Re: BGP peering strategies for smaller routers
Rib or Fib for the million - thats the question - but in any event the following will most likely work for you. BTW, full table is now over 600K in size. 1) Choose one Transit and take their full table. (pick whatever reasons cost savings, bigger pipe, coin flip, etc.) 2) With the second transit use a filter to drop all everything /22 or smaller. Now check your tables , see if you have enough room. 3) Next add your peers - no filtering and lpref those routes about the transits. 4) Ask both transits to send you a default route. If this doesn't fit, use some more policy filtering and while this is up and running begin the search for a router with larger tables to replace it...as the tables will soon grow larger. Thank You Bob Evans CTO > > > On 2/May/16 21:07, Mike wrote: > >> Hello, >> >> I have an ASR1000 router with 4gb of ram. The specs say I can get >> '1 million routes' on it, but as far as I have been advised, a full >> table of internet routes numbers more than 530k by itself, so taking 2 >> full tables seems to be out of the question (?). > > Sounds like you have enough router resources to do your peering and take > 2 full feeds. > > Mark. >
Re: Need BGP route check
Hello, here ya go. Routes: Destination PeerNext-HopLPref Weight MED AS-Path i 129.77.0.0/16 64.118.161.864.118.161.8722 2 0 6939 46887 14607 14607 *>i 129.77.0.0/16 64.118.161.13 64.118.161.13 725 2 0 6939 46887 14607 14607 i 129.77.0.0/16 69.22.143.161 69.22.143.161 355 2 10 4436 46887 14607 14607 i 129.77.0.0/16 216.129.125.5 216.129.125.5 355 2 301 8121 6939 46887 14607 14607 Routes: Destination LPref Weight MED Peer Next-Hop AS-Path - i 2620:0:2810::/48100 1 73060 2001:550:2:58::d:1 2001:550:2:58::d:1 174 46887 14607 14607 *>i 2620:0:2810::/48100 1 10 2001:590::4516:8fa1 2001:590::4516:8fa1 4436 46887 14607 14607 Thank You Bob Evans CTO > One of our upstreams is apparently having problems, although they don't > appear to know about it. I've seen an alert at BGPmon.net about our > prefixes being withdrawn, and I can't locate our prefixes through that > provider on any routeviews. Can someone check to see what ASPATHS you are > seeing for our prefixes? > > 129.77.0.0/16 > 2620:0:2810::/48 > > We should be advertised via AS6128 and AS46887 > > > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff | Fax: 914-694-5669 > > >
Quick question regarding: Problematic IPv6 Multicast traffic within an IX.
Is it true that managed Layer2 switches used by IX's can not block IPv6 multicast ingress port traffic from broadcasting to all ports ? ___Yes , seen many IXs with IPv6 multicast continuing yet IPv4 multicast is blocked. ___No , All should be able to bock IPv6 multicast. ___Only a few specific managed switch manufacturers have this issue with IPv6 multicast broadcasting. You're knowledge on this problem would be helpful. Thank You in advance. Bob Evans CTO
Re: Advertising rented IPv4 prefix from a different ASN.
Hi Andrew, It is possible, but I would do itHere is how and why. If they announce the larger CDIR you will need to keep them as one of you ISP's or you risk losing traffic due to other's inbound policy filtering. However, if they provide you a simple Letter of Authorization to announce the smaller rented CDIR you can use this letter to show other networks that you have the right to announce it and they can email/call to confirm. By announcing the smaller CDIR to others you should see the bulk of the traffic come in via the other backbones. You can "not reliably" multi-home the IPs without keeping the institution as one of your backbone providers (reason I wouldn't do it). You will always need a peering session with them where you announce to them your CDIR or they static route that traffic to you. Thank You Bob Evans CTO > Hello List, > > I work for a medium sized ISP. We are entering an agreement to rent > some IPv4 space from a local higher education institution. Being a > multi-homed ISP we would like to advertise the rented prefix from our > ASN. The prefix that will be advertised is a smaller subnet from the > higher educations block; they will continue to advertise the larger > prefix. > > What is the best way to accomplish this? Is there any way of doing this > without having to tunnel the traffic through the origin ASN? > > I feel if we just adverse the prefix it get put on a bogon list for > prefix hijacking. This space is rented long term but they are not > interested in reassigning the space to us. They also want to keep > advertising their prefix as one contiguous block. > > I appreciate any insight and information. > Thank you for your time, > Andrew. >
Re: Advertising rented IPv4 prefix from a different ASN.
It's possible that it is a university that has legacy IPs. You have to check. Thank You Bob Evans CTO > Andrew wrote on 8/4/2016 2:39 PM: >> This space is rented long term but they are not interested in >> reassigning the space to us. > > Isn't this a violation of their agreement with ARIN > (https://www.arin.net/resources/request/reassignments.html)? > > > > >
Amazon BGP engineer for AWS router help.
I have a customer working for an Amazon department/division. Amazon gave this department an AWS connection where we have an AWS cross connect and direct fiber path established. I have the path as well as the customer side BGP router configured and can ping the AWS router. The Amazon department with console access has setup issues and can not bring up BGP. I do not see a single message sent from their AWS virtual BGP router. They won't give me the access to the console to help fix things. They opened a ticket last Saturday and still waiting for AWS staff help. I want to help everyone be successful maybe they will give an Amazon router engineer access to the console. Please contact me via email offline. Thank You Bob Evans CTO
Re: Safe IPv4 Was: Re: premiumcolo.net IP address rental
Well, since someone is listing wholesalers of IPV4 space. I never grabbed any list to spam rental space offers that we have availablebut since all the large competitors are mentioned in your thread here. There is a lot of information on a site I maintain, http://RentIPv4.com It has some good tech information, for those unfamiliar with routing blocks where they can learn more about the IP shortage logistics and how router table limits are effected. Thank You Bob Evans CTO > The emails I've seen are looking to rent FROM us, not TO us. I've > received an email to every one of our ARIN POCs so I assumed they were > scraping whois data and marked it all as spam. > > Aaron > > > On 1/9/2017 12:40 PM, Martin Hannigan wrote: >> On Mon, Jan 9, 2017 at 11:20 AM, Matt Freitag wrote: >> >>> Joel, >>> >>> I can't speak to "premiumcolo.net" >>> >> Neither can I, but that may not mean much. Perhaps someone else can >> validate that they're reputable and can execute a transaction end to >> end? >> >> If you need IPv4 addresses for your network: >> >> 1. Make sure you have an IPV6 allocation from your favorite RIR and are >> using it >> 2. Apply for and receive a last /22 from RIPE. EVERYONE can do this. >> 3. Contact a reputable broker. >> >> The ones I have experience with (Alphabetical): >> >> A. Peter Thimmesch at Addrex http://www.addrex.net >> B. Amy Cooper at Hilco Streambank http://www.ipv4auctions.com/ >> C. Mike Burns at http://www.IPTrading.com >> >> ARIN also publishes a list (which is not a requirement to be able to >> transact or support transfers): >> >> >> https://www.arin.net/resources/transfer_listing/facilitator_list.html >> >> Network operators have many choices for answering their IP numbering >> needs >> these days. Including IPv6. >> >> Sorry to be a broken record on this topic, but it seems to come up a >> lot. >> And if you search the archives I'll suspect you'll find something >> similar >> to this a few time now. >> >> An educated network operator is the best kind. That's why we are here. >> >> YMMV and Best, >> >> -M< >> > > -- > > Aaron Wendel > Chief Technical Officer > Wholesale Internet, Inc. (AS 32097) > (816)550-9030 > http://www.wholesaleinternet.com > > >
Re: -Spam- BGP IP prefix hijacking
The more tools the better the net can become. I find that BGPmon.net is pretty good. I have not yet found anything else as good. You put in your prefixes and they email notify you of bgp changes they see with the AS hop string announcing. Helpful not just for hijacks - but to know that peers of peers are receiving your prefixes with your ASN. Thank You Bob Evans CTO > Hi All, > > I am planning to write a tool to detect real time BGP IP prefix hijacking. > I am glad to know some of the open problems faced by > providers/companies/community. > I would like to know how the community is currently dealing and mitigating > with such problems. > It will be very helpful to know some of the adopted strategies by the > community to detect bgp IP prefix hijacking and problems that are yet to > be > solved. > Also I would like to know some of the very well industry standard open > source tools used in the area of BGP which makes life easier. > > Regards, > Nagarjun >
Re: BGP IP prefix hijacking
OOPs the Spam thing is just our firewall indicator to possibility - meet a threshold level - i forgot to remove it when replying. Didnt mean to call your email spam. Thank You Bob Evans CTO > The more tools the better the net can become. > I find that BGPmon.net is pretty good. I have not yet found anything else > as good. > > You put in your prefixes and they email notify you of bgp changes they see > with the AS hop string announcing. Helpful not just for hijacks - but to > know that peers of peers are receiving your prefixes with your ASN. > > Thank You > Bob Evans > CTO > > > > >> Hi All, >> >> I am planning to write a tool to detect real time BGP IP prefix >> hijacking. >> I am glad to know some of the open problems faced by >> providers/companies/community. >> I would like to know how the community is currently dealing and >> mitigating >> with such problems. >> It will be very helpful to know some of the adopted strategies by the >> community to detect bgp IP prefix hijacking and problems that are yet to >> be >> solved. >> Also I would like to know some of the very well industry standard open >> source tools used in the area of BGP which makes life easier. >> >> Regards, >> Nagarjun >> > > >
Re: DWDM Optics cheaper than CWDM Optics?
I have been under the impression for years now that the age of the fiber may play a roll in which you prefer due to channel spacing needed to cram in more frequencies. Never really came across a real world situation where one didn't work as well as the other. There is probably more things to consider than the fiber's age. Thank You Bob Evans CTO > Hello, > > fs.com offers DWDM optics that are cheaper than CWDM optics: > CWDM 80km 10G for 600$ > http://www.fs.com/c/cisco-cwdm-sfp-plus-2425?70-80km > DWDM 80km 10G for 420$ > http://www.fs.com/c/cisco-dwdm-sfp-plus-2485?70-80km > > This is significant. > Is this for real? Has anybody bought their DWDM optics? > > Going with DWDM and passive Mux/Demux seems to be cheaper nowadays than > going with CWDM. > > Regards > Karl >
Re: Peering BOF/Peering social @NANOG69?
On that same topic, Peering, I would like to see the green peering dot for name badges. Kind of "one" of the fundamental things that NANOG came into existing over. Thank You Bob Evans CTO > I'm squinting at the Guidebook for NANOG69, > and I don't seem to see any peering BOF or > peering social this time around. Am I being > blind again, and it's on the agenda somewhere > but I'm just overlooking it? > Pointers in the right direction would be appreciated. > > Thanks! :) > > Matt >
Re: Peering BOF/Peering social @NANOG69?
I suggest in the future NOT to get rid of something because a new method is attempted. I.E nanog had a nice method of identifying potential and existing peers with a simple green dot at registration to indicate an individual was involved with BGP in their company. That went away and today there is nothing. Cost of implementation was less than 5 dollars at any office supply retailer. Just a thought. Thank You Bob Evans CTO > The Peering Personals has been shelved while we try to figure out a better > option. > > There was no peering content submitted to the Program Committee that > justified a separate track, and so they chose to include the content in > the general session throughout the program. > > Regards, > > -Dave > > On Feb 6, 2017, 8:12 AM -0500, Matthew Petach , > wrote: >> I'm squinting at the Guidebook for NANOG69, >> and I don't seem to see any peering BOF or >> peering social this time around. Am I being >> blind again, and it's on the agenda somewhere >> but I'm just overlooking it? >> Pointers in the right direction would be appreciated. >> >> Thanks! :) >> >> Matt >
Amazon AWS Europe issues
Anyone here form Amazon that can contact me offline about issues our customers are having regarding AWS problems connecting from our California network to Europe. One specific is ext-eu-km-80-global-market-live-2004446585.eu-west-1.elb.amazonaws.com (52.17.152.249) Thank You Bob Evans CTO
Re: Rising sea levels are going to mess with the internet
How much ocean water displacement is taking place in Hawaii as a result of eruptions? How about volcanoes we don't know about deep in the ocean? In the last 5 years, California governments have played a negative roll in the burning of well over a million acres. These carbon emissions are rarely calculated and considered as a cause of global warming. How many California miles driven in cars = one 250,000 acre fire? I don't know. Did you know there are adults in California that don't think burning trees emit carbon emissions that count unless it happens in a man made fireplace ? Yes, most of those people went to high school in California. But anyways - can we please drop the non-internet related discussions from filling my nanog filtered technical email folders? Lots of smart people to have discussions with in nanog...maybe we create a list called nanog-other-st...@nanog.org Thank You Bob Evans CTO > On 23/07/2018 20:03, Owen DeLong wrote: >> It shows China, the most heavy handed of the three economies in the >> graphic as having an accelerating growth in carbon emissions. It does >> show that the EU started a downward trend earlier than the US, but that >> the downward trend in the EU appears to be leveling off and the US >> downward trend looks to be steeper now and accelerating. >> >> In addition, if you drill down to the individual EU countries, several >> of them are, in fact, headed up while the more market-based members of >> the EU seem to be headed down or having leveled off after a sharp >> decline earlier. > > The data is flawed. The carbon emissions per country don't include > import, so you can just import the most carbon-heavy product from China > and you will see your country emissions falling and China's growing. > > And the carbon emission of USA doesn't include Pentagon, while any other > army is included in it's country numbers. > > So we can' really compare such flawed data - these are just numbers for > politicians but they have nothing in common with reality. > > Regarding rising sea levels - I wonder why nobody mentioned submarine > fiber landing stations. If something will be affected, it will be them. > > -- > Grzegorz Janoszka >
Reach for a Verizon "Mobility" Network Contact
Please contact me offline at b...@fiberinternetcenter.com NOT looking for verizon a cell phone dealer - NOT looking for a verizon business multi-phone plan sales person. Looking for the verizon mobility department , someone that can generate a contract for this specific service and has contacts within that part of the organization and knows the individuals by name. Thank You Bob Evans CTO
Re: GTT Regulatory Recovery Surcharge
I think it's because they need to...not for any legal reason, but to increase cash flow by every penny possible. As they just spend 2.3 billion dollars on an acquisition. Every penny they can add to a bill is an attempt to slow the bleeding that resulting from over borrowing. 3600 employees, huge major acquisitions half a billion here - 2 billion there, where is this money coming from? Buying sales organizations with no network? One has to ask is this a secretly government funded/owned business? If so, which government? Ours? Bob Evans CTO/Founder > On Dec 2, 2018, at 6:04 PM, Clayton Zekelman wrote: >> >> I can't imagine how the corporate sociopaths could justify charging an >> American recovery fee on a service delivered in Canada. > > I would speculate that the reason is ever popular âbecause they canâ. > > James R. Cutler > james.cut...@consultant.com > PGP keys at http://pgp.mit.edu
Any Github Experts online ?
Hello NANOGers, I have one customer that claims that 2 out of 17 downloads using the git command on github's service are slow and poor on our network when compared to others. However, when not using the git command , but using a simple web page link to a large zipped file from github, its always nice and fast. Using the git command 8% of the time being slow is unacceptable. Github just doesnt responds lethargically at best. BTW, have you seen how many hex digits a github ticket number is ? Of course Github says try a different ISP...Customer tries to tell me comcast is better ! What ! I dont believe it. No help from Github NOC - we have asked and asked... And we peer with Github and for some reason they do not transmit the Prefixes of the IP range that the customer uses for the git command. github.com resolve IPv4 is not in the prefix list. So the exit is transits. I need more clues. Is it the resources the git command uses when checking files for dates etc ? Thank You Bob Evans CTO
Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?
I think only 22% of networks with an AS announce IPv6 space. Is that correct ? Thank You Bob Evans CTO > On Mon, Mar 6, 2017 at 4:00 PM, Baldur Norddahl > wrote: >> Major ISPs have IPv6 support now. It is >> the sites (=servers) that are lacking. > > Hi Baldur, > > Not exactly. My Verizon FiOS does not support IPv6. Neither does my > Cox Cable Internet. My Verizon Wireless service supports IPv6 but my > AT&T Wireless service does not. > > All four of these entities have IPv6 somewhere in their networks but > that's not at all the same thing as saying they "have IPv6 support." > > IPv6 deployment has gathered some momentum, enough that it's unlikely > to sputter out, but it's still laughably weak. > > Regards, > Bill Herrin > > > > -- > William Herrin her...@dirtside.com b...@herrin.us > Dirtside Systems . Web: <http://www.dirtside.com/> >
Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?
I have had ipv4 transit with ATT for years (one provider of many)and the order originally placed was for both ipv4 and 6yep still waiting. Thank You Bob Evans CTO > On 3/6/17 14:04, Dennis Burgess wrote: >> Well try to get ATT to announce IPv6 though our AS! Lol Been on the >> phone with the for over a month. Still no ETA :( > > > Requests driven from the sales side should have the best results. > > Before Charter's sales turned into a hole of poor service, I had a > account manager that actually cared about the whole picture. I told him > the reason nobody before him was able to sell to us is because we have > requirements that need to be deliverable (no native IPv6 no sale), can't > deal in promises. Of course he's no longer there and I'm back to idiots > that just want to see how high of a price they can get you to sign for, > especially if you're already a customer there's no need to pretend to > care further. > > ~Seth >
Re: Purchased IPv4 Woes
Validating is a lot of work, but you have to do it. I know there are lots of blocks with RBL problems. Some spammers make so much money, they easily afford to buy small blocks , abuse them to make money, buy more blocks and put the olds up for sale. Careful price is rarely a tell about a bad block. Only the cost of their first block is their initial sunk cost, as they cycle through blocks. Thank You Bob Evans CTO > Indeed. > > Let this be a lesson: when purchasing blocks, one MUST do their due > diligence. Check the RBLs, senderbase, previous owner reputation, etc. > before buying. > > Caveat emptor. > > > On 3/11/17 3:13 PM, Martin Hannigan wrote: >> Which broker did you use fot the transaction? >> >> Did you get a discount for knowingly accepting a dirty block or is this >> a >> surprise? >> >> Are folks asking for warranties on acquired addresses these days? >> >> Cheers, >> >> -M< >> >> >> >> >> >> >> Best, >> >> -M< >> >> >> >> >> On Fri, Mar 10, 2017 at 12:11 Pete Baldwin wrote: >> >>> Hi All, >>> >>> Hopefully this is not taken in bad taste. Our organization >>> purchased some IP space last year (163.182.192.0/18 to be specific), >>> and >>> it appears that this block must have been used for less-than-admirable >>> purposes in the past. >>> >>> We have been trying to clean up the reputation where possible, and we >>> do >>> not appear to be on any blacklists, but we do appear to be blocked from >>> a lot of networks across the US/Canada.I am noticing a lot of name >>> servers blocking our requests, many web servers, gaming servers, mail >>> etc. >>> >>> This is a transition block for us to move towards v6 everywhere, but we >>> have many systems that will need to rely on this block of space for >>> some >>> time to come. >>> >>> We are a small rural co-op ISP in Ontario, and I am just writing this >>> email as an extra plea so that if you happen to run a network that has >>> this entire range on your naughty list, we would appreciate you giving >>> it another chance. I can be contacted on or off list, thanks. >>> >>> >>> -- >>> >>> >>> - >>> >>> Pete Baldwin >>> Tuckersmith Communications >>> (P) 519-565-2400 >>> (C) 519-441-7383 >>> >>> >
Re: Purchased IPv4 Woes
Pete's right about how IPs get put on the lists. In fact, let us not forget that these lists were mostly created with volunteers - some still today. Many are very old lists. Enterprise networks select lists by some sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8 as first - its easy and they think its better than their local ISP they pay yet they always call the ISP about slowness when 8.8.8.8 is for consumers and doesn't always resolve quickly. It's a tough sale. Once had a customer's employee abuse their mail server - it made some lists. Customer complained our network is hosting spammers and sticking them in the middle of a problem that is our networks. Hard win. Took us months to get that IP off lists. That was one single IP. We did not allow them to renew their contract once the term was over. Now, they suffer with comcast for business. ;-) Thank You Bob Evans CTO > On Sun, 12 Mar 2017, Pete Baldwin wrote: > >>So this is is really the question I had, and this is why I was >> wanting to >> start a dialog here, hoping that it wasn't out of line for the list. I >> don't >> know of a way to let a bunch of operators know that they should remove >> something without using something like this mailing list. Blacklists >> are >> supposed to fill this role so that one operator doesn't have to try and >> contact thousands of other operators individually, he/she just has to >> appeal >> to the blacklist and once delisted all should be well in short order. >> >>In cases where companies have their own internal lists, or only >> update >> them a couple of times a year from the major lists, I don't know of >> another >> way to notify everyone. > > I suspect you'll find many of the private "blacklistings" are hand > maintained (added to as needed, never removed from unless requested) and > you'll need to play whack-a-mole, reaching out to each network as you find > they have the space blocked on their mail servers or null routed on their > networks. I doubt your message here will be seen by many of the "right > people." How many company mail server admins read NANOG? How many > companies even do email in-house and have mail server admins anymore? :) > > Back when my [at that time] employer was issued some of 69/8, I found it > useful to setup a host with IPs in 69/8 and in one of our older IP blocks, > and then do both automated reachability testing and allow anyone to do a > traceroute from both source IPs simultaneously, keeping the results in a > DB. If you find there are many networks actually null routing your > purchased space, you might setup something similar. > > -- > Jon Lewis, MCP :) | I route > | therefore you are > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ >
Re: Conference Videos
I have referred to online sessions from the past several times. NANOG is great at preserving information, compared to other conferences. In addition, if you attend a conference, say you have to missed a session due to business distractions, you can usually watch it that evening in your room. If you stayed out too late and you'd rather have a late breakfast and order room service, you can watch/attend sessions virtually from your room. Thank You Bob Evans CTO > >> On Mar 13, 2017, at 2:52 PM, Mike Hammett wrote: >> >> Another organization I'm in has a hard policy of no recordings of any >> sessions at their conferences. They think that recordings of content >> (even vendor-sponsored, vendor-specific sessions with vendor consent) >> would have a catastrophic effect on conference attendance. >> >> NANOG doesn't seem to have that issue. Any background on the process to >> get there? Any regrets? >> > > Many attendees also find value in the parts of the conference that aren't > recorded, like hallway conversations, informal meetings, and even social > events. > > Keeping and maintaining the archive of slides and video recordings is an > essential part of NANOG's educational mission, which was key to obtaining > and maintaining the IRS 401(c)(3) nonprofit status. > > So at least for the time I was on the Board, not only were there no > regrets, but we worked hard to maintain and enhance the video experience. > Steve > > >
Re: Government agency renting or selling IP space
Simple to check. Most likely legacy space if early 90s. Enter them in the ARIN search box and learn more. And note if the agency is paying arin annually? Possible? Thank You Bob Evans CTO > I have a government agency client with a number of /24s that they acquired > back in the 1990s when they operated as an ISP for other agencies. They > are interested in renting or selling these addresses. Are there any > existing ARIN or other legal restrictions against government organizations > doing this? > > -mel beckman
Re: Purchased IPv4 Woes
I am for naming the companies that extort for via RBLs. Spamming is so wide spread even the domain name company Godaddy leveraged it as a profit center. Godaddy, in it's early beginnings. Years ago. I know from experience that this happensGodaddy demanded money from me for spamming. I had to pay $150 or $250 ? I had several domains with them that were not even being used, beyond a webpage placeholder and I ran my own DNS server for my domains. After paying, they released my domain to function again. They claimed and promised they would provide the proof "after I paid"... employees and all kinds of lines about why they could not show you until after you paid. I paid and Godaddy suddenly lost the proof. I am sure it was part of a profit center as I know others that had this happen with Godaddy. Think about it Godaddy didnt even provide me a service using an IP address of theirs. It was the domain they held hostage with their DNS server. There should be a class action against them - just to expose it - (people never get the real money the lawyers do in a class action). Now that they are public some lawyer should look into the records and find all the extortion money gathered years ago. Contact those domain owners at the time. Would surprise me if the RBL owners were ex Godaddy employees that saw this leverage opportunity. Thank You Bob Evans CTO > Would you mind naming the company so that they can be publicly shamed? > That > is nothing sort of extortion. > > On Mar 19, 2017 10:36 PM, "Justin Wilson" wrote: > >> >> Then you have the lists which want money to be removed. I have an IP >> that >> was blacklisted by hotmail. Just a single IP. I have gone through the >> procedures that are referenced in the return e-mails. No response. My >> next step says something about a $2500 fee to have it investigated. I >> know >> several blacklists which are this way. Luckily, many admins do not use >> such lists. >> >> >> Justin Wilson >> j...@mtin.net >> >> --- >> http://www.mtin.net Owner/CEO >> xISP Solutions- Consulting â Data Centers - Bandwidth >> >> http://www.midwest-ix.com COO/Chairman >> Internet Exchange - Peering - Distributed Fabric >> >> > On Mar 12, 2017, at 9:10 PM, Bob Evans >> wrote: >> > >> > Pete's right about how IPs get put on the lists. In fact, let us not >> > forget that these lists were mostly created with volunteers - some >> still >> > today. Many are very old lists. Enterprise networks select lists by >> some >> > sort of popularity / fame - etc.. Like how they decide to install >> 8.8.8.8 >> > as first - its easy and they think its better than their local ISP >> they >> > pay yet they always call the ISP about slowness when 8.8.8.8 is >> for >> > consumers and doesn't always resolve quickly. It's a tough sale. >> > >> > Once had a customer's employee abuse their mail server - it made some >> > lists. Customer complained our network is hosting spammers and >> sticking >> > them in the middle of a problem that is our networks. Hard win. Took >> us >> > months to get that IP off lists. That was one single IP. We did not >> allow >> > them to renew their contract once the term was over. Now, they suffer >> with >> > comcast for business. ;-) >> > >> > Thank You >> > Bob Evans >> > CTO >> > >> > >> > >> > >> >> On Sun, 12 Mar 2017, Pete Baldwin wrote: >> >> >> >>> So this is is really the question I had, and this is why I was >> >>> wanting to >> >>> start a dialog here, hoping that it wasn't out of line for the list. >> I >> >>> don't >> >>> know of a way to let a bunch of operators know that they should >> remove >> >>> something without using something like this mailing list. >> Blacklists >> >>> are >> >>> supposed to fill this role so that one operator doesn't have to try >> and >> >>> contact thousands of other operators individually, he/she just has >> to >> >>> appeal >> >>> to the blacklist and once delisted all should be well in short >> order. >> >>> >> >>> In cases where companies have their own internal lists, or only >> >>> update >> >>> them a couple of times a year from the major lists, I don't know of >> >>> another >> >>> way to notify everyone. >> &
Re: AWS us-west-2 routed through Europe from NY?
Is this still happening? Thank You Bob Evans CTO > Phil, > > The traceroute was done by a coworker in Quebec on April 26, from one of > our corporate offices. His IP address was probably 104.163.180.188 at > the time. He was tracing one of our endpoints in AWS us-west-2; I do not > know which IPs our endpoint had at the time, but one of its current IPs > is 52.89.73.31 > > This is the trace as he described it: > > Route > - #1: 2.7 ms >IP Address: 192.168.1.1 >Hostname: local >TTL: 64 > - #2: 34.8 ms >IP Address: 10.170.162.238 >TTL: 50 > - #3: 17.3 ms >IP Address: 10.170.192.53 >TTL: 250 > - #4: 16.7 ms >IP Address: 74.116.184.145 >Hostname: 0.xe-11-1-0.er1.mtl7.ebox.ca >TTL: 249 >AS Number: AS1403 >AS Name: EBOX >Country Name: Canada >Country Code: CA >Time Zone: America/Toronto >Region: Quebec >City: Vieux-Saint-Laurent >Latitude: 45.475 >Longitude: -73.696 > - #5: 15.6 ms >IP Address: 213.248.76.201 >Hostname: motl-b1-link.telia.net >TTL: 248 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #6: 31.8 ms >IP Address: 62.115.134.52 >Hostname: nyk-bb4-link.telia.net >TTL: 247 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #7: 47.7 ms >IP Address: 213.155.136.19 >Hostname: chi-b21-link.telia.net >TTL: 246 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #8: 89.7 ms >IP Address: 62.115.117.48 >Hostname: sea-b1-link.telia.net >TTL: 245 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #9: 90.7 ms >IP Address: 62.115.34.102 >Hostname: amazon-ic-302508-sea-b1.c.telia.net >TTL: 244 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #10: 86.3 ms >IP Address: 52.95.52.80 >TTL: 239 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Washington >City: Seattle >Latitude: 47.634 >Longitude: -122.342 > - #11: 80.8 ms >IP Address: 52.95.52.97 >TTL: 241 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Washington >City: Seattle >Latitude: 47.634 >Longitude: -122.342 > - #12: 86.1 ms >IP Address: 54.239.43.124 >TTL: 240 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Washington >City: Seattle >Latitude: 47.610 >Longitude: -122.334 > - #13: 94.3 ms >IP Address: 52.93.13.12 >TTL: 235 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #14: 86.5 ms >IP Address: 52.93.12.249 >TTL: 238 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #15: 111.7 ms >IP Address: 52.93.12.140 >TTL: 234 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #16: 92.6 ms >IP Address: 52.93.12.173 >TTL: 234 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #17: 88.3 ms >IP Address: 52.93.15.217 >TTL: 236 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #18: N/A >TTL: 0 > > > We expected that trace to go straight East Coast / West Coast, but > instead it went through Europe. > > For comparison, this is a trace also by same coworker to > api.postmates.com, which was correctly routed on the shortest > geographical path (more or less): > > Route > - #1: 3.0 ms >IP Address: 192.168.1.1 >Hostname: local >TTL: 64 > - #2: 29.0 ms >IP Address: 10.170.162.
Anyone here from ihotelier.com or travelclcik.com or gramtel.net
Hello, I have 3 customers experiencing routing issues all day to admin.ihotelier.com When the problem occurs the trace stops and drops at a gramtel.net router or server. That traces through GTT then Zayo and halts at gramtel.net. When I put in a temp static around it via another transit it hops through PNAP.net and works fine. I would like to get rid of my temp route for the admin.ihotelier.com /24 range. Thanks Bob Evans CTO
Any one here from CyrusOne ?
Hi, Looking for off-line CyrusOne NOC assistance to help our mutual customers reach each others servers. I do not think the issue is CyrusOne's , but it is most likely a CyrusOne customer's that has no network people that comprehend routing issues. 2 days now , I need a little insight. My work around is via a transit provider that does not go through a Cyrusone hop. Whenever Cyrusone and gramtel.net hop appears customer packets drop at gramtel.net hop. On GTT from Amsterdam to ihotelier.com IPv4 traceroute to 199.167.220.52 HOST: cr2-ams1-re1Loss% Snt Last Avg Best Wrst StDev 1. lag-12.ear3.Amsterdam1.Level 0.0% 5 601.2 121.0 0.8 601.2 268.4 2. ??? 100.0 50.0 0.0 0.0 0.0 0.0 3. CYRUSONE-LL.ear2.Chicago2.Le 0.0% 5 94.3 94.4 94.2 94.7 0.2 4. 169.64.242.209.gt001.gramtel 0.0% 5 95.6 94.8 94.4 95.6 0.5 5. ??? 100.0 50.0 0.0 0.0 0.0 0.0 >From Chicago ... IPv4 traceroute to 199.167.220.52 HOST: cr1-chi1-re1Loss% Snt Last Avg Best Wrst StDev 1. as3356.chi11.ip4.gtt.net 20.0% 58.4 3.0 1.0 8.4 3.6 2. ??? 100.0 50.0 0.0 0.0 0.0 0.0 3. CYRUSONE-LL.ear2.Chicago2.Le 0.0% 51.9 1.9 1.9 2.0 0.0 4. 169.64.242.209.gt001.gramtel 0.0% 52.1 2.4 2.1 3.1 0.5 5. ??? 100.0 50.0 0.0 0.0 0.0 0.0 On Hurricain Electric from Fremont to ihotelier.com hits and stops at gramtel.com core1.fmt1.he.net> traceroute 199.167.220.57 source-ip 216.218.252.161 numeric Target199.167.220.57 11 ms<1 ms<1 ms10ge7-3.core1.sjc2.he.net (72.52.92.110) 2<1 ms<1 ms14 ms asn-qwest-us-as209.10gigabitethernet10-10.core1.sjc2.he.net (216.218.230.250) 351 ms89 ms61 mscer-edge-19.inet.qwest.net (67.14.122.141) 4132 ms48 ms59 ms65.123.102.162 563 ms48 ms52 ms209.242.80.97 648 ms49 ms50 ms 169.64.242.209.gt001.gramtel.net (209.242.64.169) 7***? 8 * * Thank You Bob Evans CTO
Re: Leasing /22 blocks
You must look deeply into the company you lease IPs too. Have a contract - there is one on RentIPv4.com you can download, copy and modify. (I created it, I say you can do that if you need one.) But the contract is a small partBecause companies come and go. You must be able to verify many things about the company - how long in business - explore previous IPs they utilized... what they plan to do with them, will thier customers spam with them, etc. If not you run a greater risk of getting back IPs that are on international black lists. Many of those will require you to pay a ransom fees to be removed blocks. Thank You Bob Evans CTO > On Fri, May 26, 2017 at 04:44:52PM +, Security Admin (NetSec) wrote: >> Recently had someone offer to lease some IPv4 address space from me. >> Have never done that before. >> >> I thought I would ask the group what a reasonable monthly rate for a >> /22 in the United States might be. > > Let me just set up my crystal ball. Perhaps I can divine the future of > your address space. Hmmm. It's a little cloudy. A lot of retransmits. > What if I adjust this here -- nope, that's upping the packet loss. > Maybe ...? Ahh, yes. It's starting to take shape. I see ... > > I see your IP space being used for abuse. It's appearing on every > blacklist imaginable. Whole segments of the Network null route it. > Hmmm. It's being returned to you by the spamm--clients. About a week > later. You're sitting there with a couple hundred dollars. And a > letter from ARIN. You look .. sad. Yes, definitely sad. > > I'd recommend not doing that. > > -- > . ___ ___ . . ___ > . \/ |\ |\ \ > . _\_ /__ |-\ |-\ \__ >
Re: Long AS Path
My cut off is 6 ASNs - more than 6 and it never makes it to the FIB.
However, for this to be viable with plenty of unique prefixes to maintain
a large table, we have lots and lots of direct big and small peers and
much more than the usual amount of transit neighbors in our network.
Silicon Valley companies are very demanding for the fasted path with the
lowest number of router hops. ASN hops almost always lead to more router
hops in the trace. We have customers that call us if everything is fine
and they want to shave off milliseconds to favorite destinations. Picky,
picky, picky.
I am wondering how may other networks get requests (more like demands)
from customers wanting you to speed packets up to and from a specific
office in India or China. Customers knowing nothing about their office ISP
overseas. BTW, it's almost always they have the cheapest congested shared
office connection in the building overseas (especially in India). So they
can't do anything there except "pretend" about the bandwidth available.
About all they know is the IP address of the VPN and they were told they
have a full gig connection. Sure they have a gig port, but it's on a
switch together with 10 building neighbors that all also have a gig port
on a circuit to the building that no one can maintain a gig for more than
3 ms. Go ahead try and fix that latency packet dropping issue with a
firewall on both ends with SPI turned on in both directions. It's your
fault if you cant make it better. After all their VPN from London to
Bangalore works fine. And the ones in China all work fine to and from
Australia.
Anyways, I always wondered is it just me or do others get these kind of
requests?
Thank You
Bob Evans
CTO
> Steinar,
>
> What reason is there to filter them? They are not a significant fraction
> of BGP paths. They cause no harm. It's just your sense of tidiness.
>
> You might consider contacting one of the operators to see if they do have
> a good reason you haven't considered. But absent a good reason *to* filter
> them, I would let BGP mechanics work as intended.
>
> -mel beckman
>
> On Jun 21, 2017, at 12:57 AM, "sth...@nethelp.no"
> wrote:
>
>>> Just wondering if anyone else saw this yesterday afternoon ?
>>>
>>> Jun 20 16:57:29:E:BGP: From Peer 38.X.X.X received Long AS_PATH=3D
>>> AS_SEQ(2=
>>> ) 174 12956 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456
>>> 234=
>>> 56 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456
>>> 23456 =
>>> 23456 23456 23456 23456 23456 ... attribute length (567) More than
>>> configur=
>>> ed MAXAS-LIMIT
>>
>> There are quite a few examples of people using stupidly long AS paths.
>> For instance
>>
>> 177.23.232.0/24*[BGP/170] 00:52:40, MED 0, localpref 105
>> AS path: 6939 16735 28163 28163 28163 28163 28163
>> 28163 28163 28163 28163 28163 28163 28163 28163
>> 28163 28163 28163 262401 262401 262401 262401
>> 262401 262401 262401 262401 262401 262401 262401
>> 262401 262401 262401 262401 262401 262949 52938
>> 52938 52938 52938 52938 52938 52938 52938 52938
>> 52938 52938 I
>>
>> I currently have 27 prefixes in my Internet routing table with 40 or
>> more ASes in the AS path (show route aspath-regex ".{40,}").
>>
>> I see no valid reason for such long AS paths. Time to update filters
>> here. I'm tempted to set the cutoff at 30 - can anybody see a good
>> reason to permit longer AS paths?
>>
>> Steinar Haug, Nethelp consulting, sth...@nethelp.no
>
Re: BGP peering question
There is one more thing to consider based on your app or content latency criteria needs. Do you provide a service that performs better with low latency - such as live desktop, live video/voice. You may wish to peer to have more control and more direct path to your customer base. If you identify your customer base in a specific region - then explore the best peering exchange points to utilize in that region. This can help you reduce your packet hop count/ deliver time, etc. etc.. Thank You Bob Evans CTO > On Mon, Jul 10, 2017 at 4:12 PM, craig washington < > craigwashingto...@hotmail.com> wrote: > >> Newbie question, what criteria do you look for when you decide that you >> want to peer with someone or if you will accept peering with someone >> from >> an ISP point of view. > > > I assume you mean "reciprocal peering" in the sense of shortcut from your > customers to their customers rather than the more generic sense that any > BGP neighbor is a "peer". > > 1. What does it cost? If you and they are already on an IX peering switch > or you're both at a relaxed location where running another cable carries > no > monthly fee, there's not much down side. > > 2. Is the improvement to your service worth the cost? It's not worth > buying > a data circuit or cross-connect to support a 100kbps trickle. > > 3. Do you have the technical acumen to stay on top of it? Some kinds of > breakage in the peering link could jam traffic between your customers and > theirs. If you're not able to notice and respond, you'd be better off > sending the traffic up to your ISPs and letting them worry about it. > > If the three of those add up to "yes" instead of "no" then peering may be > smart. > > Regards, > Bill Herrin > > > -- > William Herrin her...@dirtside.com b...@herrin.us > Dirtside Systems . Web: <http://www.dirtside.com/> >
Re: Best way to San Jose Fairmont from SFO?
Depending on commute times with traffic - you will most likely travel 101 south. Uber works well from SFO. You catch an Uber ride on the arrival level. Rental carGoogle Maps knows several pathways. But it will most likely take you via 101. This hotel is popular in downtown San Jose - not hard to find. Train and Bus travel is not worth considering. However, there are airport shuttle van services like supershuttle 4-5 passengers being dropped off on your way south. Thank You Bob Evans CTO > Hi all, > > I'm flying in for the conference, landing in San Francisco. What's the > best way to get from SFO to the conference hotel? > > Thanks, > > -- Stephen >
Re: Peering at public exchange authentication
Almost all good and popular peering points utilize MAC locks on ports for all peers. (With few exceptions. ) To hijack a bgp session one would need not only a port on the peering network but a MAC address registered with the peering network - or their packets won't transverse the port through the switches to your port. So the extra CPU load of MD5, in my opinon, is a waste on an peering edge router with many peers. With lots of peers on a router - all the timing and table building after a needed maintenance reboot could lead to table building slowness and establishment timing sluggishness issues (depending on the router of course). If a peering network doesn't lock most all participants (and any router servers they have) by the MAC of the peering device I won't be a participant. All that said - I know of a way a customer of a network can create havoc by using a device/router that allows the MAC to be modified like a variable. However, for the most part that havoc would be limited to that network that hacking customer is located on. This would also be a truly rare event as there needs to be something the network also allowed for the customer to get routable layer 2 access to the peering port. Bob Evans CTO > MD5 on BGP Considered Harmful > > -- > TTFN, > patrick > > Composed on a virtual keyboard, please forgive typos. > > >> On Sep 29, 2017, at 13:41, craig washington >> wrote: >> >> Hello all, >> >> >> Wondering your views or common practices for using authentication via >> BGP at public exchange locations. >> >> Just for example, lets say you peer with 5 people in the TELX in >> Atlanta, do you require them to all use authentication for the BGP >> session? >> >> Ive seem some use it and some not use it, is it just a preference? >
Any one from Akamai here ? Got a problem.
We do not know why we are being blockedat www.costco.com Name: e6025.a.akamaiedge.net Address: 104.96.118.20 Appears only via Los Angeles. Other paths , via San Jose , Palo Alto - via other transits all work fineto this IP address. Here is the error reported to several sites all on Akamai. Access Denied You don't have permission to access "http://www.costco.com/"; on this server. Reference #18.c60ad717.1511897450.524468b7 Access Denied You don't have permission to access "http://www.costco.com/services.html"; on this server. Reference #18.c60ad717.1511898193.52508dce Access Denied You don't have permission to access "http://www.loopnet.com/index.html"; on this server. Reference #18.940ad717.1511898022.2f14cff8 Thank You Bob Evans CTO
Re: IPv4 smaller than /24 leasing?
That site you quoted looks like text that I created. For CloudIPv4.com (part of RentIPv4.com). To peer most networks require assigned IPv4 space. Most networks do not want to burn a /24 to peer. The local peering routers will propagate a /25... /30.. etc. from the peering platform to the rest of the their own network's routers but usually never beyond - keeps it internal within the network's own BGP sessions. However, you can not expect the /25.. /30 to be propagated beyond the network you have a BGP session with - I.E. transits will filter the subnets /25.../30. I have seen an exception locally or regionally it was agreed too propagate outside the network. Thank You Bob Evans CTO > Le 2018-01-04 20:16, Job Snijders a écrit : >> On Thu, 4 Jan 2018 at 20:13, Filip Hruska wrote: >> >>> I have stumbled upon this site [1] which seems to offer /27 IPv4 >>> leasing. >>> They also claim "All of our IPv4 address space can be used on any >>> network >>> in any location." >>> >>> I thought that the smallest prefix size one could get routed globally >>> is >>> /24? >> >> >> Yes >> >> So how does this work? >>> >> Probably with GRE, IPIP or OpenVPN tunnels. >> >> Kind regards, >> >> Job > > IPv4 /24 is commonly the minimal chunk advertised to (and accepted by) > neighbors. If I run a global (or regional) network, I may advertise this > /24 -- or rather an aggregate covering it -- over my diverse > interconnection with neighbors, your /27 being part of the chunk and > routed to you internally (if you're va customer)-- no need for > encapsulation efforts. Similar scenario may be multi-upstream, subject > to acceptance of "punching holes in aggregates"... Am I missing > something? What's the trigger for doing tunneling here? > > Happy New Year '18, by the way ! > > mh >
RE: IPv4 smaller than /24 leasing?
Agreed, Reputation is everything. It is why we only work with well known Legacy IPv4 space at this time (hence, use anywhere statement). Our space rents for about 4x other space found on other sites. We don't do the volume business of our competitors. Those businesses with questionable address space will always be around as there are always customers for fast, cheap, without the good reputation. Most customers for that fast cheap space have no clue how to verify space until a problem arises. After the fact, they usually end up in trouble, spending much more money to not only educate themselves but also on the labor involved in re-numbering. About your second point - "would rather have a block assigned by a reputable upstream provider" - I agree, if it was for say a real estate office access, one could simply ask everyone to wait it out or send everyone home and ask them to use their DSL or cable operator when it's broke. We rent out /24s (and up) because some upstreams won't provide a full /24 and some of those networks send those customers to us. Do to the limited IPv4 availability, many no longer entertain portability for their assigned space. Multi-homing become issues of labor and they don't want to deal with it with their assigned space. With one ASN announcing your space, it means your down when they have maintenance or limited reach when they have other routing issues. Today, it makes sense to go with quality wholesale IPv4 space from a 3rd party. You can look at the IPs as an R.O.I opportunity as customers understand supply-demand and will pay 10x for space they need. It more than pays for itself in network reliability and labor saved. For those that don't need multi-home today, it's wise to consider expansion down the road and have already planned tomorrow's improved network ability to multi-home. As the cost later to re-number to multi-home. Or worse, discover you need to re-number because that network that provided you the space called it back to give to a bigger customer or won't let you announce it on other networks they specify where your cost for bandwidth would be lower. So, there are many reasons to obtain clean independent space - but most are related to future expansion abilities and future flexibility. "There is a market somewhere for just about anything." Hope this info helps, Thank You Bob Evans CTO > > Yes, exactly right. You would probably have to tunnel the /27 back to > where the >/24 lives. That's the only way I can see of it working > "anywhere". That's a technically valid solution but maybe not so hot if > you are looking for high redundancy/availability since you are dependent > on the tunnel being up and working. > > As always the reputation of the aggregate is going to be critical as to > how well this works for you. It seems to me that increasingly these > "portable" blocks have murky histories as spam and malware sources. I > would rather have a block assigned by a reputable upstream provider than > to do this. > > Steven Naslund > Chicago IL > >> Le 2018-01-04 20:16, Job Snijders a écrit : >>> On Thu, 4 Jan 2018 at 20:13, Filip Hruska wrote: >>> >>>> I have stumbled upon this site [1] which seems to offer /27 IPv4 >>>> leasing. >>>> They also claim "All of our IPv4 address space can be used on any >>>> network in any location." >>>> >>>> I thought that the smallest prefix size one could get routed >>>> globally is /24? >>> >>> >>> Yes >>> >>> So how does this work? >>>> >>> Probably with GRE, IPIP or OpenVPN tunnels. >>> >>> Kind regards, >>> >>> Job >> >> IPv4 /24 is commonly the minimal chunk advertised to (and accepted by) >> neighbors. If I run a global (or regional) network, I may advertise this >> /24 -- or rather an aggregate covering it -- over my diverse >> interconnection with neighbors, your /27 being part of the chunk and >> routed to you internally (if you're va customer)-- no need for >> encapsulation efforts. Similar scenario may be multi-upstream, subject >> to acceptance of "punching holes in aggregates"... Am I missing >> something? What's the trigger for doing tunneling here? >> >> Happy New Year '18, by the way ! >> >> mh >> > > >
Re: IPv4 smaller than /24 leasing?
Marketplaces - supply and demand and costs to operate as Bill noted (never thought of that) will settle out the need. Thank You Bob Evans CTO > I am looking at it from an ARIN justification point. If you are a small > operator and need a /24 you have justification if you give customerâs > publics, but is it a great line if you are only giving out publics for > people who need cameras or need to connect in from the outside world. If I > need a /24 and I donât really use it all am I being shady? It becomes a > âhow much of a grey area is thereâ kind of thing. > > > Justin Wilson > j...@mtin.net > > www.mtin.net > www.midwest-ix.com > >> On Mar 13, 2018, at 1:37 PM, William Herrin wrote: >> >> On Tue, Mar 13, 2018 at 1:19 PM, Justin Wilson wrote: >>> I agree that the global routing table is pretty bloated as is. But >>> what kind of a solution for providers who need to participate in BGP >>> but only need a /25? >> >> Hi Justin, >> >> If you need a /25 and BGP for multihoming or anycasting, get a /24. >> The cost you impose on the system by using BGP *at all* is much higher >> than the cost you impose on the system by consuming less than 250 >> "unneeded" Ip addresses. >> >> I did a cost analysis on a BGP announcement a decade or so ago. The >> exact numbers have changed but the bottom line hasn't: it's >> ridiculously consumptive. >> >> Regards, >> Bill Herrin >> >> >> >> -- >> William Herrin her...@dirtside.com b...@herrin.us >> Dirtside Systems . Web: <http://www.dirtside.com/> >> > >
Re: US to relinquish control of Internet
> (As if the US has "control" anyway) > > It's all over the "popular press", strange I haven't seen it here. > > > <http://thehill.com/blogs/hillicon-valley/technology/200889-us-to-relinquish-internet-control> > > <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> > > <http://www.icann.org/en/news/announcements/announcement-2-14mar14-en.htm> > <http://www.icann.org/en/news/announcements/announcement-14mar14-en.htm> > <http://www.icann.org/en/news/announcements/announcement-14mar14-en.htm> > > Etc., etc. > > It's nice of the DoC to "relinquish" control, but I really don't see it > changing much other than quieting down some hype from countries that were > saying they were pissed at the US for "controlling" the Internet. And I > couldn't really see those countries doing anything about it unless the US > did something actually bad, which they wouldn't do IMHO. > > Was I being a pollyanna? Yep, way to optimistic. The world always wants the success of capitalism as long as they don't have to create the climate for it, they just want it handed to them. Once they have it they turn it back toward socialism and proceed to F%^$ it up. Gee, sound like the direction our system's been trying to go in for the last 6 years. Bob Evans > > -- > TTFN, > patrick > >
Re: Level 3 blames Internet slowdowns on Technica
Well, don't forget the labor, taxes, business licenses fees, county taxes on chairs, Obama care, accountants and time required. Bob Evans CTO Bob Evans CTO Do you need IPv4 space to lease, space you can use until IPv6 is the standard? > On Fri, Mar 21, 2014 at 10:25 AM, Naslund, Steve > wrote: >> Nice idea, too bad no one can make any money on building infrastructure >> but not selling the services on top of it. Remember Global Crossing? >> You are asking one company to put up all the capital expense and then >> try to recover it by allowing access to their infrastructure to anyone >> at low rates. Not gonna work. Just on a piece of paper, figure out >> what it costs to get fiber to your neighborhood from the nearest central >> office and then how much you have to charge to pay for that. If you can >> get a reasonable price that returns your investment within 20 years, I >> will be impressed. > > IIRC, GLBX didn't receive taxpayer funded subsidies, nor municipal > bonds, in order to roll out their infrastructure. > > I would gather that a fiber plant, on whole, costs less than the > number of subscribers, multiplied by average monthly bill, and again > by average length of service not to mention 20 years. > > -Jim P. > >
Re: misunderstanding scale (was: Ipv4 end, its fake.)
I agree with "one" thing herein > In order for IPv6 to truly work, everyone needs to be moving towards IPv6. Yep, chicken and the egg. I agree. We built an IPv6 "native" network - no tunneling - no customers to speak of ... didn't even bother to start IPv6 peering on it. > Maintaining dual protocols for the entire internet is problematic, > wasteful, and horribly > inefficient at best. Bottom line, the internet outgrew IPv4 almost 30 > years ago and > weve been using various hacks like NAT as a sort of IPv4 life-support > ever since. 30 years - oh, come on now - maybe it outgrown on someone's EBITDA chart they handed an investor. At least a couple of decades of exaggeration in that number. > > Ask any doctor about the prospects for a patient on life support for years > at a time > and they will probably laugh at you. Patients rarely survive more than a > few days > on life support, let alone weeks, months, or even years. > > Yes, weve done really well with internet life support. So well that many > have been > lulled into a false sense of safety believing that these extreme measures > can be > continued indefinitely and scaled well beyond their breaking points. > > There is little visibility into the escalating cost and complexity of > these measures > and even less awareness of the relative ease of deploying IPv6 compared to > most > of these mechanisms. Sorry Owen - bad analogy - unlike a person, IPv4 won't die because it can't accommodate more - here's a reality analogy for you. In the Internet Casino, all the Internet black jack tables are full. All seats taken. The players don't want to play with the new blue chip IPv6 currency. So the house simply raises IPv4 green chip minimum limit for a seat. An there you have it, how much is someone willing to pay for space in the Internet casino. Well, it's much more than free and probably close to the dollar level in the presentation by Lee Howard at an ARIN meeting (I think it was in Barbados or maybe I have that meeting place wrong and it was NANOG) ... Well, $40/month per IP address will be the pain level for all customers to finally cash-in the IPv4 chips and move to IPv6. While the world is not capitalistic, the USA is. Just because it works in Sweden doesn't mean it's ready to work here (Health Care). So what percentage of web pages are my USA customers reading in foreign languages ? Gee, the world doesn't need more IPv4 space to make an english page available to reach a US customer. Not much when they move their language base of users to IPv6 they will find they have plenty of IPv4 space left over. And what percentage of my customer base needs to put up IPv6 web pages ? Not many most of the world can't afford our goods - so that leaves a small percentage of US sites that need IPv6 and probably already have begun that in place. Thus far, IPv6 has been the "Field of Dreams" those of us who have built it, we know they have not yet come (the IPv6 customers). That's all this discussion is really about is "when will they come". I know the core of the Internet will be IPv4 for many years. All one has to do is talk to a few customer to find out that they are in no hurry. It's a no-brainer, because , none of us charges a customer more than than lunch money for an IPv4 address. Now, if you tell me all the porn site owners were great net citizens, ready to move to IPv6 and shut off IPv4 access, well then I can see things moving along much faster. Bob Evans Founder/CTO Fiber Internet Center > > Owen > > On Mar 22, 2014, at 2:25 AM, Bryan Socha wrote: > >> Fair point. There are some situations that do need more than most, but >> aren't they the ones that should be on ipv6 already??? >> >> I know a few are shouldn't I be on ipv6 and that's fair too. I'm >> plqnnning some speaking engagements to cover that. Its not blind and >> ignoring. >> On Mar 22, 2014 4:36 AM, "TJ" wrote: >> >>> Millions of IPs don't matter in the face of X billions of people, and >>> XX-XXX billions of devices - and this is just the near term estimate. >>> (And don't forget utilization efficiency - Millions of IPs is not >>> millions of customers served.) >>> >>> Do IPv6. >>> /TJ >>> >>> On Mar 22, 2014 3:09 AM, "Bryan Socha" wrote: >>>> >>>> As someone growing in the end of ipv4, its all fake.Sure, the rirs >>> will >>>> run out, but that's boring.Don't believe the fake auction sites. >>>> Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 >>>> for >>> no >>>> spam and $4 for legacy.Stop the inflation. Millions of IPS >>>> exist, >>>> there is no shortage and don't lie for rirs with IPS left. >>> > > >
Re: misunderstanding scale (was: Ipv4 end, its fake.)
Bob Evans CTO > > > On 3/24/14 9:12 PM, "Bob Evans" wrote: > >> >>I agree with "one" thing herein >> >>> In order for IPv6 to truly work, everyone needs to be moving towards >>>IPv6. >> >>Yep, chicken and the egg. I agree. We built an IPv6 "native" network - no >>tunneling - no customers to speak of ... didn't even bother to start IPv6 >>peering on it. > > How would there be traffic if you have no peering? 4 IPv6 transits and a handful of customers. Today, we only provide fiber service to businesses. Tiny traffic - no IPv6 peering at IX locations. > > >> >>An there you have it, how much is someone willing to pay for space in the >>Internet casino. Well, it's much more than free and probably close to the >>dollar level in the presentation by Lee Howard at an ARIN meeting (I >> think >>it was in Barbados or maybe I have that meeting place wrong and it was >>NANOG) ... Well, $40/month per IP address will be the pain level for all >>customers to finally cash-in the IPv4 chips and move to IPv6. > > I wish it was Barbados! > NANOG56. > http://www.nanog.org/meetings/nanog56/presentations/Wednesday/wed.general.h > oward.24.wmv > > Thanks Lee, I was hunting for that link. > >> >>Thus far, IPv6 has been the "Field of Dreams" those of us who have >>built it, we know they have not yet come (the IPv6 customers). That's >>all this discussion is really about is "when will they come". > > Some of us have quite a few IPv6 customers: > http://www.worldipv6launch.org/measurements/ > And we see significant traffic from those users. :-) > Maybe my isolation in silicon valley causes me to have a different IPv6 experience. Not much IPv6 happening here. I heard Google my have topped over 2% traffic that is IPv6. Significant ? Not from where I am sitting. > >> >>I know the core of the Internet will be IPv4 for many years. All one has >>to do is talk to a few customer to find out that they are in no hurry. >>It's a no-brainer, because , none of us charges a customer more than than >>lunch money for an IPv4 address. > > Depends on what you mean by "core." For some values of "core," the > Internet is already dual-stack. > >> >>Now, if you tell me all the porn site owners were great net citizens, >>ready to move to IPv6 and shut off IPv4 access, well then I can see >> things >>moving along much faster. > > Feel free to offer them a discount for dual-stack, and a deeper discount > for IPv6-only. > Unfortunately, I don't know any porn site operators, so I haven't been > able to have conversations with them about the economics of IPv6. > We give away the IPv6 to every business on a second port - to make their life easy and encourage them to play with it. Unfortunately, few try it at all. Bob > Lee > > >
Re: arin representation
I have just as many issues getting ARIN IP space as the next guy and companies like Verizon. I do vote - yes half the time I am not sure, exactly who I am voting for from just a bio and candidate paragraph. As a result, I decided to attend ARIN meetings. I have been to about six ARIN meetings in the last 24 months. Many coordinated with NANOG events. Makes it convenient for ARIN to obtain more input. What I thought was an isolated boondoggle meeting in Barbados turned out not to be. I went to see if the discussion changed at all there or only one side was pushed by big companies that can afford a boondoggle. It didn't change. I saw representation on both sides of a discussion, sometimes they turned in to arguments. I was really surprised to see the ARIN staff work so much. I thought they would waste time enjoying the island. I was surprised that I had arrived before most of the staff. After the meeting almost everyone I knew on the staff or elected left within 24 hours. I thought that was a little to short for all the travel time and hours they put in for the meeting to take place. Like every governing body, it's easy to criticize it. However, if it were some big monopoly with giant hidden agendas accomplished behind closed doors, I wouldn't see networks like Verizon disappointed at an ARIN meeting as their perspective was being over ruled by the majority. I have seen this at a meeting when Verizon decided to go purchase IPv4 space in the marketplace as they could not obtain what they tried to justify. It would have been a huge chunk of what remained. The IPv4 marketplace grew even more that week. I like term limits for every governing body - except when it's a company I built with my money. :-) Bob Evans CTO Fiber Internet Center > On Mar 25, 2014, at 5:04 PM, Randy Bush wrote: > >>> I do not agree with the characterization that "... we are ruled by >>> self-perptuating monopolies which lack oversight and accountability", >> >> when you have a governance committee which is composed of the governing, >> not outsiders and governance experts, with no term limits, it would seem >> hard to support that argument. > > Acknowledged, and I will provide that feedback to the Board. > > I have nothing against term limits (but I also did not champion them back > when I was an elected member of the Board of Trustees.) Many cite risk > of losing well-qualified and experienced Board members right when they > are most productive as the counter-argument. This is probably a fairly > prolonged discussion, and the ARIN membership also needs to weigh in... > >>> - Simple terms and conditions for contracts with registries >>> - Membership organizations for registries with term limits >>> for Board and advisory bodies >>> - Board diversity (meaning real world users) >>> - Competitive registries >>> - ... >> >> i pretty much agree that arin should do these. except ... >> >> iff we could get reasonable governance, i am not sure we need multiple >> rirs. after all, the registries were just supposed to be bookkeepers. >> but i agree that competition is a good method of injecting some reality >> into the physics in the absense of other means. >> >> but i eagerly await the simplification of arin's ts&cs. and get rid of >> being able to change them unilateraly and arbitrarily, and get rid the >> silly game about legacy rights, and a whole bunch of us might join. > > I will note that this discussion is presently on nanog, and I am not > certain that all of the ARIN Board members subscribe... I will forward > your message to the Board, but would you prefer to take this to one of > the ARIN lists, or have a us setup a distinct list for this purpose, > or something else? > > Thanks! > /John > > John Curran > President and CEO > ARIN > > > > >
Re: BGPMON Alert Questions
Yes, I too have alerts for some of our prefixes from the same offending origin 4761 On Wednesday April 2nd 2014 at 19:59 UTC we detected a Origin AS Change event for your prefix (66.201.48.0/20 slash 20 bottom of nor cal) The detected prefix: 66.201.48.0/20, was announced by AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Alert description: Origin AS Change Detected Prefix: 66.201.48.0/20 Detected Origin AS: 4761 Expected Origin AS: 26803 Bob Evans CTO > So I setup BGPMON for my prefixes and got an alert about someone in > Thailand announcing my prefix. Everything looks fine to me and I've > checked a bunch of different Looking Glasses and everything announcing > correctly. > > I am assuming I should be contacting the provider about their > misconfiguration and announcing my prefixes and get them to fix it. Any > other recommendations? > > Is there a way I can verify what they are announcing just to make sure > they > are still doing it? > > Here is the alert for reference: > > Your prefix: 8.37.93.0/24: > > Update time: 2014-04-02 18:26 (UTC) > > Detected by #peers: 2 > > Detected prefix: 8.37.93.0/24 > > Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network > Provider,ID) > > Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of > Thailand(CAT),TH) > > ASpath: 18356 9931 4651 4761 >
Re: BGPMON Alert Questions
where did you get that number ? aut-num:AS4761 as-name:INDOSAT-INP-AP descr: INDOSAT Internet Network Provider descr: Internet Network Access Point in INDONESIA country:ID admin-c:IH151-AP tech-c: DA205-AP mnt-by: MAINT-ID-INDOSAT-INP changed:hostmas...@indosat.com 20081006 source: APNIC person: Dewi Amalia nic-hdl:DA205-AP e-mail: dewi.ama...@indosat.com address:PT INDOSAT address:JL. Medan Merdeka Barat 21 address:Jakarta Pusat phone: +62-21-30444066 fax-no: +62-21-30001073 country:ID changed:dewi.ama...@indosat.com 20080117 mnt-by: MAINT-ID-INDOSAT-INP source: APNIC person: INDOSAT INP Hostmaster nic-hdl:IH151-AP e-mail: hostmas...@indosat.com address:PT Indosat address:Jl. Medan Merdeka Barat 21 address:Jakarta Pusat phone: +62-21-30444066 fax-no: +62-21-30001073 country:ID changed:hostmas...@indosat.com 20120104 mnt-by: MAINT-ID-INDOSAT-INP source: APNIC Bob Evans CTO > I called into +66 2104-2374 > > > James Laszko > Mythos Technology Inc > > > Sent from my iPad > >> On Apr 2, 2014, at 1:08 PM, "Bryan Tong" wrote: >> >> Another 5 of ours just got hit. >> >> Anyone have any ideas on what will be done about it? >> >> >>> On Wed, Apr 2, 2014 at 1:18 PM, Frank Bulk wrote: >>> >>> bgpmon has tweeted that "We're currently observing a large hijack >>> event. >>> Indosat AS4761 originating many prefixes not assigned to them." >>> >>> Let's hope that AS4651 can quickly apply filters. >>> >>> Frank >>> >>> -Original Message- >>> From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com] >>> Sent: Wednesday, April 02, 2014 2:03 PM >>> To: Joseph Jenkins; nanog@nanog.org >>> Subject: RE: BGPMON Alert Questions >>> >>> If you contact bgpmon support you may be able to get some more in-depth >>> information. I've contacted them before with alerts like those and >>> they >>> were able to give me specific date, time, ASN and interface information >>> about the peering points that received the announcements; that might >>> help make you present to the suspect party more likely to be acted >>> upon. >>> >>> -Original Message- >>> From: Joseph Jenkins [mailto:j...@breathe-underwater.com] >>> Sent: Wednesday, April 02, 2014 2:52 PM >>> To: nanog@nanog.org >>> Subject: BGPMON Alert Questions >>> >>> So I setup BGPMON for my prefixes and got an alert about someone in >>> Thailand announcing my prefix. Everything looks fine to me and I've >>> checked a bunch of different Looking Glasses and everything announcing >>> correctly. >>> >>> I am assuming I should be contacting the provider about their >>> misconfiguration and announcing my prefixes and get them to fix it. >>> Any >>> other recommendations? >>> >>> Is there a way I can verify what they are announcing just to make sure >>> they are still doing it? >>> >>> Here is the alert for reference: >>> >>> Your prefix: 8.37.93.0/24: >>> >>> Update time: 2014-04-02 18:26 (UTC) >>> >>> Detected by #peers: 2 >>> >>> Detected prefix: 8.37.93.0/24 >>> >>> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network >>> Provider,ID) >>> >>> Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority >>> of >>> Thailand(CAT),TH) >>> >>> ASpath: 18356 9931 4651 4761 >> >> >> -- >> eSited LLC >> (701) 390-9638 > >
Re: ARIN Enters Phase Four of the IPv4 Countdown Plan
Yes, you could have shown up to discuss, present arguments , vote there many. meetings on this as well as ARIN email discussion threads. All the hot topics are always presented at nanog/arin meets in an effort to create community awareness and gather community interest. I attended ARIN only meetings where the rooms were full - this was a hot topic of ARIN meetings many times. Your point was brought up many times - that position was represented. The process to get a big block is cumbersome...thus verizon went out to the open market to buy space. A notable verizon person attend an arin meeting and openly said so. And that was during late phase 2 or beginning of 3. So it's not that easy for a big company to get a big block. Bob Evans CTO > If you didn't like it, you could have participated in the rule making > where things like this were discussed at length, and voted on by the > "community" (which turned out to be a very few people who gave a shit). > > -- > TTFN, > patrick > > > On Apr 23, 2014, at 10:35, "Paul S." wrote: >> >> Am I the only one who thinks this 'clench' is rather absurd especially >> right after one company pretty much got 1/4th of all remaining address >> space when there's such an insane crunch looming? >> >> Regardless of how large / important they are, that is. >> >> If anything, this is just gonna make things more difficult for smaller >> companies while larger ones roam free. >> >>> On 4/23/2014 åå¾ 11:04, John Curran wrote: >>> NANOGers - >>> >>>ARIN's regional IPv4 free pool has reached the equivalent of one /8 >>> of IPv4 space, >>>which means we are approaching runout of IPv4 space availability in >>> this region. >>>(See attached announcement from ARIN regarding occurrence of this >>> event) >>> >>>There are some changes to processing of requests as we enter this >>> final phase, >>>and obviously service providers ought to be thinking about >>> IPv6-based services, >>>if not already in deployment. >>> >>> FYI, >>> /John >>> >>> John Curran >>> President and CEO >>> ARIN >>> >>> Begin forwarded message: >>> >>> From: ARIN mailto:i...@arin.net>> >>> Subject: [arin-announce] ARIN Enters Phase Four of the IPv4 Countdown >>> Plan >>> Date: April 23, 2014 at 10:00:20 AM GMT-3 >>> To: arin-annou...@arin.net<mailto:arin-annou...@arin.net> >>> >>> ARIN is down to its final /8 of available space in its inventory and >>> has moved into Phase Four of its IPv4 Countdown Plan. All IPv4 requests >>> are now subject to Countdown Plan processes, so please review the >>> following details carefully. >>> >>> All IPv4 requests will be processed on a "First in, First out" basis, >>> and all requests of any size will be subject to team review, and >>> requests for /15 or larger will require department director approval. >>> ARIN's resource analysts will respond to tickets as they appear >>> chronologically in the queue. Each ticket response is treated as an >>> individual transaction, so the completion time of a single request may >>> vary based on customer response times and the number of requests >>> waiting in the queue. Because each correspondence will be processed in >>> sequence, it is possible that response times may exceed our usual >>> two-day turnaround. >>> >>> The hold period for returned, reclaimed, and revoked blocks is now >>> reduced to 60 days. All returned, revoked, and reclaimed IPv4 address >>> space will go back into the available pool when the 60 day period has >>> expired. Staff will continue to check routing/filtering on space being >>> reissued and will notify recipients if there are issues. >>> >>> When a request is approved, the recipient will have 60 days to complete >>> payment and/or an RSA. On the 61st day, the address space will be >>> released back to the available pool if payment and RSA are not >>> completed. >>> >>> We encourage you to visit the IPv4 Countdown Phase Four page at: >>> >>> https://www.arin.net/resources/request/countdown_phase4.html >>> >>> ARIN may experience situations where it can no longer fulfill >>> qualifying IPv4 requests due to a lack of inventory of the desired >>> block size. At that time, the requester may opt to accept the largest >>> available block size
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
Gee whiz, why would any network have an issue with this ? After all just about everyone continues to buys Cisco gear. Gear from a router company that decided to compete against it's own customer base. Cisco did when it invested heavily and took stock in one of it's customers, Cogent. Cogent the largest network responsible (for the most part) of lowering the overall bandwidth prices, because it could now afford too. Networks today continue to feed Cisco money (buying their gear) despite the anti-competitive nature of that deal which kindled all this. Still to this day, Cisco fuels Cogent's (anti-competitive) low bandwidth pricing. By handing Cisco dollars, from that day forward, we voted for fewer ISPs & Backbones in the future. Suck in your gut, because, it's to late to cry about it now. This concern is over a decade late. That's how we got to this point. "Cause and Effect - and the Blinders we put on". How can that be fixed ? More government regulations ? Bob Evans CTO > Anyone afraid what will happen when companies which have monopolies can > charge content providers or guarantee packet loss? > > In a normal "free market", if two companies with a mutual consumer have a > tiff, the consumer decides which to support. Where I live, I have one > broadband provider. If they get upset with, say, a streaming provider, I > cannot choose another BB company because I like the streaming company. I > MUST pick another streaming company, as that is the only thing I can > "choose". > > How is this good for the consumer? How is this good for the market? > > -- > TTFN, > patrick > > http://m.washingtonpost.com/blogs/the-switch/wp/2014/04/23/the-fcc-is-planning-new-net-neutrality-rules-and-they-could-enshrine-pay-for-play/ > > > Composed on a virtual keyboard, please forgive typos. > > >
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
Valdis, we will give you more time to read the entire post before responding. That way you might not mislabel or misspeak as often. :-) Bob Evans CTO > On Thu, 24 Apr 2014 07:53:49 -0700, "Bob Evans" said: >> Gee whiz, why would any network have an issue with this ? > > Spoken like a true oligarch. :) >
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
Everyone interested in how this plays out today, can read Bill Norton's Internet Peering book. While some say situations "didn't happen this way or it happened that way" doesn't really matter. What is clear and matters is the tactics/leverage backbones and networks use against each other in trading traffic are very real and explained well. These situations are one of the reasons I helped Coresite (AKA old CRGwest) build Any2 Peering. Amazon now has a kindle edition of the latest for just $10. Paper version is like $50-$100. The 2014 Internet Peering Playbook: Connecting to the Core of the Internet [Kindle Edition] William B. Norton (Author). Bob Evans CTO Fiber Internet Center Fiber International MTI Corporation > The "Fast Lane" perhaps starts as not counting traffic against metered > byte caps, similar to what ATT did on their mobile network. If the > content/service provider is willing to pay the provider, then the users > may not pay overage fees or get nasty letters anymore when they exceed > data caps. The second and more contentious part of it is using QoS to > guarantee the content/service provider's traffic is delivered, at the > expense of traffic from those who aren't paying. So if Netflix decides to > pay and Amazon Prime doesn't, well Netflix will make it to your house and > Prime might not. Right now everyone's traffic gets dropped equally. :) > (Well more Netflix because there is a lot more of it). > > > -Phil (all opinions are my personal opinions) > > > > > On 4/27/14, 1:44 PM, "Barry Shein" wrote: > >> >>What are any of you talking about? Have you even bothered to read for >>example the wikipedia article on "monopoly" or are you so solipsistic >>that you just make up the entire universe in your head? Do you also >>pontificate on quantum physics and neurosurgery when the urge strikes >>you??? >> >>Sorry but this discussion is so, uneducated, usage of terms which are >>not as they are defined in the English or any other language, etc. >> >> >> >>But what do you think about the FCC's efforts in regard to "net >>neutrality"? >> >> >> >>Do you agree with CNBC's assessment that the internet has a "fast >>lane" and up until now FCC regulations prevented consumers and content >>providers from using it under the guise of "net neutrality". >> >>Do you believe there's anything at stake here for you beyond just >>nattering about your own personal and peculiar notion of what a >>"monopoly" is? Does that really matter to any of this? >> >>I almost believe that this entire flame war on the definition of >>monopoly is being fanned by sockpuppets whose job it is to make sure >>no one here talks about net neutrality in any effective or at least >>meaningful way. >> >> http://www.cnbc.com/id/101607254 >> >> F.C.C., in 'Net Neutrality' Turnaround, >> Plans to Allow Fast Lane >> >> The Federal Communications Commission will propose new rules that >> allow Internet service providers to offer a faster lane through >> which to send video and other content to consumers, as long as a >> content company is willing to pay for it, according to people >> briefed on the proposals. >> >> ... >> >>Would someone please define this "fast lane" for me? That would be a >>really good start. Preferably the managers of that fast lane because >>they surely must be on this list...no? >> >> >>P.S. CNBC is owned by Comcast (or more specifically NBC Universal, >>which is owned by Comcast.) >> >>-- >>-Barry Shein >> >>The World | b...@theworld.com | >>http://www.TheWorld.com >>Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, >>Canada >>Software Tool & Die| Public Access Internet | SINCE 1989 *oo* > > >
RE: level3 dia egress filtering?
Are you asking a transit network to filter specific ports as an end user or as an ISP who has Level 3 as a transit provider? I haven't seen a specific port could be dropped by any networkOnly aware of BGP community string like, 3356: - black hole (discard all traffic for specific IP range) traffic type abilities. We have and will filter specific ports for customers. But this port type ACL is completed by handI haven't seen anyone implement this using a BGP community string. Bob Evans CTO Fiber Internet CenterThank You Bob Evans CTO > We contacted Level3 a few weeks back, and were told that they do not > provide any filtering service. > I've not been able to confirm this from anyone else, besides the Level3 > customer service rep we spoke with. > > Currently looking into a DDoS protection service from Akamai. Sounds > awesome what they can do, but often "awesome" translates to "overkill" > and/or "too expensive". > > -Petter > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher > Rogers > Sent: Monday, May 12, 2014 2:47 PM > To: nanog@nanog.org > Subject: level3 dia egress filtering? > > Does anyone have any experience dealing with level3 in trying to get > egress filters applied to an internet dia link with them? > > I've been trying to get them to apply an egress filter to drop all of udp > to a certain /25 on my network that's been getting hammered by a dns > amplification attack, and I am being told that they can only 'drop an > entire protocol, and not to a specific ip address or range.' > > Can anyone confirm if that's the case? > > cheers > -chris >
Re: level3 dia egress filtering?
Ahh, Yep, same thing port and/or protocol for an address range. I haven't seen that accomplished via BGP. I know ATT will do it - they want about 2K more per month for that ability. All your traffic is redirected (extra hops ) through a firewall. So, it's a basic expensive firewall service. We have done both port based and protocol. But it gets installed by hand only on the connected port the customer. Bob Evans CTO Fiber Internet Center > Not specific ports, but something more like: > > 'deny udp any my.target.slash.25 0.0.255.255' > > BGP blackholing will obviously impact all traffic to a target. > > -chris > > 2014-05-12 15:20 GMT-07:00 Bob Evans : > >> Are you asking a transit network to filter specific ports as an end user >> or as an ISP who has Level 3 as a transit provider? >> >> I haven't seen a specific port could be dropped by any networkOnly >> aware of BGP community string like, 3356: - black hole (discard all >> traffic for specific IP range) traffic type abilities. >> >> We have and will filter specific ports for customers. But this port type >> ACL is completed by handI haven't seen anyone implement this using a >> BGP community string. >> >> Bob Evans >> CTO >> Fiber Internet CenterThank You >> Bob Evans >> CTO >> >> >> > We contacted Level3 a few weeks back, and were told that they do not >> > provide any filtering service. >> > I've not been able to confirm this from anyone else, besides the >> Level3 >> > customer service rep we spoke with. >> > >> > Currently looking into a DDoS protection service from Akamai. Sounds >> > awesome what they can do, but often "awesome" translates to "overkill" >> > and/or "too expensive". >> > >> > -Petter >> > >> > -Original Message- >> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher >> > Rogers >> > Sent: Monday, May 12, 2014 2:47 PM >> > To: nanog@nanog.org >> > Subject: level3 dia egress filtering? >> > >> > Does anyone have any experience dealing with level3 in trying to get >> > egress filters applied to an internet dia link with them? >> > >> > I've been trying to get them to apply an egress filter to drop all of >> udp >> > to a certain /25 on my network that's been getting hammered by a dns >> > amplification attack, and I am being told that they can only 'drop an >> > entire protocol, and not to a specific ip address or range.' >> > >> > Can anyone confirm if that's the case? >> > >> > cheers >> > -chris >> > >> >> >> >
Re: Next steps in extortion case - ideas?
Well, soccer game is over...so here's some information that may help. You have an interesting dilemma. But I don't think there is much you can do with law enforcement across bordersexcept operate a work around that will attract the attention of media and law enforcement. The law isn't lazy, it's just busy. Concept: I suggest your operate your own campaign against the extortionists. One that encourages the gathering of data by offering rewards for pieces of information that lead to the conviction. You have the chance to tell the world it's extortion - your info is publicly available as proof you are pursuing the criminal. Here's why: Reminds me of the time I was extorted, legally ! I had to teach a US bank's lawyer about trademark law. Rather than hand it over to that asshole. Not all lawyers are assholes, my partners son is a lawyer now. He's new, so he's working at it. :-) LOL I had one of the first Internet companies called Easynet.com. I was threatened to stop using it from a bank's lawyer that had the trademark in the banking class. Even though I had the valid trademark in the telecom class. Also bank's trademark used the term internally with other banks not consumers. I told him. Lawyer was a jerk, we discussed him being paid more to threaten and sue me than to just agree on 5k for me to market a name change. Said he knew where I lived and he will create a case I just could not afford. While I was staring at making payroll, the math took only 5 seconds to calculate that he was right. On the third call I told him I never stopped, because I never received a letter from him to cease and desist. That he could just be a voice on the phone, a future competitor tricking me. Couple days later I got the letter officially threatening to sue. After getting the letter it kept me up all night. (I was usually up resetting stuck dialup modems anyways). I decided to teach this lawyer International trademark law. I immediately contacted the new Easynet.co.uk (gee, wonder where they got that name idea). I asked if they wanted the .com that I had to release it. They offered me some free hosting that I never used. Told them to call the Internic in 24 hours. They got it. A week later the lawyer called said what did I do to him! I said, what do you mean. I did exactly as your letter stated. I stopped using it as it instructed. You mean someone overseas has the .com now? Oh, well looks like you need to brush up on international trademark law now. Let's see you explain this to the bank. Bank never got the one .com domain name the world can use. You see, while the law was on my side, it didn't matter. I needed the time and money to make the law work for me. Lesson: So sometimes you have to do something knowing you are in the right and at the same time something that makes you feel as good as possible about a bad situation. All the while operate within the law, or as close to the line as you can walk it. Concept Basic Outline: You have an international legal problem, therefore you need to do the math - math doesn't work out for you unless you're really Bill Gates hiding behind this email address. Because, one of those law agencies across a border is likely to take money from the guy you're after and not cooperate. So give that idea up. The Concept is work, you will feel good you are doing something about it, it will be your testimony to the world the things are not true and most of all if you do it right it may work. Create a situation that creates public and media awareness. Build a site against this sort of thing. Post as much info you gather as possible and gather leads from anyone. Have a little fund to gather the data from others...for example. $1000 for the name of the true web site owner extortionist. Explain the details of what that means clearly. Have a rumor posting blog section where others that have had this occur can post. Maybe you create something that locates this operation in good time. Hire a good SEO person to help - make sure your web domains attract just as much search attention. Get your domain name in your name - so that if his info pops up your site link also pops up. Play an SEO war game. If the exposure is to hot he may pull back rather than get caught. But leave this in place, make it bigger than yourself and your dilemma. Help others that end up new victims of the same situation. After it's functional, maybe you can even use one of those free raise money sites for this good cause against criminals. Create a place others can turn, turn it into a .org that makes you and others a paycheck! At the same time you will end up helping law enforcement. They are always watching and openly attend ARIN/NANOG meetings. They come to get ideas from us. ( Isn't that right Bobby ? ) Just a thought. Bob Evans CTO "Rock'n Roll Rules like Old Guys" We are programmed to receive, You can checkout
Re: Equinix Sales
Well, I am sure they haven't gone out of business. They charge so much for cross connects that it's impossible for them to go under. Besides the power is still up on all our racks in their various facilities. Thank You Bob Evans CTO > Sorry for the list traffic but I am having a tough time getting a sales > person from Equinix to return my call. I have called two and they didn¹t > seem to eager to even talk. I tried their form on the web-site and it¹s > broken. > > Any help would be appreciated. > > Thanks, > Justin > > -- > Justin Wilson > http://www.mtin.net <http://www.mtin.net/blog> > Managed Services xISP Consulting Data Center > http://www.thebrotherswisp.com > Podcast about xISP topics > > > >
Re: Net Neutrality...
I think your point needs to be explained. Because anything gnment is riddled will large carrier benefiting. Look at the school discounts for internet services...pretty much just for LECs. Thank You Bob Evans CTO > I have stayed out of much of this, but can't help myself. Along with > everything else, you are seriously misinformed about the process of > becoming an ETC. It is not onerous. Please stop. You are giving > rural > ISPs a bad reputation. > > > On Tue, Jul 15, 2014 at 7:57 PM, Brett Glass wrote: > >> At 05:06 PM 7/15/2014, Rubens Kuhl wrote: >> >> Do you see Connect America Fund, the successor to Universal Service >> Fund, >>> as a threat to US rural WISPs or as the possible solution for them ? >>> >> >> It's a major threat to rural WISPs and all competitive ISPs. Here's why. >> The FCC is demanding that ISPs become "Eligible Telecommunications >> Carriers," or ETCs, before they can receive money from it. An ETC is a >> telephone company which is regulated under the mountain of regulations, >> requirements, and red tape of Title II of the Telecomm Act. It has to >> report to both state regulatory agencies AND the FCC. It's a >> classification >> that doesn't fit ISPs at all, but they would have to subject themselves >> to >> this heavy-handed regulation before they could get a dime from the fund. >> >> The FCC just announced a "rural broadband experiment" in which it will >> fund ETCs, but not pure-play ISPs, to build out rural broadband; see >> >> http://www.fcc.gov/document/rural-broadband-experiments-order >> >> As part of this experiment, the FCC will pay telephone companies to >> overbuild us, even though the residents of the areas in question already >> have service. This is because, as far as the regulators are concerned, >> if >> they do not have their regulatory hooks in us, we don't exist and any >> service we provide does not count. The "experiment" also requires >> participants to tie up large amounts of money in escrow accounts so that >> they can obtain "letters of credit" guaranteeing performance. >> >> All of this is, alas, the regulators' way of attempting to destroy those >> whom they cannot regulate. >> >> IMHO, the USF is outmoded and should be disbanded. >> >> --Brett Glass >> >> >> >> > > > -- > Fletcher Kittredge > GWI > 8 Pomerleau Street > Biddeford, ME 04005-9457 > 207-602-1134 >
Re: Net Neutrality...
Oh I agree Brett. My point was for flecher. We lost business once the government school discount happened. Its an example to what you speak ofall the time red tape overhead designed to give to LEcs business. And one of my companies is a CLEC. Thank You Bob Evans CTO > I'll just say that we've consulted legal counsel about what it would take > to become an ETC, and it's simply too burdensome for us to consider. We'd > need to become a telephone company, at the very time when old fashioned > telephone service is becoming a thing of the past. (We enthusiastically > support "over the top" VoIP so that we can help our customers get > inexpensive > telephone service without ourselves having to be a telephone company.) > > --Brett Glass > > At 07:53 PM 7/15/2014, Bob Evans wrote: > >>I think your point needs to be explained. Because anything gnment is >>riddled will large carrier benefiting. Look at the school discounts for >>internet services...pretty much just for LECs. >>Thank You >>Bob Evans >>CTO > >
Re: Net Neutrality...
Wow, first time I ever saw this line so thanks for the text. partnerships among interested entities...that leaves it open to all. Unless, a bureaucrat wants to pull out this some other supporting documentssomething additional that is all encompassing like our equal opportunity, filed and registered bla-blah-blah, on the government list...and now you have to do this and this and this. Sometimes it's even referred to on page 681...723...it often becomes a battle of words. That cost money and demands time. Do you know how difficult it is to teach a lawyer somethings a simple as what an IP address is. Seen that happen before a lot ! Just saying.however, you did prove your point that it's possible. Well done. Thank You Bob Evans CTO > Page 9-10 from the Connect America Fund (CAF) Report and Order on Rural > Broadband Experiments. I don't think this needs translation, but please > read carefully. > > *2.* > We concluded in the Tech Transitions Order that we would encourage > participation in > > the rural broadband experiments from a wide range of entitiesâincluding > competitive local exchange > carriers, electric utilities, fixed and mobile wireless providers, WISPs, > State and regional authorities, > Tribal governments, and partnerships among interested entities.49 > We were encouraged to see the > diversity in the expressions of interest submitted by interested parties. > Of the more than 1,000 > expressions of interest filed, almost half were from entities that are not > currently ETCs, including electric > utilities, WISPS, and agencies of state, county or local governments. > *22.* We remind entities that they need not be ETCs at the time they > initially submit their > formal proposals for funding through the rural broadband experiments, but > that they must obtain ETC > designation after being identified as winning bidders for the funding > award. > As stated in the Tech > Transitions Order, we expect entities to confirm their ETC status within > 90 > days of the public notice > announcing the winning bidders selected to receive funding.51 > Any winning bidder that fails to notify the > Bureau that it has obtained ETC designation within the 90 day timeframe > will be considered in default > and will not be eligible to receive funding for its proposed rural > broadband experiment. Any funding that > is forfeited in such a manner will not be redistributed to other > applicants. We conclude this is necessary > so that we can move forward with the experiments in a timely manner. > However, a waiver of this > deadline may be appropriate if a winning bidder is able to demonstrate > that > it has engaged in good faith to > obtain ETC designation, but has not received approval within the 90-day > timeframe.[52] > *23.* We sought comment in the Tech Transitions FNPRM on whether to adopt > a > presumption > that if a state fails to act on an ETC application from a selected > participant within a specified period of > time, the state lacks jurisdiction over the applicant, and the Commission > will address the ETC > application. Multiple commenters supported this proposal.54 > We now conclude that, for purposes of this experiment, if after 90 days a > state has failed to act on a pending ETC application, an entity may > request that the Commission designate it as an ETC, pursuant to section > 214(e)(6).55 > Although we are > confident that states share our desire to work cooperatively to advance > broadband, and we expect states to > expeditiously designate qualified entities that have expressed an interest > in providing voice and > broadband to consumers in price cap areas within their states, we also > recognize the need to adopt > measures that will provide a pathway to obtaining ETC designation in > situations where there is a lack of > action by the state. > == > 52 See 47 C.F.R. § 1.3. We expect entities selected for funding to > submit > their ETC applications to the relevant > jurisdiction as soon as possible after release of the public notice > announcing winning bids, and will presume an > entity to have shown good faith if it files its ETC application within 15 > days of release of the public notice. A > waiver of the 90-day deadline would be appropriate if, for example, if an > entity has an ETC application pending with > a state, and the stateâs next meeting at which it would consider the ETC > application will occur after the 90-day > window. > > > > On Tue, Jul 15, 2014 at 10:01 PM, Brett Glass > wrote: > >> I'll just say that we've consulted legal counsel about what it would >> take >> to become an ETC, and it's simply too burdensome for us to co
Re: Netflix To Cogent To World
Most likely Netflix writes policies to filter known cogent conflict peers...Chances are they use cogent to reach the cogent customer base and other peers. I know from experience that peering directly with Netflix works very wellthey don't depend heavily on transit delivery if direct peering is possible. Thank You Bob Evans CTO >> If I were Netflix, why would I buy all my transit from Cogent[1], given >> Cogent's propensity for getting into peering fights with people >> *already*, >> even before *I* start sending them 1000:1 asymmetric outbound traffic? > > Perhaps Netflix expect this to be an ongoing problem with moree ISPs > asking them to pay to deliver (following Bretts lead ;-), so with their > previous transits experience why would they continue to buy from pussies? > >> So why would Cogent offer Netflix a helluva deal? > > Previous events have shown Cognet only use live rounds, so why would they > not take the opportunity to get a bigger gun? > > Mutually assured domination. Perhaps one will buy the other sometime. > > brandon >
Re: Marriott wifi blocking
> On 10/4/2014 01:37, Owen DeLong wrote: >>> Most crimes not committed by government entities have to go through >>> an indictment-trial-conviction sequence before punisihment is >>> administered. >>> >>> Except in Chicago. >> >> Whereas most crimes committed by government entities go through the >> same process and are then not punished. > > I wasn't going to go there--that gets me banned a lot. > > > But I do think that an related AP at the curb outside is entitled to a > trial before the death ray is unleashed against it. Some laws that are broken require one to remain in jail until trial completion, whenever one is found to be a threat to other members of society. So in a virtual society perhaps virtual cell walls would be appropriate ? Bob Evans CTO
Re: Buying IP Bandwidth Across a Peering Exchange
I agree with Bill...going it on the cheap is risky. DOn't consider it for primary. It may be good for backup. I have sold small amounts of transit to non-ISP companies on exchanges (100-200 meg). It's a good extra backup for ISPs, if you setup your local pref, MED and then prepend your AS an extra time or two to the prefixes you transmit. Then if you ever need to use it, it's sitting there waiting to send and receive traffic. I let ISPs customers do that with us for real low cost backup fees. Bob Evans > > On Nov 25, 2014, at 10:47 AM, Colton Conor wrote: >> I know typically peering exchanges are made for peering traffic between >> providers, but can you buy IP transit from a provider on an exchange? An >> example, buy a 10G port on an exchange, peer 5Gbps of traffic with >> multiple >> providers on the exchange, and buy 5Gbps of IP transit from others on >> the >> exchange? > > Some IXPs have a rule that explicitly disallows this, others encourage it, > most dont care. I dont know of any that have a mechanism to enforce a > rule prohibiting it. > > PCHs guidance in the IXP formation process is to avoid creating rules > which are, practically, unenforceable. So we generally counsel IXPs > against having a rule precluding transit across the switch fabric. That > said, a crossconnect is a _much better idea_. > >> Some might ask why not get a cross connect to the provider. It is >> cheaper >> to buy an port on the exchange (which includes the cross connect to the >> exchange) than buy multiple cross connects. Plus we are planning on >> getting >> a wave to the exchange, and not having any physical routers or switches >> at >> the datacenter where the exchange/wave terminates at. Is this possible? > > Yes, its possible, but what you describe is a pretty fragile setup. Lots > of common points of failure between peering and transit; places where > screwing one up would screw both up. If all of this is really tangential > to whatever youre doing, and you dont mind looking a little out-of-step > with best practices, and you dont mind it all being down at once, any > time anything breaks, then it may be a reasonable economy. If youre > planning on actually depending on it, you need to do better engineering, > and either spend more money, or allocate your money more conservatively. > > Doing everything the cheapest possible way, regardless of the fragility or > complexity, is very short-sighted, and is unlikely to be an economy in the > long run. > > -Bill > > > > >
Re: Comcast thinks it ok to install public wifi in your house
I think it's more than AC power issuewho knows what strength level they program that SSID to work at ? More wifi signal you are exposed to without your knowledge and more...read on. I have Comcast & ATT internet at home...and I have noticed an xfinitywifi ssid at full strength. This tread brought it to my attention. It was not there when installed. Over the last few months, I have noticed on many occasions my attached storage device flashing as it's accessed but never found anything on my LAN using it. So I removed it from my LAN. In addition, I have the blast service 100 meg/sec.. Sites slow down often. The modem's cpu processor and cache is not used just for me as part of my service ! Gee, before bandwidth considerations, that's a bottle neck, isn't it ? Docsis is limited to bandwidth in neighborhoods based on headend and street plant configurations. Why would I, while paying for service want to encourage others to drop in my neighborhood or house to use the wifi - the cpu bandwidth of the wireless device and it's cache ? If you tell me these Docsis modems can do 200 meg/sec I would be surprised. This would explain why I see poor downloads of on-demand movies on directTV. BTW, I founded ISP channel ...the cable modem company before ATT created @Home to compete. So I am very aware of the network devices limitations, cable plant wiring structures and headend physical limitations. However, I have not studied these new Docsis modems. So how do I shut the xfinitywifi SSID? Thank You Bob Evans CTO > On Thu, 11 Dec 2014 09:24:10 -0500 > valdis.kletni...@vt.edu wrote: > >> On Thu, 11 Dec 2014 00:11:07 -0500, Jay Ashworth said: >> > I will give them their props: I only had to sign in *once*, last >> > year; their auth controller has recognized my MAC address at every >> > spot I've used since. >> >> Actually, that's sort of scary if you think about it too hard. >> Shared-secret authentication has its flaws, but it still beats >> shared-nonsecret auth. >> >> I really hope it's something on your laptop other than the mac >> address > > It's not - Cablevision allow you to register devices via their > website by mac address. >
Office 365 Expert - I am not. I have a customer that...
I have a customer that heavily uses Microsoft Office 365. It's hosted. All the data I see about usage per user appears theoretical. In that the formulas assume people are taking turns using the bandwidth as if there is a patient line of packets at the Internet gas pump. Nobody is clicking at the same time. We all know that is not the real world. Does anyone have any experience with Office 365 hosted that can tell me the practical bandwidth allocation (NOT in KB per month, but in megabits/sec) for 100 users (during normal work hours) needs to be available ? Thank You in advance, Bob Evans CTO Fiber Internet Center
Re: Office 365 Expert - I am not. I have a customer that...
Thanks to those of you that answered...It is hypotheticalHowever, I found another customer that uses Office 365 heavily ... said they discovered 1 meg/sec per Microsoft Office 365 user works well in most scenarios. This customer has 80 users and a 100 meg/sec connection with us. Thank You Bob Evans CTO >> On 1/6/2015 12:37 PM, Bob Evans wrote: >>> I have a customer that heavily uses Microsoft Office 365. It's >>> hosted. All >>> the data I see about usage per user appears theoretical. In that the >>> formulas assume people are taking turns using the bandwidth as if >>> there is >>> a patient line of packets at the Internet gas pump. Nobody is >>> clicking at >>> the same time. We all know that is not the real world. >>> >>> Does anyone have any experience with Office 365 hosted that can tell me >>> the practical bandwidth allocation (NOT in KB per month, but in >>> megabits/sec) for 100 users (during normal work hours) needs to be >>> available ? >>> >>> Thank You in advance, >>> Bob Evans >>> CTO Fiber Internet Center >>> >>> >>> >>> >>> > >
Microsoft - RE: Office 365 Expert - I am not. I have a customer that...
Thanks Frank... I do have a customer with 500 meg/sec service running 350 meg/sec average all day just 800 employees - no company driven focused use of MS office 365. Applications used and time of day, etc. So, I don't think one can compare a college's overall app bandwidth usage to a business primarily using office 365. I'm really looking for a "minimum bandwidth recommended requirement for 100 employees all using Office 365 hosted docs that are all outside the LAN. " MS has no such number. MS just leaving it to the individual case-by-case discovery process. I bet Microsoft can't answer that simple question or they wouldn't have these GB per user equations that use X for average document size. Best, I have to go on so far is what one of our customers "thinks" is needed. Thank You Bob Evans CTO > 1 Mbps/user seems very high -- the local college has over 200 employees > using O365 (and over 1400 students) and its broadband connection is just > 250 > Mbps and they're at less than 150 Mbps during the day. > > Frank > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Bob Evans > Sent: Wednesday, January 07, 2015 3:03 PM > To: Roy Hirst > Cc: nanog@nanog.org > Subject: Re: Office 365 Expert - I am not. I have a customer that... > > Thanks to those of you that answered...It is hypotheticalHowever, I > found another customer that uses Office 365 heavily ... said they > discovered 1 meg/sec per Microsoft Office 365 user works well in most > scenarios. This customer has 80 users and a 100 meg/sec connection with > us. > > Thank You > Bob Evans > CTO > > > >>> On 1/6/2015 12:37 PM, Bob Evans wrote: >>>> I have a customer that heavily uses Microsoft Office 365. It's >>>> hosted. All >>>> the data I see about usage per user appears theoretical. In that the >>>> formulas assume people are taking turns using the bandwidth as if >>>> there is >>>> a patient line of packets at the Internet gas pump. Nobody is >>>> clicking at >>>> the same time. We all know that is not the real world. >>>> >>>> Does anyone have any experience with Office 365 hosted that can tell >>>> me >>>> the practical bandwidth allocation (NOT in KB per month, but in >>>> megabits/sec) for 100 users (during normal work hours) needs to be >>>> available ? >>>> >>>> Thank You in advance, >>>> Bob Evans >>>> CTO Fiber Internet Center >>>> >>>> >>>> >>>> >>>> >> >> > > > > >
Re: Office 365 Expert - I am not. I have a customer that...
Thanks Jimmy - I agree - It's pretty much what we do today...it's just this one customer wanted Office 365 specific details. I don't think anyone knows. Including Microsoft, app creator. Wonder when Cloud providers get a clue, step up and help recommend a circuit size based on users and the services their customer buy from them. All that investment in co-lo infrastructure and it's left the middle man. VCs in the cloud sector should be realizing that customer experience in their cloud investment can be hindered as they leave this up to the middle. But, they (and MS) should publish something other than the monthly GB transfer/seats they charge by. Enterprise circuits are not sold by GB transfer. After all we just want to get it right and help make the cloud service provider's apps run well. Thank You Bob Evans CTO > On Tue, Jan 6, 2015 at 2:37 PM, Bob Evans > wrote: > [snip] >> Does anyone have any experience with Office 365 hosted that can tell me >> the practical bandwidth allocation (NOT in KB per month, but in > > Most likely in the real world where packets don't line up neatly... O365 > is most probably not the largest bandwidth user, when there is > Pandora and Youtube. > It depends on factors that may be specific to the organization which > are truly unpredictable > for each individual user, but you could gather data for your specific > population of users. > > I believe I would just ignore O365, since the bandwidth usage is not > much, and pick > a standard rule of thumb for the amount of bandwidth your typical > Office user actually needs > to get work done, that includes more than sufficient 'slack' for O365. > > My suggested rule of thumb if you can't actually measure the traffic > in advance for your > population: count the number of workstation devices that will be your > network, figure > at least 0.5 Megabit of WAN for each typical business user > workstation or laptop. > > Assuming equal numbers of active users and workstations all operating > 8 hours a day ( > if there are many more devices than users, or many more users than > devices, then adjust in proportion). > > *Each internal workgroup server or Office manager's workstation > counts as 300% of a workstation. > (In other words: better figure 1.5 Megabits for each of those, > instead of 0.5.) > > *Each Wireless tablet or phone connected by WiFi = 33% of a > workstation. >so add 0.17 Megabits for each staff person that may connect > a smartphone. > > *Designer, Engineer workstations are 500% (So figure 2.5 Mbit > for each of those). > > Add an extra safety margin of either 2 Megabits, or 30%, > whichever is greater. > > So for 100 standard workstations, 100 Tablets, 2 Internal servers, 1 > Office manager desktop, and 2 Designers. > I would sayget a 100 Megabit WAN. > > > >> megabits/sec) for 100 users (during normal work hours) needs to be >> available ? >> >> Thank You in advance, >> Bob Evans >> CTO Fiber Internet Center > > -- > -JH >
Re: Office 365 Expert
Thanks for your input Joel...Yes, it's a lot of bandwidth, today. In fact, our smallest customer is 10 meg/sec. Our biggest is 10 Gig/second. Here in Silicon Valley California most companies are outsourcing everything except the circuit they need to access it..it's the new portability initiative! I recall 13 years ago when I said I was going to start a Fiber Only ISP...everyone including my previous VCs, Hedge Funds and business partners in my first ISP laughed at me. It was the Dot Bomb period. Today, everyone here asks for fiber to do all this crazy things they now can't live without. It's all about Bigger, Faster, Cheaper and mostly Store it someplace else that has lead to these big pipes. Thank You Bob Evans CTO > >My suggested rule of thumb if you can't actually measure the traffic > >in advance for your population: count the number of > >workstation devices that will be your network, > >figure at least 0.5 Megabit of WAN for each typical business > >user workstation or laptop. > > I can't help but laugh (laughing with, not laughing at--all due respect > to the NA part of NANOG) at this. > > I've been spending the last 4 years working on various UN networks where > getting 0.5Mb of bandwidth to a site can be a challenge, and 4 > Mbit/second for an office of 8 users is an unaffordable luxury. And > these are sites where the end users want to move to Office 365. > > We've done a bit of testing, and one of the issues with O365 is that > O365 is a BIG thing and you have to decide which slice of O365 you are > calling "O365" at a particular site. > > For some people, that's just "outsourced Exchange" (in which case we > would allocate 30K-50Kbps per office user downstream bandwidth, and drop > in a WAN Opt box plus do some shenanigans to break into the HTTPS > through proxy). > > For other people, O365 is the whole "nothing is on my hard disk (but > cache)" thing, plus Lync (not just voice, but voice+video). Those folks > really are going to require major bandwidth; this is where numbers like > 512K/simultaneous user make more sense. > > You can excuse (or at least explain) Microsoft's lack of benchmarks and > guidance because of the complexity of O365 and also because they have > the sort of North American viewpoint that makes it hard for them to > understand high latency/low bandwidth pipes. > > They try hard, but often just don't get it because of the amazing > resources and richness available to a company of that size. I had a > great conversation with them about 3 years ago about Exchange and AD > forest design where they were strongly advocating centralizing > everything in data centers, rather than pushing anything like a DC or > mailbox server out to a branch office. When I asked about the bandwidth > required, they said that it was "not much." Pressed for details, they > said "we do it ourselves, and it hardly impacts the bandwidth on our > most poorly-connected offices." Pressed even further, it turns out that > a T3/E3 is the lowest link they would consider acceptable for an office. > (My total upstream bandwidth budget at one agency for 100 offices and > 9,000 users in 24 timezones is less than a single T3... Thanks Microsoft!) > > Anyway, not adding much to this conversation since it's clear that Bob > is asking in the context of "bandwidth is cheap, fast, and inexpensive," > but I couldn't help but giggle at the kinds of numbers you guys are > throwing around here for people to read email and work on spreadsheets. > > jms > > -- > Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 > Senior Partner, Opus One Phone: +1 520 324 0494 > j...@opus1.comhttp://www.opus1.com/jms >
Re: Office 365 Expert - I am not. I have a customer that...
>>Wonder when Cloud providers get a clue, step up and help recommend a >>circuit size based on users and the services their customer buy from >> them. > > When they think that poor customer word of mouth will cost them more sales > then they are currently gaining from customers who would *not* move away > from on-prem if they understood all the costs including increased > bandwidth? Agreed - it will be the smart ones that don't wait for that end user experience to go bad. In the meantime, I can tell you sitting here in silicon valley that all these sharp VCs don't see the hole in many of these basic business plans called "Cloud, Rack of servers in multiple locations". Bob Evans CTO
Could someone from Charter that is knowledgable on SV1 and LOA processes please contact me.
Hello, I am having a heck of a time with this Charter order. Today's issue - I was sent an incomplete LOA from the project manager (PM). Basically, asking me for charter's information on port numbers and data for the cross connect at SV1 (11 Great Oaks, San Jose)? Obviously, I can't provided that as I can't read minds. ( If I could, Bill Gates would be working for me. ) At the start...PM sent the field tech out to customer prem to verify the fiber. A month later, did it again. The Charter field tech called "me" asking why he had to go twice. Who's on first? (old Abbot and Costello reference). It's been like this at almost every step on this order which is now many many months behind. I think this is stuck in some sort of order twilight zone. My sales team and my customer is getting upset. Thank You Bob Evans CTO b...@fiberinternetcenter.com Blank Charter LOA-CFA.docx Description: MS-Word 2007 document
RE: Has anyone imagined what could be the future HCI
This group is the most imaginative I have ever participated in. I imagine stuff like that all the time. Most here love science & "fiction". Helps makes for good group of problems solvers. At NANOG meetings I often imagine it as a comic con without all the dressing up. :-) However, the discussions here are about issues and problems directly related equipment and configurations of moving packets. Imagine this...if we discussed other stuff we would become so distracted, we would probably never get much done and everyone's Internet would suck. Thank You Bob Evans CTO Fiber Internet Center The views expressed are my own and are often stolen, acquired or somehow become those of others before I get to profit on them. But, I don't care. :-) > Thanks Valdis! i am sure someone has imagined it:) was asking about the > community imagination , my though it would be all virtualized on the > cloud, on a bigger scale not the one we have now. Were it will end up not > to buy any laptops, smartphone...etc. No processing or availability > limits, your views? > >> To: lobna_go...@hotmail.com >> CC: nanog@nanog.org >> Subject: Re: Has anyone imagined what could be the future HCI >> From: valdis.kletni...@vt.edu >> Date: Mon, 9 Feb 2015 08:16:02 -0500 >> >> On Mon, 09 Feb 2015 01:48:01 +, lobna gouda said: >> > Has anyone imagined this? away on increasing processing power or >> visual >> > clearance of what we already have, what could be the next HCI? >> >> Yes, somebody has imagined it. >> >
Re: Comcast New England dropped for 5-15 min? Anyone
Since, we reduced ourselves to the level of troubleshooting consumer home access on a cable network. I can let you know that this happens to me at home, in silicon valley area of California routinely several times a week. In fact, so much that I have ATT, Comcast and Verizon hot spot for the rare event it happens to the first two at the same time. I simply flip between access points. The only thing I found worth the time it to test from home is to the destination points where our network has sessions with ATT, Comcast, etc.. With more than one consumer provider at here at home, it have happens often enough and it becomes clear that it's rarely worth the effort to troubleshoot from a consumer end point, unless of course if you work for them. Thank You Bob Evans CTO > Hey, anyone had problems just now? My team and I at homes lost internet > access for about 10 min. I also had many sites drop off. Still digging, > but > maybe trouble upstream? I'm in 50.133.128.0/17 at home. > > --Andrey >
Re: MultiMode Fiber Connectivity... (850nm) Power Question
Thank You Bob Evans CTO > Hello, > > I was looking for feedback on the following question:- > > When connecting two MM SFP/SFP+/XFP 's together...(short range). > > What should be the best practice receive power range ? > > Is it true that if the rx power is higher than (x?) then it shortens the > life of the optics ? Yes, but thats only true about single mode frequencies not multimode (MM) because those are not as powerful. All MM is expected to go a very limited distance, so levels are never high. We have MM 3 foot jumpers between gear running for years. > (assumption being made here is that MAX Rx Power is not being exceed as > per the spec sheets of the optics) > > Regards > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >
Re: Peering + Transit Circuits
Thank You Bob Evans CTO > Thank you for the explanation.. > > However wouldn't a few other other attributes of the traffic show up . > e.g. you would have asymmetric traffic.. going out via us, but coming > back via a totally another path ? Patrick is correct in the approach you should take. If you don't have much traffic to being with - yes, you are correct that you'll notice a bounce. However, you should build a network so that your average traffic level can grow without having to check things manually. The more you automate the more you and your network are worth. This way you can simply upgrade ports at IX locations in a second without worrying about traffic levels and having to establish new or change existing policies. Thank You Bob Evans CTO > > BTW, my comment "We will trust everything coming in" was in ref. to QOS > tags. > >>>>> However, if you have a router at the IX which has _only_ peer routes >>>>> and your routes, that solves the problem. If I send you a packet for >>>>> Comcast, >>>>> your peering router will drop it and send an ICMP Network >>>>> Unreachable. > > In this scenario, the peering router is feeding routes to a Route > Reflector ? > and not taking in full routes from the route reflector ? > >>>>But standard network hygiene will stop those. > If there are any resources you could point to for these, I would be much > obliged.. > > > Thanks > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > - Original Message - >> From: "Patrick W. Gilmore" >> To: "nanog list" >> Sent: Tuesday, August 18, 2015 7:12:23 PM >> Subject: Re: Peering + Transit Circuits > >> Assume you and I are at an IX and peer. Suppose I send you traffic for >> Comcast. >> I can do this, even if you do not send me prefixes for Comcast. It >> requires me >> to manually configure things, but I can do it. >> >> Put another way, you said "We will trust everything coming inâ. I am >> saying that >> perhaps you should not. >> >> As Comcast is not one of your customers, you will have to send the >> packets out >> your transit provider. You do not get paid when I give you the packets, >> and you >> probably pay your transit provider to get to Comcast. So I have gotten >> something for free, and you are paying for it - i.e. stealing. >> >> Normally a router gets a packet and sends it on its way without looking >> at the >> source. However, if you have a router at the IX which has _only_ peer >> routes >> and your routes, that solves the problem. If I send you a packet for >> Comcast, >> your peering router will drop it and send an ICMP Network Unreachable. >> No >> filters to manage, no RIRs to sync, nothing to code, etc. >> >> There are evil ways around this if you do not configure your router >> properly >> (e.g. send you a prefix for Comcast with next-hop set to inside your >> network). >> But standard network hygiene will stop those. >> >> And as has been stated, this doesnât have anything to do with URPF >> either. (Not >> sure why Nick brought that up, heâs smart enough to know what URPF is >> and runs >> an exchange himself, so I think he just brain-farted. Happens to us >> all.) >> >> Hope that made it more clear. >> >> -- >> TTFN, >> patrick >> >>> On Aug 18, 2015, at 6:35 PM, Faisal Imtiaz >>> wrote: >>> >>> Let me start backwards... >>> >>> To me 'peering' is sharing internal routes and downstream customer >>> routes,and >>> not external ones. >>>IP transit is all of the external routes including internal routes & >>> downstream >>>customer routes >>> >>> >>> Having said that. if one is control of what IP Prefixes get >>> advertised to >>> whom... how exactly someone (peers) 'steal' transit ? >>> (If one is not managing the filters well then yes it is possible, but >>> that would >>> be a configuration error ?) >>> >>> >>> Maybe I am naive, to my Peering routes (relationships) are a subset of >>> IP >>> Transit Routes (relationships) >>> >>> Based on above belief... >>> >>> Then Item # 3, becomes the choice of the OP where one can make one >>&g
Re: Service Providers behaviour for dual homed enterprises
What Blake just said below works best - I do this MED together with small-ers all the way to india for video conferencing customers sitting in silicon valley. Thank You Bob Evans CTO > > > Stephen Satchell wrote on 9/24/2015 8:39 AM: >> On 09/23/2015 02:38 PM, Jason Bullen wrote: >>> I've always worked in enterprise only so I thought you guys might be >>> able >>> to help me with this one. >>> We are dual homed to Verizon and AT&T. We prepend all our prefixes out >>> AT&T to make them least preferred. During a recent issue we found some >>> users were coming in via AT&T. Using various looking glasses it >>> looks like >>> if I use an AT&T server(route-server.ip.att.net) the best path is the >>> prepended route through AT&T; in fact,I don't even see the VZB >>> route. If I >>> use a 3rd party looking glass(router-server.he.net) I see what I >>> anticipated, which is the shorter AS-Path through VZB. >>> >>> So if my research is correct, the internet prefers Verizon UNLESS >>> they are >>> a direct AT&T customer then they would use the AT&T circuit. >>> Is this a standard practice that I should assume to encounter? >>> >>> Thanks in advance >>> >> >> That's been my experience, and with other sets of providers, too. >> >> My current company is dual-homed with AT&T and Charter Fiber. Those >> customers on UVerse come in the AT&T link no matter what we do with >> BGP to convince the cloud to let packets come in the fatter pipe. > > Jason, while others have offered acknowledgement of the behavior you are > seeing as well as solutions, I think it might be relevant to point out > that this is simply a matter of BGP best path selection. BGP does not > use AS path length (hops) as its primary path selector. Search for "bgp > best path selection" to find out more about how BGP selects the best > path. As others have noted, local pref is often utilized to control > routing and should be your preferred way to control path selection in > addition to AS path length. However, the ultimate way to control routing > would be to advertise more specific prefixes via the path that you want > traffic to flow. > > --Blake >
Re: ARIN Region IPv4 Free Pool Reaches Zero
IPv4's works better today than ever before. IP space in North America has now officially turned into a revenue source for networks. Most private enterprise customers understand costs and profits. Business does not understand free stuff in a free market. Hence, IPv4 is no longer free in a block range perspective. To any business with rising employee medical insurance, electricity and office rent rates, an IP address cost is just not on the radar. Just not a large enough cost to make IPv6 look financially attractive. Only when IPv4 address costs begin to exceed that of the hardware and labor conversion costs, will IPv6 gain traction in North America. So for the most part your teenage kids will grow up in an IPv4 world until they are probably 30,something. But, your grand kids will see IPv4 as s old. That's all contingent upon all the networks we work on start charging $10 or more per IP address per month. Thank You Bob Evans CTO > Remember, the Internet being fully migrated to IPv6 is just 5 yrs away > just > like fusion power plants is 20 yrs away (although I think now they are > saying 50 yrs away which would make IPv6 12.5 yrs away). (= > > --- > -ITG (ITechGeek) > i...@itechgeek.com > https://itg.nu/ > GPG Keys: https://itg.nu/contact/gpg-key > Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A > Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook: > http://fb.me/Jbwa.Net > > On Thu, Sep 24, 2015 at 4:06 PM, Mike Hammett wrote: > >> = >> The whole reason for the inertia >> against going to IPv6 is "it ain't broke, so I not gonna 'fix' it." >> >> Now it's broke. >> = >> >> ^^^This ^^^ >> >> >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> - Original Message - >> >> From: "Stephen Satchell" >> To: nanog@nanog.org >> Sent: Thursday, September 24, 2015 2:38:26 PM >> Subject: Re: ARIN Region IPv4 Free Pool Reaches Zero >> >> On 09/24/2015 09:49 AM, Dovid Bender wrote: >> > The issue now is convincing clients that they need it. The other >> > issue is many software vendors still don't support it. >> >> And this may trigger a refresh on routers, as people old or refurbed >> equipment find they need to change. The whole reason for the inertia >> against going to IPv6 is "it ain't broke, so I not gonna 'fix' it." >> >> Now it's broke. >> >> >
Re: Prefix hijacking by AS20115
That's something I would do. Announce announce and keep adding ports until I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a blackhole route for the prefixes. Try to pick blocks that are as geographically located to your peering routers as possible ...IE in Reno pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento . when that batch of customers makes their phones ring all night someone will listen. Would be nice if our membership organization ARIN ( that we all pay to keep us somewhat organized) had an ability to do something for you I never looked into it...i don't knowmaybe it does ? But, in the mean time I am pretty sure you can document this well and prove your announcements of theirs was due to the fact you couldn't get proper technical attention and needed to desperately before your customers cancel after 8 hours of this. Tomorrow call your lawyers and begin to sue that cable company (did I recognize that ASN as cable TV ? ) for damages this must be causing you in ill-will amongst your customer base. I wonder just how you prove the damage...some equation based on customer calls and complaints together with how many years you have been in business as well as the number of contracts that are coming up for renewal. etc etc. Now that would be interesting to see a formula for that if anyone has been through it. Thank You Bob Evans CTO > Start announcing their prefixes? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > On Sep 28, 2015 11:09 PM, "Seth Mattinen" wrote: > >> On 9/28/15 18:30, William Herrin wrote: >> >>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen >>> wrote: >>> >>>> I've got a problem where AS20115 continues to announce prefixes after >>>> BGP >>>> neighbors were shutdown. They claim it's a wedged BGP process but >>>> aren't >>>> in >>>> any hurry to fix it outside of a maintenance window. >>>> >>> >>> If they weren't lying to you, they'd fix it now. That's not the kind >>> of problem that waits. >>> >>> Thing is: they lied to you. Long ago they "helpfully" programmed their >>> router to announce your route regardless of whether you sent a route >>> to them. They want to wait for a maintenance window to remove that >>> configuration. >>> >>> >>> I'm at a loss of what else I can do. They admit the problem but won't >>> take >>>> action saying it needs to wait for a maintenance window. Am I out of >>>> line >>>> insisting that's an unacceptable response to a problem that results in >>>> prefix/traffic hijacking? >>>> >>> >>> Try dropping the link entirely. If they still announce your addresses, >>> bring it back up but report it as emergency down, escalate, and call >>> back every 10 minutes until the junior tech understands that it's time >>> to call and wake up the guy who makes the decision to fix it now. >>> >>> >> >> I'm at the tail end here almost 8 hours later since the hijacking >> started. >> Their NOC is just blowing me off now and they're happy to continue the >> hijacking until it's convenient for them to have a maintenance window. >> And >> that's apparently the final decision. >> >> ~Seth >> >
Re: Prefix hijacking by AS20115
> On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans > wrote: >> That's something I would do. Announce announce and keep adding ports >> until >> I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in >> a >> blackhole route for the prefixes. Try to pick blocks that are as >> geographically located to your peering routers as possible ...IE in Reno >> pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento >> . when that batch of customers makes their phones ring all night >> someone will listen. >> > > that seems like a pretty poor strategy... guaranteed to get you into > some hot water, I suspect. Keep in mind that the 'noc' at 20115 isn't > the same thing as the customer-service-center. There's likely little > to link the 2 things together there :( You are right - probably creates more problems than good. > >> Would be nice if our membership organization ARIN ( that we all pay to >> keep us somewhat organized) had an ability to do something for you I >> never looked into it...i don't knowmaybe it does ? > > arin does not guarantee 'routability' of netblocks assigned to your org. Yep, I was pretty sure of that - but wouldn't it be nice if arin could have some communication line or at least try. Yes, never any guarantees really. bob > >> But, in the mean time I am pretty sure you can document this well and >> prove your announcements of theirs was due to the fact you couldn't get >> proper technical attention and needed to desperately before your >> customers >> cancel after 8 hours of this. Tomorrow call your lawyers and begin to >> sue >> that cable company (did I recognize that ASN as cable TV ? ) for damages >> this must be causing you in ill-will amongst your customer base. >> >> I wonder just how you prove the damage...some equation based on customer >> calls and complaints together with how many years you have been in >> business as well as the number of contracts that are coming up for >> renewal. etc etc. Now that would be interesting to see a formula for >> that >> if anyone has been through it. >> > > you COULD find a charter person on-list...there are nine names on the > attendees list for the upcoming meeting... I imagine peeringdb likely > has folk listed... gosh it sure does: > > <https://www.peeringdb.com/private/participant_view.php?id=2144> > > what with their emails and everything. > >> Thank You >> Bob Evans >> CTO >> >> >> >> >>> Start announcing their prefixes? >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> On Sep 28, 2015 11:09 PM, "Seth Mattinen" wrote: >>> >>>> On 9/28/15 18:30, William Herrin wrote: >>>> >>>>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen >>>>> wrote: >>>>> >>>>>> I've got a problem where AS20115 continues to announce prefixes >>>>>> after >>>>>> BGP >>>>>> neighbors were shutdown. They claim it's a wedged BGP process but >>>>>> aren't >>>>>> in >>>>>> any hurry to fix it outside of a maintenance window. >>>>>> >>>>> >>>>> If they weren't lying to you, they'd fix it now. That's not the kind >>>>> of problem that waits. >>>>> >>>>> Thing is: they lied to you. Long ago they "helpfully" programmed >>>>> their >>>>> router to announce your route regardless of whether you sent a route >>>>> to them. They want to wait for a maintenance window to remove that >>>>> configuration. >>>>> >>>>> >>>>> I'm at a loss of what else I can do. They admit the problem but won't >>>>> take >>>>>> action saying it needs to wait for a maintenance window. Am I out of >>>>>> line >>>>>> insisting that's an unacceptable response to a problem that results >>>>>> in >>>>>> prefix/traffic hijacking? >>>>>> >>>>> >>>>> Try dropping the link entirely. If they still announce your >>>>> addresses, >>>>> bring it back up but report it as emergency down, escalate, and call >>>>> back every 10 minutes until the junior tech understands that it's >>>>> time >>>>> to call and wake up the guy who makes the decision to fix it now. >>>>> >>>>> >>>> >>>> I'm at the tail end here almost 8 hours later since the hijacking >>>> started. >>>> Their NOC is just blowing me off now and they're happy to continue the >>>> hijacking until it's convenient for them to have a maintenance window. >>>> And >>>> that's apparently the final decision. >>>> >>>> ~Seth >>>> >>> >> >> >
PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
Nice of you to check Jim. This brings up the old idea - A long time ago I had an INOC phone by PCH.NET - It never rang, as we filter our outbound with detail everywhere we announce. ISPs need to provide us their address list. And the few times I needed to use it , no one ever answered. ( It was a decade ago before NANOG membership.) So after a while I too ignored it. Maybe this was an idea ahead of it's time ? From this painful mishap, it could have been a great solution for NOC Engineers to help each. I find peeringdb often outdated as companies change around and sluggish return call if at all. Most are like a sales line number post. I see now a long list of registered networks in the PCH directory. Are networks actually paying attention and using it. Is it time to take another look ? At midnight in your organization could you get a NOC person with " proper BGP skills and access " to answer and care about a bad announcement ? https://inoc-dba-web.pch.net/inoc-dba/console.cgi?op=show_pubdir&list=org Link above shows lots more networks listed on the INOC-DBA Public Directory: Organizations But have you used it? Did it work for you when you needed it ? Any further comments are appreciated. This seems like a very good proper civil approach - maybe this or something like it ARIN might help promote and endorse as a benefit to the community ? Be nice if with the cash they did something simple like this and got all of us to use it? Special line forwarding ? A Emergency Only NOC App for our phones for just this kind of situation - one that registers a specific ASN and pin code we set on the registration page ? Thank You Bob Evans CTO > > > On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen" > wrote: > >>On 9/28/15 20:19, Martin Hannigan wrote: >>> >>>Is this related to 104.73.161.0/24? That's ours. :-) >>> >>>We'll take a look and get back to you. Thanks for caring! >>> >> >> >>Yep, that's one of the affected prefixes. >> >>~Seth > Hi Seth, which market was this occurring? Was this already removed? I'm > not seeing it this morning. I would like to figure out what went wrong > here. We shouldn't be nailing up any static configuration to have caused > a situation like this. > >
Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
A friend is not someone that allows their company to hijack your prefixes. A friend is one that can get it to stop. Dude - wake up and drink some coffee. Thank You Bob Evans CTO > Hi Bob, > > On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: >> This seems like a very good proper civil approach - maybe this or >> something like it ARIN might help promote and endorse as a benefit to >> the community ? Be nice if with the cash they did something simple >> like this and got all of us to use it? Special line forwarding ? A >> Emergency Only NOC App for our phones for just this kind of situation >> - one that registers a specific ASN and pin code we set on the >> registration page ? > > In this day and age people use IRC or Facebook to quickly get to a > friend of a friend of a friend to get to a good contact. Get on with the > times :-) > > Kind regards, > > Job >
Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
I have actually found this NANOG email to be more effective than a chat or mombook public service. We need something more private like that. Thank You Bob Evans CTO > A friend is not someone that allows their company to hijack your prefixes. > A friend is one that can get it to stop. Dude - wake up and drink some > coffee. > > Thank You > Bob Evans > CTO > > > > >> Hi Bob, >> >> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: >>> This seems like a very good proper civil approach - maybe this or >>> something like it ARIN might help promote and endorse as a benefit to >>> the community ? Be nice if with the cash they did something simple >>> like this and got all of us to use it? Special line forwarding ? A >>> Emergency Only NOC App for our phones for just this kind of situation >>> - one that registers a specific ASN and pin code we set on the >>> registration page ? >> >> In this day and age people use IRC or Facebook to quickly get to a >> friend of a friend of a friend to get to a good contact. Get on with the >> times :-) >> >> Kind regards, >> >> Job >> > > >
Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)
Neils, do you actually work at in a NOC operation with BGP operations and policies you can change - a backbone with customers? If not - I would understand why email is fast enough for you. Maybe SIP iNOC phone isn't the right answer - but it seems to work fine everywhere I go. There just has to be a better way of communicating other than posting an email to a board - which isn't focused on a live network emergency. Something that's self filtered by all of us for a specific use. SayAn email/ text might work well or even better than SIP - if we had an APP that noticed a specific key or coded line plus your ASN to then ring my phone with an urgent ring tone.hence, the idea of an NOC APP for that. Something other than "No I won't do anything different" - an idea or concept something you would embrace for such a moment. The iNOC phone wasn't embraced. Maybe a APP is a better idea than a phone. Thank You Bob Evans CTO > * j...@baylink.com (Jay Ashworth) [Tue 29 Sep 2015, 17:31 CEST]: >>The idea of a private tieline network that is connected, by SIP, to a >> line >>appearance in the NOC of each AS, and no one else is on it, seems like a >>fine idea to me. > > Until you take into account that SIP doesn't work through many > firewalls, that people generally don't give a second thought to > timezones, that network engineers generally dislike having to mess > with voice systems, etc. etc. > > 2 out of 3 INOC-DBA calls I ever received were silent on their end > (presumably) due to firewalls; the third call was a test. > > >>And that was INOC-DBA's original goal, as I understand it: >> >>You're having a problem? It's coming from some specific AS? >> >>Pick up the phone, mash the red INOC line button, dial the AS >>number, and you're talking to their NOC. >> >>And that's *authenticated*: since it's low enough churn to set up >>by hand, it's authenticated by humans. > > In other words, it wasn't secure, it wouldn't scale and churn killed it. > > >>Show of hands: who has it set up, correctly, right now? > > No. There is nothing I'd do after receiving a phone call that I > wouldn't do via email anyway. > > > -- Niels. >
Re: NR Software\Xeex Communications
Equinix is truly one of the worst and over priced in Silicon Valley California. It's why Coresite does so well here. Coresite has less than 48 hour cross connect completion and remote hands the same day for non-emergencies. For rare emergencies you can rush remote hands and Coresite staff gets in your rack right away. We have been treated badly at PAIX PALO ALTO. In their paix palo alto facility they had a bathroom pipe break -we took photos- it rained "literally poured" on our rack. I had to tell the paix staff to run next door at Walgreens and buy all the paper towels they could until someone finds towels. Inches of water on the floor. Zero help or responsibility- giant waste of time. They are still in denial mode. Yet they paid the plumbers to repair the bathroom pipes that broke and had about 5 techs pushing inches of water around. We had to put in new gear and they never paid a dime - I think Equinix doesn't have insurance and doesn't care about your protection even if their facility fails. To our legal letter, their response was that our own insurance should pay. Our insurance didn't want to hear about it, because they cover customers and we had no customers gear involved. Thank You Bob Evans CTO > I know I'm going to be blowing the door wide open on this request, but I'd > be interested in hearing from anyone else that was one of Equinix's first > few customers. The deal I was getting on some services has been unrivaled, > but the support I've received has been unrivaled in the not so pleasant > way. It's time I just moved on. I need a vendor that responds at least > within two weeks or 20 messages, whichever is more. (Twenty sounds like a > lot, but when spread out over two weeks following other weeks of > non-response, I don't think it's out of line.) > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > - Original Message - > > From: "Mike Hammett" > To: "nanog group" > Sent: Thursday, October 8, 2015 1:38:43 PM > Subject: NR Software\Xeex Communications > > > Does anyone know what's going on over there? Any not-front door phone > numbers, e-mail addresses, etc.? I haven't been getting responses from > them for a while. > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > > >
Re: IP-Echelon Compliance
WAIT WAIT - I know the solution to all of this. Let's pass a law that requires everyone to fill out a form to buy a device with a MAC address. Make them wait 10 days to verify the buyer has never committed a digital crime. While law enforcement puts it in a pile forms and pretends they can verify through the process of piling and ignoring it. 10 days later, If law enforcement doesn't call - the store can then call the buyer and tell them they can pick up their new potential crime committing internet device. Oh Gee, I see here that I have been living in California too long. Bob Evans CTO BTW, from this thread, I just learned that responding the way the spam email states doesn't make it possible communicate with company personnel - you must first fill out an application and register to communicate ? A kind or opt-in-proof. We get these emails 99% of the time its the same IP address subnets of wi-fi in hotels or schools. They are always 12 hours late and often older - days late - hotel guests customers have checked out or closed their hacked laptop after their lunch meeting. What's a busy hotel staff suppose to do track down a guest MAC addresses - hire better firewall companies to block specific port traffic because of its potential use? Thought that ol' bit-torrent stuff flips ports whenever it needs too ? > Hi Fred, > > I canât find your name, email address or the domain-name from your email > in our mailboxes. > > If you send the request via this webform or via email to the address > specified in the notice, weâll absolutely jump on it and respond ASAP. > > I canât monitor this thread further but please reach out via the > channels described so we can help. > > Cheers, > Seth > >> On Oct 13, 2015, at 2:10 AM, Fred Hollis wrote: >> >> At least, we tried contacting you many times, but you ignored all our >> requests. >> >> Still receiving thousands of e-mails not related to our IPs on daily >> basis. >> >>> On 13.10.2015 at 00:04 Seth Arnold wrote: >>> Hi All, >>> >>> Please feel free to get in touch with us to request changes. >>> >>> Expedited processing of your requests is offered through the Notice >>> Recipient Management for ISPs section of our website located here: >>> http://www.ip-echelon.com/isp-notice-management/ >>> <http://www.ip-echelon.com/isp-notice-management/> >>> >>> If you are in the U.S., please also ensure that your change is >>> reflected in the records of the US Copyright Office: >>> http://copyright.gov/onlinesp/list/a_agents.html >>> <http://copyright.gov/onlinesp/list/a_agents.html> >>> >>> >>> Cheers, >>> Seth >>> >
Re: Static IPs
Hey, Hey Hey, Let's not propagate this more. NANOG is the wrong place for this - it's not technical or problem solving in nature nor is it community based concerns about industry resources and legislation. It's sale-ish. Thank You Bob Evans CTO > A helpful hint from a local broadband provider (I'm trying to wade through > broadband options at home): > > "If your business is online, then you should have an IP address." > > I do find that helps. > > (in fairness, they are talking about static IPs, but it kind of fits with > the rest of their marketing which says their highest speed plans include > the advantage of "most reliable Wifi" when compared to their lower speed > plans) >
RE: Static IPs
Here's your answerIt's in the charter - join a sales forum someplacehere networking means technical network issuesnot marketing networking that you find in so many places on the net.. NANOG serves as a bridge between the technical staff of leading Internet providers close to network operations, technical communities such as standards bodies, and the academic community. NANOG has consistently worked to maintain a high level of technical content in meetings and all related activities. In striving to achieve these goals, all tutorials and presentations, including BOF presentations, are reviewed in advance and are limited to those entirely of a general technical nature, explicitly prohibiting material that relates to any specific product or service offerings. For similar reasons, equipment exhibits are limited to specified special events at each meeting. - See more at: http://nanog.org/history/charter#sthash.HggO2RL6.dpuf Thank You Bob Evans CTO > If not to solve problems or as a technical resource, what is the NANOG > for? > > Thank you, > - Nich > >> Hey, Hey Hey, Let's not propagate this more. >> NANOG is the wrong place for this - it's not technical or problem >> solving >> in nature nor is it community based concerns about industry resources >> and >> legislation. It's sale-ish. >> Thank You >> Bob Evans >> CTO > >
Re: Static IPs
Bill, It's my list too. 1) You are wrong for telling me what to do ? 2) Are we suppose to check with you to see how far the list can degrade ? You want to tell me to chill - do it offline like a reasonable participant. You should apologize. Thank You Bob Evans CTO > On Mon, Oct 19, 2015 at 1:19 PM, Bob Evans > wrote: >> Here's your answerIt's in the charter - join a sales forum >> someplacehere networking means technical network issuesnot >> marketing networking that you find in so many places on the net.. >> >> NANOG serves as a bridge between the technical staff of leading >> Internet >> providers close to network operations, technical communities such as >> standards bodies, and the academic community. NANOG has consistently >> worked to maintain a high level of technical content in meetings and all >> related activities. In striving to achieve these goals, all tutorials >> and >> presentations, including BOF presentations, are reviewed in advance and >> are limited to those entirely of a general technical nature, explicitly >> prohibiting material that relates to any specific product or service >> offerings. For similar reasons, equipment exhibits are limited to >> specified special events at each meeting. - See more at: >> http://nanog.org/history/charter#sthash.HggO2RL6.dpuf > > Chill out Bob. The charter contains many guidelines, few rules. > "Minimize snark" is not one of the list rules. Or even one of the > guidelines. > > -Bill > > > > -- > William Herrin her...@dirtside.com b...@herrin.us > Owner, Dirtside Systems . Web: <http://www.dirtside.com/> >
Re: *tap tap* is this thing on?
My spam filtering must be working correctly. Because, I have only seen 1 or 2...this may be the case for those with the privs. Thank You Bob Evans CTO > This spam flood is kinda hilarious in a way. Any idea why no one with > mod or admin privs for the mailing list has bothered to step in and deal > with this? > > > -- > Brielle Bruns > The Summit Open Source Development Group > http://www.sosdg.org/ http://www.ahbl.org >
Re: Long-haul 100Mbps EPL circuit throughput issue
Eric, I have seen that happen. 1st double check that the gear is truly full duplexseems like it may claim it is and you just discovered it is not. That's always been an issue with manufactures claiming they are full duplex and on short distances it's not so noticeable. Try to perf in both directions at the same time and it become obvious. Thank You Bob Evans CTO > Hello NANOG, > > We've been dealing with an interesting throughput issue with one of our > carrier. Specs and topology: > > 100Mbps EPL, fiber from a national carrier. We do MPLS to the CPE > providing > a VRF circuit to our customer back to our data center through our MPLS > network. Circuit has 75 ms of latency since it's around 5000km. > > Linux test machine in customer's VRF <-> SRX100 <-> Carrier CPE (Cisco > 2960G) <-> Carrier's MPLS network <-> NNI - MX80 <-> Our MPLS network <-> > Terminating edge - MX80 <-> Distribution switch - EX3300 <-> Linux test > machine in customer's VRF > > We can full the link in UDP traffic with iperf but with TCP, we can reach > 80-90% and then the traffic drops to 50% and slowly increase up to 90%. > > Any one have dealt with this kind of problem in the past? We've tested by > forcing ports to 100-FD at both ends, policing the circuit on our side, > called the carrier and escalated to L2/L3 support. They tried to also > police the circuit but as far as I know, they didn't modify anything else. > I've told our support to make them look for underrun errors on their Cisco > switch and they can see some. They're pretty much in the same boat as us > and they're not sure where to look at. > > Thanks > Eric >
Re: DNSSEC and ISPs faking DNS responses
This will only create an new private (non-public) DNS service in China or Romania for Canadians to use. Imagine that someone in China starts a business to help people get around censorship in countries other than China. You nailed it - "clueless politicians". Bob Evans CTO > > The Québec government is wanting to pass a law that will force ISPs to > block and/or redirect certain sites it doesn't like. (namely sites that > offer on-line gambling that compete against its own Loto Québec). > > In order to make a good submission to government, once has to boil it > donw to simple enough arguments that clueless politicians can > understand. And for me to do that, I want to make sure I understand this > correctly. > > > I have tried to research DNSSEC and while I understand how a proper DNS > server can validate the chain from the > - root server > - TLD server > - authoritative DNS server for that domain > > I remain in dark with regartds to clients, namely clients who cannot > trust the DNS server supplied as part of DHCP/IPCP/PPPoE responses. > > > Say a consumer wants to connect to lottery.com, which, from the world > outside the ISP, would result in a signed, verifiable response. > > Can't the ISP's DNS server just pretend it is authoritative for > lottery.com and return to client a non-DNSSEC response that points to a > fake IP address ? > > If the client gets an unsigned response for lottery.com from its ISP's > DNS server, how can it know it is a fake response, how can it know that > lottery.com should have generated a signed DNSSEC response ? > > > It seems to me that unless each client goes to the tld servers (they > already have root signatures), get signature of the tld server and > signed response of where "lotery.com" can be found, they have no way to > know whether lottery.com should be signed or not, and whether the answer > they got from their ISP is good or not. > > Is that a proper understanding ? > > > > So far, I have seen good explanations of what happens between DNS > servers and the servers that are authoritative for domain, TLD and root. > But I have seen nothing about clients who only have a resolver that > talks to a DNS server. > > > And while I am at it: when a client gets a legit response from ISP's DNS > server with RRSIG records, how does the client obtain the public key > against which to run the record to ensure its calculated signature > matches that provided in RRSIG ? > > or do DNS servers return the full chain of records so that a request for > lottery.com returns not only record for lottery.com but also .com,s > reply on where lottery.com is and root's reply of where .com is ? > > > Hopefully, I am only missing a small bit that would explain everything > that happens at the client side. But as long as I am told that the > client only talks to the ISP's DNS server, I am at a loss. > > Any help appreciated. (I just watched an hour long youtube on subject > which didn't deal with client much). >
Re: Bluehost.com
Gee, for $3.49 for a website hosting per month , it's a real bargain. While the network person inside me says, Wow that's a long outage. The other part of me is really wondering what one thinks they can really expect from a company that hosts a website for just $3.49 ? Such a bargain at less than 1/2 the price of a single hot dog at a baseball stadium per month. That price point alone tells you about the setup and what you are agreeing too and who it's built for. Goes along with the ol' saying, "you get what you pay for." If they are down for 10 hours a month out of the average 720 hours in a month - thats a tiny percentage 1-2 of the time it's unavailable - in service terms of dollars it's roughly a nickel they credit each customer. Do I need more coffee or is my math wrong about a nickel for 10 hours of website hosing ? However, maybe that is all many companies /sites really need. In which case, it should be easy enough to build in backup yourself using two cheap hosing providers and flip between them when the need arises. Or pick a provider that manages their routing well and works with you quickly, but, you'll have to pay more for that. Yep, the math spells it out - "you get what you pay for." Thank You Bob Evans CTO > remember folks, redundancy is the savior of all f***ups. > > :) > > On Wed, Nov 25, 2015 at 2:21 PM, JoeSox wrote: > >> I just waited 160 minutes for a tech call and the Bluehost tech told me >> he >> was able to confirm that it wasn't malicious activity that took down the >> datacenter but rather it was caused by a "datacenter issue". >> So my first thought is someone didn't design the topology correctly or >> something. >> Some of our emails are coming thru but Google DNS still lost all of our >> DNS >> zones which are hosted by Bluehost. >> At least the #bluehostdown is fun to read :/ >> -- >> Later, Joe >> >> On Wed, Nov 25, 2015 at 10:04 AM, Stephane Bortzmeyer >> >> wrote: >> >> > On Wed, Nov 25, 2015 at 08:41:55AM -0800, >> > JoeSox wrote >> > a message of 9 lines which said: >> > >> > > Anyone have the scope on the outage for Bluehost? >> > > https://twitter.com/search?q=%23bluehostdown&src=tyah >> > >> > The two name servers ns1.bluehost.com and ns2.bluehost.com are awfully >> > slow to respond: >> > >> > % check-soa -i picturemotion.com >> > ns1.bluehost.com. >> > 74.220.195.31: OK: 2012092007 (1382 ms) >> > ns2.bluehost.com. >> > 69.89.16.4: OK: 2012092007 (1388 ms) >> > >> > As a result, most clients timeout. >> > >> > May be a DoS against the name servers? >> > >> > bluehost.com itself is DNS-hosted on a completely different >> > architecture. So it works fine. But the nginx Web site replies 502 >> > Gateway timeout, probably overloaded by all the clients trying to get >> > informed. >> > >> > The Twitter accounts of Bluehost do not distribute any useful >> > information. >> > >> >
Re: Bluehost.com
Yes, I agree with you Joe - a hasty generalization, as "you get what you pay for" doesn't really apply to as many goods in the same way it does to almost all services. However, a $3.49 web site service should have be a good first clue. Thank You Bob Evans CTO > Walmart has cheap prices so "you get what you pay for."?? > Hasty generalization but I can't disagree 100% with your opinion on this > one. > I am learning about the non-profit world of IT and the challenges are all > around me. :) > > -- > Later, Joe > > On Wed, Nov 25, 2015 at 12:27 PM, Bob Evans > wrote: > >> >> Gee, for $3.49 for a website hosting per month , it's a real bargain. >> While the network person inside me says, Wow that's a long outage. The >> other part of me is really wondering what one thinks they can really >> expect from a company that hosts a website for just $3.49 ? Such a >> bargain at less than 1/2 the price of a single hot dog at a baseball >> stadium per month. That price point alone tells you about the setup and >> what you are agreeing too and who it's built for. Goes along with the >> ol' >> saying, "you get what you pay for." >> >> If they are down for 10 hours a month out of the average 720 hours in a >> month - thats a tiny percentage 1-2 of the time it's unavailable - in >> service terms of dollars it's roughly a nickel they credit each >> customer. >> Do I need more coffee or is my math wrong about a nickel for 10 hours of >> website hosing ? >> >> However, maybe that is all many companies /sites really need. In which >> case, it should be easy enough to build in backup yourself using two >> cheap >> hosing providers and flip between them when the need arises. Or pick a >> provider that manages their routing well and works with you quickly, >> but, >> you'll have to pay more for that. >> >> Yep, the math spells it out - "you get what you pay for." >> >> Thank You >> Bob Evans >> CTO >> >> >> >> >> > remember folks, redundancy is the savior of all f***ups. >> > >> > :) >> > >> > On Wed, Nov 25, 2015 at 2:21 PM, JoeSox wrote: >> > >> >> I just waited 160 minutes for a tech call and the Bluehost tech told >> me >> >> he >> >> was able to confirm that it wasn't malicious activity that took down >> the >> >> datacenter but rather it was caused by a "datacenter issue". >> >> So my first thought is someone didn't design the topology correctly >> or >> >> something. >> >> Some of our emails are coming thru but Google DNS still lost all of >> our >> >> DNS >> >> zones which are hosted by Bluehost. >> >> At least the #bluehostdown is fun to read :/ >> >> -- >> >> Later, Joe >> >> >> >> On Wed, Nov 25, 2015 at 10:04 AM, Stephane Bortzmeyer >> >> >> >> wrote: >> >> >> >> > On Wed, Nov 25, 2015 at 08:41:55AM -0800, >> >> > JoeSox wrote >> >> > a message of 9 lines which said: >> >> > >> >> > > Anyone have the scope on the outage for Bluehost? >> >> > > https://twitter.com/search?q=%23bluehostdown&src=tyah >> >> > >> >> > The two name servers ns1.bluehost.com and ns2.bluehost.com are >> awfully >> >> > slow to respond: >> >> > >> >> > % check-soa -i picturemotion.com >> >> > ns1.bluehost.com. >> >> > 74.220.195.31: OK: 2012092007 (1382 ms) >> >> > ns2.bluehost.com. >> >> > 69.89.16.4: OK: 2012092007 (1388 ms) >> >> > >> >> > As a result, most clients timeout. >> >> > >> >> > May be a DoS against the name servers? >> >> > >> >> > bluehost.com itself is DNS-hosted on a completely different >> >> > architecture. So it works fine. But the nginx Web site replies 502 >> >> > Gateway timeout, probably overloaded by all the clients trying to >> get >> >> > informed. >> >> > >> >> > The Twitter accounts of Bluehost do not distribute any useful >> >> > information. >> >> > >> >> >> > >> >> >> >
Re: Bluehost.com
For an ISP type service - it's almost impossible the make it up in volume - all you need is one phone call to cost you $10 in support on a $3.50 service. With that many customers you can imagine how many call to just ask what happened or vent after the event is over. I founded a cable modem business prior to docsis standard. Call center with 150 people in it. People would call for help with their printer just because we answered the phone. So support for a $3.49 web service must make compromises somewhere in an attempt to reach profitability. I know of 3 very big ISPs - all barely making money for years. Providing crummy service , priced cheaply and expecting to make it up in volume. Their solution was to merge and lose money together. Still providing a lowball price for service , they then took the profitable parts of the business and sold those to others so they can re-org and improve cash momentarily. The re-org produced the same low prices and crummy service. So it's a cycle some people play just to win money from hedge funds, investors and finally the public. What do they call it when one keeps doing the same thing over and over again expecting a different result ? Low priced services are difficult to make profitable - if you drove your car the way most low priced business services operate you would have a car that top speeds at the minimal freeway speed, wouldnt carry a a spare tire, drive around until the empty light turns on and carry as little insurance as possible. - Gee, come to think of it, I've been in an airport shuttle van like that in new york. Thank You Bob Evans CTO > However, with thousands more users at that price point, you would think > the > income would be plenty for better services. > > Who makes more, the store with smaller quantities at higher prices or the > store that sells more bulk at lower prices? Perception of value, I > believe, > wins. > > Robert > > On Wed, 25 Nov 2015 16:00:37 -0800 > "Bob Evans" wrote: >> Yes, I agree with you Joe - a hasty generalization, as "you get >>what you >> pay for" doesn't really apply to as many goods in the same way it >>does to >> almost all services. However, a $3.49 web site service should have >>be a >> good first clue. >> >> Thank You >> Bob Evans >> CTO >> >> >>> Walmart has cheap prices so "you get what you pay for."?? >>> Hasty generalization but I can't disagree 100% with your opinion on >>>this >>> one. >>> I am learning about the non-profit world of IT and the challenges >>>are all >>> around me. :) >>> >>> -- >>> Later, Joe >>> >>> On Wed, Nov 25, 2015 at 12:27 PM, Bob Evans >>> >>> wrote: >>> >>>> >>>> Gee, for $3.49 for a website hosting per month , it's a real >>>>bargain. >>>> While the network person inside me says, Wow that's a long outage. >>>>The >>>> other part of me is really wondering what one thinks they can really >>>> expect from a company that hosts a website for just $3.49 ? Such a >>>> bargain at less than 1/2 the price of a single hot dog at a baseball >>>> stadium per month. That price point alone tells you about the setup >>>>and >>>> what you are agreeing too and who it's built for. Goes along with >>>>the >>>> ol' >>>> saying, "you get what you pay for." >>>> >>>> If they are down for 10 hours a month out of the average 720 hours >>>>in a >>>> month - thats a tiny percentage 1-2 of the time it's unavailable - >>>>in >>>> service terms of dollars it's roughly a nickel they credit each >>>> customer. >>>> Do I need more coffee or is my math wrong about a nickel for 10 >>>>hours of >>>> website hosing ? >>>> >>>> However, maybe that is all many companies /sites really need. In >>>>which >>>> case, it should be easy enough to build in backup yourself using two >>>> cheap >>>> hosing providers and flip between them when the need arises. Or pick >>>>a >>>> provider that manages their routing well and works with you quickly, >>>> but, >>>> you'll have to pay more for that. >>>> >>>> Yep, the math spells it out - "you get what you pay for." >>>> >>>> Thank You >>>> Bob Evans >>>> CTO >>>> >>>> >>>> > remember folks, redundancy is the
RE: Bluehost.com
Kiriki, you nailed it. Explained this perfectly. Thank You Bob Evans CTO > The bottom line is the value/price ratio. We should all be working to add > value. By any means necessary. > > The pitfall of low priced "services", is that it's hard to balance the > support level and lower price for services. > > If Bluehost and lower end web hosters can completely do away with the > support aspect, certainly SAAS can scale. But if a significant part of > your > value proposition is support, it's real hard to get down this low if any > human is ever involved, and if you pay a living wage to your workers. I > really expect at the ultra low end you have to be willing to do away with > live support, and just provide a product that workswith no support. > > Would people want to buy a web host for $3.95 but if they engage support > pay > $15/hour for it? Perhaps that would work... but I think the value > proposition gets skewed in this sense. Those customers paying this little > likely needs support in a variety of ways. The challenge is to do it all > right, so they don't... > > I agree with Bob, more likely they are subsidizing costs with investment > and > hoping to provide a profitable model in the future with enough market > share. > > Bottom line, is the industry needs to be increasing value, because the > flip > side working for no profit, surviving off investment only... there's > no > end-game. You see this cycle time and time again as market share is > grabbed, > then underperforming companies are rolled up. In this process value is > destroyed. > > Ultimately this is also why it's extremely damaging for investors to > constantly invest in companies that don't make a profit, and don't provide > a > successful economical model for the services/products provided. These > companies largely live on investor money, lose money, and in their wake > destroy value for the entire industry. Of course the end-game for the > investors is to make money... I'm always surprised how strong > investment/gambles are for non-profitable companies. I guess there is no > end > to those with too much money that have to place that money somewhere. As > the > rich get richer, there will only be more dumb money cheapening the value > proposition. After all, who needs value when you have willing investors. > > Bottom line is that if it's not worth doing... then maybe it should not be > done. Maybe the race to the bottom is not worth it. Maybe investments that > lose value for an industry should be limited. > > The giant pool of money is now weaponized. > > -Kiriki > > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Bob Evans > Sent: Wednesday, November 25, 2015 5:20 PM > To: Robert Webb > Cc: NANOG > Subject: Re: Bluehost.com > > For an ISP type service - it's almost impossible the make it up in volume > - all you need is one phone call to cost you $10 in support on a $3.50 > service. With that many customers you can imagine how many call to just > ask > what happened or vent after the event is over. > > I founded a cable modem business prior to docsis standard. Call center > with > 150 people in it. People would call for help with their printer just > because > we answered the phone. So support for a $3.49 web service must make > compromises somewhere in an attempt to reach profitability. > > I know of 3 very big ISPs - all barely making money for years. Providing > crummy service , priced cheaply and expecting to make it up in volume. > Their solution was to merge and lose money together. Still providing a > lowball price for service , they then took the profitable parts of the > business and sold those to others so they can re-org and improve cash > momentarily. The re-org produced the same low prices and crummy service. > So it's a cycle some people play just to win money from hedge funds, > investors and finally the public. What do they call it when one keeps > doing > the same thing over and over again expecting a different result ? > > Low priced services are difficult to make profitable - if you drove your > car > the way most low priced business services operate you would have a car > that > top speeds at the minimal freeway speed, wouldnt carry a a spare tire, > drive > around until the empty light turns on and carry as little insurance as > possible. - Gee, come to think of it, I've been in an airport shuttle van > like that in new york. > > Thank You > Bob Evans > CTO > > > > >> However, with thousands more users at that price point, you would >> think the income would be
Re: Bluehost.com
I think he means to say the rich get richer on the other side of the investment by playing the shorting and the buying of stock in the gambling marketplace. As the stock itself can create a new currency so they make more money playing with that than the actually investment. They are on the inside hence the saying the rich get richer. Thank You Bob Evans CTO > On Wed, Nov 25, 2015 at 5:54 PM, Kiriki Delany > wrote: >> [...] >> >> Bottom line, is the industry needs to be increasing value, because the >> flip >> side working for no profit, surviving off investment only... there's >> no >> end-game. You see this cycle time and time again as market share is >> grabbed, >> then underperforming companies are rolled up. In this process value is >> destroyed. >> >> Ultimately this is also why it's extremely damaging for investors to >> constantly invest in companies that don't make a profit, and don't >> provide a >> successful economical model for the services/products provided. These >> companies largely live on investor money, lose money, and in their wake >> destroy value for the entire industry. Of course the end-game for the >> investors is to make money... I'm always surprised how strong >> investment/gambles are for non-profitable companies. I guess there is no >> end >> to those with too much money that have to place that money somewhere. As >> the >> rich get richer, there will only be more dumb money cheapening the value >> proposition. After all, who needs value when you have willing investors. > > > I'm confused. If these companies largely live on investor money, > lose money, and destroy value...how is it that a scant two sentences > later, the rich are getting richer, and there is _more_ dumb money? > > I would posit the rich get richer because they *do* > see value in the investments they make. That is, > value is being created in these deals...just not for > everyone. > > Matt >
Re: IPv4 subnets for lease?
I see it different than Lee ... because, there are no new ipv4 addresses they are all used. I have seen the same spam issue with IP space that is sold. So be careful. I have been involved in both leasing and purchasing IPv4 space. Like everything else you want to check the mileage/usage and look for dents before leasing or buying. No matter which method - verify you are getting clean addresses before spending a dime. Purchasing can be a large upfront investment - leasing is a good option for many. We all know someday the space won't be needed. It's just a matter of when. My advise if you have cash and time buy IPv4 space. If not lease and focus on spending the cash on newer gear that can handle all the /24s and IPv6 prefixes. If leasing, make sure you are dealing with a source that watches carefully and can provide you multi-year contract optioned spaceso you can toss them away when IPv6 is it. Thank You Bob Evans CTO > Leasing is ill-advised; the addresses will be unsellable once the spammers > are through with them. > Really, there¹s no other reason to lease. > > If you want to buy or sell addresses in the ARIN region, some of the > facilitators at > https://www.arin.net/resources/transfer_listing/facilitator_list.html are > pretty good (ask me; I¹ll let you know my opinions privately). > > The only ones I know who will deal in blocks as small as /24 are > http://www.ipv4auctions.com/ > There may be others I don¹t know about. > > Of course you have to ask whether IPv6 is a possible alternative, and you > shouldn¹t go to all the troule and expense of buying addresses without > turning up dual-stack. That would be like spending $20 for a tissue when > you need a $10 cold medicine; it helps, but not for long. > > Lee > > > On 12/17/15, 9:31 PM, "NANOG on behalf of Nick Ellermann" > wrote: > >>We have customers asking to lease IP space for BGP transit with us and >>other peers. But they are struggling to get at a minimum even a Class C, >>even though they have their own ASN. We don't have large amounts of free >>IPv4 space to lease out to a single customer in most cases anymore. Hope >>to at least introduce these customers to some contacts that may be able >>to help. >>Do we know of any reputable sources that are leasing or selling IPv4 >>subnets as small as a /24 to satisfy their diversity needs? Thanks! >> >>Sincerely, >>Nick Ellermann - CTO & VP Cloud Services >>BroadAspect >> >>E: nellerm...@broadaspect.com<mailto:nellerm...@broadaspect.com> >>P: 703-297-4639 >>F: 703-996-4443 >> >>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >>MATERIAL and is thus for use only by the intended recipient. If you >>received this in error, please contact the sender and delete the e-mail >>and its attachments from all computers. >> >> > > >
Re: Is it normal for your provider to withhold BGP peering info until the night of the cut?
I agree with Sean. Poor planning always leads to poor service. It sure makes for a fast clumsy cut over. But, you now know that you the customer are not a priority or better planning steps would have been taken for your consideration in advance. Thank You Bob Evans CTO > On Thu, 21 Jan 2016, c b wrote: >> Is this a common SOP nowadays? Anyone care to explain why they wouldn't >> just provide it ahead of time? > > Carrier saves costs by not having a clue, and has no idea which router > will have an open port until they try to plug you in. > > Hope its not a long contract, because customer service never gets better > ... only worse. > > >
Re: -48DC electrical supply
I use auto parts stores, if the current isn't much. Your typical thick gauge battery cable can carry quite a bit and auto part stores are everywhere. Thank You Bob Evans CTO > Where do you guys get your supplies (wire, connectors, tools) for -48VDC > stuff? > >
Re: About inetnum "ownership"
The numbers (IP addresses) are not the field. The servers are the field. The numbers are the street addresses of the server. Domain names would be a nick name for the numbers, like PaddingHouse.com is at 55.51.52.1. The BGP table is a road map. That's why it was once called the Super Information Highway, remember? You can sell street/road maps to the stars, and the stars don't have to let you in. Thank You Bob Evans CTO > On Wed, 2016-03-02 at 00:44 -0500, William Herrin wrote: >> Do I have the legal right to exclude others from announcing my block >> of IP addresses to the public Internet routing tables? It's not well >> tested in court but the odds are exceptionally strong that I do. > > If I own some property - say a field - the location of that field is > with certain rare exceptions public information. I as the owner cannot > enforce a requirement on you to NOT tell people where my field is. I > can't demand that you NOT build roads past it, or that you NOT put up > signs saying how to get to my field, or even that you NOT tell people > who owns the field. I have the right to exclusive use of the property, > but I have no rights to information about the property, nor any > property rights outside the boundary of the property. > > Testing in court the idea that you may not advertise my routes would be > a fascinating exercise. If you falsely advertised them it would be a > different matter. > > Has this sort of thing been tested in the courts at all? In any > jurisdiction? > >> Indeed, the whole point of registration is to facilitate >> determination >> of -who- has the exclusive right over -which- blocks of addresses. > > The problem is what rights we are talking about. I would say that > practically speaking the only real right here is the right to configure > an address on an interface. But anyone else can send packets to an > address, or advertise to others the direction of travel towards that > network. Malicious activity excluded of course - DoS attacks and so on, > but I think the issues there are different. Also, contractually > regulated relationships are different - if I connect something up to > ISPX and have a contract with ISPX to NOT advertise the route to me, > then ISPX is constrained. > > Regards, K. > > -- > ~~~ > Karl Auer (ka...@biplane.com.au) > http://www.biplane.com.au/kauer > http://twitter.com/kauer389 > > GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > > > >
Re: About inetnum "ownership"
As far as I know there is no requirement to announce your assigned or legacy owned prefixes to the world. You have the right to announce them. I don't think you can legally stop others from announcing your path to them. Once you publicly announce something, it's out there. Oh well, maybe I didn't get the original question. I thought the discussion was about a network's right to prevent others in the world from announcing/propagating a route to that network's prefixes. Seemed to be a legal question and the field analogy someone put forth seemed to apply well. I can't take credit for that as I simply tuned it and showed how it fit in a historical way. I think a lawyer would probably make this analogy in a court. Thank You Bob Evans CTO > > Interesting demonstration of why retreat to analogies does not help in a > discussion. > > A question: If you stop announcing your routes, where will the world > get them from? > > -- > sed quis custodiet ipsos custodes? (Juvenal) > >
LighTower - Major issue - Anyone from LIGHTOWER please contact me off list.
Anyone out here from LIGHTOWER please contact me off list. Thank You Bob Evans CTO
Re: Verizon Policy Statement on Net Neutrality
> Just think of all that innovation and investment that's been "stifled" > over the last 50 years under Title II. > Anyone remember having to "rent" their rotary phones from AT&T? Yes, I am that old. You were not allowed to connect a phone of your own. Bob Evans CTO
Re: Verizon Policy Statement on Net Neutrality
> > Asymmetric service was introduced to discourage home users from > > deploying "commercial" services. As were bandwidth caps. N, it was not. It was a technology issue from the very beginning. Technology limits of coax cable plants even before DOCSIS. Also dslam designs were such that they knew the direction of packets would be based on the need to deliver content. But Byte transfer caps (not bandwidth) were based on the high throughput limits of the C.O. and headend gear together with a marketers ability to over selling to a consumer. Bob Evans
Re: ASN to IP Mapping
Step 1: Input an IP prefix for the originating ASN of a prefix https://radar.qrator.net Step2: Check the RIR whois (as stated below) for confirmation as to who's assigned space. Thank You Bob Evans CTO > On Sat, Mar 7, 2015 at 12:37 PM, Andrew Iwamoto < > aiwam...@unleashed-technologies.com> wrote: > >> Is there a tool or method to determine IP blocks assigned to an >> organization by ASN? I.e. if I have an organization's ASN number I want >> to >> know all blocks assigned to that ASN. >> > > That's RIR/NIR-dependent, so you probably have to go thru all of them to > map all possible IP blocks. Other references suggested bgp.he.net that > will > only list advertised networks, and IRRs will only have IRR-listed > networks. > > For instance, on ARIN for AS 15141: > > http://whois.arin.net/rest/asn/AS15141 > > Find the organization name; click on the link > http://whois.arin.net/rest/org/BAUSCH-1.html > > Find the networks link: > http://whois.arin.net/rest/org/BAUSCH-1/nets > > Network ResourcesBAUSCH-LOMB (NET-161-242-0-0-1 > <http://whois.arin.net/rest/net/NET-161-242-0-0-1.html>)161.242.0.0 - > 161.242.255.255 > > Look for the other RIRs; rinse and repeat. > > > > Rubens >
RE: rack cable length
You must build them if you want the professional look. No way around that - unless you want to take up rack space with some sort of cable management wrapping system and that becomes a pain to make future changes or replace cables. Thank You Bob Evans CTO > Or you build the cable to fit the span. I must be getting old. > > Joe > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rafael Possamai > Sent: Friday, April 17, 2015 3:00 PM > To: North American Network Operators Group > Subject: Re: rack cable length > > Hi Shawn, > > If you don't leave slack, you can't really pull the server out of the RU > for maintenance (hot swaps, etc). Your best choice is to purchase cable > management trays if that makes sense (Dell servers usually come with > those). Otherwise you just need to deal with the loops and whatnot the > best way you can. If your colo hardware is really random (dells, HPs, > supermicros) then it gets worse, but if your hardware is homogeneous then > you can come up with some way of attaching brackets to the side of the > rack that could help you avoid a rats nest in the back of your rack > (granted you can't find cable management trays or they are too expensive > to justify the investment). > > > > On Fri, Apr 17, 2015 at 1:44 PM, shawn wilson wrote: > >> This is probably a stupid question, but >> >> We've got a few racks in a colo. The racks don't have any decent cable >> management (square metal holes to attach velcro to). We either order >> cable too long and end up with lots of loops which get in the way (no >> place to loop lots of excess really) or too short to run along the >> side (which is worse). It appears others using the same racks have >> figured this out, but... >> >> Do y'all just order 10 of each size per rack in every color you need >> or is there a better way to figure this out? I'm guessing something >> like 24 inches + 1.75 inchex x Us) + 24 inches and round up to >> standard length...? >> > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > >
