Re: The End-To-End Internet (was Re: Blocking MX query)
On Wed, Sep 05, 2012 at 02:15:07PM -0700, Joe St Sauver wrote: > 2) The Spamhaus CBL tracks the level of bot spam currently seen, > including breaking out statistics by a number of factors. > > 3) Currently, the US, where port 25 filtering is routinely deployed by > most large ISPs, is ranked 158th among countries when you consider botted > users on a per capita basis: http://cbl.abuseat.org/countrypercapita.html > > 4) While that's not perfect (after all, there are still at least 133,811 > listings for the US), on a PER-CAPITA basis, it's not bad -- that's just > ~0.055% of US Internet users that are infected, relative to some countries > where the rate of detected infection (based on spam emission) may be 4 to > 5% or more. I don't believe those numbers say that last. I *wish* those numbers said that, but I don't think they do. Here's why. A. "bot spam seen" (by whatever number of sensors are deployed) is conditional on bot spam making it out of its local network and onto some other network where is sensor exists. Clearly, port 25 blocking will dramatically curtail that. Thus, spam is still being generated by those systems: it's just not getting anywhere. B. Spam is not the only form of abuse generated by bots. Some participate in DDoS attacks, some host illicit web sites, some harvest addresses, the list is endless. Any sensor which only looks for spam arriving via SMTP on port 25 will miss all those. C. Some bots engage in secondary support activities (e.g., hosting DNS for spammer domains) which is not intrinsicly abusive, but is certainly abusive in context. Most of this will be missed by most of everything and everyone. D. Some bots do nothing -- that is, nothing overtly recognizable by external sensors of any kind at any location. They're either harvesting local data or perhaps they're simply being held in reserve, a practice our adversaries adopted quite early on. Thus we can't use anybody's numbers for observed bot-generated spam to estimate infection rates -- other than to set a lower bound on them. The upper bound can be, and like likely is, MUCH higher. Doubly so because there is abolutely no reason of any kind to think that infection rates of US-based hosts significantly differ from global norms. More broadly, the per-nation rates are interesting but probably unimportant: this is a global problem, so even if country X solved it (for a useful value of "solved") it would matter little. I think at this point any estimate of bot population under 200M should be laughed out of the room, and that (just as it has for a decade) it continues to monotonically increase. ---rsk
Re: "Circuit of the americas" aka COTA
On Aug 29, 2012, at 5:00 PM, Chris McDonald wrote: > Trendy name for the new racetrack/event venue outside austin. > > Does anyone know how one might get connectivity there? I figure there > must be a few folks here prepping the place for the upcoming formula > 1. > > The place seems to be a black hole to all the usual suspects. Since AS6453 is the official connectivity/technology sponsor for FOM, I suspect they will be leasing some dark fiber to COTA for the F1 race. Some of the F1 teams have their own telecom sponsors (Vodafone McLaren, etc) which will be doing the same. Don't know who would be pulling the actual fiber though... BTW - I will be there for the race as well (went to all the USGP races at IMS) - perhaps a NANOG meetup may be in order? Best Wishes - Peter -- [ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ]
RE: "Circuit of the americas" aka COTA
> Since AS6453 is the official connectivity/technology sponsor for FOM, I > suspect they will be leasing some dark fiber to COTA for the F1 race. > Some of the F1 teams have their own telecom sponsors (Vodafone McLaren, > etc) which will be doing the same. Don't know who would be pulling the > actual fiber though... > >From what I was told from talking to the on-site IT guy for Caterham, all teams are provide an MPLS connection back to their respective factory. I seem to recall was an insanely small connection for what is the "pinnacle of motorsports"... something like 4mbit or so. Admittedly this was input from only one team, and a "lower tier" team at that. This was also last year (2011). I remember being distinctly surprised at the relatively low amount of bandwidth they were provided at the track. Tom Walsh
Re: Are people still building SONET networks from scratch?
Subject: Re: Are people still building SONET networks from scratch? Date: Fri, Sep 07, 2012 at 10:50:31PM +1000 Quoting Julien Goodwin (na...@studio442.com.au): > > A few of the engineers at $DAYJOB still try and claim SONET is easier to > troubleshoot, but that hasn't been my practical experience. > > With ethernet it's something like: > - Layer 1 - light levels (DoM on nearly everything) > - Layer 1 - link pulse > - Layer 2 - can I send frames > > SONET it's, in practice: > - Layer 1 - light levels (DoM on newer kit, SOL on older) > - Layer 2 - Seemingly random collection of alarms > - Layer 2 - Is PPP up? Just the fact that BFD had to be reinvented shows that there is ample reason to prefer the steady-train-of-frames-with-status of SONET/SDH over perhaps-nobody-sent-a-packet-or-the-line-is-dead quagmire of Ethernet -- I have run pretty large (for sweden) networks over SDH (POS linecards on top of waves, not a full SDH system) and essentially similar networks as GE over waves, and I truly prefer the failure modes and analysis tools in SDH to the guesswork and afterthought patches of alohanet.. Still, the stupid f€%&€/# that make prices for linecards made me go GE instead of OC48 for the most recent deployment. In Sweden, both vendors claim about 6 times as much, per megabit, for SDH line cards. This can't really make sense. > As others have said doing a "diverse 1/10g ethernet" quote and a > "protected SONET" quote may be worthwhile, and adding a 20% pad to the > SONET one for staff training may also be perfectly justifiable. Maybe training is more expensive (it takes some CPU to parse SLOF/SLOS and PLOP etc) but it leads to lower OPEX since the "Maybe" factor is essentially gone. Operationally it is quite worthwhile to say "I have SLOS in my far end, which means somebody pulled a patch worngly in your just terminated maintenance window." instead of "The line is dead, can you please check something?" to your circuit provider. Yeah, SDH and similar probably will die, but cheap aint good. Only. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Is this going to involve RAW human ecstasy? signature.asc Description: Digital signature
Re: Are people still building SONET networks from scratch?
On 9/8/12, Måns Nilsson wrote: > Subject: Re: Are people still building SONET networks from scratch? Date: > Just the fact that BFD had to be reinvented shows that there is ample > reason to prefer the steady-train-of-frames-with-status of SONET/SDH over > perhaps-nobody-sent-a-packet-or-the-line-is-dead quagmire of Ethernet -- Not all Ethernet switching implementations are necessarily equal; there are 802.3ah OA&M and 802.1ag connectivity fault management / Loopback (MAC ping) / Continuity Check Protocol / Link Trace. (Which aren't much use without management software, however.) There /are/ reasons to prefer SONET for certain networks or applications; so it might (or might not) be a reasonable requirement, it just depends. Price is not one of those reasons; all the added complexity and use of less common equipment has some major costs, not to mention risks, involved if mixing many different service providers' products. SONET comes at a massive price premium per port and switching table entry on hardware modules that are much more expensive than 10g switches, and providers often charge a big premium regardless... Therefore; it is not the least bit surprising that a 10g wave would be massively less expensive in many cases than an OC3 over a long distance between point A and point B. As I see it... if you are thinking of 1000 miles of dark fiber to nowhere to support an OC3, then forget the "wasted" capacity; the cost of all that dark fiber needed just for them should get added to the customer's price quote for the OC3. Same deal if instead you need an OC48 at various hops to actually carry that OC3 and be able to end-to-end and tunnel the DCC bytes over IP or restrict equipment choices so you can achieve that D1-12 byte transparency -- -JH
Re: Are people still building SONET networks from scratch?
Subject: Re: Are people still building SONET networks from scratch? Date: Sun, Sep 09, 2012 at 01:15:35AM -0500 Quoting Jimmy Hess (mysi...@gmail.com): > On 9/8/12, Måns Nilsson wrote: > > Subject: Re: Are people still building SONET networks from scratch? Date: > > Just the fact that BFD had to be reinvented shows that there is ample > > reason to prefer the steady-train-of-frames-with-status of SONET/SDH over > > perhaps-nobody-sent-a-packet-or-the-line-is-dead quagmire of Ethernet -- > > Not all Ethernet switching implementations are necessarily equal; > there are 802.3ah OA&M and 802.1ag connectivity fault management / > Loopback (MAC ping) / Continuity Check Protocol / Link Trace. (Which > aren't much use without management software, however.) Of course. > There /are/ reasons to prefer SONET for certain networks or > applications; so it might (or might not) be a reasonable requirement, > it just depends. Yes. > Price is not one of those reasons; all the added complexity and use > of less common equipment has some major costs, not to mention risks, > involved if mixing many different service providers' products. SONET > comes at a massive price premium per port and switching table entry on > hardware modules that are much more expensive than 10g switches, and > providers often charge a big premium regardless... Yes. The 6x difference I alluded to was a comparison of line cards for OC192 and 10GE on major league routers, like CRS or T-series. Most of the bits are the same, yet the price \delta is insane. > Therefore; it is not the least bit surprising that a 10g wave would be > massively less expensive in many cases than an OC3 over a long > distance between point A and point B. Especially since it might be possible to get it provisioneed e2e. > As I see it... if you are thinking of 1000 miles of dark fiber to > nowhere to support an OC3, then forget the "wasted" capacity; the > cost of all that dark fiber needed just for them should get added to > the customer's price quote for the OC3. Yup. > Same deal if instead you need an OC48 at various hops to actually > carry that OC3 and be able to end-to-end and tunnel the DCC bytes over > IP or restrict equipment choices so you can achieve that D1-12 byte > transparency I'm a simple man. I just want the bitpipe to do IP over. It so happens that the combined engineering of the telco business made for a nice set of signalling bells and whistles that tend to work well on long point-to-point circuits. If not perfectly well, then at least orders of magnitude better than a protocol that was designed to sometimes convey frames over one nautical mile of yellow coax. Then again, the yellow coax has evolved, significantly. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Didn't I buy a 1951 Packard from you last March in Cairo? signature.asc Description: Digital signature
