Nexus 9k, packet loss through switch on vlan without SVI

2016-07-25 Thread Jeremy 
Running into some weird issues with a Cisco Nexus9k.

We have a Cisco 3750X pair stacked, port channel (2x 1G) to a two different
blades on a Nexus9k. Isolating the links of the port channel , on one link
we can consistently get 800mbps (using iperf), or the other link we
consistently get ~34mbps.

we have seen this across multiple 3750X stacks.

The vlan we were on is just layer2 through the n9k, there are no IP
addresses. We were able to (apparently) resolve this issue by creating an
SVI on the n9k, with an empty config.

Now, even isolating links we can get ~800mbps across the n9k, through the
various 3750X stacks.

I am confused why creating the SVI would have an impact on this, and why it
wouldn't be consistent across both links. If the lack of SVI were at fault,
I would be less surprised if it just flat out didn't work, but this partial
working state feels very odd.

Anyone else seen this? Thoughts? Could traffic be hitting the CPU while
going across modules? This feels like quirky n9k internals...

Thanks!
Jeremy

PS: no CRC errors found on interfaces, all looked clean

Cloudflare reverse DNS SERVFAIL, normal?

2016-08-29 Thread Jeremy 
We're seeing a huge uptick in reverse dns lookup failures across an app,
99% are all for Cloudflare ip addresses.

Instead of seeing a PTR or NXDOMAIN we're getting back SERVFAIL.

Does anyone know if this is a standard response from them? Do they not have
reverse DNS setup for their networks?

Trying to narrow this down to see if it's a result in a change in how our
application handles these errors or if there's an issue going on with
cloudflare's DNS setup.

Thanks!
Jeremy

DWDM on 250 Km dark fiber without re-amplification

2016-12-24 Thread Jeremy 

Hi all,

First, i'm sorry for my english, i'm french and i don't have a good 
level in this language. But i want some informations and i'm sure, 
someone will be give the good anwser about my question.


So, i'm regarding to rent a dual dark fiber in France, the estimated 
distance is 225 Km, but i know there are a lot of optical switching on 
the highway where it's fiber is installed (in theory, all 80 Km). So, i 
used the bad scenario, in adding 25 Km on my need.


I would like to buy a amplificator and multiplexer DWDM to add some 
10Gb/s waves on this dark fiber. I've see that the amplification is 
better on 100 Gb/s synchronised ports, but we don't have enoug capacity 
on our router to add 100 Gb/s interfaces.


So, someone has installed this type of hardware on a dark fiber without 
regeneration  on 250 Km of distance ?
If yes, with what kind of hardware ? If you are commercial for this 
hardware, please contact me in private message.


Thanks you for your time,
Jérémy
AS197922

OADM spliting

2017-02-20 Thread Jeremy 

Hello the nanog list,

I'm searching for a OADM CWDM splitting module which can be placed in a 
BEP outdoor box (this OADM module must have a EAST input and a WEST 
output, with the capacity to active the split for each waves or not)  
with the 2 mux/demux rack 19". Classics CWDM waves needs (1470-1610 nm 
with 8 channels).


If you know a good BPE which can accept 10 x 1.5 fibers opticals cables 
I/O and with SC connectors, we like it if you can add it in your quote.


Are there someone here who can send a quote for this hardware and who 
can send this hardware very quickly to France ?


Thanks,

Re: quietly....

2011-01-31 Thread Jeremy 
Has there been any discussion about allocating the Class E blocks? If this
doesn't count as "future use" what does? (Yes, I realize this doesn't *fix*
the problem here)

-Jeremy

On Mon, Jan 31, 2011 at 10:15 PM, Jack Carrozzo  wrote:

> On Mon, Jan 31, 2011 at 9:55 PM, Jimmy Hess  wrote:
>
> >
> > IPv4's not dead yet;  even the first  RIR exhaustion probable in  3 -
> > 6 months  doesn't end the IPv4 ride.
> >
> > There is some hope more IPv4 organizations will start thinking about
> > their plans for establishing connectivity with IPv6;  so they can
> > commmunicate with IPv6-only hosts that will begin to emerge
> > later.
> >
>
> What organizations (eye networks) will do is layer NAT till the cows come
> home for some years to come. Buckle up!
>
> -Jack Carrozzo
>

Re: Level 3 blames Internet slowdowns on ISPsâ EURO(tm) re fusal to upgrade networks | Ars Technica

2014-03-20 Thread Jeremy 
And of course that only last until someone else decides to buy the
competition, I mean "invest in other companies".
On Mar 20, 2014 7:58 PM, "Mike."  wrote:

> On 3/20/2014 at 4:17 PM Bryan Fields wrote:
>
> |On 3/20/14, 12:34 PM, Blake Hudson wrote:
> |> The solution seems to be competition or regulation.
> |I'd prefer competition to regulation.
>  =
>
> If real and true competition exists, yes.
>
>
>
>
>

Re: ICANN to allow commercial gTLDs

2011-06-17 Thread Jeremy 
well, crap. That's all I have to say :(

On Fri, Jun 17, 2011 at 4:16 PM, mikea  wrote:

> On Fri, Jun 17, 2011 at 05:04:25PM -0400, Jay Ashworth wrote:
> > Aw, Jeezus.
> >
> > No.  Just, no.
> >
> >   http://tech.slashdot.org/story/11/06/17/202245/
>
> Yeah. Maybe ICANN needs its own special TLD: .idiots?
>
> --
> Mike Andrews, W5EGO
> mi...@mikea.ath.cx
> Tired old sysadmin
>
>

Re: unqualified domains, was ICANN to allow commercial gTLDs

2011-06-19 Thread Jeremy 
"DK" may not be hierarchical, but "DK." is. If you try to resolve "DK" on
it's own, many (most? all?) DNS clients will attach the search string/domain
name of the local system in order to make it a FQDN. The same happens when
you try and resolve a non-existent domain. Such as
alskdiufwfeiuwdr3948dx.com, in wireshark I see the initial request followed
by  alskdiufwfeiuwdr3948dx.com.gateway.2wire.net. However if I qualify it
with the trailing dot, it stops after the first lookup. DK. is a valid FQDN
and should be considered hierarchical due to the dot being the root and
anything before that is a branch off of the root. see RFC1034

-Jeremy

On Sun, Jun 19, 2011 at 7:08 PM, Mark Andrews  wrote:

>
> In message , Paul Vixie writes:
> > Adam Atkinson  writes:
> >
> > > It was a very long time ago, but I seem to recall being shown
> http://dk,
> > > the home page of Denmark, some time in the mid 90s.
> > >
> > > Must I be recalling incorrectly?
> >
> > no you need not must be.  it would work as long as no dk.this or dk.that
> > would be found first in a search list containing 'this' and 'that', where
> > the default search list is normally the parent domain name of your own
> > hostname (so for me on six.vix.com the search list would be vix.com and
> > so as long as dk.vix.com did not exist then http://dk/ would reach
> "dk.")
> > --
> > Paul Vixie
> > KI6YSY
>
> DK should NOT be doing this.  DK is *not* a hierarchical host name
> and the address record should not exist, RFC 897.  The Internet
> stopped using simple host names in the early '80s.  In addition to
> that it is a security issue similar to that described in RFC 1535.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
>

Re: What do you think about the Juniper MX line?

2011-06-27 Thread Jeremy 
Heh, I spent about 3mo evaluating/testing SRX's and I agree they had
potential but left /a lot/ to be desired.

-Jeremy

On Mon, Jun 27, 2011 at 2:45 PM, Owen DeLong  wrote:

> Sorry... I misspoke. My comments related to the SRX series and not the MX.
>
> The MX is a fine product in my experience.
>
> Owen
>
> On Jun 25, 2011, at 10:03 PM, Howard Hart wrote:
>
> >
> > We have a couple installed as our edge routers.
> >
> > Pluses -  solid as a rock, easy to administer, and will take some
> extremely high packet rates for relatively low cost (important for us since
> we use them for VoIP traffic). If you're approaching the capacity of a 1GB
> uplink, I highly recommend these as your first step to 10 GB.
> >
> > Minuses - careful on your MX80 version. The MX80-48T includes a built in
> 48 port 1 GigE switch, but we've had compatibility issues with it and other
> vendors switches. The modular version that replaces the MX80-48T costs quite
> a bit more, but it does give you a lot more connection and compatibility
> options.
> >
> > Howard Hart
> >
> > On Jun 25, 2011, at 9:37 PM, "Ryan Finnesey"
>  wrote:
> >
> >> I would love to know the same I am looking at the MX line as well for a
> >> new network build-out
> >>
> >> Cheers
> >> Ryan
> >>
> >>
> >> -Original Message-
> >> From: Chris [mailto:behrnetwo...@gmail.com]
> >> Sent: Saturday, June 25, 2011 9:29 AM
> >> To: nanog@nanog.org
> >> Subject: What do you think about the Juniper MX line?
> >>
> >> Hello,
> >>
> >> I've been doing some research into using the MX line of Juniper routers
> >> and was interested in hearing people's experiences (the good, bad, and
> >> ugly). What do you like about them? What do you dislike?
> >> Where are you putting them in your network? Where are you not putting
> >> them? Why? What other platforms would you consider and why? I hope to
> >> hear some candid responses, but feel free to respond privately if you
> >> need to.
> >>
> >> Thanks!
> >>
> >>
>
>
>

MPLS Traffic Engineering Help

2012-01-28 Thread Jeremy 
Hi Everyone,
I could use a little help on MPLS and Traffic Engineering. Right now I'm
just trying to wrap my head around it. I currently have a couple tunnels
going in either direction, those are working fine (but certainly took me
long enough to get them working!) and I can direct traffic over them easy
enough. Now I'm looking into allocating/reserving bandwidth for a given
tunnel and if possible have it react to increased network loads and
recalculate its path if need be.

(Poor) Example:
I have two paths that two different tunnels (A and B) that will go over a
T-1 and 100mbps ethernet. A is more important than B. When traffic is low,
I'd like them both to go over the 100mbps link so either tunnel can fill
the pipe, but if Tunnel A requires more bandwidth, Tunnel B should react
and move to the T-1. Is this possible? or am I horribly confused?

I'm not really looking for the exact commands or the 'answer' to this
problem, but some guidance would be greatly appreciated. I'm working with
Cisco gear, 2800's and such. This is purely an academic exercise.

Thanks!
Jeremy

802.11 MAC Point Coordination Function

2012-02-15 Thread Jeremy 
Hi All,
I'm doing some research on 802.11 quality of service, congestion control,
etc. I'm trying to find some information on the Point Coordination
Function, a polling based access control method, but I'm having a hard time
finding much in the way of vendor support. I have access to some cisco
1242's, 1140's and 1252's and I've been searching the Cisco's site and
can't find a real answer on whether or not it's supported let alone how to
configure it.

Does anyone have any experience with this? Does Cisco have some special
name for it aside from PCF? Any help would be appreciated!

Thanks,
Jeremy

Re: Comcast cable modem software update push

2012-07-22 Thread Jeremy 

On 7/22/2012 2:56 PM, Dave Sotnick wrote:

Dear Nanog Users,

I have recently been plagued by intermittent lockups on my Motorola
BitSurfer 6121 cable modem, which I purchased based on Comcast's lists
of recommended devices, and having good experience with Motorola
products in the past. There's a good discussion on this topic here:
http://goo.gl/SfHdh

My technical question for the group is: When I finally talk to Comcast
Tier 2 this week, what do I need to tell them to convince them that
pushing out an update to SB6121 modems is a good idea? They seem
convinced the onus is on Motorola to provide updates. This is not how
DOCSIS 3.0 works!

FWIW, the installed OS is 1.0.3.3 dated Aug 12 2010. The most recent I
have heard of is 1.0.6.6. Apparently this fixes the lockups.

Any tips greatly appreciated.

-Dave



Dave,

/lurk mode off

Each MSO has its own procedures for reviewing and certifying firmware 
for their networks.  The various DOCSIS features work with varying 
levels of success on different code revisions, so the testing tends to 
be extensive.   When I worked at an MSO in my previous position, the 
process would be to lab test and then field soak for several months 
prior to releasing an update.  Even then, we would still be bitten by 
bugs with strange trigger conditions.  Assuming that process is the same 
at Comcast, you are likely to have little success in convincing them to 
speed up the deployment of new code, especially if the DOCSIS 
engineering group has not completed testing and fully vetted the code.


You best bet is simply to see if there is newer code available that they 
have approved.   Just for comparison, I have a Moto Surfboard 6121 
attached to TWC and I'm on firmware version 1.0.5.1 dated 12/21/2010 
(possibly installed when I was still a Cox customer).


/lurk on

Jeremy

Re: Google burp

2012-10-31 Thread Jeremy 
I had my service go down and come back and when it came back i have
the new reply/compose features of the new gmail system

http://techcrunch.com/2012/10/30/googles-gmail-launches-new-compose-email-view-and-reply-experience-that-will-save-you-time/

It wasn't there before

On Wed, Oct 31, 2012 at 10:06 PM, Michael Sinatra
 wrote:
> On 10/31/12 2:55 PM, Blair Trosper wrote:
>> I guess I'll be the one to ask...what's going on over at Google?  Service
>> interruptions and front-end errors all over the place across what appears
>> to be all services, though Gmail seems to have bounced back up.  Google's
>> service disruption is about to bring Twitter's service to its knees as
>> people complain and try to figure out what's going on.
>>
>> Blair Trosper
>> Updraft Networks & The North Texas GigaPOP
>>
>
> It's back working for me (after just a few minutes of brokenness), but I
> have to say I really loved the "out of order" splash page I got when my
> calendar went down:
>
> "Sorry, there seems to be a problem.  The service you're looking for is
> temporarily unavailable.  Please try again in a few hours.  Thanks for
> your patience."
>
> Ahem, a few *hours*?
>
>
>

ASR9K xml agent vs netconf

2014-08-01 Thread Jeremy 
Hi There!

I'm currently working on writing some automation around the ASR9K platform
and I've been looking at both the netconf and xml interfaces. Anyone have
experience with either?

It looks like the XML interface is much more feature rich, supporting both
config and operational state objects where netconf is limited to config
only.

Currently I'm leaning towards the xml interface, but netconf would come
with the appeal of using a standard and any libraries I write for it may be
usable with other platforms.

Thoughts? experiences? mistakes? wins?

Thanks!
Jeremy

ASR 1006 question

2011-05-05 Thread Jeremy 
Hey All,

I think i may be noobing this one here, any help would be appreciated. We
have an ASR1006 with a SIP and a 2x1gbps SPA. Right now we have:

 2800 g0/0<- -> ASR1006 g1/0/0

All we're trying to do is set an IP address on each interface so we can ping
(192.168.1.1 on the 2800, 192.168.1.2 on the ASR). We have the IPs
configured on both but it's just not working. The 2800 is fine, if we attach
a laptop to it and ping it works as expected. However when we attach the
laptop to the ASR no ARP or ICMP messages are sent from the ASR, wireshark
shows no traffice what so ever. The Interface is up/up and it was a fresh
config, all we've done is add the IP address. Any thoughts? This shouldn't
be this hard so I must be overlooking something silly.

Thanks!
-Jeremy

Re: Rogers Canada using 7.0.0.0/8 for internal address space

2011-05-24 Thread Jeremy 
Please excuse my ignorance on this and note that I am not condoning the
hijacking of IP address space.

As long as necessary precautions are taken (route filters, tunnels, VRF's)
shouldn't this be technically feasible without any negative ramifications?

These 7-NET address seem to be assigned to the modem itself, but surely they
aren't what the customer sees at thier WAN IP address right? So as long as
the modem is configured to send ALL traffic, regardless of destination
address (could be a 7NET dst) over a GRE tunnel to some aggregation point
via its acquired 7-net address and all routers were to keep the 7net on a
separate VRF, shouldn't they be able to avoid any IP collisions? Couldn't
you theoretically use anyone's IP space, advertised or not, for this
internal transit? I'm not saying it's a good idea, it's certainly more
complex which leads to its own issues, but shouldn't it be possible?

-Jeremy

On Tue, May 24, 2011 at 9:50 PM, Steven Bellovin wrote:

>
> On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote:
>
> > - Original Message -
> >> From: "Jimmy Hess" 
> >
> >> On Tue, May 24, 2011 at 4:34 PM,  wrote:
> >>> I think those within the organization that deploy those vehicles or
> >>> are Navy SEALs might sit at different lunch tables than the guys
> worried
> >>> about IP address collisions. ;-)
> >>
> >> The F/A-18 Hornets, F/A-22 Raptors are well, and good, but that's old
> >> technology The folks in charge of the MQ-1 predator drones might sit
> closer to
> >> the guys worried about the IP addresses.
> >>
> >> And automated drone strikes can always be blamed on a malfunction
> >> caused by the hijacking
> >
> > If packets that control armed drones cross any router that has access
> even to
> > SIPRnet, much less the Internet, someone's getting relieved.
>
>
> http://www.eweek.com/c/a/Security/Militants-Hack-Unencrypted-Drone-Feeds-477219/
>
>--Steve Bellovin, https://www.cs.columbia.edu/~smb
>
>
>
>
>
>
>

Re: Unimus Network Automation https://unimus.net/

2021-01-16 Thread Jeremy Austin 
To be precise, Unimus allows some mass config push but is not a templating
system. It's superb for config pull. It's decent for simple, static config
pushes or on-the-box scripting pushes.

Tomas has mentioned publicly that he has built templated config systems in
the past, but I don't believe that work has been turned into a shipping
product yet.

I'm a happy paid user and have also met Tomas in person. I'm no expert, but
he and his team write what appears (by performance) to be beautiful java.

Jeremy Austin


On Tue, Jan 12, 2021 at 9:39 PM James Braunegg 
wrote:

> Dear All
>
>
>
> Anyone using Unimus for Network Automation ? https://unimus.net/
>
>
>
> i.e. mass configuration / push / pull configurations looking for something
> more powerful than rconfig for a Cisco Nexus and Juniper environment.
>
>
>
> And or happy with any other suggestions
>
>
>
> Kindest Regards
>
>
>
> *James Braunegg*
>
> [image: cid:image001.png@01D280A4.01865B60]
>
> 1300 769 972 / 0488 997 207 <1300%20769%20972>
>
> *ja...@micron21.com *
>
> www.micron21.com/
>
> [image: cid:image002.png@01D280A4.01865B60] <http://www.micron21.com/>
>
> [image: cid:image003.png@01D280A4.01865B60]
> <https://www.facebook.com/micron21/>
>
> [image: cid:image004.png@01D280A4.01865B60] <https://twitter.com/micron21>
>
> Follow us on Twitter <https://twitter.com/micron21> for important service
> and system updates.
>
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
>
>
>


-- 
Jeremy Austin
jhaus...@gmail.com

Re: Verizon DC/NOVA Issues?

2021-01-26 Thread Jeremy Knapp 
Is this affecting email servers? We have started to see sporadic failures
to yahoo and aol with messages tied to
https://postmaster.verizonmedia.com/error-codes

On Tue, Jan 26, 2021 at 12:03 PM Andy Ringsmuth  wrote:

> Axios is reporting:
>
> What's happening: The widespread issues are unrelated to a FiOS fiber
> internet cable getting cut in Brooklyn, contrary to reports circulating
> widely on social media linking the two, a Verizon spokesperson said.
>
>
> https://www.axios.com/east-coast-internet-outages-494451f9-73bb-4025-9730-36ab5a6ad5d6.html
>
> 
> Andy Ringsmuth
> 5609 Harding Drive
> Lincoln, NE 68521-5831
> (402) 304-0083
> a...@andyring.com
>
> “Better even die free, than to live slaves.” - Frederick Douglas, 1863
>
> > On Jan 26, 2021, at 11:23 AM, Andrew Schaefer 
> wrote:
> >
> > Yes, Verizon FiOS is having major issues in Philadelphia getting to
> Amazon and Google networks, among others. Starting around 11:30 AM Eastern.
> >
> > On Tue, Jan 26, 2021 at 12:15 PM Robert Webb 
> wrote:
> > Any hearing of Verizon internet issues affecting the DC, Northern
> Virginia, and surrounding areas?
> >
> > Just got a flood of complaints about work VPN connections keep dropping
> and all users appear to be using Verizon internet and other users on
> Comcast are not having issues.
> >
> > Started maybe around 11:30AM EST..
> >
> > Thanks..
> >
> > Robert Webb
> >
> >
>
>

Re: IS-IS on FRR - Is Anyone Running It?

2020-04-03 Thread Jeremy Austin 
Mark,

I suggest you ask this directly on the FRR slack:

https://frrouting.slack.com/

I’m also interested to know who’s been trying FRR IS-IS in the wild. At
last check your former guess seemed to be correct and it wasn’t under
active development.

Regards
Jeremy Austin

On Thu, Apr 2, 2020 at 11:32 PM Mark Tinka  wrote:

> Hi all.
>
> So I finally decided to start messing around with FRR for a native IS-IS
> deployment for some of our FreeBSD-based Anycast services.
>
> I hit an issue that I posted to the FRR list that hasn't progressed beyond
> identifying a bug:
>
> 2020/03/21 03:12:36 ISIS: isis_send_pdu_bcast: sock_buff size 8192 is less
> than output pdu size 9014 on circuit em0
> 2020/03/21 03:12:36 ISIS: [EC 67108865] ISIS-Adj (1): Send L2 IIH on em0
> failed
>
> This is being addressed here:
>
> https://github.com/FRRouting/frr/pull/6066
>
> But my main question was if there was a command or setting in zebra.conf
> and/or isisd.conf that I can use to define the MTU IS-IS should use to set
> itself up, rather than being informed by what the interface currently runs
> at. I've tried everything that is documented as well as stuff that isn't,
> but nothing is accepted or recognized.
>
> Either no one runs IS-IS on FRR, or much of the implementation is still
> being developed and/or hasn't been tested in the wild, i.e., no traction.
>
> I'm hoping there is someone on this list that has played with IS-IS on FRR
> to point me in the right direction.
>
> The setup is FRR 7.3 on FreeBSD-12.1. Thanks.
>
>
> Mark.
>
-- 
Jeremy Austin
jhaus...@gmail.com

Re: alternative to voip gateways

2020-05-01 Thread Jeremy Austin 
What’s the average loop length? Grandstream is probably OK to 5+ kfeet but
you will lose CID before that.

As the low cost option don’t expect them to be trouble-free (or have
particularly good vendor support), but they might work in your application
if cheap is what makes sense.

My $.02

Jeremy Austin

On Fri, May 1, 2020 at 10:11 PM Andrey Slastenov 
wrote:

> Look at MSAN solution. Like Huawei UA5000 or similar solutions from other
> vendors.
>
>
> Regards,
> Andrey
>
> > 2 мая 2020 г., в 07:21, Nick Edwards 
> написал(а):
> >
> > I'm looking at a new sister company we just took over, their remote
> > village has 1700 analogue phone lines to the workers huts, but they go
> > nowhere past the MDF.
> >
> > The office runs voip, now i'm told i have to get phones to the workers
> > because the  AKA previous owners of that
> > business  stopped the build when they ran into financial problems.
> >
> > So my plan is to utilize the existing many miles worth of copper pairs.
> >
> > I'm looking at throwing them into Versa Dslams that use pppoe pass
> > through, throw in a mikoTik 1036 as pppoe server, and we got spare
> > R710 i can use as radius server, and by my limited knowledge this
> > works.
> >
> > OK data done, but... now all those pots out lines need to go somewhere
> > that can handle 1700 or more lines, I am looking at either grandstream
> > 48 port FXS gateways or sangoma vega 50 ports (which Ill use as 48 so
> > theres a 1:1 match with dslams) the vega 3050 probably wont be used
> > because they are more than twice the price of grandstream.
> >
> > But this all results in a sh1te load of 48 port gateways (power is not
> > a concern), but wondering if there is another solution that is more
> > cost effective? Seems the regular NEC's Siemens and so on might have
> > an option but I can imagine it will be far more expensive than a bunch
> > of individual gateways.
> >
> > This project is in my mind workable, but i've not done such a thing on
> > a large scale.
> > Those who have experience in this field care to chime in? is my method
> > acceptable or not for such a project size?
> >
> > most pbx's I've done are only few hundred analogue lines where
> > gateways are more suited and definitely more cost effective, at all
> > our locations we use freepbx which works perfectly, and we know the
> > beefyness of the box we'll need to install to handle this load, thats
> > not a problem if we go down the gateway method.
> >
> > thoughts?
>
-- 
Jeremy Austin
jhaus...@gmail.com

Re: IP addresses on subnet edge (/24)

2020-09-15 Thread Jeremy Visser 
On Tue, Sep 15, 2020 at 8:26 AM Töma Gavrichenkov  wrote:

> Also .0 and .1.
>
> Yes, there was some kind of a strange behavior with those addresses
> before.  We excluded those from rotation back in 2011 when that was really
> biting us.  There's an impression that this issue has become much less
> troubling over the years, didn't have time to investigate though.
>

Yep, I once had a customer (circa 2013–2014) who couldn't load
https://www.stgeorge.com.au/ because they (a PPP–based user, where
addressing is point to point, effectively /32 each end if you like) had an
IP address ending in .0, despite it being in the middle of an otherwise
larger pool. Some middlebox forming opinions about an address it has no
business forming an opinion about.

Re: Gaming Consoles and IPv4

2020-09-28 Thread Jeremy Bresley 
I'm outside of Tampa (18th largest MSA in the US).  The two providers 
here, Spectrum (former Brighthouse area) and Frontier (bought out 
Verizon's FIOS offering) are both IPv4 only (including on their SOHO/SMB 
offerings).



Every time I've called in, I've asked if they are offering IPv6 yet.  
Most of the time I've had to follow that up with explaining what IPv6 
is, even to the technical support people.



So I'm stuck with doing an HE tunnel still for my IPv6 access. If 
anybody has a petition to change this with these providers, let me know, 
happy to sign it.



Jeremy


On 9/28/20 08:44, Mike Hammett wrote:

Are non-ISP-provided routers all that common anymore?

Aren't there enough IPv6-enabled operators with critical mass of IPv6 
deployments that IPv4-only networks can be treated like the 
second-tier citizens they are?




-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From: *"Matt Hoppes" 
*To: *"Mike Hammett" , "Daniel Sterling" 


*Cc: *"North American Network Operators' Group" 
*Sent: *Monday, September 28, 2020 7:42:16 AM
*Subject: *Re: Gaming Consoles and IPv4

Many... but not all... and just because the operator is doesn't mean the
person you want to play with is.  And just because the operator is
doesn't mean the router you or the other person is using supports it.

On 9/28/20 8:20 AM, Mike Hammett wrote:
> Aren't most of the major operators using IPv6?
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> 
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>

> Midwest Internet Exchange <http://www.midwest-ix.com/>
> 
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>

> The Brothers WISP <http://www.thebrotherswisp.com/>
> 
<https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

> 
> *From: *"Daniel Sterling" 
> *To: *"Mike Hammett" 
> *Cc: *"Matt Hoppes" , "North 
American

> Network Operators' Group" 
> *Sent: *Sunday, September 27, 2020 8:33:56 PM
> *Subject: *Re: Gaming Consoles and IPv4
>
> Matt Hoppes raises an interesting question,
>
> At the risk of this being off-topic, in the latest call of duty games
> I've played, their UDP-NAT-breaking algorithm seems to work rather well
> and should function fine even behind CGNAT. Ironically turning on upnp
> makes this *worse*, because when their algorithm probes to see what
> ports to use, upnp sends all traffic from the "magical xbox port" to 
one

> box instead of letting NAT control the ports. This does cause problems
> when multiple xboxes are behind one NAT doing upnp. If upnp is on and
> both xboxes are fully powered off and then turned on one at a time,
> things do work. But when upnp is off everything works w/o having to 
do that.

>
> There are many other games and many CPE NAT boxes that may do horrible
> things, but CGNAT by itself shouldn't cause problems for any recent
> device / gaming system.
>
> It is true that I've yet to see any FPS game use ipv6. I assume that's
> cuz they can't count on users having v6, so they have to support v4, 
and

> it wouldn't be worth their while to have their gaming host support
> dual-stack. just a guess there
>
> -- Dan
>
>
>
> On Sun, Sep 27, 2020 at 7:29 PM Mike Hammett  <mailto:na...@ics-il.net>> wrote:
>
>     Actually, uPNP is the only way to get two devices to work behind one
>     public IP, at least with XBox 360s. I haven't kept up in that realm.
>
>
>
>     -
>     Mike Hammett
>     Intelligent Computing Solutions <http://www.ics-il.com/>
> 
<https://www.facebook.com

Re: WISPA (was Making Use of 240/4 NetBlock)

2022-03-10 Thread Jeremy Austin 
I'm in.

Jeremy Austin

On Wed, Mar 9, 2022 at 11:38 AM Dennis Burgess 
wrote:

> Let me know where and when 😊
>
>
>
> Dennis Burgess
>
> Author of "Learn RouterOS- Second Edition”
> Link Technologies, Inc -- Mikrotik & WISP Support Services
> Office: 314-735-0270  Website: http://www.linktechs.net
> Create Wireless Coverage’s with www.towercoverage.com
> Need MikroTik Cloud Management: https://cloud.linktechs.net
>
> -Original Message-
> From: NANOG  On Behalf
> Of Travis Garrison
> Sent: Wednesday, March 9, 2022 2:12 PM
> To: Dave Taht 
> Cc: NANOG 
> Subject: RE: WISPA (was Making Use of 240/4 NetBlock)
>
> I will be attending also. We should try to do a meetup of the NANOG members
>
> Thank you
> Travis Garrison
>
>
>
> -Original Message-
> From: NANOG  On Behalf
> Of Dave Taht
> Sent: Wednesday, March 9, 2022 1:25 PM
> To: Tim Howe 
> Cc: NANOG 
> Subject: Re: V6 still not supported (was Making Use of 240/4 NetBlock)
>
> I am going to attend the WISPA conference in New Orleans next week.
> (anyone going)
>


-- 
Jeremy Austin
jhaus...@gmail.com

Re: cf is down?

2022-06-21 Thread Jeremy Chequer 
Global API Outage - https://www.cloudflarestatus.com/

I look forward to hearing back from you.

Cheers

Jeremy Chequer
Chief Operating Officer

Resolver Group

P: 1800 497 152 | D: 07 3819 0483
E: jer...@resolvergroup.com.au

Resolver Group is a Division of Check Technology Group

Please consider the environment before printing this email.

From: NANOG  on behalf of 
Dmitry Sherman 
Sent: Tuesday, June 21, 2022 4:53:38 PM
To: nanog@nanog.org list 
Subject: cf is down?


[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.







Dmitry Sherman

Interhost Networks

T:

+972.74.702.9881

M:

+972.54.318.1182

E:

dmi...@interhost.net<mailto:dmi...@interhost.net>

W:

interhost.co.il<https://www.interhost.co.il/>



[Logo]<https://www.interhost.co.il/>

Re: cf is down?

2022-06-21 Thread Jeremy Chequer 
Hi All

Sorry for the noise. Issue is long since resolved, I sent that email over 5 
hours ago and it must have gotten caught in moderation.

I look forward to hearing back from you.

Cheers

Jeremy Chequer
Chief Operating Officer

Resolver Group

P: 1800 497 152 | D: 07 3819 0483
E: jer...@resolvergroup.com.au

Resolver Group is a Division of Check Technology Group

Please consider the environment before printing this email.

From: NANOG  on behalf of 
Jeremy Chequer 
Sent: Tuesday, June 21, 2022 4:56:52 PM
To: Dmitry Sherman ; nanog@nanog.org list 

Subject: Re: cf is down?


[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.

Global API Outage - https://www.cloudflarestatus.com/

I look forward to hearing back from you.

Cheers

Jeremy Chequer
Chief Operating Officer

Resolver Group

P: 1800 497 152 | D: 07 3819 0483
E: jer...@resolvergroup.com.au

Resolver Group is a Division of Check Technology Group

Please consider the environment before printing this email.

From: NANOG  on behalf of 
Dmitry Sherman 
Sent: Tuesday, June 21, 2022 4:53:38 PM
To: nanog@nanog.org list 
Subject: cf is down?


[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.







Dmitry Sherman

Interhost Networks

T:

+972.74.702.9881

M:

+972.54.318.1182

E:

dmi...@interhost.net<mailto:dmi...@interhost.net>

W:

interhost.co.il<https://www.interhost.co.il/>



[Logo]<https://www.interhost.co.il/>

Re: if you make the peace today i will call mr.obama

2022-08-20 Thread Jeremy Chequer 
If you have beef with Cognet or HE why not just take it up with them instead of 
involving the whole list in your spam every few days? You rehashed a thread 
that hadn't seen any activity in 9 years and now just keep spamming everyone 
trying to get your point across.

Yes, it is annoying that Cognet and HE don't peer with each other. You're not 
the only one who doesn't like it and Cognet has previously cut off other peers 
as well based on their internal policies. If you are a Cognet or HE customer, 
take it up with your Account Manager and if they aren't willing to do anything 
than talk with your wallet and take the business elsewhere if it is such a big 
issue for you.

Spamming the list isn't going to result in any change, it is just going to piss 
people off. Neither company is going to care about one person complaining about 
it on a mailing list when both are bringing on new customers daily.

Re your trolling comment, if I was to hazard a guess and I am not a moderator 
so not this is nothing but a guess, I'd say you have crossed the line now and 
am hoping the moderators take action soon so that the 10s of thousands who get 
these emails don't need to keep putting up with your spam.

Cheers

Jeremy Chequer
Chief Operating Officer

Resolver Group | Check Networks

Resolver Group is a Division of Check Technology Group

Please consider the environment before printing this email.

From: NANOG  on behalf of 
VOLKAN KIRIK 
Sent: Sunday, August 21, 2022 12:28:04 PM
To: dschaef...@cogentco.com ; Mike Leber 

Cc: nanog list 
Subject: if you make the peace today i will call mr.obama


[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.

if you make the peace today i will call mr.obama

i mean the biden. and shut down your operations both

white house should call me immediately.

ps. turkish translator is required.

however i may correct him/her in case of bad translation

isnt this list moderated or.. trolling allowed!??

RE: email spam

2022-08-23 Thread Jeremy Chequer 
Or at the bare minimum, require a response. Just assuming the email went 
through and then blaming that for a pedo keeping their job for another year and 
a half is just bad on the officials side. With scams increasing, measures need 
to be in place. Unfortunately, several agencies seem to think that you should 
just trust anything that comes from their address but that's how we end up with 
email spoofing. The agencies need to ensure they have the right setup in place 
to avoid ending up in spam and also ensure they are following up in some form, 
especially when its to do with child safety.

- Jeremy

From: NANOG  On Behalf Of 
Suresh Ramasubramanian
Sent: Wednesday, 24 August 2022 12:52 PM
To: Eric Tykwinski 
Cc: nanog@nanog.org
Subject: Re: email spam

[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.
100%. Also - there's no way to offer a delivery sla for email.  If you have 
something business critical, let alone anything that affects child safety, pick 
up a phone and call, or send an officer over to the school.

--srs

From: Eric Tykwinski mailto:eric-l...@truenet.com>>
Sent: Wednesday, August 24, 2022 8:14:16 AM
To: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Cc: nanog@nanog.org<mailto:nanog@nanog.org> 
mailto:nanog@nanog.org>>
Subject: Re: email spam

Sorry about the bad examples, but I remember contacting both about issues with 
SPF multiple times.  They both have seemed have to fixed things at least 
searching my logs for the last week.  Most of my customers have had to 
whitelist them though for past issues. It's also 
ezpassnj.com<http://ezpassnj.com> for the NJ collection.  Point still stands, 
assume incompetence over malice.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


On Aug 23, 2022, at 10:20 PM, Eric Tykwinski 
mailto:eric-l...@truenet.com>> wrote:

Bill,

Not only that, did they even follow their own rules, I've been fighting with 
septa.org<http://septa.org/>, the Pennsylvania train authority, and 
easypassnj.com<http://easypassnj.com/>, the New Jersey transit toll collectors 
about invalid SPF records for years, and they literally don't give a shit.  If 
they say to put it in spam, well than that is their own fault.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:

Without saying why the mail was blocked (dumb content filter looking for porn? 
a spamhaus listing because the police server was hacked? something else?) 
that's not going to help too much.

I've been spam filtering stuff at large providers since the late 90s and it 
never gets any easier to block 100% spam or let 100% legit mail through.

-srs

--srs

From: NANOG 
mailto:nanog-bounces+ops.lists=gmail@nanog.org>>
 on behalf of William Herrin mailto:b...@herrin.us>>
Sent: Wednesday, August 24, 2022 7:03:52 AM
To: nanog@nanog.org<mailto:nanog@nanog.org> 
mailto:nanog@nanog.org>>
Subject: email spam

Hello,

To folks at places like Google and Godaddy which have gotten, shall we
say, overzealous about preventing spam from entering their systems,
consider the risk:

https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/

"Chesterfield County police said emails notifying Fairfax County
Public Schools that an employee was arrested and charged with
soliciting prostitution from a minor were not delivered to the school
system."

Long story short, the pedo kept his school job another year and a half.

There was once a time when both the outbound emails and the bounce
messages when they failed... worked. It was a spammy place but the
important emails got through.

Regards,
Bill Herrin

Re: bufferbloat-beating customer shaping via LibreQoS

2022-09-18 Thread Jeremy Austin 
Thanks for the shoutout, Norman. Preseem isn’t at 50Gbps in 1U yet, but we
will get there.

I hope more folks listen to Dave, open vs. closed source solutions aside —
AQM makes a shocking amount of difference to quality of experience.

Jeremy



On Sun, Sep 18, 2022 at 2:14 PM Norman Jester  wrote:

>
> > On Sep 18, 2022, at 12:25 PM, Dave Taht  wrote:
> >
> > There's been a huge uptake in interest lately in doing better per
> > device and per customer shaping, especially for
> > ISPs, in the libreQoS.io project, which is leveraging the best ideas
> > bufferbloat project members have had over the
> > past decade (cake, bpf, xdp) to push an x86 middlebox well past the
> > 10Gbit barrier, on sub-2k boxes, with really
> > good stats on backlogs, drops, and ecn marks. I've long primarily
> > tried to get fq_codel and cake running on the CPE (most recently
> > mikrotik), and that's been taking too long.
> >
> > I have no idea to what extent members of this list have interest in
> > this, but if you know of a smaller ISP with bad bufferbloat,
> > please pass that link along? It's got ridiculously easier to set up as
> > a vm of late.
> >
> > There is presently a design discussion going on over here:
> >
> > https://github.com/rchac/LibreQoS/issues/57
> >
> > And by mentioning it here, today, I'm mostly asking what other real
> > life use cases we should try to tackle? What backend tools should we
> > try to integrate with?
> >
> > --
> > FQ World Domination pending:
> https://blog.cerowrt.org/post/state_of_fq_codel/
> > Dave Täht CEO, TekLibre, LLC
>
> Take a look at Preseem as the features it has and graphs are great. WISPs
> need this type of system and would show added interest if it has those
> charts and metrics. The integrations are good also. HubSpot integration is
> a plus so we can pull user data out of it and add it to their HubSpot
> profiles.
>
> --
Jeremy Austin
jhaus...@gmail.com

RE: AS16509 (Amazon) peering contact

2019-07-01 Thread Jeremy McMasters 
Good luck we are the 9th largest MSO and still have not gotten a response back 
from Amazon.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Stephen Fultpn
Sent: Friday, June 28, 2019 3:50 PM
To: Kody Vicknair ; nanog@nanog.org
Subject: RE: AS16509 (Amazon) peering contact

Hi Kody,

Contact information on PeeringDB is not normally accessible without an account 
and that information is not indexed by search engines, unlike this and other 
mailing lists.

My point remains if you want to share a non-role contact, especially for 
someone at an organization as large as Amazon, due so privately.  Otherwise 
such contacts might become so bogged down by the increased amount of email from 
world plus dog, they no longer are able to be as helpful or prompt.  
Alternatively, you could ask the person whose contact you wish to share 
publicly for consent first.  If you did, my apologies.


On June 28, 2019 15:03:13 Kody Vicknair  wrote:

> No private information was shared.
>
> See for yourself:
> https://www.peeringdb.com/net/1418
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Stephen 
> Fulton
> Sent: Thursday, June 27, 2019 5:22 PM
> To: nanog@nanog.org
> Subject: Re: AS16509 (Amazon) peering contact
>
> Hi Kody,
>
> Please don't share a person's e-mail account on a mailing list.  Role 
> accounts are one thing, but not this.  If you want to, send it 
> privately.Â
>
> Cheers,
>
> Stephen
>
> On 2019-06-27 17:47, Kody Vicknair wrote:
>> I've always worked with Tim Bates. They were exceptionally quick with 
>> standing up my session. like same day quick...
>>
>> x...@amazon.com
>>
>>
>>
>>
>>
>> Kody Vicknair
>> Network Engineer
>>
>> Tel:985.536.1214
>> Fax:985.536.0300
>> Email:  kvickn...@reservetele.com
>>
>> Reserve Telecommunications
>> 100 RTC Dr
>> Reserve, LA 70084
>>
>> _
>> _
>> ___
>>
>> Disclaimer:
>> The information transmitted, including attachments, is intended only 
>> for the person(s) or entity to which it is addressed and may contain 
>> confidential and/or privileged material which should not disseminate, 
>> distribute or be copied. Please notify Kody Vicknair immediately by 
>> e-mail if you have received this e-mail by mistake and delete this 
>> e-mail from your system. E-mail transmission cannot be guaranteed to 
>> be secure or error-free as information could be intercepted, 
>> corrupted, lost, destroyed, arrive late or incomplete, or contain 
>> viruses. Kody Vicknair therefore does not accept liability for any 
>> errors or omissions in the contents of this message, which arise as a result 
>> of e-mail transmission. .
>>
>> -Original Message-
>> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Hansen, 
>> Christoffer
>> Sent: Thursday, June 27, 2019 2:45 PM
>> To: nanog@nanog.org
>> Subject: Re: AS16509 (Amazon) peering contact
>>
>>
>> On 27/06/2019 20:55, Andras Toth wrote:
>>> Including at least an ASN in the peering request usually helps to 
>>> expedite the process :)
>> & keeping your peeringdb entry up-to-date is usually helpful, too.
>> Depending on who you want to peer with(!)
>>
>> Some networks require you to have up-to-date peeringdb information 
>> for your network. Including which facilities and/or internet 
>> exchanges you are either connected to and/or present on/in.
>> This will often be the case if $peering_partner have either partial 
>> or fully automated peering configuration management.
>>
>> /Christoffer

Re: Cat 5 hurricane -- How are the Bahamas doing?

2019-09-04 Thread Jeremy Parr 
Things are bad in some places, fine in others. I can provide a more
thorough update this evening.

On Wed, Sep 4, 2019, 15:27 Sean Donelan  wrote:

> On Mon, 2 Sep 2019, Sean Donelan wrote:
> > It is too early for damage assessments.  BTC, local Bahama
> telecommunications
> > company, is reporting widespread power outages, and intermittent mobile
> and
> > wireline telephone service. The Abaco Islands in northern Bahamas seem
> to be
> > taking the worst of it.
>
> Folks asking for updates on Bahamas.  The simple answer is I'm not hearing
> any information out of the Bahamas, which is concerning in itself.
>
>
> My big secret how I do network outage reports is people send me the
> information.  Usually, I get lots of random emails from network people
> about problems all over the U.S. and other places in the world. But
> Bahamas has gone very quiet.
>
>

Re: CALEA

2016-05-09 Thread Jeremy Austin 
On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:

> What is the community hearing about CALEA?
>

Crickets?


-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

An open letter to security researchers and practitioners

2016-07-08 Thread Jeremy Gillula 
An open letter to security researchers and practitioners:

We need you to take a stand to protect security researchers who report
defects in browsers, before it's too late.

Earlier this month, the World Wide Web Consortium's Encrypted Media
Extensions (EME) spec progressed to Draft Recommendation phase. This is
a controversial standard for transmitting DRM-encumbered videos, and it
marks the very first time that the W3C has attempted to standardize a
DRM system.

This means that for the first time, W3C standards for browsers will fall
under laws like the DMCA (and its international equivalents, which the
US Trade Representative has spread all over the world). These laws allow
companies to threaten security researchers who disclose vulnerabilities
in DRM systems, on the grounds that these disclosures make it easier to
figure out how to bypass the DRM.

Last summer, the Copyright Office heard from security researchers about
the effect that DRM has on their work; those filings detail showstopper
bugs in consumer devices, cars, agricultural equipment, medical
implants, and voting machines that researchers felt they couldn't
readily publish about, lest they face punitive lawsuits from the
companies they embarrassed.

EFF has asked the W3C to take a minimal step to insulate their
stakeholders from the legal fallout from the inclusion of DRM in their
standards. Our proposal asks the W3C to bind its members to legal
promises not to use the DMCA or laws like it against security
researchers or implementers.

https://www.eff.org/deeplinks/2016/06/w3c-eme-and-eff-frequently-asked-questions

So far, the W3C executive has failed to act on this proposal, despite
diverse support from a number of W3C members.

We are hosting an open letter from security, privacy and technology
experts to the W3C's director, Tim Berners-Lee; and its CEO, Jeff Jaffe,
asking them to make any further work on EME contingent on adopting rules
to protect the open web from these bad laws.

https://www.eff.org/deeplinks/2016/03/security-researchers-tell-w3c-protect-researchers-who-investigate-browsers

Will you sign this letter? Some of security's leading lights have
already put their names to it. We can't afford to make widely used tools
like browsers off-limits to security research and disclosure, especially
not as HTML5 is being positioned as a UI environment to replace apps as
the primary way of interacting with sensors, actuators, embedded systems
and the whole Internet of Things.

If you're willing to sign on, please send an email to c...@eff.org with
your country of residence and your institutional affiliation (if any).

Thank you,

Cory Doctorow
Apollo 1201 Project
Electronic Frontier Foundation




signature.asc
Description: OpenPGP digital signature

University of Alaska AS7774 NOC?

2016-07-17 Thread Jeremy Austin 
If there's anyone on call at network operations for the University of
Alaska, AS7774, please contact me or ACS NOC, who have an open trouble
ticket.

We appear to be having BPG reachability issues on your ACS peering.

Thank you,

-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: University of Alaska AS7774 NOC?

2016-07-17 Thread Jeremy Austin 
On Sun, Jul 17, 2016 at 3:50 PM, Jeremy Austin  wrote:

> If there's anyone on call at network operations for the University of
> Alaska, AS7774, please contact me or ACS NOC, who have an open trouble
> ticket.
>
> We appear to be having BPG reachability issues on your ACS peering.
>

I want to extend thanks to the folks at University of Alaska, several of
whom contacted me immediately.

The issue turned out to be with ACS (AS7782), whose network engineers are
also on NANOG and called me almost right away, even the one on leave whom
the NOC couldn't reach.

That's what I call service. Thanks again, you deserve a shout out.


-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Outdoor ADSL2+/VDSL/G.Fast NIU

2016-09-02 Thread Jeremy Malli 
I'm hoping somebody on the list has a recommendation for an outdoor 
ADSL2+/VDSL/G.Fast NIU.  Been doing so some research into this and have come up 
empty so far.


My thinking is that by housing the DSL CPE outside the residence in an 
enclosure we can reduce the issues with IW (since we would only need a small 
jumper from the LEC handoff to the NIU) and also gain access to the DSL CPE 
remotely for management and troubleshooting.  We would then hand off ethernet 
to the customer using existing wiring or running cat5.


Interested in how this problem may have already been addressed in the provider 
community.


Thanks,


-----

Jeremy Malli

jer...@vcn.com

Re: buying a /24 ipv4

2016-11-04 Thread Jeremy Austin 
Hilco Streambank is ipv4auctions.com

They are reasonably competent.
On Fri, Nov 4, 2016 at 12:42 PM Javier J  wrote:

> What are the going rates these days in north america.
>
> What are some good sites to get a block?
>
>
> In the process now of setting up an Org and AS with Arin for a client.
>
> Thanks in advance for your help.
>
> - Javier
>

198.154.60.0/22 bogon/hijacked?

2016-11-16 Thread Jeremy Parsons

Re: External BGP Controller for L3 Switch BGP routing

2017-01-13 Thread Jeremy Austin 
Tore Anderson:

https://www.redpill-linpro.com/sysadvent/2016/12/09/slimming-routing-table.html

On Fri, Jan 13, 2017 at 8:24 PM, Faisal Imtiaz 
wrote:

> Hello,
>
> A while back there was a discussion on how to do optimized (dynamic) BGP
> routing on a L3 switch which is only capable of handing a subset of BGP
> Routing table.
>
> Someone has pointed out that there was a project to do just that, and had
> posted a link to a presentation on a European operator (Ireland ? ) who had
> done some code to take Exabgp and create such a setup..
>
> (I am going by memory... )... Needless to say I am trying to find that
> link, or name of that project.
>
> Anyone who can help in refreshing my memory with the link (my search skill
> are failing to find that presentation !)
> would be greatly appreciated.
>
> Many Thanks in Advance.
>
> Faisal Imtiaz
>



-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: What are people using for IPAM these days?

2018-06-13 Thread Jeremy Malli 
PHP/Mysql app we wrote a while back for this purpose.  Support v4/v6 and we 
like it :)

https://github.com/seankndy/subnetsmngr 
<https://github.com/seankndy/subnetsmngr>

Jeremy

> On Jun 13, 2018, at 11:38 AM, Brian Kantor  <mailto:br...@ampr.org>> wrote:
> 
> On Wed, Jun 13, 2018 at 11:25:47AM -0700, Randy Bush wrote:
>>>>>>>>>> emacs!
>>>>>>>>> vim!
>>>>>>>> ed!
>>>>>>> TECO!
>>>>>> cat
>>>>> IBM 029.
>>>> Youngster.  IBM 026.
>>> Infants!  Hollerith (IBM Type 1). I still own it.
>> 
>> but i actually do use emacs
> 
> For IP address management, I use a homebrew Perl web application
> that is a front end to a postgres database and allows entry, update,
> deletion and display.  There is a 'C' program which acts as a back
> end, and builds the Bind zone files and the dhcp table from the
> contents of the database when there is a change in the DB, as sampled
> every 15 minutes.  There is also a batch update program to make
> multiple changes to the database when that becomes necessary.
>   - Brian
>

Re: IPv6 faster/better proof? was Re: Need /24 (arin) asap

2018-06-19 Thread Jeremy Austin 
On Tue, Jun 19, 2018 at 7:56 PM Seth Mattinen  wrote:
>
> On 6/19/18 8:48 PM, Jared Mauch wrote:
> > MikroTik is getting there but most people are just not enabling it either.
>
>
> RouterOS still has "will not fix" IPv6 bugs, so that doesn't help shops
> dependent on Mikrotik want to move forward with deploying it.

Quick, somebody port FRR to Tile…



-- 
Jeremy Austin
jhaus...@gmail.com

(907) 895-2311 office
(907) 803-5422 cell

Heritage NetWorks - Whitestone Power & Communications - Vertical Broadband, LLC

Re: Console Servers

2018-09-19 Thread Jeremy Bresley 

On 9/19/18 04:40, James Bensley wrote:

On Tue, 18 Sep 2018 at 14:38, Alan Hannan  wrote:

I'd like your input on suggestions for an alternate serial port manager.

Long ago I used Cisco 2511/2611 and was fairly happy.  A little later I used 
portmaster and was less so.  Recently I've been using Opengear and they work 
fairly well but the price is fairly high.   I use the CM7100 and IM7100.

General specs I'm looking for are:

  * 8 to 48 or more rs232 serial ports on rj45
  * nice-to-have software selectable pinouts (cisco v. straight)
  * gig-e ethernet port (100mbps ok)
  * 1U form factor
  * redundant AC power
  * access physical serial connections via local port #
  * access physical serial connections via local IP alias (nice to have)


Hi Alan,

I'd be reluctant to deploy Cisco 2800s (or similar) today unless there
is a newer variant, is there an ISGv2 variant with serial connectivity
that Cisco will be supporting for a few more years? I know OpenGrear
are expensive but in my current outfit, they do "just work" and the
few we had at my old place, again they did "just work".
The ISR G2s do have several options for async available as do the 
current generation ISR4Ks.


The ISR G2s (1900/2900/3900s) can take the HWIC-8A, HWIC-16A, or SM-32A 
for 8/16/32 ports (SM-32A only in 2911 and higher due to being a Service 
Module form factor)


Data sheet: 
https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/1800-2800-3800-series-16-port-async-high-speed-wan-interface-card/product_data_sheet0900aecd80274416.html


The ISR G2 routers were all announced for End-of-Sale a while back, the 
modules for them were also announced recently, but are still available 
for sale until Feb 2019.  They'll still be supported until Feb 2024.


EOL Announcement: 
https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/network-modules/eos-eol-notice-c51-741231.html


The ISR 4Ks have the NIM-16A, NIM-24A, and the SM-X-64A (16/24/64 
ports).  The SM-X is only supported in 4331 and higher due to the SM-X 
form factor, the 16/24 port ones support at least 2 modules in all 
ISR4Ks even the low-end 4221.  The NIM-16A and the SM-X-64A can use the 
same cables as the older async modules, the NIM-24A requires the newer 
low profile cable for 1 of the ports (can use it for all ports).


Data sheet: 
https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-739968.html


Talk to your favorite SE or partner for more info and pricing.

Jeremy

Disclaimer, I do work for Cisco, this info is provided to the list as it 
was requested and hoping to clarify what's available.


My personal $0.02: I've also used some of the older Opengear boxes in 
the past, they're solid, and Opengear are very good with customer 
suggestions/feedback.  Lantronix SLCs work once you get them configured, 
but their configuration web interface was intolerably slow (page 
refreshes would eat whatever you input into a second option box you 
clicked to change) and their built-in terminal required Java.  Benefit 
of Opengear is the other "things" you can do with them since they're 
Linux based (TFTP/syslog/etc). Benefit of a Cisco ISR is they're 
straight IOS (G2s)/IOS-XE (4Ks) so any configuration tool that can 
handle a Cisco box can work with them.

Re: Oct. 3, 2018 EAS Presidential Alert test

2018-10-03 Thread Jeremy Austin 
I received it. On AT&T, but not on AT&T Wifi Calling — I got it about :30
EDT, when I went outside within range of a 4G signal.

On Wed, Oct 3, 2018 at 11:22 AM Andy Ringsmuth  wrote:

> Did anyone on AT&T or an iPhone receive the test today? I believe it was
> supposed to happen at 2:18 EDT, followed by one on broadcast radio at 2:20
> EDT.
>
> I’m in CDT, so 1:18 and 1:20 p.m. CDT.
>
> Message was heard on my desk radio at 1:21:35 p.m. CDT but as of the
> sending of this at 1:52 p.m. CDT, nothing on phones. I have an office full
> of AT&T iPhones and not a single one of them alerted.
>
> FEMA says https://www.fema.gov/emergency-alert-test
>
> "Cell towers will broadcast the WEA test for approximately 30 minutes
> beginning at 2:18 p.m. EDT. During this time, WEA compatible cell phones
> that are switched on, within range of an active cell tower, and whose
> wireless provider participates in WEA should be capable of receiving the
> test message. Some cell phones will not receive the test message, and cell
> phones should only receive the message once."
>
> My wife, with a Sprint iPhone, received the test.
>
>
> 
> Andy Ringsmuth
> 5609 Harding Drive
> Lincoln, NE 68521-5831
> (402) 304-0083
> a...@andyring.com
>
>

-- 
Jeremy Austin
jhaus...@gmail.com

(907) 895-2311 office
(907) 803-5422 cell

Heritage NetWorks <https://heritagenet.works/> - Whitestone Power &
Communications - Vertical Broadband, LLC <http://verticalbroadband.com/>

Re: Any Gmail Admins on here?

2018-10-27 Thread Jeremy Parr 
Not only that, but I just tried signing up, and the confirmation email was
marked as spam by GMail. Does not inspire confidence.

On Thu, Oct 25, 2018 at 1:26 PM Harald Koch  wrote:

> chilli.nosignal.org has an SSL certificate that expired in *July*.
>
> --
> Harald
>
>
> On Thu, 25 Oct 2018 at 12:48, Mike Hammett  wrote:
>
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>> 
>> --
>> *From: *"Art Plato" 
>> *To: *"nanog" 
>> *Sent: *Thursday, October 25, 2018 11:39:36 AM
>> *Subject: *Any Gmail Admins on here?
>>
>> I apologize for putting this out in this forum but I have attempted to
>> reach Google/Gmail for several weeks with no response. Their servers have
>> flagged my domain with bad reputation even thought he stats say no spam has
>> been sent from my domain for the past several months that I can see. Please
>> PM me if you are out there.
>>
>> Thanks,
>> Art Plato
>>
>>
>>

Measurements of Internet traffic by protocol?

2018-11-26 Thread Jeremy Gillula 
Hi all,

Are there statistics out there for the relative "popularity" of
different application-layer protocols by network traffic (i.e. HTTP(S)
vs SMTP(S) vs other protocols)? I realize it will be different from
different vantage points (e.g. a transit provider vs a small residential
ISP), but we'd love to find *any* sources of hard numbers out there.

I've tried to search for data, but the best I could come up with is at
least ten years out of date.

Thanks in advance!

-- 

| Jeremy Gillula, Ph.D.
| Tech Projects Director
| Electronic Frontier Foundation
| (415) 436-9333 x158
| jer...@eff.org
| @the_zeroth_law
| Want to support EFF? Donate! <https://supporters.eff.org/donate/>

Re: Extending network over a dry pair

2018-12-12 Thread Jeremy Austin 
For a comparison of distance to capacity on copper, see
http://www.impulse-corp.co.uk/knowledge-base/transmission-distance-and-speed-differences-between-shdsl-and-vdsl2.htm

You might be able to pair bond -- if you had more than one pair.

If wireless isn't possible, you're likely needing satellite.

On Wed, Dec 12, 2018 at 12:35 PM Andrew Latham  wrote:

> On Wed, Dec 12, 2018 at 3:27 PM Nick Bogle  wrote:
>
>> A quick question for you guys;
>>
>> If you had a single dry pair (pair of copper wires originally for phones)
>> to a remote site that was around 6 miles away, what would you use? We
>> currently are just extending a T1 line to this site, but 1.5Mbps isn't
>> cutting it anymore. Unfortunately it's a research site on a federally
>> protected wildlife preserve so we can't run any new infrastructure (fiber
>> etc) and it isn't in a geographical place where point to point wireless is
>> practical. We were thinking there is some sort of network extender that
>> uses some form of DSL for higher bandwidth capacity.
>>
>> Any suggestions?
>>
>
> Look for an SHDSL Ethernet Extender
>
> --
> - Andrew "lathama" Latham -
>


-- 
Jeremy Austin
jhaus...@gmail.com

(907) 895-2311 office
(907) 803-5422 cell

Re: Stupid Question maybe?

2018-12-17 Thread Jeremy Austin 
You may find this helpful in your search for knowledge:

https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

"Classful" networking is rarely useful other than for understanding How We
Got Here.

There's a handy table in the linked article which expresses each IPv4 mask
length in relation to how many A, B, or C networks it is.

jermudgeon

On Mon, Dec 17, 2018 at 8:37 PM Joe  wrote:

>
> Apologizes in advance for a simple question. I am finding conflicting
> definitions of Class networks. I was always under the impression that a
> class "A" network was a /8 a class "B" network was a /16 and a class "C"
> network was a /24. Recently, I was made aware that a class "A" was indeed a
> /8 and a class "B" was actually a /12 (172.16/172.31.255.255) while a
> class "C" is actually a /16.
>
> Is this different depending on the IP segment, i.e. if it is part of a
> RC1918 group it is classed differently (maybe a course I missed?) Or aren't
> all IP's classed the same.
> I was always under the impression, /8 = A, /16 = B, /24=C, so rightly, or
> wrongly I've always seen 10.x.x.x as "A", and 192.168.x.x as "B", with
> 172.16/12 as one that just a VLSM between the two.
>
> Again, apologizes for the simple question, just can't seem to find a solid
> answer.
>
> Happy holidays all the same!
> -Joe
>


-- 
Jeremy Austin
jhaus...@gmail.com

(907) 895-2311 office
(907) 803-5422 cell

Re: google ipv6 routes via cogent

2017-03-03 Thread Jeremy Austin 
On Fri, Mar 3, 2017 at 5:05 PM, Job Snijders  wrote:

> > There are, of course, corner cases. But in general, single-homed
> > people shouldn’t be using BGP.
>
> There are numerous reasons to use BGP when single-homed:
>
> - as preparation to multi-home in the (near) future
> - ability to quickly change providers
> - to use BGP based blackholing features
> - to save time on provisioning work (adding new prefixes becomes a
>   matter of just announcing and updating IRR/RPKI).
> - loadbalanacing / loadsharing across multiple links
> - ability to use bgp communities for traffic engineering
>
> In other words, if you have your own IP space, I'd recommend to get your
> own ASN and use BGP.


I concur with Job.

If you are single-homed but care about having proper L3 redundancy (not
just VRRP or equivalent), BGP is a must.

ARIN has a policy to allow this, but it is not spelled out with an excess
of clarity. I suspect it is not often used; see NRPM section 5.

-- 
Jeremy Austin

Re: RFC2544 Testing Equipment

2017-05-30 Thread Jeremy Austin 
JW, have you moved on to EtherSAM? That's what I'd be looking for myself.
On Tue, May 30, 2017 at 7:28 AM James Breeden  wrote:

> When we had to do this once in a blue moon, we just bought a pair of old
> Agilent Framescopes off ebay. They worked great but we had issues getting
> reporting out of them. They had RJ45 and SFP on them.
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+james=arenalgroup...@nanog.org] On
> Behalf Of Nick Olsen
> Sent: Tuesday, May 30, 2017 10:23 AM
> To: nanog@nanog.org
> Subject: RFC2544 Testing Equipment
>
>  Greetings all,
>
>  Looking for a good test set. Primary use will be testing L2 circuits
> (It'll technically be VPLS, But the test set will just see L2). Being able
> to test routed L3 would also be useful. Most of the sets I've seen are two
> sided, A "reflector" at the remote side, And the test set in hand run by
> the technician.
>
>  Looking to test up to 1Gb/s at various packet sizes, Measure Packet loss,
> Jitter..etc. Primarily Copper, But if it had some form of optical port, I
> wouldn't complain. Outputting a report that we can provide to the customer
> would be useful, But isn't mandatory. Doesn't need anything fancy, Like
> MPLS awareness, VLAN ID's..etc.
>
>
>Nick Olsen
>  Sr. Network Engineer
>  Florida High Speed Internet
>  (321) 205-1100 x106
>
>
>
>
>
>
>
>

Re: Net neutrality filing

2017-06-17 Thread Jeremy Austin 
On Sat, Jun 17, 2017 at 9:54 AM, Stephen Satchell  wrote:

>
> It does have a few color pictures, though.  And one comic strip.
>

Upvote for use of 'caisson'.

There is at least one thing that Sen. Ted Stevens got right; in the fiber
era, the Internet really *is* a series of tubes.

I appreciate that a target of 35,000 per county or "county equivalent"
(parish, borough?) is just a number — but I believe I would prefer a metric
keyed to actual geographic population density rather than to political or
municipal boundaries qua boundaries. At least it seems to me that you are
wanting to encourage rural development, given that the current broadband
'divide' is largely a rural vs. urban one, according to the 2016 Broadband
Progress Report.

Natural monopolies worked for electrification. Do you anticipate Title I
providers as being sufficient to the task of narrowing this divide, with or
without a federal incentives program? Historically, federal incentives have
largely gone to Title II providers or their affiliated ISPs, if I
understand the math correctly.

https://www.brookings.edu/blog/the-avenue/2017/02/13/in-infrastructure-plan-a-big-opening-for-rural-broadband/

Jeremy Austin

Re: EdgeRouter Infinity as medium-sized "IXP Peering Router"?

2017-07-03 Thread Jeremy Austin 
On Mon, Jul 3, 2017 at 2:44 PM, Seth Mattinen  wrote:

>
> EdgeRouter is... meh. If I was looking at that class of gear I'd go with a
> Mikrotik.


Job,

There is a bit of a price differential here, depending on whether you need
SFP+; the Infinity is "dead cheap", and has fairly opaque BGP
daemon+debugging tools. Also still technically a beta product. Not sure if
it meets your automation requirements. I wouldn't want to be deploying them
in a redundant pair, myself, but just when you say something can't be done…

Mikrotik's CCR1072: 10-gig router (shipping, not anything that's just been
announced) has an API, can certainly handle a few tens of thousands of
routes fine (single core BGP though), but I can't vouch for its ability to
do IMIX or *flow at line rate. This has probably been stress tested by
somebody. I doubt the sampling is in hardware.

If you don't need 10G ports then your options expand considerably. Do you
have a target throughput?

-- 
Jeremy Austin

(907) 895-2311 office
(907) 803-5422 cell
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Re: Puerto Rico Internet Exchange

2017-08-14 Thread Jeremy Austin 
On Sun, Aug 13, 2017 at 2:04 PM, Martin Hannigan  wrote:

> Hi Arturo,
>
> Good call. I believe the funds are coming from the USF? (Mike Hammet knows
> more about this than me). I had conversations with multiple congressional
> staffers about using USF funds for IXP development. They're in for good
> projects. The USG and US congress is more than willing to fund IXPs using
> USF funds. Commercial or otherwise, depending on the bnenefits and commits.
>
>
Hi Martin

I'm curious about the mechanism for funding such a thing. Historically the
majority of USF funds have gone to telcos rather than ISPs, if I am not
mistaken.

I'd love to continue this discussion off list if necessary.

-- 
Jeremy Austin

(907) 895-2311 office
(907) 803-5422 cell
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Re: Temp at Level 3 data centers

2017-10-11 Thread Jeremy Austin 
My 0.041 BTC:

1) For small facilities, without separate temperature-controlled UPS zones,
the optimum temperature for lead-acid batteries may be the lower bound.
77°F is optimal, with significant reduction in battery life even 15°F above
that. Given that batteries' internal temperature will be higher than
ambient, 80° set point is not stupid. I run cooler, FWIW.

2) Headroom. I try to have documented for each facility the climb in
degrees per hour (determined empirically) as a backup so I know required
response times when AC failure occurs.

On Wed, Oct 11, 2017 at 10:09 AM, Naslund, Steve 
wrote:

>
> Bottom line 80 F input air is too hot in my opinion and apparently the
> equipment's opinion as well.
>
> --
Jeremy Austin
jhaus...@gmail.co m

(907) 895-2311 office
(907) 803-5422 cell

Heritage NetWorks <https://heritagenet.works/> - Whitestone Power &
Communications - Vertical Broadband, LLC <http://verticalbroadband.com/>

Akamai caches hammering Sophos XG firewalls

2018-02-05 Thread Jeremy Parr 
Somewhat OT, but before I was a jack of all trades enterprise
sysadmin, I was a jack of all trades ISP sysadmin.

I'm seeing an issue at a few sites where I have Sophos XG firewalls
deployed where the XG gets hammered on it's WAN interface by Akamai
hosts with TCP re-transmissions. Anyone at Akamai who may have some
background on this issue please reach out to me. The hosts currently
in question are 24.244.145.137 and 24.244.145.139, but I suspect that
is only due to these being closest to me, colocated at my ISP AS15146.

Re: Want to move to all 208V for server racks

2010-12-02 Thread Jeremy Bresley 

On 12/2/2010 9:58 AM, Jay Nakamura wrote:

I really want to move all newly installed internal and customer racks
over to all 208v power instead of 120v.  As far as I can remember, I
can't remember any server/switch/router or any other equipment that
didn't run on 208v AC.  (Other than you may need a different cable)
Anyone have any experience where some oddball equipment that couldn't
do 208v and regret going 208v?  We won't have any TDM or SONET
equipment, all Ethernet switches, routers and servers.  I have control
over internal equipment but sometimes customers surprises you.

Biggest issue we see with people still needing 120V outlets is external 
modems for out of band access.  Most of the time these modems are 
attached to the console of carrier managed routers.


Or as others in the thread have mentioned, wall-warts for things like 
USB hard drives, low-end KVMs, etc often are NEMA 5-15P plugs hardwired 
to them.  ASA5505s have this problem with the cable as well, but their 
power supplies will work on 208V with the necessary adapter.


Jeremy

Re: Some truth about Comcast - WikiLeaks style

2010-12-20 Thread Jeremy Bresley 

On 12/20/2010 1:30 PM, Owen DeLong wrote:

On Dec 20, 2010, at 11:16 AM, Leo Bicknell wrote:

And yet, I don't know of any location in the US with two cable
operators.  You see, these rules weren't changed to provide for a
second cable TV plant to be put in the ground, even in the FCC knew
that cost too much.  Rather, if  you read carefully the problem was
that Verizon, AT&T, and Bell South (all mentioned by name in the
article) wanted to deliver video over FIOS/DSL.  Most areas had
coverage rules, to be a cable provider you had to pass 95%+ of the
houses or such, and these folks didn't meet many of the local rules
and went to the government for help.


I think that I recall encountering one or two such places in the past,
but, I cannot recall them to make a specific citation. Certainly it is the
exception and not the rule.

Owen



Cedar Rapids, IA is served by both Mediacom (incumbent/original cable 
company) and Imon (spinoff from McLeodUSA where they used to be called 
McLeodUSA ATS).  As well as having Qwest for telco service.


ATS started as an overbuild to compete at the local level in MCLD's 
hometown.  They were started circa 1997, and are still in business 
today, so they survived the last 2 bubbles.  And they caused Mediacom to 
keep prices down, and compete to offer additional services in Cedar 
Rapids long before they were available in other cities in their footprint.


So examples of competitive overbuilds being successful do exist.  Maybe 
Google's fiber build will inspire some other companies to try to compete 
in this fashion.


Full disclosure: I worked for MCLD from 98-05, and in the ATS division 
from 00-05.


Jeremy

Re: Skype info

2010-12-22 Thread Jeremy Parr 
Skype downtime today

Earlier today, we noticed that the number of people online on Skype
was falling, which wasn’t typical or expected, so we began to
investigate.

Skype isn’t a network like a conventional phone or IM network –
instead, it relies on millions of individual connections between
computers and phones to keep things up and running. Some of these
computers are what we call ‘supernodes’ – they act a bit like phone
directories for Skype. If you want to talk to someone, and your Skype
app can’t find them immediately (for example, because they’re
connecting from a different location or from a different device) your
computer or phone will first try to find a supernode to figure out how
to reach them.

Under normal circumstances, there are a large number of supernodes
available. Unfortunately, today, many of them were taken offline by a
problem affecting some versions of Skype. As Skype relies on being
able to maintain contact with supernodes, it may appear offline for
some of you.

What are we doing to help? Our engineers are creating new
‘mega-supernodes’ as fast as they can, which should gradually return
things to normal. This may take a few hours, and we sincerely
apologise for the disruption to your conversations. Some features,
like group video calling, may take longer to return to normal.

Stay tuned to @skype on Twitter for the latest updates on the
situation – and many thanks for your continued patience in the
meantime.

On 22 December 2010 15:46, Jack Carrozzo  wrote:
>
> On Wed, Dec 22, 2010 at 3:29 PM, Paul Graydon wrote:
> >
> >
> >>  Details are on their blog: http://bit.ly/edtjxB
>
>
> %wget http://blogs.skype.com/ -O/dev/null
> --2010-12-22 20:45:36--  http://blogs.skype.com/
> Resolving blogs.skype.com... 204.9.163.155
> Connecting to blogs.skype.com|204.9.163.155|:80... failed: Operation timed
> out.
>
> ...
>
> -Jack

Re: out of band management gear

2014-02-21 Thread Jeremy Bresley 

On 2/21/2014 2:27 PM, Randy Carpenter wrote:

OpenGear's newer stuff is Gigabit (SFP even).

I've not seen any real switch made in the last decade that has a problem with 
100Mb/s connections. Ancient cisco, maybe had issues.

There's several devices that are 1/10Gb and do NOT support 10/100Mb.  
Cisco Nexus 5000/5500s, Brocade VDX series stuff, etc.


In our new data center, the only 10/100 ports are a couple blades in our 
Nexus 7018s put there just to provide these lower-speed connections to 
devices that needed them.  Expensive options in a fully loaded chassis 
just for a couple lower-end devices that could easily justify a couple 
dollars more to get a Gig PHY instead of the older 100Mb PHY chip.


Jeremy "TheBrez" Bresley

Re: L6-20P -> L6-30R

2014-03-18 Thread Jeremy Bresley 

On 3/18/2014 6:11 PM, Jay Ashworth wrote:

From: "Randy" 

I have a situation where a 208v/20A PDU (L6-20P) is supposedly hooked to
a 208v/30A circuit (L6-30R). Before I order the correct PDU's and whip
cords...sanity check...are connectors 'similar' enough that this is
possible (with force) or am I going to find we've actually got
L6-20R's on the provider side?

As it happens, the chart at

   http://www.stayonline.com/reference-nema-locking.aspx

suggests that the L6-20 and L6-30 are less different than you'd expect.

I *think* those are on different diameters, and a datacenter employee ought
to friggin' know better... but I don't think it's 100% impossible that this
has happened.

If it did, you're gonna replace the plug anyway...

As long as there's a 20A breaker on the PDU, you're safe, if not within
code.
From experience with some electricians who couldn't follow simple 
written instructions, it is physically possible to put an L6-20 plug 
into an L6-30 receptacle.  But it won't lock into place.  Beyond all the 
other reasons it's not recommended, the slightest bump of the cable will 
likely knock it loose causing whatever is on there to drop.  (Cue 
electricans knocking the production 6506E's offline 3 times in 20 
minutes while they were replacing the breakers and the supposedly 
redundant power cords...)


If you can unplug it to look, every one I've ever seen has had the 
voltage and amperage clearly molded into the face of it.


Jeremy "TheBrez" Bresley
b...@brezworks.com

Re: NANOGers home data centers - What's in your closet?

2011-08-12 Thread Jeremy Parr 
On 12 August 2011 19:28, Charles N Wyble  wrote:

> Hey all,
>
> I'm curious what other NANOGers have in their home compute centers? On
> the extreme end of course we have mr morris :)
> with his uber lab: http://smorris.uber-geek.net/lab.htm
>
*snip*

Just finished putting it together this evening, replaced a pile (quite
literally) of stuff, including a Linksys WRT54G running OpenWRT as  WAP, and
a Cisco 1811 with one fried WAN port. Current setup is a Leviton Structured
Media Cabinet, with a Allied Telesis 8 port PoE 10/100 switch, a Mikrotik
RB750G, and a Cisco 1131 AP. Three VLANs, Data, Voice, and Guest, complete
with authentication gateway, and one hell of a QoS configuration.

Re: Performance Issues - PTR Records

2011-11-07 Thread Jeremy Parr 
On 2 November 2011 17:57, Matt Chung  wrote:

> I work for a regional ISP and very recently there has been an influx of
> calls reporting "slowness" when accessing certain websites (i.e
> google.com/voice/b) via HTTP.  *snip*
>

I have been experiencing this same issue as an end user, my ISP does not
provide PTR records for their address pools. YouTube, xkcd, Mozilla.org,
among others, are slow to load initially. Coming from AS15146 here.

Re: IP Address Management IPAM software for small ISP

2012-12-13 Thread Jeremy Malli 
A colleague and myself wrote one in PHP that supports v4 and v6.  It's 
available on sourceforge:


http://sourceforge.net/projects/subnetsmngr/?source=directory

We like it.

Features
Manage subnets and hosts
IPv4 and IPv6 support
All subnetting math done for you. Auto-allocates and collapses subnets
Subnet groups
Assign customers to subnets and send SWIPs to ARIN
PowerDNS integration to update reverse and A records for hosts

Jeremy Malli
Mammoth Networks

On 12/12/2012 6:22 PM, Eric A Louie wrote:

I'm looking for IPAM solutions for a small regional wireless ISP.  There are 4
Tier 2 personnel and 2 NOC technicians who would be using the tool, and a small
staff of engineers.

They have regionalized IP addresses so blocks are local, but there are subnets
that are global.

don't care if it's a linux or windows solution.

Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur)

We're not dealing with a lot now, but the potential for growth is pretty high.

What are you using and how is it working for you?

  Much appreciated, Eric

Re: IP Address Management IPAM software for small ISP

2012-12-13 Thread Jeremy Malli 
We're running postgres on the backend due to a limitation we ran into 
when implementing v6 support in mysql.  So standard postgres backup 
practices would apply.


We also run a 24x7 NOC though only 4 support people.  It's light on 
database access so I can't imagine you would have a problem with 
robustness (it's just PHP/Postgres).  We have 8 /19's, a /32 v6 block 
and a smattering of other blocks that are managed using it.


Jeremy

On 12/13/2012 10:59 AM, Eric A Louie wrote:

Thanks Jeremy - looks pretty good, and specific, and I like the DNS
integration.  I haven't downloaded or installed it yet.

Do you think it's robust enough for a 24x7 Network Operations Center
that has 8 or so users?

Is the database a flat file that is easily backed up and restored?   or
are you using MySQL?
Much appreciated, Eric


----
*From:* Jeremy Malli 
*To:* nanog@nanog.org; elo...@yahoo.com
*Sent:* Thu, December 13, 2012 8:26:17 AM
*Subject:* Re: IP Address Management IPAM software for small ISP

A colleague and myself wrote one in PHP that supports v4 and v6.  It's
available on sourceforge:

http://sourceforge.net/projects/subnetsmngr/?source=directory

Jeremy Malli
Mammoth Networks

On 12/12/2012 6:22 PM, Eric A Louie wrote:
 > I'm looking for IPAM solutions for a small regional wireless ISP.
There are 4
 > Tier 2 personnel and 2 NOC technicians who would be using the tool,
and a small
 > staff of engineers.
 >
 > They have regionalized IP addresses so blocks are local, but there
are subnets
 > that are global.
 >
 > don't care if it's a linux or windows solution.
 >
 > Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur)
 >
 > We're not dealing with a lot now, but the potential for growth is
pretty high.
 >
 > What are you using and how is it working for you?
 >
 >  Much appreciated, Eric
 >

RE: Time Warner Cable YouTube throttling

2013-03-06 Thread Mark Jeremy 
Jumping into the bandwagon here to help out.

Here's the result from RIT to r19.sn-p5qlsm7d.c.youtube.com, going through
at least 4 hops through XO territory.

traceroute to r19.sn-p5qlsm7d.c.youtube.com (208.117.251.184), 30 hops max,
60 byte packets
 1  rit-west1-gw-014-vlan453.rit.edu (129.21.153.254)  0.593 ms  0.584 ms
0.576 ms
 2  rit-core1-pp-west2-vlan824.rit.edu (129.21.8.93)  1.938 ms  1.941 ms
2.116 ms
 3  rit-rit1-pp-core1-vlan2811.rit.edu (129.21.8.42)  0.508 ms  0.497 ms
0.484 ms
 4  te-7-2.car2.Buffalo1.Level3.net (4.59.214.21)  2.293 ms  2.294 ms  2.282
ms
 5  ae-4-4.ebr2.NewYork1.Level3.net (4.69.140.242)  10.332 ms  10.339 ms
11.022 ms
 6  ae-72-72.csw2.NewYork1.Level3.net (4.69.148.38)  15.274 ms  10.212 ms
ae-92-92.csw4.NewYork1.Level3.net (4.69.148.46)  10.204 ms
 7  ae-1-60.edge2.NewYork1.Level3.net (4.69.155.16)  10.202 ms
ae-2-70.edge2.NewYork1.Level3.net (4.69.155.80)  10.174 ms  10.171 ms
 8  206.111.13.65.ptr.us.xo.net (206.111.13.65)  10.160 ms  10.345 ms
10.336 ms
 9  207.88.14.185.ptr.us.xo.net (207.88.14.185)  18.555 ms  18.541 ms
20.749 ms
10  ae0d1.cir1.ashburn-va.us.xo.net (207.88.13.65)  16.241 ms  16.322 ms
16.261 ms
11  209.48.42.86 (209.48.42.86)  16.673 ms  64.114 ms  64.054 ms
12  208.117.251.184 (208.117.251.184)  16.313 ms  16.306 ms  16.486 ms

-MJ

-Original Message-
From: John Zettlemoyer [mailto:j...@razorservers.com] 
Sent: Wednesday, March 06, 2013 11:19 PM
To: 'Derek Ivey'
Cc: nanog@nanog.org
Subject: RE: Time Warner Cable YouTube throttling

Yup... This might be more helpful. 
I went to r19.sn-p5qlsm7d.c.youtube.com for better comparison.

Verizon FIOS

  1 8 ms 4 ms 4 ms  l100.cmdnnj-vfttp-27.verizon-gni.net
[98.110.113.1]
  2 9 ms 6 ms 7 ms  g0-3-3-6.cmdnnj-lcr-22.verizon-gni.net
[130.81.182.44]
  310 ms 9 ms 9 ms  xe-9-1-2-0.ny5030-bb-rtr2.verizon-gni.net
[130.81.209.144]
  4 8 ms 8 ms 9 ms  0.xe-3-1-0.br3.nyc4.alter.net
[152.63.26.117]
  523 ms24 ms24 ms  204.255.168.118
  633 ms34 ms34 ms  144.232.4.93
  722 ms22 ms22 ms  sl-crs4-nyc-0-3-5-0.sprintlink.net
[144.232.7.122]
  825 ms22 ms24 ms  sl-crs2-dc-0-4-0-2.sprintlink.net
[144.232.8.164]
  922 ms21 ms22 ms  sl-st31-ash-0-2-0-0.sprintlink.net
[144.232.25.15]
 1050 ms49 ms49 ms  sl-googl10-584821-0.sprintlink.net
[144.228.205.34]
 1120 ms19 ms19 ms  208.117.251.184

Comcast
  127 ms31 ms21 ms  68.38.220.1
  2 8 ms 9 ms11 ms
xe-11-3-0-0-sur01.burlington.nj.panjde.comcast.net [68.85.128.237]
  311 ms 9 ms 9 ms
xe-13-0-0-0-ar03.audubon.nj.panjde.comcast.net [68.85.62.89]
  415 ms16 ms15 ms
pos-4-0-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.93.233]
  514 ms14 ms13 ms  be-27-pe06.ashburn.va.ibone.comcast.net
[68.86.82.174]
  615 ms13 ms14 ms  144.232.6.97
  715 ms14 ms15 ms  sl-st31-ash-0-4-0-3.sprintlink.net
[144.232.3.169]
  834 ms32 ms31 ms  sl-googl10-584821-0.sprintlink.net
[144.228.205.34]
  930 ms31 ms31 ms  208.117.251.184

Our DC
  1<1 ms<1 ms<1 ms  static.razorinc.net [70.34.208.101]
  2<1 ms<1 ms<1 ms  mx1.razorinc.net [70.34.252.9]
  3<1 ms<1 ms<1 ms  xe-0-2-0.phi10.ip4.tinet.net
[199.168.63.233]
  4 3 ms 8 ms 3 ms  xe-7-2-1.was14.ip4.tinet.net
[89.149.181.174]
  5 3 ms 3 ms 3 ms  as2828.ip4.tinet.net [77.67.68.14]
  6 3 ms 3 ms 3 ms  216.156.8.189.ptr.us.xo.net [216.156.8.189]
  7 4 ms 4 ms 4 ms  209.48.42.86
  8 4 ms 4 ms 4 ms  208.117.251.184


 
John





smime.p7s
Description: S/MIME cryptographic signature

RE: Question on Ipv6 address

2013-03-26 Thread Mark Jeremy 
Justin,

Dial-up modem is just a layer 2 device with no IP address. Just think of it
as a converter, its sole function is to convert the telephone line to
something your PC can use, in this case, Ethernet. Both IPv4 and IPv6
operate on the layer 3 of the OSI model which is taken care of by the RAS.
So basically any dial-up modem support IPv6.

-MJ

-Original Message-
From: Justin Wilson [mailto:li...@mtin.net] 
Sent: Tuesday, March 26, 2013 12:06 PM
To: NANOG
Subject: Re: Question on Ipv6 address

I don't mean to hijack the thread so if someone wants to open a new one
that¹s cool.  But my question is what dial-up hardware supports v6? I am
*assuming* Cisco does.


Justin

--
Justin Wilson 
Aol & Yahoo IM: j2sw
http://www.mtin.net/blog ­ xISP News
http://www.zigwireless.com ­ High Speed Internet Options
http://www.thebrotherswisp.com ­ The Brothers Wisp



-Original Message-
From: Joe 
Date: Tuesday, March 26, 2013 11:39 AM
To: NANOG 
Subject: Question on Ipv6 address

>I'm new to Ipv6 and trying to understanding something about IPv6 in 
>service provider network.
>I've got the following questions , could anybody do some helps?
>1. In a dial-up network (Q-in-Q for each customer who dials in ) Should 
>each customer be assigned to ipv6 subnet prefix like /64 unique
>universily?  I've read   a rfc which stated point-to-point like should be
>assigned /64. But to my understanding, in dial-up   network , each user
>should only needed to be assigned a single ipv4 address, with wich
>customer   could used in his PC or his home router.
>2. In dial-up network,  could each vlan's ipv6 link-id  be planned with
>its vlan number? if so,  IP v6 address confliction could be avoided
>when  BAS is assigned a /64 or longer prefix.
>3. we are testing some BAS with IPv6 accessing, in radius accouting
>packets, there is IP-v6-prefix, Ip-v6-link-id,
>Ip-v6-delegated-prefix.how could dial-up PC's  IPv6address be
>calculated with above information?
>4. should it be necessary to plan  different
>IP-v6-prefix(IP-v6-delegated-prefix) for each dial-up customers  in BAS?
>5. How could delegated IPv6 prefix be used in service provider's network?
>is this useful in dial-up access network?
>
>each word will be highly appreciated.
>Joe
> 





smime.p7s
Description: S/MIME cryptographic signature

Re: BGP noob needs monitoring advice

2011-12-20 Thread Jeremy Kister 

On 12/20/2011 1:52 PM, Dave Pooser wrote:

My question for the group is, how? I can and do monitor my own router, and

> I can see that I'm receiving full routes from both ISPs. I am capable of

you might want to start with a good monitoring software like Argus - 
http://argus.tcp4me.com/



Group "Upstream Connections" {
  Group "T3 to whomever" {
Service Ping {
  hostname: far-side.example.net
}
Service UDP/SNMP {
  eqvalue: 6
  label: BGP
  uname: BGP
  oid:   .1.3.6.1.2.1.15.3.1.2.x.x.x.x
  hostname: your-router.example.net
}
  }
  Group "T3 to whomever2" {
Service Ping {
  hostname: far-other-side.example.net
}
Service UDP/SNMP {
  eqvalue: 6
  label: BGP
  uname: BGP
  oid:   .1.3.6.1.2.1.15.3.1.2.x.x.x.x
  hostname: your-router.example.net
}
  }
}

something like that will alert you when BGP is anything other than 
happy.  your oid may vary.  use snmpwalk to help.


then you could also add:
 Service Prog {
   frequency: 1800
   command: chkbgp.pl -a  -n  -r 
   nexepect: evil
 }

*http://jeremy.kister.net/code/perl/chkbgp.pl

--

Jeremy Kister
http://jeremy.kister.net./

Re: Well Lookie Here, Barracuda Networks tries to get me to fall into their trap again...

2011-12-21 Thread Jeremy Parr 
On 21 December 2011 13:46, Nathan Eisenberg  wrote:

> I've always strongly felt that this was a rather foul business practice,
> wherever I've seen it.  The justification for it is the utterly misguided
> belief that, if allowed to, customers will pay for a month then cancel
> their subscription and 'coast' on the 'current' version of the signature
> for a year.  This approach suffers from (at least) two fundamental flaws:
>
> 1) The entire customer base are treated as hostile.  It is no surprise
> that they resent this.  (Assumption: having resentful customers is bad)
> 2) Spam is, perhaps moreso than ever, a rapidly evolving threat.  The
> effectiveness of signatures declines dramatically with time, which means
> that August's signatures have little value by December.  [By the way, it
> seems to me that if they're willing to charge for valueless signatures,
> that represents either A) doubt as to the value of the current signatures,
> or B) disbelief in the decreasing value of out of date signatures.]
>
> While I realize that car insurance might not be the best analogy subject,
> imagine if you put your car on blocks, went off to college and allowed the
> insurance to lapse whilst you were there.  When you return, the insurance
> company wants you to pay the last three years of insurance in order to
> reactivate your policy.  That companies customers would react in the same
> way: they would find a new provider to do business with, rather than pay
> out for a valueless bit of smoke and mirrors.
>
> Nathan Eisenberg
>

Exactly. And when you consider the fact that most anyone can roll their own
solution with Postfix, Postgrey, a few RBLs, and Spamassassin that works
just as well - if not better than a Barracuda, trying to justify back
charging is even more unbelievable.

Re: Well Lookie Here, Barracuda Networks tries to get me to fall into their trap again...

2011-12-22 Thread Jeremy Parr 
On 22 December 2011 14:07, Jon Lewis  wrote:

> Presumably, Barracuda's hardware is i386/i686 compatible commodity parts.
> It's probably not at all "useless".  Just attach a USB DVD drive or USB
> flash drive, wipe the disk(s) and install your favorite Linux distro.
> It may take some doing to get all/most of the features Barracuda provides
> setup on your own...but if you don't have the time/expertise to do it,
> that's why companies like Barracuda exist.
>
The hardware Barracuda charges you a very pretty penny for is very low end.
$3000 or so that they charge for a mid-level spam filters gets you a single
power supply, single hard disk, and a low end processor.

According to their site it does appear they offer the product as VM image.
This would eliminate the stupid hardware markup and their attempt at
backdating updates.

Comcast DNSSEC

2012-01-10 Thread Jeremy Bresley 

Hadn't seen this mentioned yet.

http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html

Comcast has signed all their managed domains, as well as deployed DNSSEC 
resolvers for their customers.  And they're encouraging others to make 
the jump to DNSSEC now as well, especially e-comm/banking sites.


Nice work guys, any of the Comcast guys on the list want to give us an 
idea how much work is involved in this from a large-scale service 
provider perspective to do it?  Any big caveats you encountered that 
people should watch out for?


Jeremy "TheBrez" Bresley
b...@brezworks.com

Re: DNS poisoning at Google?

2012-06-26 Thread Jeremy Hanmer 
It's not DNS.  If you're sure there's no htaccess files in place, check your 
content (even that stored in a database) for anything that might be altering 
data based on referrer.  This simple test shows what I mean:

Airy:~ user$ curl -e 'http://google.com' csulb.edu


301 Moved Permanently

Moved Permanently
The document has moved http://www.couchtarts.com/media.php";>here.


Running curl without the -e argument gives the proper site contents.  

On Jun 26, 2012, at 9:35 PM, Matthew Black  wrote:

> Yes, we’ve used the Google Webmaster Tools a lot today. Submitted multiple 
> requests and they keep insisting that our site issues a redirect. Unable to 
> duplicate the problem here.
> 
> matthew black
> information technology services
> california state university, long beach
> 
> From: Ishmael Rufus [mailto:sakam...@gmail.com]
> Sent: Tuesday, June 26, 2012 9:34 PM
> To: Matthew Black
> Cc: David Hubbard; nanog@nanog.org
> Subject: Re: DNS poisoning at Google?
> 
> Have you tried using Google Webmaster tools?
> On Tue, Jun 26, 2012 at 11:28 PM, Matthew Black 
> mailto:matthew.bl...@csulb.edu>> wrote:
> Running Apache on three Solaris servers behind a load balancer.
> 
> I forgot how to lookup our AS number to see if it matches couchtarts.
> 
> matthew black
> information technology services
> california state university, long beach
> 
> -Original Message-
> From: David Hubbard 
> [mailto:dhubb...@dino.hostasaurus.com]
> Sent: Tuesday, June 26, 2012 9:14 PM
> To: nanog@nanog.org
> Subject: RE: DNS poisoning at Google?
> 
> Typically if google were pulling your site sometimes from the wrong IP, their 
> safe browsing page should indicate it being on another AS number in addition 
> to the correct one 2152:
> 
> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http
> ://www.csulb.edu
> 
> For example, the couchtarts site they claim yours is redirecting to:
> 
> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http
> ://www.couchtarts.com
> 
> That site's DNS is screwed up and some requests are sent to a different IP at 
> a different host, so Google picked up both AS numbers.
> 
> Could one of your domain's subdomains be what is actually infected?  You seem 
> to have a bunch of them, maybe google is penalizing the whole domain over a 
> subdomain?  Not sure if they do that or not.
> 
> If your sites are running off of an application like wordpress, etc., you may 
> not get the same page that google gets and the application may have been 
> hacked.
> Here's a wget command you can use to make requests to your site pretending to 
> be google:
> 
> wget -c \
> --user-agent="Mozilla/5.0 (compatible; Googlebot/2.1;
> +http://www.google.com/bot.html)" \
> --output-document=googlebot.html 'http://www.csulb.edu'
> 
> nanog will probably line wrap that user agent line making it not correct so 
> you'll have to put it back together correctly.  It will save the output to a 
> file named googlebot.html you can look at to see if anything weird ends up 
> being served.
> 
> David
> 
> 
>> -Original Message-
>> From: Matthew Black 
>> [mailto:matthew.bl...@csulb.edu]
>> Sent: Tuesday, June 26, 2012 11:53 PM
>> To: nanog@nanog.org
>> Subject: DNS poisoning at Google?
>> 
>> Google Safe Browsing and Firefox have marked our website as containing
>> malware. They claim our home page returns no results, but redirects
>> users to another compromised website couchtarts.com.
>> 
>> We have thoroughly examined our root .htaccess and httpd.conf files
>> and are not redirecting to the problem target site. No recent changes
>> either.
>> 
>> We ran some NSLOOKUPs against various public DNS servers and
>> intermittently get results that are NOT our servers.
>> 
>> We believe the DNS servers used by Google's crawler have been
>> poisoned.
>> 
>> Can anyone shed some light on this?
>> 
>> matthew black
>> information technology services
>> california state university, long beach
>> www.csulb.edu
>> 
>> 
>> 
> 
> 
> 
>

Megapath contact

2014-10-08 Thread Jeremy Parr 
Could someone from Megapath contact me offlist? I'm fighting with some very
strange routing for a customer.

t-mobile help

2014-10-28 Thread Jeremy Knapp 
Would someone from T-Mobile be willing to contact me offline about
some abuse issues we are having?

Any help would be greatly appreciated.

Thanks,

Jeremy

Re: Cisco CCNA Training

2014-11-03 Thread Jeremy Knapp 
https://learningnetwork.cisco.com/docs/DOC-20499

The learning lab looks like very good option.
On Nov 3, 2014 5:52 AM, "Alex Brooks"  wrote:

> Hi,
>
> On Mon, Nov 3, 2014 at 2:38 AM, Joel Maslak  wrote:
> > You might look at your local community college's offerings.  Probably
> > better bang for the buck than many other offerings.
> >
> > On Sun, Nov 2, 2014 at 10:02 AM, Colton Conor 
> > wrote:
> >
> >> We have a couple of techs that want to learn cisco and networking in
> >> general. What do you recommend for learning and getting certified on
> Cisco?
> >> There seems to be a million different training courses, books, etc out
> >> there.
> >>
>
> I would agree with considering face-to-face offerings; especially if
> it is run with evening classes or at times the employee can access
> without affecting work.  It's how I first started my CCNA and I really
> appreciated having access to a real physical lab, library, instructors
> and other students. Though this was way back before Cisco's
> all-singing all-dancing website with it's 'online' lab.
>
> Quite often you can also use CCNA courses at a real college as part of
> a more general qualification and they often offer other courses that
> it can be handy for staff to have, like CompTIA's Security+ if you are
> doing any MOD or Federal contracting.  And as has been said they are
> normally quite cheap for what you get.
>
> However, have you considered actually asking the techs how they learn best?
>
> Alex
>

Re: TWC IPv6 access ...

2014-11-15 Thread Jeremy Sliwinski 

On 11/14/2014 11:11 AM, Alan Clegg wrote:

On 11/14/14, 7:12 AM, Jorge Amodio wrote:

Hi There,

anybody seeing problems with TWC broadband access and IPv6?

After a brief outage this morning I no longer have IPv6 in my residential
line and don't see any IPv6 neighbor at the other end of the coax :-(

Apex, NC.  Been out for about a week.  I get a /128 for my router, but
no prefix delegation.

AlanC



Raleigh, NC.I saw the same issue here.   Restarted the IPv6 DHCP 
client on our Cisco router and PD came back immediately.


-jay

Sign-On Letter to the Court in the FCC's Net Neutrality Case

2015-09-12 Thread Jeremy Gillula 
Dear colleagues,

Apologies in advance for the spam, but as many of you know, several
large ISPs and their industry organizations are challenging the FCC's
recent net neutrality order in court. Since the outcome of this case
could have real consequences for how Internet services work in the
future, I'm writing you today to ask you to sign on to a letter that EFF
and ACLU have prepared for the court.

The letter explains several key engineering concepts that are vital to
understanding how the Internet actually operates (e.g. the end-to-end
principle, the layered network stack, how IP routing works, etc.). It
also stays away from legal arguments, and instead focuses on the
technical arguments for how net neutrality has been key to the design
and operation of the Internet since its beginning. It also lays out the
technical consequences that could occur should the FCC's order be struck
down, focusing on how large ISPs could transform the Internet from a
system where innovation can take place without permission to one where
ISPs get to dictate what protocols and services their customers are
allowed to use.

/*If you're willing to sign on and help today, please email me directly
(off list) */and I will be happy to share a copy of the letter for you
to review before you agree to sign on.

The more signatures we can get, the more likely the court is to take
notice. All it takes is an email. Please help us make sure the court
gets the message: from an engineering point of view, neutrality and
openness are fundamental to the way the Internet operates today.

Thank you for your support,

-- 

| Jeremy Gillula, Ph.D.
| Staff Technologist
| Electronic Frontier Foundation
| (415) 436-9333 x158
| jer...@eff.org
| @the_zeroth_law
| GPG Key Fingerprint:
| 4DCF A726 7C7D E327 7DD6
| 863E A25B 3CE6 2CAC 7BE9


signature.asc
Description: OpenPGP digital signature

Re: /27 the new /24

2015-10-08 Thread Jeremy Austin 
On Thu, Oct 8, 2015 at 3:25 PM, James Jun  wrote:

>
> If you want choices in your transit providers, you should get a transport
> circuit (dark, wave or EPL) to a nearby carrier hotel/data center.  Once
> you do that, you will suddenly find that virtually almost everyone in the
> competitive IP transit market will provide you with dual-stacked IPv4/IPv6
> service.
>

The future is here, but it isn't evenly distributed yet. I'm in North
America, but there are no IXPs in my *state*, let alone in my *continent*
-- from an undersea fiber perspective. There is no truly competitive IP
transit market within Alaska that I am aware of. Would love to be proved
wrong. Heck, GCI and ACS (the two providers with such fiber) only directly
peered a handful of years ago.


> If you are buying DIA circuit from some $isp to your rural location that
> you call "head-end" and are expecting to receive a competitive service,
> and support for IPv6, well, then your expectations are either unreasonable,
> ignorant or both.
>

Interestingly both statewide providers *do* provide both IPv4 and IPv6
peering. The trick is to find a spot where there's true price competition.
The 3 largest statewide ISPs have fiber that meets a mere three city blocks
from one of my POPs, but there's no allowable IX. I'm looking at you, AT&T.

-- 
Jeremy Austin
Whitestone Power & Communications, Alaska

Re: /27 the new /24

2015-10-09 Thread Jeremy Austin 
On Fri, Oct 9, 2015 at 12:04 PM, Owen DeLong  wrote:

>
>
> The future is here, but it isn't evenly distributed yet. I'm in North
> America, but there are no IXPs in my *state*, let alone in my *continent*
> -- from an undersea fiber perspective. There is no truly competitive IP
> transit market within Alaska that I am aware of. Would love to be proved
> wrong. Heck, GCI and ACS (the two providers with such fiber) only directly
> peered a handful of years ago.
>
>
> Alaska is in the same continent as Canda and the Contiguous US.
>

Geographically yes, but not IP-topologically. It may strictly speaking be
an exaggeration to speak of continental latencies, but we do feel a bit cut
off up here. From me to Ohio is just about twice as far as from me to CA.
The distance from the eastern US to Portugal is only about twice as long as
the Anchorage to Seattle route.


> VANIX (Vancouver), CIX (Calgary), Manitoba-IX (Winnipeg), WPGIX
> (WInnipeg), TORIX (Toronto),
> and an exchange in Montreal (I forget the name) exist as well as a few
> others in Canada (I think
> there’s even one out in the maritimes).
>

If there were ever an Alaska-to-Canada pipeline or gas line built, no doubt
there could be fiber. To my knowledge no non-Arctic Alaska to Yukon route
exists or is in public planning. I think AT&T may have some microwave. The
Yukon has less overall population than the city of Fairbanks, AK, and it
would be difficult to justify a fiber build, say, from Tok to Whitehorse,
without other reasons. I'm not looking at great circle routes at the
moment, but an overland route would probably be *longer* from Anchorage to
Vancouver than the current undersea routes.


> There are tons of exchanges all over the contiguous US.
>

Exactly. Now imagine an area — Alaska not including Anchorage — twice the
size of Texas, with the population of Pittsburgh, in tiny clumps far apart.
It is *possible* that the lack of IX in Alaska is due solely to geography
and not, say, to an inadequately competitive ISP environment.

I’m surprised that there isn’t yet an exchange point in Juneau or
> Anchorage, but that
> does, indeed, appear to be the case. Perhaps you should work with some
> other ISPs
> in your state to form one.
>

Juneau, I'm not so surprised; how many other cities that small and isolated
have IXes? I'm curious. It's an interesting prospect, at least for some
value of $location. Anyone interested, hit me up.

According to this:
> http://www.alaskaunited.com
>
> There is subsea fiber to several points in AK from Seattle and beyond.
>

Said undersea fiber is owned by GCI and ACS. There are some pending routes
west and north, I believe.


>
> And on a continental basis, quite a bit of undersea fiber in other landing
> stations
> around the coastal areas of the contiguous 48.
>
> If you are buying DIA circuit from some $isp to your rural location that
> you call "head-end" and are expecting to receive a competitive service,
> and support for IPv6, well, then your expectations are either unreasonable,
> ignorant or both.
>
> Interestingly both statewide providers *do* provide both IPv4 and IPv6
> peering. The trick is to find a spot where there's true price competition.
> The 3 largest statewide ISPs have fiber that meets a mere three city blocks
> from one of my POPs, but there's no allowable IX. I'm looking at you, AT&T.
>
>
> I’m not sure what you mean by “allowable IX”, to the best of my knowledge,
> anyone
> can build an IX anywhere.
>

 I should have been more clear. No allowable IX *at the nearest fiber
meetup to me*.

It would be illuminating to see what minimum peak hour per-capita bw is
necessary to make rural IX pay, and for what value of $rural.

"Alaska suffers from… an abject lack of density." —Joe Freddoso, Mighty
River/USAC

Re: /27 the new /24

2015-10-11 Thread Jeremy Austin 
On Sat, Oct 10, 2015 at 12:51 PM, Todd Underwood 
wrote:

>
> you already know that that's not how the internet in the rural west works.
>  it's fine.  smile and nod and pretend that they are making sensible claims
> and move back to trying to figure out how to make things work on your own
> network.
>

Thank you, Todd. While I must take some exception to your use of the word
'hinterlands' [1] rather than 'frontier', you're right on the mark
everywhere else. :)

With all the talk around updating BCPs, perhaps we also need IUPs --
Interesting Uncommon Practices: the edge cases which contrast to, but do
not invalidate, the middle.

-J

[1] Kleinfeld, "The Frontier Romance"
http://www.newsminer.com/features/sundays/book_reviews/kleinfeld-s-book-explores-the-romance-of-the-frontier/article_57da7bda-e15c-11e2-9281-0019bb30f31a.html

Are there any ATT postmasters in the house?

2015-10-19 Thread Jeremy Parr 
I have a mail server that is repeatedly getting blacklisted, but is not
sending anything spammy or bulk.

Re: Modem as a service?

2015-12-06 Thread Jeremy Austin 
On Sun, Dec 6, 2015 at 4:03 PM, Karl Auer  wrote:

>
> There might be a product idea here, if no-one's done it already:
> Something like a RaspBerry Pi, running off a lithium battery, with a
> recharge circuit and something to detect a power outage. Add a 3G/4G
> card to send an SMS alert, put it all in a box, plug it into power. Only
> configuration needed is setting the SMS target(s)... If you made it
> network addressable (on 3G/4G) it could send emails as well.


Almost exactly my scenario.

While you're at it, add IP/serial links to console servers and tunnel in.
I've got this as the only OOB option for sites with no copper. Low
bandwidth 3G plan.

-- 
Jeremy Austin
Whitestone Power & Communications
(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Re: Devices with only USB console port - Need a Console Server Solution

2015-12-07 Thread Jeremy Bresley 
Looks like what you want is the A920-CONS-KIT-S part.  Description on it 
is "ASR 920 Serial Console Cabling Kit"  This is a $0 item when ordered 
with the ASR920s.  The other option is the A900-CONS-KIT-U which is the 
USB-USB console kit.


http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide/ASR920_HIG/hw_installation.html#pgfId-114

Shows the adapter which I'm assuming is what's included in the kit, they 
mention needing the RJ-45 to DB9 cable (normal Cisco console cable) in 
addition to this ASR9XX specific adapter.  Should be able to plug your 
normal terminal server cables into the adapter cable listed above.


Hope this is helpful.

Jeremy "TheBrez" Bresley
b...@brezworks.com

On 12/7/2015 4:15 PM, Erik Sundberg wrote:

We have one of these nice new and fancy Cisco ASR920-24SZ, just realized it 
doesn't have an RJ45 Console port only USB. When we deploy devices at our pop 
we wire the console port to a terminal\console server, well that doesn't work 
for a usb console device.

So what is everyone doing for out of band management via the console when it's 
a usb only device?
Is there something I am missing?
Is there a console server for USB?
Does cisco make an USB to RJ45 Jack adapter?



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-09 Thread Jeremy Austin 
On Sat, Jan 9, 2016 at 5:06 AM, Mike Hammett  wrote:

>
> The best solution for everybody is the solution most consumers are adverse
> to, which is usage based billing. Granted, many times the providers have
> shot themselves in the foot by making the charges punitive instead of based
> on cost plus margin. Reasonable $/gig for everybody! :-)


I'm tempted to make an analogy to health care, insurance, and universal
coverage, but I'll abstain.

Usage based billing alters the typical hockey stick graph: the 10% of users
using 80% of the bandwidth are otherwise subsidized by the long tail.

As an ISP, usage-based billing is more sensible, because I would no longer
have to stress about oversubscription ratios and keeping the long tail
happy. But usage-based models are more stressful for the consumer; I think
I disagree that it's the best model for everybody.

Let me be a consumer advocate for a moment. One of the reasons consumers
are averse to usage-based billing is that the tech industry has not put
good tools into their hands. While it is possible to disable automatic
updates, set Windows 10's network settings to "metered", and micromanage
your bandwidth, in general:

The Internet (from the non-eyeball side) is designed around a free-feeding
usage model. Can you imagine if the App store of your choice showed two
prices, one for the app and one for the download? The permission-based
model on Android would have requests like, "This app is likely to cost you
$4/week. Is this OK?"

I don't know all the reasons that satellite provider Starband shut down,
but that was a usage-based billing market; and it would never have been a
'reasonable' $/gig.  I'm working to step into the hole they left, and
you're right that customers don't want a usage-based model to replace it.

In addition, let's say I know of an ISP that makes 10% of its revenue from
overage charges. Moving to a purely usage-based model would lower ACR, as
it would have to charge a more reasonable price/gig; that top 10% of users
won't replace the lost revenue. So even providers may have little incentive
to change models, particularly if they have a vested interest in inhibiting
the growth of video or usage in general.

-- 
Jeremy Austin

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-11 Thread Jeremy Austin 
On Sun, Jan 10, 2016 at 7:12 PM, Owen DeLong  wrote:

>
> For $x/month you get Y GB of LTE speed data and after that you drop to
> 128kbps.
>
> You don’t pay an overage charge, but your data slows way down.
>
> If you want to make it fast again, you can for $reasonable purchase
> additional
> data within that month on a one-time basis.
>
> I would like to encourage other carriers to adopt this model, actually. If
> Verizon had a model like this, I would probably switch tomorrow assuming
> their prices weren’t too far out of line compared to T-Mo.
>
>
This is similar to Hughesnet's FAP (unfortunately named Fair Access Policy).

I've had some consumer success with this model. There are other fairness
models that can augment it, however; it's not my favorite.


> >
> > The Internet (from the non-eyeball side) is designed around a
> free-feeding
> > usage model. Can you imagine if the App store of your choice showed two
> > prices, one for the app and one for the download? The permission-based
> > model on Android would have requests like, "This app is likely to cost
> you
> > $4/week. Is this OK?”
>
> Kind of an interesting idea, but to me, the reason usage charges induce
> stress has ore to do with the fact that they are kind of out of control
> pricey first of all and second of all that you start incurring them without
> warning and without any real ability to say no on most networks.
>
> That’s why I actually like the T-Mo strategy here. With existing tools,
> the customer has full choice and control about “overage” costs even if
> their data usage remains somewhat opaque.
>

>From what I understand, the controversy around T-Mo is that the technique
itself was opaque, correct? If the Internet as a whole *had* an "SD" knob,
like Netflix on AppleTV/etc., usage-billed customers would benefit — as
long as it was plainly spelled out.


>
>
> > In addition, let's say I know of an ISP that makes 10% of its revenue
> from
> > overage charges. Moving to a purely usage-based model would lower ACR, as
> > it would have to charge a more reasonable price/gig; that top 10% of
> users
> > won't replace the lost revenue. So even providers may have little
> incentive
> > to change models, particularly if they have a vested interest in
> inhibiting
> > the growth of video or usage in general.
>
> How can an ISP make 10% of its money from overage charges unless they are
> doing usage-based billing? If you’ve got an AYCE plan, you don’t have
> overages. If you don’t, then you have some form of usage based billing.
>
> The varieties of usage based billing that are available are a far less
> interesting exercise.
>
> Owen
>
>
On a continuum, AYCE at one end, pay-by-the-bit at the other, and in
between, usage caps. For the majority of customers on $provider network,
caps are unnecessary; for them, the flat rate they pay is effectively an
AYCE. Smaller stomachs, and they are paying a higher $/bit as they use
less. Those who incur overages are experiencing usage-based billing.

I agree it is uninteresting, but there it is.

How much uncapped LTE spectrum is needed before we can hit that 2Mbps per
customer referred to recently?

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-11 Thread Jeremy Austin 
On Mon, Jan 11, 2016 at 9:15 AM, Owen DeLong  wrote:

>
>
>>
>>
> This is similar to Hughesnet's FAP (unfortunately named Fair Access
> Policy).
>
> I've had some consumer success with this model. There are other fairness
> models that can augment it, however; it's not my favorite.
>
>
> What is your favorite?
>

Does a dog have the Buddha nature?

My favorite is actually having enough bandwidth to meet demand. What a
concept. Ought to work for terrestrial; where we run out of
spectrum/bandwidth is in shared-medium last-mile.

Pre-Title II classification, I had excellent success with per-flow
equalization/fairness, but this is expensive and makes bandwidth guarantees
difficult to manage.

After, I've also had success with a) maintaining sane oversubscription
ratios and b) using per-customer-class fairness balancing, and c) some
experimentation with FQ-CODEL, although this is less neutral and still a
gray area — at least until I understand it better.



>
>
> However, as I said, I consider everything to the right of AYCE on your
> “continuum” to be simply variations of usage-based billing.
>
> Sure, to a consumer who stays within their usage tier, their tier looks
> like AYCE (until it doesn’t), but it certainly isn’t actually.
>

I agree.


>
>
>
> How much uncapped LTE spectrum is needed before we can hit that 2Mbps per
> customer referred to recently?
>
>
> I would assume quite a bit. There are 7 billion potential subscribers, so
> that’s 14 billion Mbps or 14 Petabits per second world wide.
>

Heh. Gary said it better — it's about user density. All 7 billion aren't on
one set of sectors.

The architecture for "repeaters", as Gary pointed out, is suboptimal, which
is why we rely so heavily on Wifi, and why the WISP world is up in arms
over LTE-U. Or so it seems to me.

And NYC is just now getting wifi in the tunnels?

I apologize if this has grown off-topic.

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-11 Thread Jeremy Austin 
On Mon, Jan 11, 2016 at 9:40 AM, Owen DeLong  wrote:

>
>
>
> My favorite is actually having enough bandwidth to meet demand. What a
> concept. Ought to work for terrestrial; where we run out of
> spectrum/bandwidth is in shared-medium last-mile.
>
>
> That’s not a billing model… We were talking about billing models.
>
> What’s your favorite billing model?
>

Heh. I had said "fairness" — perhaps we both support unfair billing but
fair supply?

Two sides of the same tarnished coin, supply and demand.

Which model I prefer… Diogenes, when asked what kind of wine he liked best,
replied "The wine of others."

As a user in that top 10%, I like my bandwidth subsidized by my unwitting
peers. As an ISP, I'm managing to sell it AYCE, but I'm small potatoes. My
opinions are my own but largely informed by what I observe for customer
satisfaction, contrasting models in an uncompetitive market.

Re: Best Source for ARIN Region /24

2016-01-11 Thread Jeremy Austin 
On Mon, Jan 11, 2016 at 11:10 AM, Mike Hammett  wrote:

> Some expansions under my ISP hat may lead to needing some address space,
> so I'd be interested in where people are getting space from as well.
> Smaller blocks, though, /22 and smaller.
>

Me too, but "will" instead of "may".

Jeremy Austin

Re: small automatic transfer switches

2016-01-27 Thread Jeremy Austin 
On Wed, Jan 27, 2016 at 11:33 AM, Josh Reynolds 
wrote:
>
> better yet, $134
>
http://www.amazon.com/CyberPower-PDU20MHVT10AT-Metered-Power-Distribution/dp/B00NEHXESQ/ref=sr_1_17?s=electronics&ie=UTF8&qid=1453926782&sr=1-17&keywords=cyberpower+ats


That unit is 220V. I bought it once by mistake. Josh' first link is the
15A/120V version.

If all you need is a single port (still 15A limit), and can handle a 70ms
switching time, I've had success with this marine transfer switch:

http://www.amazon.com/Xantrex-Inline-Transfer-Relay-PROwatt/dp/B00JGXAE62/ref=sr_1_1?ie=UTF8&qid=1453927515&sr=8-1&keywords=xantrex+in-line+transfer

You'll have to add your own ends/outlets, as it is intended to be hardwired
in place.

Re: Fiber to the home specialists/consultants?

2016-02-10 Thread Jeremy Austin 
Ditto.
On Wed, Feb 10, 2016 at 4:04 PM Daniel Rohan  wrote:

> Can anyone point me at a firm that does or consults on FTTH from a
> technical *and* business perspective?
>
> Off-list responses would be appreciated.
>
> Thanks,
>
> Dan
>

Any ATT.net mail admins here?

2016-04-12 Thread Jeremy Parr 
I have two spam filters that relay outbound mail for a few dozen companies,
and as such generate a fair amount of traffic. We are fairly strict with
the spam filtering on outbound mail, but somehow end up blacklisted by
ATT/Prodigy/Bellsouth a few times a year.

Re: GeoIP database issues and the real world consequences

2016-04-12 Thread Jeremy Austin 
On Tue, Apr 12, 2016 at 3:55 AM, John Levine  wrote:

>
> Please don't guess (like, you know, MaxMind does.)  USPS has its own
> database of all of the deliverable addresses in the country.  They
> have their problems, but give or take data staleness as buildings
> are built or demolished, that's not one of them.


A qualifier.

USPS has a database of *most* of the deliverable addresses in the country.

I'm in an unorganized borough. The USPS actually has no mandate, funding or
lever that I can pull (that I can find) to keep their database up to date.
Easily 30% of the legitimate addresses in my area are not geocodable nor in
the USPS database.

I suspect that there are areas of my state with an even worse percentage of
unavailable data.

UPS and FedEx rely on the USPS database, but will not lift a finger to fix
this gap.

Even as a municipal body there is no available federal mechanism for
updating the database. I've tried multiple times over 15+ years.



So yeah, USPS' database does have its problems.

-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: Juniper vMX evaluation - how?

2016-04-13 Thread Jeremy Austin 
On Wed, Apr 13, 2016 at 12:54 PM, Bruce Simpson  wrote:

>
> Is some special magic required to acquire an evaluation copy? The 60 day
> trial license is directly downloadable from the above link, but the tarball
> is not. $CLIENT was just referred to it by $RESELLER.


I'd be interested as well — I submitted a form, nothing but crickets.


-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: GeoIP database issues and the real world consequences

2016-04-13 Thread Jeremy McDermond 

> On Apr 11, 2016, at 10:02 AM, Ken Chase  wrote:
> 
> Cant believe law enforcement is using this kind of info to execute searches.
> Wouldnt that undermine the credibility of any evidence brought up in trials
> for any geoip locates?

What overworked and underpaid public defender is going to know enough to 
challenge the “evidence?”  What judge is going to know enough to call BS on the 
search warrant affidavit?  A good number of the judges in Oregon used to work 
for one of the DA’s offices, you think they question law enforcement affidavits 
very aggressively?

> /kc
--
Jeremy McDermond (NH6Z)
Xenotropic Systems
mcde...@xenotropic.com

Open Letter RE:Cyber Threat Info Sharing Bills

2015-04-11 Thread Jeremy Gillula 
Dear colleagues,

As many of you know, the US Congress is currently considering various
<https://www.eff.org/document/cisa-2015-reported-senate-floor-after-ssci-markup>
bills
<https://www.eff.org/deeplinks/2015/03/congress-takes-obama-administrations-information->
which some of its
<http://blogs.wsj.com/washwire/2015/02/25/senate-in-break-from-past-holds-closed-hearing-on-intelligence-threats/>
members
<http://www.huffingtonpost.com/2014/12/02/burr-senate-intelligence_n_6258162.html>
think will help fight Internet security threats via increased
information sharing between companies and the government. Unfortunately,
not only are these new information sharing powers unnecessary, the
bills' broad immunity clauses for companies
<https://www.eff.org/deeplinks/2013/03/consequences-cispas-broad-legal-immunity>,
vague definitions
<https://www.eff.org/cybersecurity-bill-faq#copyright>, and aggressive
spying powers
<https://www.eff.org/deeplinks/2012/04/yes-cispa-could-allow-companies-filter-or-block-internet-traffic>
essentially make them secret surveillance bills--and more government
surveillance of the Internet is the last thing we need right now.

I'm writing you today to ask you to sign on to an open letter to
Congress, which explains the fallacy of these bills
<https://www.eff.org/deeplinks/2015/03/senate-intelligence-committee-advances-terrible-cybersecurity-bill-surveillance>
to politicians who probably don't understand the intricacies of the
network security world.

This is the fifth <https://www.govtrack.us/congress/bills/111/s773> time
<https://beta.congress.gov/bill/113th-congress/house-bill/624> in
<https://www.govtrack.us/congress/bills/112/s2105/text> as many
<https://www.govtrack.us/congress/bills/113/s1353> years that Congress
has tried to pass "cybersecurity" legislation. Fortunately (with the
help of many of you
<https://www.eff.org/deeplinks/2012/04/open-letter-academics-and-engineers-us-congress>
on this list) we've been successful in preventing such misguided
legislation in the past./*If you're willing to sign on and help today,
please email me directly (off list) */and I will be happy to share a
copy of the letter for you to review before you agree to sign on.

The more signatures we can get, the more likely Congress is to listen.
All it takes is an email. Please help us make sure politicians get the
message: we don't need new legal authorities to share information that
will help keep the systems and people we protect safe from future attacks.

Thank you for your support,

-- 

| Jeremy Gillula, Ph.D.
| Staff Technologist
| Electronic Frontier Foundation
| (415) 436-9333 x158
| jer...@eff.org
| @the_zeroth_law
| GPG Key Fingerprint:
| 4DCF A726 7C7D E327 7DD6
| 863E A25B 3CE6 2CAC 7BE9



signature.asc
Description: OpenPGP digital signature

Re: AWS Elastic IP architecture

2015-05-28 Thread Jeremy Mooney 
At re:Invent they started releasing a surprising amount of detail on how
they designed the VPC networking (both layering/encapsulation itself and
distributing routing data). Like Michael mentioned, they really stuff as
much as possible into software on the VM hosts. That presentation is
https://www.youtube.com/watch?v=Zd5hsL-JNY4

While looking for that video I stumbled on a couple others that look along
those same lines:
https://www.youtube.com/watch?v=HexrVfuIY1k (all the connectivity options)
https://www.youtube.com/watch?v=YoX_frLHbEs (talks about public IP options)


On Thu, May 28, 2015 at 9:34 AM, Luan Nguyen  wrote:

> Hi folks,
> Anyone knows what is used for the AWS Elastic IP? is it LISP?
>
> Thanks.
> Regards,
> -lmn
>

Re: BGP Multihoming 2 providers full or partial?

2015-06-01 Thread Jeremy Malli 
You could have your transit providers send you a default route in the 
BGP session instead of nailing it up using a static.  That way if the 
interface does not physically go down but the BGP session does, the 
default route will be pulled when the BGP session dies.


Also, you could go with a less expensive router that will handle full 
routes such as the Mikrotik CCR's ( 
http://routerboard.com/CCR1036-8G-2SplusEM ).  Get one for each of your 
transit providers.  People have varying experiences with Mikrotik 
however for basic use they seem to work well.


Jeremy Malli
jer...@vcn.com

On 6/1/2015 11:40 AM, Blake Hudson wrote:

A gateway of last resort, also called a backup default route, will take
care of partitions and is, in my opinion, a good idea if you are not
providing transit to others. It's a requirement if you're not taking
full routes, but even if you do take full routes the management cost is
practically nill.

The practical problem with with using static routes (or a locally
generated default route only BGP feed) for egress route selection is
when your upstream providers perform maintenance or have an outages.
When this occurs, you'll likely be impacted during the duration of the
event. This may be 5 minutes, it may be hours. What are the track
records for your upstream ISPs? Is having two ISPs doubling your
downtime, and is this the desired outcome? If you can't send traffic out
to half of the internet for an hour is that OK? At midnight? At noon?

--Blake

Maqbool Hashim wrote on 6/1/2015 11:28 AM:

First off thanks to everyone that responded to my original post, very
instructive and informational replies along with a good view of
different perspectives.

Baldur, you pointed out that for ingress it's exactly the same to take
partials, we are only affected on outbound and we can achieve a large
part of the redundancy for outbound also.  Someone else pointed out
that partitions of the Internet view from our two providers are often
lasting minutes rather than hours.  Given this input I really lean
towards Baldur's statement of we can probably spend the money better
elsewhere.

One point I will try and make internally is "Do we care about all of
the Internet all of the time?", note we are not an ISP.  Basically if
some part of the Internet in is unreachable for a "short" period will
we even notice it?  Always if it is one of our remote sites, but of
course we can mitigate that by making those part of the partials that
we take from both of our providers.

By taking full routes I can only see us protecting the view of the
whole Internet our internal web browsing clients, after all if a
partition to a "busy" part of the Internet happens we will notice it
straight away (Google etc.), but if it is someone's iTunes server on
the end of some small DSL provider- do we care?

One thing I would rather not do which is manage static routes on the
BGP routers seems counter intuitive on the face of it.


From: NANOG  on behalf of Baldur Norddahl

Sent: 01 June 2015 16:49
To: nanog@nanog.org
Subject: Re: BGP Multihoming 2 providers full or partial?

On 1 June 2015 at 15:29, Blake Hudson  wrote:


Something to point out: Sometimes the device you connect to is up,
but has
no reachability to the rest of the world. Using static routes is..
well..
static. There are a few cases (such as the one mentioned) where a static
route can be somewhat dynamic. Another case is when the static route
next
hop does not respond to ARP requests or some machines have the
ability to
perform triggered actions on some sort of event/test. But why bother
with
BGP if you're just going to override its decisions by using static
routes?

As another commenter mentioned, using anything less than a full table
is a
compromise. If one wants the redundancy in the case of an upstream ISP
outage, take full routes. If one wants the traffic engineering
flexibility,
take full routes and use a BGP knob like route maps to modify existing
prefixes rather than make up your own. A default route of last resort is
fine; Overriding BGP through static routes degrades the utility of BGP.


Thanks for pointing this out. However I would like to argue whether
this is
a big drawback or not.

If the original poster had infinite money and infinite resources there
would be no question to ask. Just get the most expensive router out there
and get full tables.

So given that the money could be spent on other things, that might be
more
helpful for his company, is it good value to invest in new routers? I
believe every company and NOC teams needs to decide this for
themselves. I
do however feel this is often a rushed decision because people have an
idea
that anything less than full tables is not good enough and that you
are not
a real ISP if you do not have full tables etc.

It is true that your static routes could end up pointing at a half dead
router, that

Re: Whats' a good product for a high-density Wireless network setup?

2015-06-20 Thread Jeremy Bresley 

On 6/20/2015 11:32 PM, Randy Bush wrote:

My understanding is that the most recent NANOG had issues with clients
picking channels sequentially vs by signal strength. There may have
been other issues but when all devices use 149 because that's the
first they can and they get link that's not good.

If people know of tricks to solve this when there are 600-1000 devices
per room i am certain the NANOG eng team would love to know about it.

not really; they're in denial.  why did san antonio work; the only nanog
in 4 or more which did?  why does ietf work?

wireless is ugly.  few know how to deploy at scale.  it's just not easy.

randy
If people are curious what Cisco does for their 3x a year Cisco Live 
events (last week in San Diego there was 35TB of data transferred over 
that network), there's a panel discussion about how they deploy things 
and what tools they use for it.


https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=76483&backBtn=true
That's the session from Milan 2014, may require a free account to view 
the slides and video.
The session from San Diego is at 
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83806&backBtn=true
Doesn't look like they've finalized the slides and video for that 
session yet though.


In Milan they deployed 325 APs across 6 controllers (3 HA pairs). From 
experience at the US Live events, there's 10-15K people in the main hall 
during keynotes, there's probably close to 100 APs in that room alone 
with the stadium antennas for the density needed. There's a LOT of 
people trying to tweet during and this year periscope the keynote speeches.


If people are interested, I know a couple of the Cisco folks tend to 
lurk on this and other lists and can probably provide more details if 
asked nicely.


Jeremy "TheBrez" Bresley
b...@brezworks.com

48V DC Terminal server recommendations

2013-07-24 Thread Jeremy Bresley 
Looking for recommendations on a good terminal server to put into a 
telco colocate facility.


Requirements:
8-16 ports for Cisco console access (RJ-45s preferred, DB9s if we have to)
-48V DC power
USB/internal modem for OOB access
NEBS Level 1 (or better) compliance.

So far I've found Perle has several models that meet 3 out of 4, but 
none that meet all the requirements.  The only OpenGear boxes we're 
seeing with DC power is a little 4 port unit and they don't mention NEBS 
compliance.  Lantronix mentions DC power for their SLC line, but doesn't 
mention anything about NEBS compliance either.


Anybody have any recommendations for one they've used that meets all 4 
of those requirements?


Thanks!

Jeremy "TheBrez" Bresley
b...@brezworks.com

Re: Catalyst IOS refresher site?

2013-12-13 Thread Jeremy Bresley 

On 12/13/2013 12:12 PM, Jay Ashworth wrote:

It's been a bit too long since I was near the high end, so I grabbed a
4507 from my local surplus vendor; dual PS, dual supe, Gig Fiber (large
transceivers, alas, not GBIC), and 3 48port RJ45 POE cards.  For $60.

I love surplus.

Is there a good Catalyst-IOS tutorial on line I can buzz through, to
refresh my memory on where everything is?


Might help if you said what type of line cards and sup you've got.  A SupII era 
card is CatOS, SupIII and newer are IOS, command sets are completely different, 
and depending on the line cards you've got, you might have some of the really 
old L2 only cards (can't remember if you could do L3 on the bastard Gig/FE 
cards only, or if it was dependent on the particular Sup installed).  That 
said, if it's an IOS Sup, I'd start here:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_command_reference_list.html

Jeremy "TheBrez" Bresley
b...@brezworks.com

Re: NSA able to compromise Cisco, Juniper, Huawei switches

2013-12-30 Thread Jeremy Bresley 

On 12/30/2013 9:05 AM, Warren Bailey wrote:

I'd love to know how they were getting in flight wifi.


Sent from my Mobile Device.


 Original message 
From: sten rulz 
Date: 12/30/2013 12:32 AM (GMT-09:00)
To: nanog@nanog.org
Subject: NSA able to compromise Cisco, Juniper, Huawei switches


Found some interesting news on one of the Australia news websites.

http://www.scmagazine.com.au/News/368527,nsa-able-to-compromise-cisco-juniper-huawei-switches.aspx

Regards,
Steven.
Simple.  Grab it from where it hits the base stations.  One of the two 
big in-flight Wifi carriers in the US uses Sprint towers, I believe the 
other used satellite.


They have to get back to a ground station somewhere in order to get 
network access.  Easy to tap it there and send it wherever you want.


Grabbing an ad-hoc signal between two endpoints in the air is probably 
significantly more involved.  Implementation of this is left as an 
exercise for the VERY well-funded reader.  ;-)


Jeremy "TheBrez" Bresley
b...@brezworks.com

Re: Router for Metro Ethernet

2010-04-13 Thread Jeremy Parr 
On 13 April 2010 00:12, Owen DeLong  wrote:
> I stand corrected on the Mikrotik... Apparently, while not well documented, 
> they
> do, indeed support IPv6 and their Wiki even includes tunnel configuration
> information.
>
> Apologies to Mikrotik (and some encouragement to add this to your main-line
> documentation).

For better or worse, the Wiki *IS* their mainline documentation.

Re: Please do not respond to Dean and CC the NANOG list

2010-04-15 Thread Jeremy Parr 
On 15 April 2010 16:18, Dean Anderson  wrote:
> It won't end until the truth finally prevails and they quit trying to
> mislead people.

Can someone remove this guy form the Nanog list please?

  1   2   >