.tld.
$INCLUDE file-with--records-without-FQDN


signature.asc
Description: Digital signature

v4/v6 dns thoughts?

[Joe Pruett]

as i'm rolling v6 into my world, i'm not sure which way to go with
reverse dns conventions.  for forward i'm doing things like:

foo.example.coma1.1.1.1
foo.example.com1000::1.1.1.1
foo.v4.example.coma1.1.1.1
foo.v6.example.com1000::1.1.1.1

so i can use a foo.v4/v6 hostname if i need to specify transit behavior.

but for reverse i'm not sure if i want to map it like:

1.1.1.1.in-addr.arpaptrfoo.example.com.
1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.ip6.arpa   
ptrfoo.example.com

or:

1.1.1.1.in-addr.arpaptrfoo.v4.example.com.
1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.ip6.arpa   
ptrfoo.v6.example.com

being able to just use foo.example.com for authentication purposes
(sendmail, nfs, etc) is nice.  but also knowing when incoming is v4 or
v6 by just looking at the dns lookup (for tools that do reverse lookup
for you) is also nice.

what are you doing?  which way makes more sense to you?

Re: v4/v6 dns thoughts?

[Jeroen Massar]

On 2011-08-09 20:47 , Joe Pruett wrote:
 as i'm rolling v6 into my world, i'm not sure which way to go with
 reverse dns conventions.  for forward i'm doing things like:
 
 foo.example.coma1.1.1.1
 foo.example.com1000::1.1.1.1
 foo.v4.example.coma1.1.1.1
 foo.v6.example.com1000::1.1.1.1

You do mean:

foo.example.com   A 192.0.2.1
foo.example.com     2001:db8::1.1.1.1
foo.v4.example.comA 192.0.2.1
foo.v6.example.com  2001:db8::1.1.1.1

I hope, seeing that 1.1.1.1 is for the APNIC region and 1000::/8 is
outside 2000::/3 and thus not defined yet, that you use the
documentation prefixes when showing examples instead of abusing that
address space, as that is exactly the reason why 1.1.1.1 will most
likely never be allocated to anyone but researchers who are seeing all
kind of fun backscatter...

 so i can use a foo.v4/v6 hostname if i need to specify transit behavior.

People commonly use the 'ipv4' and 'ipv6' variant for this. Most
network-specific tools though fortunately have -4/-6, but as indeed
quite a few don't it is always handy to have the above.

[..]
 being able to just use foo.example.com for authentication purposes
 (sendmail, nfs, etc) is nice.  but also knowing when incoming is v4 or
 v6 by just looking at the dns lookup (for tools that do reverse lookup
 for you) is also nice.

Tools that do reverse lookups should always also report the IP address
as without the IP a reverse is futile unless said tool does at least a
ip-reverse-forward check and then of course the hope is that that
hostname does not disappear between that lookup happening and it going
away again...

 what are you doing?  which way makes more sense to you?

Map it to the hostname. This as it should not matter if it is IPv4 or IPv6.

For routers of course one might want to use a v4/v6 specific one as per
the above reason of 'easier for the eyes in traceroute', but on the
other side one could just as well use an IPv4+IPv6 per interface and
thus name them based on the interface

Greets,
 Jeroen

Re: v4/v6 dns thoughts?

[Owen DeLong]

On Aug 9, 2011, at 11:47 AM, Joe Pruett wrote:

 as i'm rolling v6 into my world, i'm not sure which way to go with
 reverse dns conventions.  for forward i'm doing things like:
 
 foo.example.coma1.1.1.1
 foo.example.com1000::1.1.1.1
 foo.v4.example.coma1.1.1.1
 foo.v6.example.com1000::1.1.1.1
 
 so i can use a foo.v4/v6 hostname if i need to specify transit behavior.
 
 but for reverse i'm not sure if i want to map it like:
 
 1.1.1.1.in-addr.arpaptrfoo.example.com.
 1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.ip6.arpa   
 ptrfoo.example.com
 
 or:
 
 1.1.1.1.in-addr.arpaptrfoo.v4.example.com.
 1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.ip6.arpa   
 ptrfoo.v6.example.com
 
 being able to just use foo.example.com for authentication purposes
 (sendmail, nfs, etc) is nice.  but also knowing when incoming is v4 or
 v6 by just looking at the dns lookup (for tools that do reverse lookup
 for you) is also nice.
 
 what are you doing?  which way makes more sense to you?
 

My PTRs are all to the same host name. In any context where the protocol
actually matters, you should have other ways to detect it.

I also don't recommend doing the foo.v4/foo.v6 thing in your forwards. There's
really no advantage to do it. Most tools either have separate IPv4/IPv6 variants
or have command-line switches for address-family control if you care.

Owen

Re: v4/v6 dns thoughts?

[Landon Stewart]

On 9 August 2011 16:36, Owen DeLong o...@delong.com wrote:

 My PTRs are all to the same host name. In any context where the protocol
 actually matters, you should have other ways to detect it.

 I also don't recommend doing the foo.v4/foo.v6 thing in your forwards.
 There's
 really no advantage to do it. Most tools either have separate IPv4/IPv6
 variants
 or have command-line switches for address-family control if you care.


I agree that using the v4 or v6 tag in forward or reverse is pointless.  One
can tell it is v4 or v6 by the result of the lookup and the hostnames don't
change just because they are accessible via IPv6.  If a hostname is directly
related to the fact that its IPv6 by all means put it in there though.


-- 
Landon Stewart lstew...@superb.net
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Direct: 206-438-5879
Web hosting and more Ahead of the Rest: http://www.superbhosting.net

RE: v4/v6 dns thoughts?

[Blake T. Pfankuch]

I too agree the v4/v6 stuff is pointless and slightly annoying so I have been 
using same name with A/ records.  

-Original Message-
From: Landon Stewart [mailto:lstew...@superb.net] 
Sent: Tuesday, August 09, 2011 6:16 PM
To: nanog@nanog.org
Subject: Re: v4/v6 dns thoughts?

On 9 August 2011 16:36, Owen DeLong o...@delong.com wrote:

 My PTRs are all to the same host name. In any context where the 
 protocol actually matters, you should have other ways to detect it.

 I also don't recommend doing the foo.v4/foo.v6 thing in your forwards.
 There's
 really no advantage to do it. Most tools either have separate 
 IPv4/IPv6 variants or have command-line switches for address-family 
 control if you care.


I agree that using the v4 or v6 tag in forward or reverse is pointless.  One 
can tell it is v4 or v6 by the result of the lookup and the hostnames don't 
change just because they are accessible via IPv6.  If a hostname is directly 
related to the fact that its IPv6 by all means put it in there though.


--
Landon Stewart lstew...@superb.net
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Direct: 206-438-5879
Web hosting and more Ahead of the Rest: http://www.superbhosting.net

Re: thoughts?

[Daniel Karrenberg]

On 27.05 07:10, Dorn Hetzel wrote:
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

Certainly no news for people on this list I would hope. ;-)

My objective when talking to reporters who write for the *business*
section is to project that mere awareness is not good enough anymore for
businesses; businesses need to have a plan.  For you all on this list
this should help the next time you talk to the suits who decide about
strategy and investments
... independently of which particular strategy you are going to recommend.

The non-technical press always simplifies and exaggerates; this is a
fact of life.  I am sure all of us evaluate news stories based on the
source.  It is fine if you say to the suits this is exaggerated, let's
.., just make the right decision. ;-)   This reporter did a very 
reasonable job considering the space he has to operate in. 

Daniel Karrenberg

IP address expert 
Not my words, but not wrong either.
contributions: RFC2050/BCP012, RFC1918/BCP005, address policies in RIPE region 
...
founding CEO of first RIR

Prediciting the future is easy..., getting it right is the dificult part.

thoughts?

[Dorn Hetzel]

http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

Re: thoughts?

[Randy Bush]

 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html

shocking news!

RE: thoughts?

[Eric Van Tol]

 -Original Message-
 From: Dorn Hetzel [mailto:dhet...@gmail.com]
 Sent: Thursday, May 27, 2010 7:11 AM
 To: nanog@nanog.org
 Subject: thoughts?
 
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

Wow.  A news story about the depletion of IP addresses?  Shocking, since this 
is the first I've personally heard about this.  I can't believe that this has 
never once even been brought up on NANOG, cisco-nsp, juniper-nsp, ARIN PPML, 
ARIN Discuss, or any other telecommunications list to which most of us 
subscribe.

In other news, I understand that the Americans have won their independence from 
England?  Did anyone else know this?

-evt

* Sorry for the snarkiness, it's just that posts like this ignite flame wars 
between those unwilling to spend the trivial cost for IPv6 addresses and those 
who are pushing for IPv6.  Instead, it's obviously more cost-effective to spend 
*hours* reading and writing multiple arguments against IPv6 than it is to just 
implement it.

Re: thoughts?

[Bret Clark]

Not any different then when Bob Metcalf predicted the Internet would 
melt down in the late 1990's and looked like a fool when it never 
happened! Even though I don't disagree IP4 address are rapidly getting 
used up, most of us on this list have the know how and tenacity to 
work through current and future problems. I think a lot of people like 
to claim the sky is falling sooner rather then later.


On 05/27/2010 07:10 AM, Dorn Hetzel wrote:

http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2
   

Re: thoughts?

[Jorge Amodio]

 In other news, I understand that the Americans have won their independence 
 from England?  Did anyone else know this?

Is Texas still part of Mexico ? Don't know how to fill the ARIN forms ...

-J

RE: thoughts?

[Chris Campbell]

I like the personal title:

Daniel Karrenberg, IP address expert


From: Dorn Hetzel [dhet...@gmail.com]
Sent: 27 May 2010 12:10
To: nanog@nanog.org
Subject: thoughts?

http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

Re: thoughts?

[Randy Bush]

 I like the personal title:
 Daniel Karrenberg, IP address expert

humility is always touching

Re: thoughts?

[James Bensley]

On 27 May 2010 12:10, Dorn Hetzel dhet...@gmail.com wrote:
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2


Disgraceful scaremongery, CCN should be ashamed.

-- 
Regards,
James.

http://www.jamesbensley.co.cc/ - There are only 10 kinds of people in
the world, those who understand trinary, those who don't understand
trinary and those who don't understand trinary.

Re: thoughts?

[Larry Sheldon]

On 5/27/2010 06:10, Dorn Hetzel wrote:
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2


I am guessing that once the Obama Administration has taken control of
this public utility, all of the problems will be resolved.

I for one will be afraid to use it.


-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml

Re: thoughts?

[Larry Sheldon]

On 5/27/2010 06:40, Eric Van Tol wrote:

 In other news, I understand that the Americans have won their
 independence .
Have we?
-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml

Re: thoughts?

[Larry Sheldon]

On 5/27/2010 07:07, James Bensley wrote:
 Disgraceful scaremongery, CCN should be ashamed.

CNN too.  Does anybody take them seriously?  Watch them?

-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml

Re: thoughts?

[Charles Bronson]

 Message: 6

 Date: Thu, 27 May 2010 07:10:54 -0400
 From: Dorn Hetzel dhet...@gmail.com
 Subject: thoughts?
 To: nanog@nanog.org
 Message-ID:
 aanlktinafob1k2nxycwmh7o6ni0ffouckcdfwon0j...@mail.gmail.com
 Content-Type: text/plain; charset=ISO-8859-1
 
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

I'm not sure what these IP Addresses are that they speak of. But can't we 
have the government just print more?


Charles Bronson


  

Re: thoughts?

[Jorge Amodio]

 I'm not sure what these IP Addresses are that they speak of. But can't we 
 have the government just print more?

We have to kick ICANN out of the picture and let the UN and ITU figure
what to do ...

Re: thoughts?

[Larry Sheldon]

On 5/27/2010 07:30, Charles Bronson wrote:
 Message: 6
 
 Date: Thu, 27 May 2010 07:10:54 -0400 From: Dorn Hetzel
 dhet...@gmail.com Subject: thoughts? To: nanog@nanog.org 
 Message-ID: 
 aanlktinafob1k2nxycwmh7o6ni0ffouckcdfwon0j...@mail.gmail.com 
 Content-Type: text/plain; charset=ISO-8859-1
 
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

 
 I'm not sure what these IP Addresses are that they speak of. But
 can't we have the government just print more?

Naw, they can't do that, silly.

They will set up an exchange where you can buy address credits from
undeveloped nations.
-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml

thoughts?

[Dorn Hetzel]

Perhaps my brevity got the better of me.  I should have said something like
any thoughts on whether the migration of this 'news' into the 'mainstream'
media will eventually result in some sort of y2k like 'panic' and will that
'panic', if it comes to pass, have operational impact?

RE: thoughts?

[Chris Campbell]

If the mainstream can sell more papers/get more viewers then in all likelyhood, 
yes.


From: Dorn Hetzel [dhet...@gmail.com]
Sent: 27 May 2010 14:06
To: nanog@nanog.org
Subject: thoughts?

Perhaps my brevity got the better of me.  I should have said something like
any thoughts on whether the migration of this 'news' into the 'mainstream'
media will eventually result in some sort of y2k like 'panic' and will that
'panic', if it comes to pass, have operational impact?

Re: thoughts?

[Valdis . Kletnieks]

On Thu, 27 May 2010 09:06:26 EDT, Dorn Hetzel said:
 Perhaps my brevity got the better of me.  I should have said something like
 any thoughts on whether the migration of this 'news' into the 'mainstream'
 media will eventually result in some sort of y2k like 'panic' and will that
 'panic', if it comes to pass, have operational impact?

It's going to go down *exactly* like Y2K did - there will be a lot of hype,
some sites won't notice because they saw the problem coming a decade ago and
did the right thing back then, a lot of sites will try to get moving and find
that their schedules are shot because third-party vendors don't have their shit
together, a lot of sites are going to have engineers burning the midnight oil
in a hurry because they dragged their feet, almost everybody will get hit by
unexpected legacy glitches, 5 years from now the general populace will be
asking what all the fuss was about, and a decade from now, we'll still be
finding little surprises in our code base.




pgpAXlDV1N8V8.pgp
Description: PGP signature

Re: thoughts?

[William Herrin]

On Thu, May 27, 2010 at 8:07 AM, James Bensley jwbens...@gmail.com wrote:
 On 27 May 2010 12:10, Dorn Hetzel dhet...@gmail.com wrote:
 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2

 Disgraceful scaremongery, CCN should be ashamed.

Why should CNN be ashamed? They're quoting a thoroughly bone-headed
statement from someone in a position where he should know better.

 The internet as we know it will no longer be able to
 grow, [said] Daniel Karrenberg, chief scientist at RIPE NCC




-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

RE: thoughts?

[George Bonser]

 -Original Message-
 From: Dorn Hetzel 
 Sent: Thursday, May 27, 2010 4:11 AM
 To: nanog@nanog.org
 Subject: thoughts?
 

http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=
 T2

Somebody should do something!

Re: thoughts?

[Roy]

On 5/27/2010 8:46 AM, George Bonser wrote:

-Original Message-
From: Dorn Hetzel
Sent: Thursday, May 27, 2010 4:11 AM
To: nanog@nanog.org
Subject: thoughts?


 

http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=
   

T2
 

Somebody should do something!


   


Don't worry.  Obama will appoint a bipartisan committee to investigate 
which will report back in two years.  Congress will hold hearings.  A 
bill will be proposed to tax IP addresses.

RE: thoughts?

[George Bonser]

 -Original Message-
 From: Roy 
 Sent: Thursday, May 27, 2010 8:59 AM
 To: nanog@nanog.org
 Subject: Re: thoughts?
 
 On 5/27/2010 8:46 AM, George Bonser wrote:
  -Original Message-
  From: Dorn Hetzel
  Sent: Thursday, May 27, 2010 4:11 AM
  To: nanog@nanog.org
  Subject: thoughts?
 
 Don't worry.  Obama will appoint a bipartisan committee to investigate
 which will report back in two years.  Congress will hold hearings.  A
 bill will be proposed to tax IP addresses.
 

And ensure access to IP addresses by the homeless.  The are also
rumblings about taking portions of 10/8 and making a national IP address
preserve where the addresses must remain unused and in their natural
state while a monument to 196.168/16 is planned for the lobby of UN
Headquarters in New York.  It is hoped that the 10/8 IPs in reserve will
return to their original state despite the hard use they have
experienced over recent decades.  But beware, North Korea has been
issuing counterfeit ARIN IP addresses and some third world countries
have been found to be trafficking in 0/8 which is extremely dangerous.
Addresses recently imported by ARIN from APNIC have been found to
actually be 127/8 IPs that have simply had the original numbers scraped
off and new numbers so skillfully applied that it is difficult to tell
them from the original. Be careful out there.
 
Where does one get an IP address degree?

Re: thoughts?

[Valdis . Kletnieks]

On Thu, 27 May 2010 08:46:47 PDT, George Bonser said:
  http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html
 Somebody should do something!

We started deploying IPv6 in testbed mode on our production network in 1997,
so we're waiting for the rest of you slackers to get caught up. :)



pgppSNax8Py4l.pgp
Description: PGP signature

RE: thoughts?

[Jeff Harper]

 -Original Message-
 From: Charles Bronson [mailto:packetg...@yahoo.com]
 Sent: Thursday, May 27, 2010 7:30 AM
 To: nanog@nanog.org
 Subject: Re: thoughts?
 
 I'm not sure what these IP Addresses are that they speak of. But
 can't we have the government just print more?
 
 
 Charles Bronson

Wal-Mart's got a 24 pack on sale for $9.99!

Re: thoughts?

[Larry Sheldon]

We are missing the point.

The Administration will, as it has so ably done in the Carbon Dioxide
emergency, declare the the IP layer a hazardous zone and institute taxes
to make the costs skyrocket, thereby reducing usage.

[Note to list nannies:  I know.  I had stopped.  I let several beautiful
openings go by un-used.  But this one had to be addressed.  I'll try
very hard to resist.]

-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml

RE: thoughts?

[Ted Fischer]

pssst ...

Anybody wanna buy a block of 240 ... I got /8s, /16s, /24s, even a 
/32 if you want just one to frame ... or you can have the whole 
240/4 for such a deal
No guarantees they will work, but they are one of those {soon to be 
rare} unassigned IPv4 addresses you've heard so much about



At 12:41 PM 5/27/2010, you wrote:



 -Original Message-
 From: Roy
 Sent: Thursday, May 27, 2010 8:59 AM
 To: nanog@nanog.org
 Subject: Re: thoughts?

 On 5/27/2010 8:46 AM, George Bonser wrote:
  -Original Message-
  From: Dorn Hetzel
  Sent: Thursday, May 27, 2010 4:11 AM
  To: nanog@nanog.org
  Subject: thoughts?

 Don't worry.  Obama will appoint a bipartisan committee to investigate
 which will report back in two years.  Congress will hold hearings.  A
 bill will be proposed to tax IP addresses.


And ensure access to IP addresses by the homeless.  The are also
rumblings about taking portions of 10/8 and making a national IP address
preserve where the addresses must remain unused and in their natural
state while a monument to 196.168/16 is planned for the lobby of UN
Headquarters in New York.  It is hoped that the 10/8 IPs in reserve will
return to their original state despite the hard use they have
experienced over recent decades.  But beware, North Korea has been
issuing counterfeit ARIN IP addresses and some third world countries
have been found to be trafficking in 0/8 which is extremely dangerous.
Addresses recently imported by ARIN from APNIC have been found to
actually be 127/8 IPs that have simply had the original numbers scraped
off and new numbers so skillfully applied that it is difficult to tell
them from the original. Be careful out there.

Where does one get an IP address degree?

Re: thoughts?

[Bryan Fields]

On 5/27/2010 13:09, Larry Sheldon wrote:
 We are missing the point.
 
 The Administration will, as it has so ably done in the Carbon Dioxide
 emergency, declare the the IP layer a hazardous zone and institute taxes
 to make the costs skyrocket, thereby reducing usage.

If some one from the government comes to take your IP address from you, shoot
them in the head.

Paraphrasing G. Gordon Liddy :)


-- 
Bryan Fields

727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net

Re: thoughts?

[Lee]

On 5/27/10, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote:
 On Thu, 27 May 2010 08:46:47 PDT, George Bonser said:
  http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html
 Somebody should do something!

 We started deploying IPv6 in testbed mode on our production network in 1997,
 so we're waiting for the rest of you slackers to get caught up. :)

 it took only 11 years for the USG to catch up:
http://www.whitehouse.gov/omb/rewrite/pubpress/2008/070108_scorecard.html

Lee

NIKSUN? Thoughts?

[DMFH]

All:

I've been digging for more information about NIKSUN, http://
www.niksun.com, and found this sort-of informative post here, http://
www.gossamer-threads.com/lists/nanog/users/125959#125959, which got me
to join in here and ask if anyone has had more experience with them recently.

I'm taking a look at their Enterprise kit, so far, so good, I'm able
to place the probes at egress points in my network and get down to
packet / other data wherever through a single interface and avoid probe
hopping, but before I expand my trial a bit more - anyone used this
before? The prior poster(s) just seemed to be using only a single
product like old Sniffers  I'm curious about bigger deployments.

/dmfh

Transit from Cogent - thoughts?

[adel]

 

 Contemplating using Cogent Communications for transit as pricing looks
favourable.  Just trying to get a feel for what sort of a reputation they
have in the network operators community.  I'm sure people have horror
stories for every provider, but just trying to get a general idea of what
sort of regard they are held in the community. 

Thanks 

Adel
 

Re: Transit from Cogent - thoughts?

[Bret Clark]

Cogent has been brought up several times over the last year. I suggest
searching http://www.gossamer-threads.com/lists/nanog/users/  

Otherwise you've just reopened a can of worms again. 


On Wed, 2009-11-11 at 15:04 +, a...@baklawasecrets.com wrote:

 
  Contemplating using Cogent Communications for transit as pricing looks
 favourable.  Just trying to get a feel for what sort of a reputation they
 have in the network operators community.  I'm sure people have horror
 stories for every provider, but just trying to get a general idea of what
 sort of regard they are held in the community. 
 
 Thanks 
 
 Adel
  

Re: Transit from Cogent - thoughts?

[Jay Moran]

Adel,

Perhaps the best way for you to get an answer to your question without the
entire list erupting for no good reason is to click on the following link
which will show all messages from the NANOG mailing list about Cogent. Then
you can make your decision based on past conversations as opposed to adding
more messages to that archive on the topic.

BTW, if you don't want to click on the link I've pasted because you are
careful and prudent, just go to the nanog.markmail.org website and search
for Cogent.

http://nanog.markmail.org/search/?q=cogent

Good luck!

Jay


On Wed, Nov 11, 2009 at 10:04 AM, a...@baklawasecrets.com wrote:



  Contemplating using Cogent Communications for transit as pricing looks
 favourable.  Just trying to get a feel for what sort of a reputation they
 have in the network operators community.  I'm sure people have horror
 stories for every provider, but just trying to get a general idea of what
 sort of regard they are held in the community.

 Thanks

 Adel

RE: Transit from Cogent - thoughts?

[Scott Berkman]

I also suggest reading the Wikipedia page on Cogent.

-Scott

-Original Message-
From: Jay Moran [mailto:jay+na...@tp.org] 
Sent: Wednesday, November 11, 2009 10:12 AM
To: a...@baklawasecrets.com
Cc: nanog@nanog.org
Subject: Re: Transit from Cogent - thoughts?

Adel,

Perhaps the best way for you to get an answer to your question without the
entire list erupting for no good reason is to click on the following link
which will show all messages from the NANOG mailing list about Cogent. Then
you can make your decision based on past conversations as opposed to adding
more messages to that archive on the topic.

BTW, if you don't want to click on the link I've pasted because you are
careful and prudent, just go to the nanog.markmail.org website and search
for Cogent.

http://nanog.markmail.org/search/?q=cogent

Good luck!

Jay


On Wed, Nov 11, 2009 at 10:04 AM, a...@baklawasecrets.com wrote:



  Contemplating using Cogent Communications for transit as pricing looks
 favourable.  Just trying to get a feel for what sort of a reputation they
 have in the network operators community.  I'm sure people have horror
 stories for every provider, but just trying to get a general idea of what
 sort of regard they are held in the community.

 Thanks

 Adel

Re: Some thoughts on 240/4

[Eliot Lear]

Leo,

 We need to get the code fixed, that is the most important item at
 this time.

This is absolutely true.  The purpose of my note was to provide an
understanding of why we're splitting the process into two by
demonstrating that picking the correct use requires more work.  Each of
the possible uses I described require much more detail  and
understanding.  We can gain that understanding as we're changing our
code since the uses are ALL unicast.

Also:
 I would ask everyone on this list to make it a checklist item for your very 
 next vendor meeting.

This always helps.  It would also help if you made your opinions known
to [EMAIL PROTECTED], where this discussion continues.\


Eliot

Re: Some thoughts on 240/4

[Leo Bicknell]

In a message written on Fri, Oct 19, 2007 at 12:24:44PM -0400, [EMAIL 
PROTECTED] wrote:
  Why would the 240/4 updates blow the schedule?
 
 More code, more regression testing, same number of programmers.  Do the math.

Less code, every patch produced to date /removes/ code.

More regression testing, same number of programmes, ok.

 Take it as a given that it *will* slip the schedule some amount, because
 the resources for a 240/4 feature will have to come from somewhere.  So
 how much slippage are you willing to accept?

Ok, I'll accept a month slippage in IPv6 features.  (What are we still
waiting on, anyway?)

I also believe that's also about 29 more days than most vendors
should need to do the job.

-- 
   Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [EMAIL PROTECTED], www.tmbg.org


pgpnYJqL0oCGc.pgp
Description: PGP signature

Re: Some thoughts on 240/4

[Leo Bicknell]

In a message written on Fri, Oct 19, 2007 at 11:19:57AM -0400, [EMAIL 
PROTECTED] wrote:
 How much ship date slip for the IPv6 features you need are you willing to
 accept when 240/4 updates blow the schedule?

Why would the 240/4 updates blow the schedule?

I ask this for two reasons:

1) The majority of the machines that need to be fixed are not run
   by the ISP.   The real issue here is Microsoft, Apple, DLink,
   Linksys, Netgear and so on.  They can ship patches without a lot
   of ISP involvement.

2) The change in this case has been documented to be excessively
   minimal.  Patches for FreeBSD and Linux have been produced, and
   I believe both are under 5 lines.  They consist of removing something
   to the effect:

   if (240/4)
  error (Not allowed to be used yet.);

   There's no new code in 99% of the platforms, there's just removing
   the IANA hasn't told us how it will be used message and, I
   guess for completeness retesting.  It will take longer for most
   vendors to have the meeting to decide it's the right thing to
   do than to do it.

So while ISP's push forward on the IPv6 front, Microsoft, Apple and
others can push out this change via normal software update mechanisms.
I'm not seeing why one has any real impact on the other.  Later we
can evaluate success and see if it can be used.

-- 
   Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [EMAIL PROTECTED], www.tmbg.org


pgp6NnF6AUT2F.pgp
Description: PGP signature

Some thoughts on 240/4

[Eliot Lear]

Dear all,

Thanks to Vince for presenting at NANOG.  Everyone should recognize by
now that this is a provocative topic.  Even the authors of
draft-fuller-240space-00.txt do not altogether agree on what should
happen in the medium term.  The one thing we do agree on, and we hope
you do to, is that the future is now, and that code changes need to
occur quickly if this space is to be useful for ANYTHING.  I would agree
with the many people who have pointed out that there are a billion
devices out there, many of which might not ever understand 240.0.0.0/4. 
But this issue is complex.  There are many possibilities and I believe
it requires a bit of study before the community jumps in with both feet
as to the best answer for this space.

By way of background, and you'll see why this becomes relevant later
down in this message, I am no fan of private address space, and less a
fan of NATs.  I think both add complexity into an already complex
environment and should generally be avoided.  I am a co-author of both
RFC 1617 and RFC 1918, so I have some idea bout what I am talking
about.  I also have enough formal training in economics to know that the
issues surrounding 240.0.0.0/4 are not simply a matter of computer
science, but not enough training to really help me drive to a conclusion
on the matter. 

Having said all of this, let's talk about some possible uses for
240.0.0.0/4.  When doing so, let's ask three questions:

* Who would benefit?
* What effort is involved to realize the benefit?
* What is the risk of not devoting the address space to this use?
* Are there alternatives that would equally satisfy the need in this
  case?


Let's first suppose that 240.0.0.0/4 or some portion of it is made
private.  This is what draft-wilson-class-e-01.txt proposed.  There are
two distinct groups who could potentially benefit from private address
space.  Big cable providers require a substantial number of IP addresses
just for management purposes.  As Alain has already pointed out, not
every provider would want to make use of this space, but rather simply
go to IPv6.  Still, some might.  The effort involved in making this
space useful would be a change to cable modems, CMTS hardware, and back
end systems that need to process the address.  By comparison, many cable
modems and CMTSes already have an IPv6 capability for this purpose. 
Only individual providers know who their vendors are and what their back
end systems look like in order to understand just how much work is
involved.  The risk of not devoting address space to this use would be a
need for large providers to bite the bullet and deploy v6 for this
purpose (n.b., this says nothing of end user use).  Another alternative
to would be to mark an additional /8 or two out of the OTHER remaining
unicast space ( 224.0.0.0) as private.

Some large organizations are said to be running out of RFC 1918 space. 
These organizations could benefit from some portion of 240/4 being
marked as private.  The perceived benefit would be that it forestalls an
infrastructure upgrade to IPv6 that might require an out-of-cycle
depreciation hit.  As a case and point, some account and billing systems
have knowledge of addresses, and the first provider to jump could end up
bearing the full brunt of the cost of the upgrade, while other providers
coast.  This is the typical early adopter charge, when one finds oneself
on the left side of the Rogers Curve.  Randy has spoken some to this
point, and could probably do so more eloquently than I.  The problem
here is the effort required to realize the benefit.  Because large
organizations have large amounts of hardware, large number of vendors to
interact with, and a large amount of management software, the cost of
using 240.0.0.0/4 is likely to approach that of upgrading to IPv6. 
Worse, if someone eats the cost of doing this, they will still need to
eat the cost of moving to IPv6 later, so this would be almost a double
hit.  This says nothing of actual product development costs to remove
the few lines of code that mark 240.0.0.0/4 as a martian.  Another
alternative to would be to mark an additional /8 or two out of the OTHER
remaining unicast space ( 224.0.0.0) as private, as no code changes
would be necessary.  I believe someone already mentioned this on the list.

As you heard at NANOG, Dino, Vince, Scott, and many others, including
myself, are investigating LISP.  Another potential use of this address
space would be as RLOC space.  To remind you, this would be essentially
PA space that is only seen in the network core.  If widely deployed,
this would free up space outside the 240/4 block for other uses.  The
effort to deploy as RLOC space would be roughly similar to our first use
case, except it will depend on what transition mechanisms are made
available.  If as a matter of transition, the entire Internet has to
understand 240.0.0/4 in their FIBs and RIBs, that in itself may require
an upgrade of some software EVERYWHERE.  

Re: Some thoughts on 240/4

[Leo Bicknell]

In a message written on Fri, Oct 19, 2007 at 10:20:43AM +0200, Eliot Lear wrote:
 So.  There are mine.  You probably have others you would add to the
 list.  I think I can speak for Vince and Dave when I say that we should
 consider these cases as we are actually removing 240.0.0.0/4 from our
 bogon filters, because it's all academic if we don't change our code now.

I have avoided the longer thread, so I thought replying to yours
might be a better option.

I think the discussion of what to do with 240.0.0.0/4 is premature.
We need to get the code fixed, that is the most important item at
this time.  When we get closer to needing 240.0.0.0/4 we can evaluate
at that time how much of the code has been fixed, and what the risk
is to deployment.  By the time we need it we may find 95% of the
devices have been fixed, or we may find 5%.  The problem is we
neither know the timeframe in which we need it, nor do we know how
fast vendors can get it fixed.

In order to have the most options I applaud Vince for running this
through the IETF, and I would ask everyone on this list to make it
a checklist item for your very next vendor meeting.  This is a small
change, vendors will make it, but only if customers ask for it.
Ask for patched software today and we'll be much better off tomorrow.

-- 
   Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [EMAIL PROTECTED], www.tmbg.org


pgpUGP1tCSt9H.pgp
Description: PGP signature

Re: Thoughts on best practice for naming router infrastructure in DNS

[Mark Tinka]

On Friday 15 June 2007 00:27, Olsen, Jason wrote:

 So, what practices do you folks follow?  What are the up
 and downsides you encounter?

At my previous employer, we came up with a formula that we 
were happy with. For reverse DNS, it involves:

* defining the interface
* defining the device function
* defining the local location
* defining the international location

o device interface could be:

fa-0-0-0
gi-1-0-0
s0-0-0
pos-1-0
tun0

  this also takes subinterfaces into account; for cases where
  we've had to classify a switch VI the routes IP traffic:

vlan100

o device function could be:

br-gw (border router)
cr-gw (core router)
cr-sw (core switch)
edge-gw (edge router)
edge-sw (edge switch)

o device local location; we normally define this using the
  IATA 3-letter international city/airport code:

LAX (Los Angeles
ABV (Abuja)
DXB (Dubai)
CPH (Copenhagen)
MEL (Melbourne)
HKG (Hong Kong)

  it is not uncommon to have towns or cities being
  abbreviated by the locals in some other way, either
  because they do not care for the IATA code :-), or if
  they do, are not included in the IATA database; in this
  case, you may use your imagination; for us, depending on
  the length of the name, we spell out the full town's name.

o device international location is easily defined if your TLD
  is based on a country, e.g., .uk, .ae, .ke, .za, .na, e.t.c.
  for situations where your domain name would end in a
  non-region specific TLD, e.g., .com, .net, .org, e.t.c., one
  would prefix a state or country (in the case of a global
  network) to the domain name, e.g.:

.uk.somelargenetwork.com
.za.somelargenetwork.com

  things could get interesting if you setup multiple PoP's in
  another location that would still fall under your .com or
  other such TLD, but there are ways to fix that :-).

So, a final example of, say, core router number 5 and edge 
switch number 3 located in a datacentre of a local Australian 
ISP in Melbourne:

gi-0-0-1.cr-gw-5-mel.somenetworknetwork.com.au
vlan876.edge-sw-3-mel.somenetwork.com.au

Say a large network, whose home network was the US, decided to 
setup a single PoP in Johannesburg that included one core 
router and one border router, but whose domain name ended 
in .net, it would look something like this:

pos-3-0.cr-gw-1-jnb.za.somelargenetwork.net
gi-0-0-1.br-gw-1-jnb.za.somelargenetwork.net

You could then use the script Joe Abley kindly posted earlier 
to automatically generate your entries.

Of course, this was our own approach. Different folks have 
different strokes.

Hope this helps.

Cheers,

Mark.

Re: Thoughts on best practice for naming router infrastructure in DNS

[Valdis . Kletnieks]

On Fri, 29 Jun 2007 16:35:09 BST, Neil J. McRae said:
 I remember in the past an excellent system using Sesame Street characters 
 names.

This only works in small shops.  If you have more routers than muppets, you
have a problem.  Had a lab once where we named machines after colors. That
hit some snarls when we discovered nobody in the lab could consistently spell
'fuschia', 'mauve', or 'paisley'. :)



pgpK13iUeNEgu.pgp
Description: PGP signature