Re: Netflix VPN detection - actual engineer needed

[Aled Morris]

Maybe HE's IPv6 tunnel packets could be flagged with a destination option
(extension header field) that records the end-user's IPv4 tunnel endpoint
so geolocation could be done in the "old fashioned" way on that address.

Similar to the way that edns-client-subnet records the end user's address
for geolocation purposes.

I have to say though, how many Netflix customers are using HE IPv6 tunnels,
really?  zero percent (to two decimal places)?

Aled

Re: NANOG67 - Tipping point of community and sponsor bashing?

[Aled Morris]

On 14 June 2016 at 22:38, Owen DeLong  wrote:

> So I just watched the video of Dave’s talk.
>

Me too and I was confused about what the point of it was.

I had always assumed the customers of those IXs he singled out were
generally happy with the service they were getting and the money they are
paying.

Is Dave trying to say they are being duped?  Is he trying to identify a
need for regulation?

I would hope that any company looking to join an IX does so with their eyes
open and with due diligence (and I don't think it is my place to tell them
if they should or not use an IX, unless they hire me to give them that
advice :-)

Perhaps Dave was advocating the SIX model and suggesting the customers of
the existing exchanges should be looking to organise an alternative in
their localities.

Or perhaps this is a wakeup call for LoNAP and the smaller exchanges who
"compete" with AMS-IX, DE-CIX and NetNod - stop trying to mimic their
commercial models (big fees which pay for staff and marketing) and look
instead at the lean SIX as the way of offering a service at a price
competitive to transit.

Or was there a hidden message in Dave's presentation that I missed?

Aled

Re: Request for comment -- BCP38

[Aled Morris]

On 26 September 2016 at 16:47, Laszlo Hanyecz  wrote:

>
> On 2016-09-26 15:12, Hugo Slabbert wrote:
>
>>
>> If you have links from both ISP A and ISP B and decide to send traffic
>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A
>> *should* drop that traffic on the floor.
>
>

> This is a legitimate and interesting use case that is broken by BCP38.



I don't agree that this is legitimate.

Also we're talking about typical mom & pop home users here.

I'll sell you a multihoming capable service at a price that includes my
time in maintaining your bespoke configuration, but my off-the-shelf
home-user service is going to be BCP38.

Aled

Re: Spitballing IoT Security

[Aled Morris]

On 25 October 2016 at 09:37, Jean-Francois Mezei <
jfmezei_na...@vaxination.ca> wrote:
>
> One way around this is for the pet feeder to initiate outbound
> connection to a central server, and have the pet onwer connect to that
> server to ask the server to send command to his pet feeder to feed the dog.
>

This is pretty common but, IMHO, the worst solution to this problem.

It creates a dependence on a cloud service which is typically undocumented
(what protocol do they use?  where is the server located, China?); a
centralised service is a security risk in it's own right (crack one server,
own all the pet feeders); and it is liable to disappear when the operator
goes out of business, rendering all the products sold useless.

A strength of IP is that it is fundamentally a peer-to-peer protocol,
please don't break that.  NAT broke it but IPv6 can fix it again.

There's nothing wrong with accepting incoming connections if the device is
secure.  If your problem is security, fix that.  Don't throw the baby out
with the bath water.

Aled

Re: Fiber Bypass Switch

[Aled Morris]

NTT-AT presented their optical bypass products at LINX81, seems like they
might do what you want:

http://www.ntt-at.com/product/optical-switch/

I haven't used them myself.

Aled


On 27 January 2014 19:26, Keyser, Philip  wrote:

> Looking for something similar to this.
>
>
>
> http://www.moxa.com/product/OBU-102_Series.htm
>
>
>
> -Original Message-
> From: Matthew Crocker [mailto:matt...@corp.crocker.com]
> Sent: Monday, January 27, 2014 2:16 PM
> To: Keyser, Philip
> Cc: nanog@nanog.org
> Subject: Re: Fiber Bypass Switch
>
>
>
>
>
>
>
> Something like this?
>
>
>
> http://www.alcon-tech.com/pdfs/Optical-Protection-Switch-FSXpert.pdf
>
>
>
>
>
>
>
> --
>
> Matthew S. Crocker
>
> President
>
> Crocker Communications, Inc.
>
> PO BOX 710
>
> Greenfield, MA 01302-0710
>
>
>
> E: matt...@crocker.com
>
> P: (413) 746-2760
>
> F: (413) 746-3704
>
> W: http://www.crocker.com
>
>
>
>
>
>
>
> On Jan 27, 2014, at 1:40 PM, Keyser, Philip  pkey...@fibertech.com>> wrote:
>
>
>
> > Does anyone have any recommendations for a fiber bypass switch? I am
> looking for something capable of 10G that when there is a power hit will
> fail over to route traffic out the network ports and away from that site's
> with the customer handoff.
>
> >
>
> > Thanks,
>
> > Phil Keyser
>
> >
>
> >
>
>
>
> __
>
> This email has been scanned for spam and viruses by the MessageLabs Email
> Security System.
>
> For all email inquiries, please submit a ticket to the IT Helpdesk:
> ithelpd...@fibertech.com
> __
>

Re: Need trusted NTP Sources

[Aled Morris]

GPS time sources are pretty cheap (< US$500) and easy to set up nowadays.

You could probably build your own for less that US$100:
http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html

Aled


On 6 February 2014 11:51, Notify Me  wrote:

> According to the auditors, "trusted" means
>
> 1. Universities or Research facilities (nuclear/atomic facilities,
> space research (such as NASA) etc.)
> 2. Main country internet/telecom providers
> 3. Government departments
> 4. Satellites (using GPS module)
>
> Which is a bit of a tall order over here.
>
> On Thu, Feb 6, 2014 at 11:16 AM, Marc Storck  wrote:
> > You may start by checking who is providing NTP services in Africa via
> the NTP pool. In Africa there are 27 public servers (
> http://www.pool.ntp.org/zone/africa).
> >
> > But then all depends on your definition of "trusted".
> >
> > Regards,
> >
> > Marc
> > 
> > From: Notify Me [notify.s...@gmail.com]
> > Sent: Thursday, February 06, 2014 11:03
> > To: nanog@nanog.org list; af...@afnog.org
> > Subject: Need trusted NTP Sources
> >
> > Hi !
> >
> > I'm trying to help a company I work for to pass an audit, and we've
> > been told we need trusted NTP sources (RedHat doesn't cut it). Being
> > located in Nigeria, Africa, I'm not very knowledgeable about trusted
> > sources therein.
> >
> > Please can anyone help with sources that wouldn't mind letting us sync
> > from them?
> >
> > Thanks a lot!
> >
>
>

Re: Need trusted NTP Sources

[Aled Morris]

On 6 February 2014 12:30, Martin Hotze  wrote:

> > I'm trying to help a company I work for to pass an audit, and we've
> > been told we need trusted NTP sources (RedHat doesn't cut it). Being
> > located in Nigeria, Africa,
>
 [...]

> So build your own stratum 1 server (maybe a second one with DCF77 or
> whatever you can use for redundancy),
>

I don't think DCF77 is going to reach Nigeria.

Aled

Re: Residential CPE suggestions

[Aled Morris]

On 8 May 2014 17:30, Randy Carpenter  wrote:

>
> I would love to see the EdgeRouter Lite, or something similar with 2 SFP
> ports and 2 1000bT ports (Which would fit with the OP's question). Q-in-Q
> tunneling and basic routing required, but not much else for me. Bonus
> points points for something like that with redundant power supplies for <$1k
>

Indeed.  Mikrotik are promising a CCR1009 with 2xSFP and 8xUTP GE ports
(and dual PSU) for $425 but it isn't an access switch (so no Q-in-Q) though
it does support MPLS/VPLS.

Aled

Re: Residential CPE suggestions

[Aled Morris]

On 9 May 2014 12:05, Aled Morris  wrote:

> Indeed.  Mikrotik are promising a CCR1009 with 2xSFP and 8xUTP GE ports
> (and dual PSU) for $425 but it isn't an access switch (so no Q-in-Q) though
> it does support MPLS/VPLS.
>

Apologies for correcting myself, but I just checked and Q-in-Q is supported
in Mikrotik RouterOS, so this might be the ideal box for you (if it were
orderable.)

I forgot to include the link too - http://routerboard.com/CCR1009-8G-1S

Aled

Re: FTTH ONTs and routers

[Aled Morris]

I notice Cisco's new ME4600 ONT's come in two flavors, one (the
"Residential GateWay") with all the bells and whistles that you'd expect in
an all-in-one home router (voice ports, small ethernet switch, wifi access
point) and another (the "Single Family Unit") that looks a lot more basic
and is likely to be deployed as a bridge.

http://www.cisco.com/c/en/us/products/collateral/switches/me-4600-series-multiservice-optical-access-platform/datasheet-c78-730446.html

Aled


On 15 May 2014 18:11, Jean-Francois Mezei wrote:

>
> It had been my impression that ONTs, like most other consumer modems,
> came with built-in router capabilities (along with ATA for voice).
>
> The assertion that ONTs have built-in routing capabilities has been
> challenged.
>
> Can anyone confirm whether ONTs generally have routing (aka: home router
> that does the PPPoE or DHCP and then NAT for home) capabilities?
>
> Are there examples where a telco has deployed ONTs with the router
> built-in and enabled ? Or would almost all FTTH deployments be made with
> any routing disabled and the ONT acting as a pure ethernet bridge ?
>
>
> (I appreciate your help on this as I am time constrained to do research).
>
>

Re: Verizon Public Policy on Netflix

[Aled Morris]

On 13 July 2014 06:39, Steven Tardy  wrote:

> (OK, Keep 100mbps for Netflix to pre-populate, 100mbps is 30TB/month)
> (Now I'm curious how many GB/month Netflix pre-populates, hmmm)
>

Shame Netflix can't fill their appliances using really cheap, bulk, one-way
satellite bandwidth which is useless for most other Internet applications.
 Then their traffic wouldn't use any of your real, paid for, transit.

Of course siting a dish would be another expense with hosting one of their
boxes, but if it made the on-going costs go away...

Aled

Re: William was raided for running a Tor exit node. Please help if you can.

[Aled Morris]

On 3 December 2012 07:19, Joakim Aronius  wrote:

>  I am all for providing anonymized access to help free speech. Perhaps its
> better with anon access to specific applications like twitter, fb etc and
> not general internet access. I suspect that the 'free speech' part of the
> total tor traffic volume is pretty small(?).
>
>
>
I agree.

I can understand that people need to be anonymous when they are going to
publicly stand against an oppressive regime, or expose corporate corruption
etc.  What I'm not sure I believe as strongly is the justification for
anonymity in private, closed communication - this is the use case for
paedophiles and terrorists organising their crimes.

So in my view, anonymous + public = OK, anonymous + private = doubtful.

This isn't a solution to the troll or hate crimes problem (anonymous people
making statements that are distasteful on public forums) but at least we
can all see this going on and develop other solutions.

Aled

Re: why haven't ethernet connectors changed?

[Aled Morris]

On 20 December 2012 18:20, Michael Thomas  wrote

> ethernet
> connectors haven't changed that I'm aware in pretty much 25 years.



15-pin D-type AUI connectors with slide latches?

BNC for thinwire?

I do agree though, something more like mini-USB would be more appropriate
for home Ethernet use.

Aled

Re: why haven't ethernet connectors changed?

[Aled Morris]

On 21 December 2012 09:59, Eugen Leitl  wrote:

>
> Something optical, like a >10 GBit/s SR version of TOSLINK
> would be nice.
>
>
Good luck with that! :-)

Referring back to the original question and the reference to Raspberry Pi...

The latest HDMI has Ethernet capability and the connector is already on the
Pi, so there's a possible (future) solution that would work for all manner
of consumer applications - even ones that don't need video or audio - just
use the network capability of HDMI.

Aled

Re: why haven't ethernet connectors changed?

[Aled Morris]

On 21 December 2012 18:22, Chris Adams  wrote:

> I will say that one nice thing about having different connectors for
> different protocols (on consumer devices anyway) is that you don't have
> to worry about somebody plugging the Internet into the "Video 1" port
> and wondering why they aren't getting a picture.
>
>
>
I do agree but I also think that for HDMI Ethernet your TV (which is the
device with lots of HDMI sockets) will act as an Ethernet switch, so there
shouldn't be any "Ethernet enabled" vs. "Video Enabled" ports.

Now of course that means you probably need Spanning Tree in your domestic
appliances.

Aled

Re: why haven't ethernet connectors changed?

[Aled Morris]

On 23 December 2012 01:07, Wayne E Bouchard  wrote:

> They serve quite well until I get to a switch that some douchebag
> mounted rear facing on the front posts of the rack



I see this all the time with low-end Cisco ISR products (2... and 3...
routers) since CIsco insist on having a "pretty" plastic fascia with their
logo, model number, power LED etc. on the unuseful side.  Less experienced
installers (being generous with my terminology) assume this is therefore
the "front" and mount it facing on the front rails, leaving the connector
side buried half way into the rack where only a proctologist can reach the
plugs.

I use this as a gauge of experience in interviews for engineers...  "Here's
a new router and here's the rack mount ears.  Show me where they go."

Aled

Re: The 100 Gbit/s problem in your network

[Aled Morris]

"Multicast"

Aled


On 8 February 2013 13:42, Jay Ashworth  wrote:

> "Akamai".
>
> The actual example is "to watch the Super Bowl". :-)
>
> fredrik danerklint  wrote:
>
> >- Well, as it turns out, we don't have that kind of a problem.
> >
> >- You don't?
> >
> >- No, we do not have that kind of a problem in our network.
> >   We have plenty of bandwidth available to our customers,
> >   thank-you-every-much.
> >
> >- Do you have, just to make an example, about 10 000 customers
> >   in a specific area, like an city/county or part of a
> >   city/county?
> >
> >- Yes, of course!
> >
> >- Does these customers have at least 10 Mbit/s connection to the
> >   Internet?
> >
> >- Yes! Who do you think we are, like stupid! Haha!
> >
> >- Could all those 10 000 customers, just to make it theoretical,
> >   hit the 'play'-button on their Internet-connected-TV, at the same
> >   time, to watch the latest Quad-HD movie?
> >
> >- Yes. Oh wait a minute now! This is not fair! Damn. We're toast.
> >
> >
> >--
> >//fredan
>
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>

Re: The 100 Gbit/s problem in your network

[Aled Morris]

I don't see why, as an ISP, I should carry multiple, identical, payload
packets for the same content.  I'm more than happy to replicate them closer
to my subscribers on behalf of the content publishers.  How we do this is
the question, i.e. what form the "multi"-"casting" takes.

It would be nice if we could take advantage of an inherent design of IP and
the hardware it runs on, to duplicate the actual packets in-flow as near as
is required to the destination.

Installing L7 content delivery boxes or caches is OK, but doesn't seem as
efficient as an overall technical solution.

Aled


On 11 February 2013 11:03, Adam Vitkovsky  wrote:

> I don't see a need for multicast to work in Internet scale, ever.
>
> adam
> -Original Message-
> From: Saku Ytti [mailto:s...@ytti.fi]
> Sent: Friday, February 08, 2013 6:02 PM
> To: nanog@nanog.org
> Subject: Re: The 100 Gbit/s problem in your network
>
> On (2013-02-08 14:15 +), Aled Morris wrote:
>
> > "Multicast"
>
> I don't see multicast working in Internet scale.
>
> Essentially multicast means core is flow-routing. So we'd need some way to
> decide who gets to send their content as multicast and who are forced to
> send unicast.
> It could create de-facto monopolies, as new entries to the market wont have
> their multicast carried, they cannot compete pricing wise with established
> players who are carried.
>
> --
>   ++ytti
>
>
>
>

Re: [c-nsp] DNS amplification

[Aled Morris]

On 19 March 2013 01:06, Masataka Ohta wrote:

> LISP merely attempts to replace BGP routing table bloat with
> something a lot worse than that, that is, a lot more serious
> routing table bloat of its mapping system.
>

I'm guessing you're not a fan of LISP, but in it's defense I'd say the
mapping system is akin to DNS - a scalable, distributed, reliable database
mapping services to locations.

BGP certainly can't cope with unconstrained growth, we will need something
better.

Aled

Re: [c-nsp] DNS amplification

[Aled Morris]

On 20 March 2013 11:44, Arturo Servin  wrote:

>
> The last presentations that I saw about it said that we are going
> to be
> fine:
>
> http://www.iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf
> http://www.iepg.org/2011-11-ietf82/iepg-20.pdf
>
>
>
It isn't just about "imminient death of the net predicted" though - our
reliance on the current BGP model for route adverisement is restricting the
deployment of better connectivity paradigms.

For example I know there are enterprises that would  like to multihome but
they find the current mechanism a barrier to this - for a start they can't
justify the size of PI space that would guarantee them entry to the global
routing table.

ISPs differentiate between "regular" and "BGP-capable" connections - is
this desirable for the evolution of the Internet?  or is it the reason that
BGP appears to be able to cope, because ISPs are throttling the potential
growth?

LISP is about seperating the role of the ISP (as routing provider) from the
end user or content provider/consumer.

Aled

Re: Whacky Weekend: Is Internet Access a Human Right?

[Aled Morris]

On 5 January 2012 15:22, Jay Ashworth  wrote:

> Understand: I'm not saying that FiOS should be a human right.  But as a
> society, America's recognized for decades that you gotta have a telephone,
> and subsidized local/lifeline service to that extent; that sort of subsidy
> applies to cellular phones now as well.
>
>
There is a subtlety here too - when we grant a monopoly (e.g. to operate a
physical loop or in licensing spectrum) in return we often place a
"universal service obligation" on the operator in order they don't abuse
their monoply by not providing service to "less profitable" customers.

This isn't the same as a "right" to a phone.

Aled

Re: time sink 42

[Aled Morris]

On 17 February 2012 00:52, Sven Olaf Kamphuis  wrote:

>
> On Thu, 16 Feb 2012, Jerry Jones wrote:
>
>  I have been scoring paper back VERY lightly near one end with razor
>> knife, then peeling off.
>>
>
> sounds like something that increases the time it takes to make and put one
> single label on by 500%
>
>
Not to mention the band-aid you'll need too.

Aled

Re: WW: Colo Vending Machine

[Aled Morris]

On 17 February 2012 18:43, Eric Tykwinski  wrote:

> +1 for GBICs, SFPs
>
>
You'll need to be carrying a lot of loose change then :-)

My ideal vending machine would dispense Cat5e by the foot, the more you
pull the more you pay, RJ45 plugs in pairs, and a crimp tool on a long
chain (like the way you buy chain in a hardware store)

Aled

Re: WW: Colo Vending Machine

[Aled Morris]

On 17 February 2012 23:23, david raistrick  wrote:

> On Sat, 18 Feb 2012, Pierre-Yves Maunier wrote:
>
>  6 - plastic cable clamps (don't know the exact english term for that but I
>> mean this -->
>> http://www.hellopro.fr/images/**produit-2/9/3/8/serre-cables-**261839.jpg
>> )
>>
>
> also known as "zip tie" or "plastic cable tie" more generically
>
>
Though wax string is nicer.

http://www.repsole.com/ProductGroup.asp?PGID=254

Aled

Re: VLAN Troubles

[Aled Morris]

"show vlan" will tell you if the VLAN has been created on the Cisco.

The config to create it is easy (and necessary):

!
vlan 25
 name Radiology
!

Aled


On 6 March 2012 17:55, Jason Baugher  wrote:

> +1 on show interface trunk, which will probably tell you that only vlan 1
> is allowed on your trunk interfaces.
>
> I find it easy to forget that a Cisco switch will not pass tagged traffic
> for a vlan if that vlan isn't created on the switch. Even if you do
> something like "switchport trunk allow vlan 12" on a trunk port, it won't
> create the vlan on the switch unless you specifically create it or you add
> it to an access port like "switchport access vlan 12".
>
> Jason
>
>
>
> On 3/6/2012 11:04 AM, Greg T. Grimes wrote:
>
>>
>> On the cisco, do a 'show interface trunk'.  Be sure that it thinks it's
>> supposed to pass those VLANs.  Make sure "Vlans allowed on trunk" includes
>> the VLAN.  Same for "Vlans allowed and active in management domain".  Then
>> the important one is "Vlans in spanning tree forwarding state and not
>> pruned".  If it's not there then it's being pruned.  Also on your Dell
>> uplink add the following line to the uplink port:
>>
>> switchport access vlan add 12,22
>>
>> See what that does for you.
>>
>> On Tue, 6 Mar 2012, Alan Bryant wrote:
>>
>>  I hope everyone is having a better workday so far than I am.
>>>
>>> I am trying to clean up the network for the Hospital I work for, and
>>> part of that is creating two VLAN's for two separate subnets on our
>>> network. Before, it was not separated by VLANs. We are also replacing
>>> our aged Juniper firewall with an ASA.
>>>
>>> I'm very new to VLAN's, so I am hoping this is something simple that
>>> you guys can help me out with.
>>>
>>> We have two switches that do not seem to be passing VLAN traffic. The
>>> two switches are a Dell Powerconnect 5324 & a Cisco 3560G. The Cisco
>>> switch appears to be functioning fine, but the Dell switch is only
>>> passing traffic to the Cisco that is on the default untagged VLAN1.
>>> Our second VLAN is not getting passed to the Cisco at all, I am not
>>> seeing any packets tagged with the particular vlan in Wireshark.
>>>
>>> I have Port 1 on the Dell switch connected to port 29 on the Cisco
>>> switch, and port 1 on the Cisco switch connected to the ASA.
>>>
>>> I have the following config on the relevant ports on the Cisco switch:
>>>
>>> interface GigabitEthernet0/1
>>> description ASA 5505
>>> switchport trunk encapsulation dot1q
>>> switchport mode trunk
>>>
>>> interface GigabitEthernet0/29
>>> description Radiology Switch
>>> switchport trunk encapsulation dot1q
>>> switchport mode trunk
>>>
>>> Here is the config for the Dell switch:
>>>
>>> interface ethernet g1
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g2
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g3
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g4
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g5
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g7
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g9
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g10
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g12
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g14
>>> speed 1000
>>> duplex full
>>> exit
>>> interface ethernet g15
>>> speed 1000
>>> duplex full
>>> exit
>>> port jumbo-frame
>>> interface ethernet g1
>>> switchport mode trunk
>>> exit
>>> interface ethernet g24
>>> switchport mode trunk
>>> exit
>>> vlan database
>>> vlan 12,22
>>> exit
>>> interface range ethernet g(2,4,7,12,14-15)
>>> switchport access vlan 12
>>> exit
>>> interface vlan 12
>>> name Radiology
>>> exit
>>> interface vlan 22
>>> name Guest
>>> exit
>>> interface vlan 1
>>> exit
>>>
>>> Anyone have any ideas or pointers? Is there more information that I
>>> need to provide? Vlan1 works just fine, of course. It is Vlan 12 that
>>> is not working. Everything on the Dell switch is communicating with
>>> each other just fine on the same subnet.
>>>
>>>
>>>
>>
>
>

Re: Huawei edge routers..

[Aled Morris]

On 7 March 2012 15:25, Jay Ashworth  wrote:

> - Original Message -
> > From: "Saku Ytti" 
>
> > On (2012-03-07 09:46 -), Tim Franklin wrote:
> > > This does occasionally brighten up my day with gems like "rip no
> > > work" and "reset-recycle-bin", so it's not all bad :)
> >
> > I liked how ssh is secure-telnet, took bit head scratching to enable
> > ssh.
>
> That is, of course, incorrect; there is actually a "secure telnet"; ISTR
> it's telnet-over-ssl?
>
>
There's also RFC2942 for Kerberos authenticated TELNET which is "secure" in
one sense and RFC2946 for encrypted sessions though I'm not sure if this is
widely supported.  They are listed in the TELNET client on the Mac (Snow
Leopard) that I'm using so you never know...

Aled

Re: Programmers with network engineering skills

[Aled Morris]

On 13 March 2012 06:50, Jeroen van Aart  wrote:

> Unless in cases such as Owen mentioned I'd say it's a pretty good
> solution. The madness to me lies in making your own email validating code...
>
>
Not forgetting Lett's Law

Aled

Re: $1.5 billion: The cost of cutting London-Tokyo latency by 60ms

[Aled Morris]

On 23 March 2012 11:53, Eugen Leitl  wrote:

> All three cables are being laid for the same reasons: Redundancy and speed.
> As it stands, it takes roughly 230 milliseconds for a packet to go from
> London to Tokyo; the new cables will reduce this by 30% to 170ms. This
> speed-up will be gained by virtue of a much shorter run:




If they could armor the cable sufficiently perhaps they could drill the
straigh line path through the Earth's crust (mantle and outer core) and do
London-Tokyo in less than 10,000km.

Aled

Re: Penetration Test Assistance

[Aled Morris]

On 5 June 2012 15:52, Green, Timothy  wrote:

> Howdy all,
>
> I'm a Security Manager of a large network, we are conducting a Pentest
> next month and the testers are demanding a complete network diagram of the
> entire network.
>
>
I'd treat this as the first of their pen tests - a social engineering
attack to obtain secret information about the network, and refuse.

Aled

Re: CVV numbers

[Aled Morris]

On 9 June 2012 22:42, Scott Howard  wrote:

> There is no way to "derive" the CVV2 number.  It is little more than a
> random number assigned to the card.
> [...]
> It is verified by comparing it to the known CVV2 number stored by the
> credit card company/bank that issued the card.
>
>
I don't think this is correct - I believe the Wikipedia entry is accurate:

---snip---
CVC1, CVV1, CVC2 and CVV2 values are generated when the card is issued. The
values are calculated by encrypting the bank card number (also known as the
primary account number or PAN), expiration date and service code with
encryption keys (often called Card Verification Key or CVK) known only to
the issuing bank, and decimalising the result
---snip---
http://en.wikipedia.org/wiki/Cvv2


I suspect the issuing banks can share their CVKs with the card scheme
operators (Visa, MC, Amex) if they want them to validate transactions on
their behalf.

Aled

Re: vulnerability and popularity (was: EBAY and AMAZON)

[Aled Morris]

On 13 June 2012 13:33, Andrew Sullivan  wrote:

> On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote:
>
> > If popularity were the measure of relative OS security, then we would
> > expect to see infection rates proportional to deployment rates
>
> I don't buy that premise, or at least not without reservation.  The OS
> market happens to be a superstar economy.  On desktops and laptops,
> which still happen to be the majority of devices, the overwhelming
> winner is Windows.  Therefore, if you are going to invest in any
> product for which you want ubiquitous deployment, Windows is the first
> platform you aim for.  You only aim for the others if you're chasing a
> niche.
>


I note also that many so-called operating system vulnerabilities are
actually flaws in third-party subsystems like Flash or Java.

Unix has traditionally had a better isolation model than Windows and so
exploits via these attack vectors would be able to infiltrate the Windows
core operating system whereas on Linux or OS-X platforms, the attacks might
technically be more limited in their impact - not that this would be much
consolation to the end user.

Aled

Re: Verizon's New Repair Method: Plastic Garbage Bags

[Aled Morris]

On 20 August 2012 20:41, Joe Greco  wrote:

> We had a pedestal around here that was covered, I want to say for years,
> though it might have been just a year or two, with a work tent.  If you
> have never seen one:
>
> http://store.mohawkltd.com/Pelsue-FTTH-Installer-Tent-Shelter/P3072_868/
>
>
Love the fact this tent is rated for FTTH work.

I assume they sell them as upgrades for any telco still using inferior
pre-FTTH copper-cable rated tents.

Aled

Re: guys != gender neutral

[Aled Morris]

On 27 September 2012 22:34, Lorell Hathcock  wrote:
> Police-clown.  Yep!

Here in the UK, apparently the government preferred term for
policepersons is "pleb"...

http://duckduckgo.com/?q=police+pleb

Aled

Re: IOS architecture

[Aled Morris]

On 29 October 2012 12:43,  wrote:

> On Sat, 27 Oct 2012 11:16:10 +0100, "Darren O'Connor" said:
> > All vendors should be writing in depth architecture books.  The Juniper
> MX
> > book is a great example. Tell us exactly what your product can do and
> we'll
> > likely use more of it
>
> On the flip side, if you document what your product is probably incapable
> of
> due to the design architecture, the salescritters won't be able to sell as
> many
> of them... :)
>

I think the biggest problem in that regard is the gap between what the
switch or router architecture is capable of and what the current release of
IOS actually supports.

This is generally what appears on the "roadmap" but, historically, not all
of it gets delivered in a timely manner, and some features aren't delivered
at all before the hardware is superseded.

Aled

Re: FTTx Active-Ethernet Hardware

[Aled Morris]

http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-733397.html

Aled

On 11 February 2015 at 12:49, Tarko Tikan  wrote:

> hey,
>
>  I understand it is now being replaced by the ASR920, which is a little
>> odd if you look at port density differences between the two alone.
>>
>
> It is being replaced by ASR-920-24SZ-M - 24GE Fiber and 4-10GE: Modular
> PSU. I don't think this ASR920 has been announced yet :)
>
> --
> tarko
>

Fw: new message

[Aled Morris]

Hey!

 

New message, please read <http://africancichlidphotos.com/somebody.php?4z921>

 

Aled Morris

Re: DataCenter color-coding cabling schema

[Aled Morris]

On 14 March 2016 at 00:23, William Herrin  wrote:

> On Sat, Mar 12, 2016 at 2:11 PM, Yardiel Fuentes 
> wrote:
> > Have any of you had the option or; conversely, do you know of “best
> > practices" or “common standards”,  to color code physical cabling for
> your
> > connections in DataCenters for Base-T and FX connections?
>
> For patch cables, it's common to pick a color for each type of
> physical signaling
>


I used to support this view too, but over the last few years, as everything
has (basically) become Ethernet, I've taken to a different scheme.

For copper patching, I now recommend my clients simply invest in a range of
colored patch cables and use them randomly.

The length of the patch cable is much more important than the color (too
little length will make it difficult to re-route cables if you need to
remove cards etc. and too long will mean tangles and space taken up with
loops of excess cable.)

The benefits of my "rainbow" scheme are:

1. easier to identify both ends of a cable, reducing disconnect errors.
When tracing a cable in a bundle or on a patch bay, it's easy when they're
different colors.

2. no need to police the cable scheme - if you have a strict color regime,
what do you do when someone uses the wrong color?  especially if a
disconnect would be service affecting.  It's really hard to justify
"maintenance downtime" to an account manager on the basis of you not liking
the color of a patch cable.

Aled

Re: Verizon Policy Statement on Net Neutrality

[Aled Morris]

On 1 March 2015 at 03:41, Barry Shein  wrote:

> Previously all residential service (e.g., dial-up, ISDN) was
> symmetrical.


The rot set in with V.90 "56k" modems - they were asymmetric - only the
downstream was 56k.  The only way to achieve this in the analogue realm was
by digital synthesis at the head-end, i.e. the T1/E1 handoff to the ISP.
The upstream from the subscriber didn't have a clean interface so was still
using 33.6k.

Sadly we don't have many "killer applications" for symmetric residential
bandwidth, but that's likely because we don't have the infrastructure to
incubate these applications.

It's a chicken and egg situation - of course the average consumer today
will say they "don't need" symmetric, but you could have asked them twenty
years ago and they'd have said they didn't need the Internet at all.  Or
smartphones.

This all suits the telcos and cablecos very nicely - they are happy when
their customers are passive consumers of paid content and services.  It
gives them control.

I don't think it's a conspiracy, but it suits the big players not to "fix"
the "problem" since they don't perceive it as being one.

Aled

Re: Verizon Policy Statement on Net Neutrality

[Aled Morris]

On 2 March 2015 at 14:41, Scott Helms  wrote:

> We see customer usage patterns and satisfaction being statically the same
> on 25/25 and 25/8 accounts.  The same is true when we look at 50/50 versus
> 50/12 accounts.


perhaps because there are no widely-deployed applications that are designed
with the expectation of reasonable upstream bandwidth.  Average users
haven't got into the mindset that they can use lots of upstream (because
mainly, they can't.)   Without really knowing what they could have, they're
happy with what they've got.

You've asked them if they're happy with the eggs, and in finding they were,
declared nobody wanted for chicken.

Aled

Re: Cox Communications Peering

[Aled Morris]

Generic advice...  I'd be more inclined to find someone who already peers
with them, who can sell you partial transit; especially if they can hand
this to you at a location where this peering happens.

Aled

On 4 March 2015 at 14:51, Conley Bone  wrote:

> Someone suggested I rephrase my question...
>
> Does anyone have a contact at Cox for *paid* peering?  I realize I am not
> going to get settlement free peering with Cox, but I have a need to reduce
> the number of hops between my network and theirs to shorten the distance
> between some of my customers that are on the Cox network.
>
> On 3/3/15 8:08 PM, Conley Bone wrote:
>
>> Anyone have a contact with Cox for peering?
>> I have used their peering address, but don't get a reply.
>>
>> Thanks,
>> Conley
>>
>
> --
> Conley Bone
> Newroads Telecom 
> 300 Towson Ave.
> Fort Smith, AR 72901
> 479-424-1674
>

Re: Phone adapter with router

[Aled Morris]

On 11 March 2015 at 10:45, Nick Hilliard  wrote:

> On 11/03/2015 10:02, Baldur Norddahl wrote:
> > It should be possible to do the emergency call without a SIM. That way
> you
> > got 112 / 911 calls covered...
>
> emergency calls without sim are part of the gsm standard.  So unless the
> OP's provider is doing something terribly wrong and probably illegal, you
> can make a 112 call on any mobile device anywhere in the world within range
> of a compatible radio signal.
>
>
Can't find a definitive reference but this concurs with my recollection of
a policy introduced in 2009:

http://www.redcross.org.uk/en/What-we-do/Teaching-resources/Quick-activities/999

Some people think that 999 calls can be made from a phone without a SIM. In
fact,  because of the high number of hoax calls, the United Kingdom decided
to block emergency calls from mobile phones without a SIM card.


Aled

Re: Phone adapter with router

[Aled Morris]

On 11 March 2015 at 11:04, Aled Morris  wrote:

> Can't find a definitive reference but this concurs with my recollection of
> a policy introduced in 2009:
>

Better reference:

http://ec.europa.eu/information_society/newsroom/cf/document.cfm?doc_id=1674

1.3. Availability of 112 from mobile handsets without SIM cards

 By way of complementary information, the countries were invited to
indicate whether SIM-less 112 calls were allowed. Out of the 31 countries
that provided this information, SIM-less 112 calls were reported possible
in 19 Member States, Norway and Iceland. The remaining eight Member States
that do not provide this facility are Bulgaria, Germany (in both these
countries the facility was removed in 2009), the Netherlands (removing the
facility in 2011) Belgium, France, Romania, Slovenia, and the United
Kingdom. Several Member States chose to remove this facility because of the
high proportion of hoax calls originating from SIM less phones.


Aled

Re: Low Cost 10G Router

[Aled Morris]

On 20 May 2015 at 15:00, Pavel Odintsov  wrote:

> Yes, you could do filtering with Quagga. But Quagga is pretty old tool
> without multiple dynamic features. But with ExaBGP you could do really
> any significant route table transformations with Python in few lines
> of code. But it's definitely add additional point of failure/bug.
>

Couldn't your back-end scripts running under ExaBGP also manage the FIB,
using standard Unix tools/APIs?

Managing the FIB is basically just "route add" and "route delete" right?

Aled

Re: Low Cost 10G Router

[Aled Morris]

On 20 May 2015 at 17:44, Colton Conor  wrote:

> So are the rest of the processes in Mikrotik OS multi threaded? I would
> hope so to take advantage of 36 cores!
>

The forthcoming new major software release from Mikrotik apparently will
have multi-threaded BGP - it is targetted at their (also forthcoming) 72
core 8x10GE router, the CCR1072

I would treat this as speculation until you can order it though - it's been
"promised" for 18 months now.

Aled

Re: OSPF Vulnerability - Owning the Routing Table

[Aled Morris]

Cisco published an advisory on OSPF vulnerability yesterday I think.  I
assume it's related.

OSPFv3 is not vulnerable, and connections protected by MD5 are safe too,
apparently.

Aled


On 2 August 2013 17:40, Glen Kent  wrote:

> Hi,
>
> Does anybody have details on what this vulnerability is?
>
> https://www.blackhat.com/us-13/briefings.html#Nakibly
>
> Glen
>

Re: turning on comcast v6

[Aled Morris]

On 4 January 2014 06:06, Ricky Beam  wrote:

> It'll **NEVER** be a default because it breaks too many clueless people's
> networks.  Just like, surprise, DHCP "guard" isn't on by default in any
> gear I'm aware of.
>
>
Spanning-tree portfast isn't on by default, and that breaks plenty of
clueless people's networks with client DHCP timeouts.  Just sayin'.


I appreciate the view that IPv6 was designed in a certain way, partly to
fix the problems and remove the kludges in IPv4; the reality is that IPv4
was wildly successful because it wasn't the proscriptive OSI.

Whilst I would prefer not to see the mistakes of IPv4 repeated (especially
NAT and RFC1918 addressing) trying to "help" people not shoot themselves in
the foot will simply retard deployment and maybe result in even worse
workarounds.

Come on people - Postel's Law applies, let's be liberal in what we accept
into the protocol design too.  If users want DHCP served default gateway,
fine.  Nobody's forcing you to enable it on your network if you don't want
to.

Aled

Re: 10gbps peering subscriber switch recommendation

[Aled Morris]

On 6 January 2014 17:57, randal k  wrote:

> Good morning,
> We're in the market to move our IX peering off of our core (too much
> BGP/CPU :-/ ) and onto a dedicated switch.
>
> Anybody have a recommendation on a switch that can do the following
> without costing a fortune? I have scoured Cisco, and bang for the buck
> is ... ASR9k (way over powered for handling zero-feature IX traffic),
>
> 3-8x 10gbps ports
> 64k routes minimum, preferably 128k
> Must be able to speak BGP
> Native/functional IPv6 would be sharp!
> Basic QoS to police our ports
>
> The prefix count seems to be the killer, as our exchange table is
> getting pretty big (42k+ currently). I'm really tempted to build a
> vyatta box or similar, but would rather do something off the shelf --
> especially if it can be 1-2 gens old and cost effective.
>
>
If you don't need to carry a full Internet table, the Cisco 4500-X has
plenty of features and the 32 port model can accommodate 256k IPv4 routes.
 It also does IPv6 in hardware (128k routes)

Aled

Re: Open source hardware

[Aled Morris]

On 7 January 2014 13:57, Vlade Ristevski  wrote:

> Sorry to get off topic, but is there a company that you can recommend? The
> price of the Cisco single mode GLC-LH-SMD= is killing me. I see a bunch of
> third party  ones on Amazon and CDW but I'd to love to get my hands one
> that has the correct vendor code without going and trying them all.


In Europe, http://www.flexoptix.net are recommended.

They also sell blank modules and give you a programmer too, so you can
stock fewer spares and program them for whatever vendor you need in an
outage/rapid deployment situation.

I'm sure they'd ship to the US.

Aled

Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

[Aled Morris via NANOG]

On Mon, 27 Jan 2020 at 12:13, Rob Pickering  wrote:

> Wasn't the 56/64k thing a result of CAS (bit robbed) signalling which was
> a fudge AT&T did to transport signalling information in-band on T1s by
> stealing the low order bit for OOB signalling (it wasnt actually every low
> order bit, but meant you had to throw away every low order bit as CPE
> didn't know which ones were "corrupted" by the carrier).
> Proper ISDN was always 64kbit/s clear path with separate D channels
> carried OOB end to end, away from the B channel data.
>

There was some element of interoperability required with the pre-existing
data network architecture based on 56k channels and T1 bearers.  This
article has the detail:

https://en.wikipedia.org/wiki/T-carrier

*Soon after commercial success of T1 in 1962, the T1 engineering team
realized the mistake of having only one bit to serve the increasing demand
for housekeeping functions. They petitioned AT&T management to change to
8-bit framing. This was flatly turned down because it would make installed
systems obsolete.*


Compared to what was to follow, that all had to suffer the 56k channel
limitation, there can't have been that many installed systems in 1962!

Aled

Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

[Aled Morris via NANOG]

On Mon, 27 Jan 2020 at 12:53, Bryan Holloway  wrote:

>
> I seem to also recall that you couldn't use a 56k modem unless the
> far-end was digital.
>

Exactly so - the connection to the telephone network needed to be as
"clean" as possible for the modem to achieve the best rate, which was only
possible with DSPs talking PCM directly into the PSTN to synthesise the
perfect analogue representation of the signal.

56k modems were asymetric - the uplink was 33.6 (V.90) as that's the best
you could get whistling up an analogue line.

I'm guessing that if the modem industry didn't target the US market first,
those modems would have been 64k download.

Aled

Re: akamai yesterday - what in the world was that

[Aled Morris via NANOG]

On Mon, 27 Jan 2020 at 16:43, Paul Ebersman  wrote:

>
> first personal connection was a dedicated dialin using a telebit
> trailblazer at 9600 bps. that was a benefit of work.
>

Got to respect a modem with firmware that recognised hosts talking UUCP
protocol and optimised for it!

Aled

Re: QUIC traffic throttled on AT&T residential

[Aled Morris via NANOG]

On Thu, 20 Feb 2020 at 15:57, Dave Bell  wrote:

>
> On Thu, 20 Feb 2020 at 15:31, Ca By  wrote:
>
>> UDP is broken
>>
>
> I would argue that UDP isn't broken. Networks which drop it
> indiscriminately are broken.
>

Does this errant network behaviour not impact RTP applications like video
streams?

Aled

Re: Juniper MX204 allow oversubscription?

[Aled Morris via NANOG]

On Mon, 16 May 2022 at 18:52, Randy Carpenter  wrote:

> My hope for a successor (MX205 ?) would be more flexibility and 25G ports.
> 4x100G+8x25G would be awesome.
>
>
I was hoping the MX304 would be the upgrade, but it seems like overkill -
2U, modular with dual processors, up to 96 x 10/25 GbE, 48 x 40/50/100, 12
x 400 GbE

Probably a bit more expensive than MX204 too.

There's also ACX7100-48L: 48x 10GE/25GE/50GE (SFP56), 6x 400GE (QSFP56-DD)

Aled

Re: Upstream bandwidth usage

[Aled Morris via NANOG]

On Sat, 11 Jun 2022 at 01:23, Mark Tinka  wrote:

> We've seen proposals from Huawei, for example, where OLT shelves can
> support both GPON and XG-PON line cards.
>

I've been installing PON equipment for 2+ years where all the ports can be
fitted with optics (SFPs) that support both GPON and XGS-PON simultaneously
on the same fibre.

Aled

Re: SFP supplier in Europe?

[Aled Morris via NANOG]

On Thu, 4 Apr 2019 at 21:52,  wrote:

> Thanks to everybody that recommended Fiberstore and Flexoptics.
>
> Unfortunately Fiberstore is what led me to ask about alternative
> suppliers. Fiberstore actually ships in their Bidi SFPs from Asia and lead
> times are one to two weeks. Flexoptics is actually worse with 4-6 weeks
> after ordering.
>

That's not been my experience with either of them.

Aled

Re: 44/8

[Aled Morris via NANOG]

The biggest tragedy here is that Amazon now have yet another block of IPv4
which means the migration to IPv6 will be further delayed by them and
people who "can't see the need" because their AWS server instance can get
an IPv4 address.

All of this puts more pressure on the access networks to keep IPv4 running
and inflates the price of the remaining IPv4 addresses.

We need to be pulling together to make https://ipv4flagday.net/ a reality.
No more IPv4.

Aled


On Sun, 21 Jul 2019 at 12:35, William Herrin  wrote:

> On Sat, Jul 20, 2019 at 9:26 PM Jay R. Ashworth  wrote:
>
>> - Original Message -
>> > From: "William Herrin" 
>>
>> > Personally I've never heard of ARDC.
>>
>> Amateur Radio Digital Communications is the name that's been on 44/8
>> every
>> time I've ever looked at the /8 list, which goes back 2 decades or more.
>>
>> I never assumed it was an organization at the time.
>>
>
> Yeah... It just seems like holding an asset in trust for a population and
> selling that asset without consulting that population (or at least
> consulting the organizations the population commonly understands to
> represent them) is very fishy business.
>
> Having read their explanation, I think the folks involved had good reasons
> and the best intentions but this stinks like fraud to me. Worse, it looks
> like ARIN was complicit in the fraud -- encouraging and then supporting the
> folks involved as they established a fiefdom of their own rather than
> integrating with the organizations that existed. The "appearance of
> impropriety" is then magnified by ARIN deeming the matter a private
> transaction between it and the alleged registrants to which the pubic is
> not entitled to a detailed accounting.
>
> Regards,
> Bill Herrin
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/
>

Re: MAP-E

[Aled Morris via NANOG]

On Fri, 2 Aug 2019 at 14:49, Brian J. Murrell  wrote:

> Will any of these (including MAP-E) support such nasty (in terms of
> burying IP addresses in data payloads) protocols as FTP and SIP/SDP?
>

I'm a fan of these solutions that (only) use NAT44 in the CPE as this is
exactly what they're currently doing, and the CPE vendors have already
"solved" the problem of  application support (SIP, FTP etc.) at least as
far as the end-user is concerned.

It seems that introducing an extra layer of NAT at the ISP for NAT444 is
creating a range of new problems, not least being scalability.  Big CGNAT
boxes are expensive.

Aled

Re: Mx204 alternative

[Aled Morris via NANOG]

The forthcoming Juniper ACX700 sounds like a good fit for metro Ethernet
with 4x100G and 24x10G in a shallow 1U hardened form factor.

Aled

Re: Mx204 alternative

[Aled Morris via NANOG]

On Mon, 2 Sep 2019 at 10:14, Mark Tinka  wrote:

>
>
> On 2/Sep/19 11:02, Aled Morris via NANOG wrote:
> > The forthcoming Juniper ACX700 sounds like a good fit for metro
> > Ethernet with 4x100G and 24x10G in a shallow 1U hardened form factor.
>
> Do you know what chip it's running?
>

Sorry I have no inside info, only what's been released publicly.

Aled

Re: Any info on devices that are running eBGP on the Internet?

[Aled Morris via NANOG]

On Thu, 7 Nov 2019 at 19:59, Edward Dore <
edward.d...@freethought-internet.co.uk> wrote:

> I just grabbed the following from our routers connected to LINX LON1, LINX
> LON2, LINX Manchester and LONAP (so this data is very UK centric):
>
...

>1 DIGITAL EQUIPMENT CORPORATION
>

Kudos to whoever is running the VMS port of BIRD on their VAX-11/780

Aled

Re: RIPE our of IPv4

[Aled Morris via NANOG]

On Tue, 3 Dec 2019 at 14:43, Randy Bush  wrote:

> > Why does a new organisation need to have any global IPv4 addresses of
> > their own at all?
>
> if all folk saying such things would make their in- and out-bound mail
> servers v6-only, it would reduce confusion in this area.
>
> randy
>

...!6to4mx!m2xenix!randy

Aled

Re: OpenDNS CGNAT Issues

[Aled Morris via NANOG]

On Tue, 11 Sep 2018 at 13:56, Ca By  wrote:

> You should provide your users ipv6, opendns supports ipv6 and likely will
> not have this issue you see
>

OpenDNS does not support IPv6 for their customisable services "Home" etc.
which I believe is the service the OP is using as he refers to the end-user
wanting to register their IP address.

Incidentally, I hope OpenDNS considers 100.64.0.0/10 as space that can't be
registered to any end-user.

Aled

Re: IGP protocol

[Aled Morris via NANOG]

On Tue, 13 Nov 2018 at 05:54, Brandon Martin 
wrote:

> I was of the impression that there was a draft or similar for
> single-topology (IPv4+IPv6) OSPF.  Did anything ever come of that?
>
>
Juniper support IPv4 families ("realms") in OSPFv3.

Aled

Re: Cheap switch with a couple 100G

[Aled Morris via NANOG]

On Sun, 25 Nov 2018 at 21:42, Tom Hill  wrote:

> Chicken & egg: someone has to move first... And I don't see the ASR9k
> and Juniper MX BUs rushing to support 25 & 50G.
>

Juniper have launched a Trident based switch with 48 x 25G ports (the
QFX5120-48Y.)

But I agree the commercials aren't as simple with their in-house silicon
platforms.

Aled

Re: A few GPON questions...

[Aled Morris via NANOG]

On Tue, 11 Dec 2018 at 17:30, Jason Lixfeld  wrote:
> There’s only so much space in conduits, risers and ducts.  At some point, 
> scale would press this up against physical infrastructure realities depending 
> on how far the active gear at the head end is from the subscriber.

A point made earlier was that typically in a campus environment, most
every riser cupboard has access to power so you can easily build a
regular Ethernet LAN with a switch on every floor/corridor/hub.
Basically, everywhere that you'd put a GPON splitter.

Aled

Re: A few GPON questions...

[Aled Morris via NANOG]

On Tue, 11 Dec 2018 at 21:16, Tony Wicks  wrote:
>
> I remember working for this little company called EDS... Some bright spark 
> decided that ATM to the desktop was the future (not this ethernet (or even 
> token ring) thing) and subsequently converted several thousand head office 
> machines to E3 or OC3 to the desktop. Hell of a thing trying to make OS2 
> drivers work for an OC3 card. That went very badly and the whole lot was 
> ripped out again after a couple of years from memory.

Same thing happened in BA's shiny new office block near Heathrow back
in the 90's.  ATM25 to the desktop and LANE.  Total disaster.
Allegedly.

Aled

Re: Enterprise GPON / Zhone Questions

[Aled Morris via NANOG]

On Wed, 12 Dec 2018 at 06:48, Baldur Norddahl  wrote:
> It is possible one should not choose this system over a traditional approach, 
> but the people screaming "rip it out" are out of line IMHO. It would be a 
> huge expense to rewire a building with copper and they already got a working 
> fiber system. Much can be said about GPON but it is actually quite stable and 
> easy to manage.

I don't think anyone is saying replace the existing fibre with copper,
but instead to run cheap SFP-equipped switches in basically the same
topology as the GPON you described.

For a new build, less splitting and more copper in-building would be
cheaper and easier.

Aled

Re: plaintext email?

[Aled Morris via NANOG]

You can hide your secret message  by writing:

dash dash space return

Followed by your message.

It’ll be hidden from all but the Internet illuminati

Aled


On Tue, 15 Jan 2019 at 22:00, cosmo  wrote:

> Sudden plot-twist!
>
> A small elite group of NANOG participants have been using stenographic
> forms of encryption in the messages all along!
>
> On Tue, Jan 15, 2019 at 1:06 PM Bryan Fields 
> wrote:
>
>> On 1/15/19 12:24 AM, b...@theworld.com wrote:
>> > I'd like to go on record as saying that I PREFER top-posting.
>>
>> It's like having an @aol.com address.
>
>
>>
>> --
>> Bryan Fields
>>
>> 727-409-1194 - Voice
>> http://bryanfields.net
>>
>

Re: Network Speed Testing and Monitoring Platform

[Aled Morris via NANOG]

On Wed, 16 Jan 2019 at 20:49,  wrote:

> On Wed, 16 Jan 2019 19:26:41 +, Chris Kimball said:
> > Would a raspberry pi work for this?
> >
> > Could 3D print a nice case with your logo for it.
>
> The Pi has a bandwidth limit at 300mbits/sec due to a USB port being used.
>

I've been using Hardkernel Odroid  C2 for this reason.  It looks a bit like
a Pi but its Gigabit Ethernet can achieve near line rate, 930+ Mbps on
iperf, see below for two Odroids connected across a gigabit ethernet switch.

Aled


# iperf3 -c 172.16.0.139
Connecting to host 172.16.0.139, port 5201
[  4] local 172.16.0.142 port 49203 connected to 172.16.0.139 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-1.00   sec   110 MBytes   921 Mbits/sec   45788 KBytes

[  4]   1.00-2.00   sec   112 MBytes   937 Mbits/sec0878 KBytes

[  4]   2.00-3.00   sec   112 MBytes   939 Mbits/sec   45672 KBytes

[  4]   3.00-4.00   sec   112 MBytes   938 Mbits/sec0717 KBytes

[  4]   4.00-5.00   sec   112 MBytes   938 Mbits/sec0748 KBytes

[  4]   5.00-6.00   sec   112 MBytes   939 Mbits/sec0765 KBytes

[  4]   6.00-7.00   sec   112 MBytes   939 Mbits/sec0773 KBytes

[  4]   7.00-8.00   sec   112 MBytes   939 Mbits/sec0775 KBytes

[  4]   8.00-9.00   sec   112 MBytes   938 Mbits/sec0778 KBytes

[  4]   9.00-10.00  sec   112 MBytes   938 Mbits/sec0779 KBytes

- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-10.00  sec  1.09 GBytes   937 Mbits/sec   90 sender
[  4]   0.00-10.00  sec  1.09 GBytes   933 Mbits/sec
 receiver

iperf Done.

Re: BGP Experiment

[Aled Morris via NANOG]

On Wed, 23 Jan 2019 at 17:58, Naslund, Steve  wrote:

> I hope you are as critical of your hardware vendor that cannot accept BGP4
> compliant attributes or have you just not updated your code?  You can black
> hole anything you want but as long as the “Internet” is sending you an RFC
> compliant BGP you better be able to handle it.
>


I'd go further and say that as long as you're connected to the Internet,
your equipment better be resilient when receiving packets with any
combination of bits set, RFC compliant or not.

Aled

Re: CPE/NID options

[Aled Morris via NANOG]

I don't think IP Infustion makes hardware  - their OCNOS software runs on
many third-party white-box platforms from the likes of EdgeCore and
UfiSpace.

There may well be a device that suits the OP's requirements amongst the
supported hardware list.

I refer you to this handy table:

https://www.ipinfusion.com/documentation/ocnos-hardware-compatibility-list/

Aled

On Fri, 24 Nov 2023 at 16:33, Tom Mitchell  wrote:

> I don't know about specific SKUs, but IP Infusion make a very popular set
> of L2 switches.
>
>
> On Wed, Nov 22, 2023 at 8:42 PM Ross Tajvar  wrote:
>
>> I'm evaluating CPEs for one of my clients, a regional ISP. Currently,
>> we're terminating the customer's service (L3) on our upstream equipment and
>> extending it over our own fiber to the customer's premise, where it lands
>> in a Juniper EX2200 or EX2300.
>>
>> At a previous job, I used Accedian's ANTs on the customer prem side. I
>> like the ANT because it has a small footprint with only 2 ports, it's
>> passively cooled, it's very simple to operate, it's controlled centrally,
>> etc. Unfortunately, when I reached out to Accedian, they insisted that the
>> controller (which is required) started at $30k, which is a non-starter for
>> us.
>>
>> I'm not aware of any other products like this. Does anyone have a
>> recommendation for a simple L2* device to deploy to customer premises? Not
>> necessarily the exact same thing, but something similarly-featured would be
>> ideal.
>>
>> *I'm not sure if the ANT is exactly "layer 2", but I don't know what else
>> to call it.
>>
>