Re: What DNS Is Not

2009-11-08 Thread Paul Ferguson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Nov 8, 2009 at 9:35 PM, David Conrad wrote: > On Nov 8, 2009, at 4:59 PM, David Andersen wrote: >> Z. M. Mao, C. D. Cranor, F. Douglis, and M. Rabinovich. A Precise and >> Efficient Evaluation of the Proximity between Web Clients and their >>

[NANOG-announce] Communications Committee members

2009-11-08 Thread Steve Feldman
Kris Foster and Michael K. Smith have been chosen to fill two year terms on the Communications Committee (formerly known as the Mailing List Committee.) They join Randy Epstein and Tim Yocum, who are starting the second year of their terms, and Sue Joiner, who is the Merit appointee to the

Re: What DNS Is Not

2009-11-08 Thread David Conrad
On Nov 8, 2009, at 4:59 PM, David Andersen wrote: > Z. M. Mao, C. D. Cranor, F. Douglis, and M. Rabinovich. A Precise and > Efficient Evaluation of the Proximity between Web Clients and their Local DNS > Servers. In Proc. USENIX Annual Technical Conference, Berkeley, CA, June 2002. Given that pa

Re: Congress may require ISPs to block fraud sites H.R.3817

2009-11-08 Thread Bill Stewart
If you're a consumer broadband provider, and you use a DNS blackhole list so that any of your subscribers who tries to reach bigbank1.fakebanks.example.com gets redirected to fakebankwebsitelist.sipc.gov, you might be able to claim that you complied with the law, though the law's aggressive enough

Re: What DNS Is Not

2009-11-08 Thread Jorge Amodio
> DNS is NOT always defined by Paul... :) I agree Bill, but Paul is right on the money about how the DNS is being misused and abused to create more smoke and mirrors in the domain name biz. I really find annoying that some ISPs (several large ones among them) are still tampering with the DNS resp

Re: What DNS Is Not

2009-11-08 Thread Joe Abley
On 2009-11-09, at 10:35, Simon Lyall wrote: And my first question would be what would the load on the global routing system if a couple of thousand (say) extra sites started using anycast for their content? Are you asking what the impact would be of a couple of thousand extra routes in t

Re: What DNS Is Not

2009-11-08 Thread Simon Lyall
On Sun, 8 Nov 2009, Alex Balashov wrote: For example, perhaps in the case of CDNs geographic optimisation should be in the province of routing (e.g. anycast) and not DNS? Well my first answer to that would be that GSLB scales down a lot further than anycast. And my first question would be wh

Re: What DNS Is Not

2009-11-08 Thread Joe Greco
> Alex Balashov wrote: > > For example, perhaps in the case of CDNs geographic optimisation > > should be in the province of routing (e.g. anycast) and not DNS? > > > > -- Alex > > In most cases it already is. He completely fails to address the concept > of Anycast DNS and assumes people are usi

Re: What DNS Is Not

2009-11-08 Thread David Andersen
On Nov 8, 2009, at 7:46 PM, bmann...@vacation.karoshi.com wrote: "The paper also presents the results of trace-driven simulations that explore the effect of varying TTLs and varying degrees of cache sharing on DNS cache hit rates. " I'm not debating the traces - I wonder about the simu

Re: What DNS Is Not

2009-11-08 Thread bmanning
On Sun, Nov 08, 2009 at 07:42:18PM -0500, David Andersen wrote: > > On Nov 8, 2009, at 7:30 PM, bmann...@vacation.karoshi.com wrote: > > >On Sun, Nov 08, 2009 at 07:17:16PM -0500, David Andersen wrote: > >> > >>"Our trace-driven simulations yield two findings. First, reducing the > > > >

Re: What DNS Is Not

2009-11-08 Thread Paul Wall
On Sun, Nov 8, 2009 at 6:06 PM, Dave Temkin wrote: > In most cases it already is.  He completely fails to address the concept of > Anycast DNS and assumes people are using statically mapped resolvers. > > He also assumes that DNS is some great expense and that by not allowing tons > of caching we'

Re: What DNS Is Not

2009-11-08 Thread David Andersen
On Nov 8, 2009, at 7:30 PM, bmann...@vacation.karoshi.com wrote: On Sun, Nov 08, 2009 at 07:17:16PM -0500, David Andersen wrote: "Our trace-driven simulations yield two findings. First, reducing the --- -Dave a simulation is driven from a mathmatical

Re: What DNS Is Not

2009-11-08 Thread bmanning
On Sun, Nov 08, 2009 at 07:17:16PM -0500, David Andersen wrote: > > "Our trace-driven simulations yield two findings. First, reducing the --- > -Dave > a simulation is driven from a mathmatical model, not real world constructions. --bill

Re: What DNS Is Not

2009-11-08 Thread Scott Howard
On Sun, Nov 8, 2009 at 4:06 PM, Dave Temkin wrote: > He also assumes that DNS is some great expense and that by not allowing > tons of caching we're taking money out of peoples' wallets. This is just > not true with the exception of very few companies whose job it is to answer > DNS requests. >

Re: What DNS Is Not

2009-11-08 Thread bmanning
DNS is NOT always defined by Paul... :) --bill On Sun, Nov 08, 2009 at 05:39:47PM -0500, Alex Balashov wrote: > Thought-provoking article by Paul Vixie: > > http://queue.acm.org/detail.cfm?id=1647302 > > -- > Alex Balashov - Principal > Evariste Systems > Web : http://www.evaristesys.com

Re: What DNS Is Not

2009-11-08 Thread David Andersen
On Nov 8, 2009, at 7:06 PM, Dave Temkin wrote: Alex Balashov wrote: For example, perhaps in the case of CDNs geographic optimisation should be in the province of routing (e.g. anycast) and not DNS? -- Alex In most cases it already is. He completely fails to address the concept of Any

Re: What DNS Is Not

2009-11-08 Thread Dave Temkin
Alex Balashov wrote: For example, perhaps in the case of CDNs geographic optimisation should be in the province of routing (e.g. anycast) and not DNS? -- Alex In most cases it already is. He completely fails to address the concept of Anycast DNS and assumes people are using statically ma

Re: What DNS Is Not

2009-11-08 Thread Alex Balashov
Dave Temkin wrote: Alex Balashov wrote: Thought-provoking article by Paul Vixie: http://queue.acm.org/detail.cfm?id=1647302 I doubt Henry Ford would appreciate the Mustang. I don't think that is a very accurate analogy, and in any case, the argument is not that we should immediately cease

Re: What DNS Is Not

2009-11-08 Thread Dave Temkin
Alex Balashov wrote: Thought-provoking article by Paul Vixie: http://queue.acm.org/detail.cfm?id=1647302 I doubt Henry Ford would appreciate the Mustang. -Dave

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
Basically the organisation that I'm working for will not have the skills in house to support a linux or bsd box. They will have trouble with supporting the BGP configuration, however I don't think they will be happy with me if I leave them with a linux box when they don't have linux/unix resourc

Re: Failover how much complexity will it add?

2009-11-08 Thread Renato Frederick
There are any problems with quagga+BSD/Linux that you know or something like that? Or in your scenario a "cisco/juniper box" is a requirement? I'm asking this because I'm always running BGP with upstreams providers using quagga on BSD and everything is fine until now. --

RE: Failover how much complexity will it add?

2009-11-08 Thread John.Herbert
> >From: a...@baklawasecrets.com [a...@baklawasecrets.com] >- BGP router capable of holding full Internet routing table. (whether I go >for partial or full, >I think I want something with full capability). --Capable of holding _2_ full internet routing t

What DNS Is Not

2009-11-08 Thread Alex Balashov
Thought-provoking article by Paul Vixie: http://queue.acm.org/detail.cfm?id=1647302 -- Alex Balashov - Principal Evariste Systems Web : http://www.evaristesys.com/ Tel : (+1) (678) 954-0670 Direct : (+1) (678) 954-0671

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
So if my requirements are as follows: - BGP router capable of holding full Internet routing table. (whether I go for partial or full, I think I want something with full capability). - Capable of pushing 100meg plus of mixed traffic. What are my options? I want to exclude openbsd, or linux wi

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
So if my requirements are as follows: - BGP router capable of holding full Internet routing table. (whether I go for partial or full, I think I want something with full capability). - Capable of pushing 100meg plus of mixed traffic. What are my options? I want to exclude openbsd, or linux wi

Re: Pros and Cons of Cloud Computing in dealing with DDoS

2009-11-08 Thread Seth Mattinen
Sean Donelan wrote: > > Oh, the cloud service provider won't negotiate, won't give you unlimited > service credits, want to charge extra for that protection, don't want to > make promises it will work, and so on :-) > > The same unsolved problems from the 1970's mainframe/timesharing era > still

Re: Pros and Cons of Cloud Computing in dealing with DDoS

2009-11-08 Thread Sean Donelan
On Sun, 8 Nov 2009, Dobbins, Roland wrote: if the discussion hasn't shifted from that of DDoS to EDoS, it should. All DDoS is 'EDoS' - it's a distinction without a difference, IMHO. DDoS costs opex, can cost direct revenue, can induce capex spends - it's all about economics at bottom, always

Re: Failover how much complexity will it add?

2009-11-08 Thread Seth Mattinen
a...@baklawasecrets.com wrote: > I think partial routes makes perfect sense, makes sense that traffic for > customers who are connected to each of my upstreams should go out of > the correct BGP link as long as they are up! Now I need to start thinking of > BGP router choices, sure I have a plet

Re: Congress may require ISPs to block fraud sites H.R.3817

2009-11-08 Thread Mark Andrews
In message <75cb24520911060747x3556e01tbb80be8c9e0d5...@mail.gmail.com>, Christ opher Morrow writes: > On Thu, Nov 5, 2009 at 5:56 PM, wrote: > > On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said: > >> Did I miss a thread on this? Has anyone looked at this yet? > > > >> `(2) INTERNET SERVICE PRO

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
I think partial routes makes perfect sense, makes sense that traffic for customers who are connected to each of my upstreams should go out of the correct BGP link as long as they are up! Now I need to start thinking of BGP router choices, sure I have a plethora of choices :-( On Sun 10:01 P

Re: Failover how much complexity will it add?

2009-11-08 Thread Seth Mattinen
a...@baklawasecrets.com wrote: > Hi, > > Ok thanks for clearing that up. I'm getting some good feedback on applying > for PI and ASN through Ripe LIRs over on the UKNOF so I think I have a handle > on this. > With regards to BGP and using separate BGP routers. I am announcing my PI > space to

Re: Failover how much complexity will it add?

2009-11-08 Thread Seth Mattinen
a...@baklawasecrets.com wrote: > Hi, > > Thanks for the info on UKNOF. I've started a thread there with regards to > RIPE and obtaining ASN numbers and so on., as > this is I guess quite UK specific. > You will need an AS number regardless of what path you get your addresses from to multihome

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
Hi, Ok thanks for clearing that up. I'm getting some good feedback on applying for PI and ASN through Ripe LIRs over on the UKNOF so I think I have a handle on this. With regards to BGP and using separate BGP routers. I am announcing my PI space to my upstreams, but I don't need to carry a f

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
Don't think I sent the below to the list, so resending: Thanks Seth and James, Things are getting a lot clearer. The BGP multihoming solution sounds like exactly what I want. I have more questions :-) Now I suppose I would get my allocation from RIPE as I am UK based? Do I also need to appl

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
Hi, Thanks for the info on UKNOF. I've started a thread there with regards to RIPE and obtaining ASN numbers and so on., as this is I guess quite UK specific. Adel On Sun 8:40 PM , Arnold Nipper wrote: > Hi Adel, > > On 08.11.2009 21:24 Ken Gilmour wrote > > > There are companies like

Re: Failover how much complexity will it add?

2009-11-08 Thread Ken Gilmour
Hi Adel There are companies like packet exchange (www.packetexchange.net) (whom i have personally used) who will do all of the legwork for you, such as applying for the ASN, address space, transit agreements, and get the tail connections directly to your building. You just need to pay them and buy

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
Thanks Seth and James, Things are getting a lot clearer. The BGP multihoming solution sounds like exactly what I want. I have more questions :-) Now I suppose I would get my allocation from RIPE as I am UK based? Do I also need to apply for an AS number? As the IP block is "mine", it is ISP

Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN

2009-11-08 Thread Jeffrey Lyon
Kanak, We're not a Staminus reseller. Please do your homework: http://webtrace.info/asn/32421 . I'm not going to hold court on whether or not you or your resellers are DDoSing competitor's customers, I was merely stating my opinion. The reader can draw their own conclusion. I think your network i

Re: Failover how much complexity will it add?

2009-11-08 Thread Valdis . Kletnieks
On Sun, 08 Nov 2009 08:23:41 MST, Blake Pfankuch said: > I wouldn't sway from the big names for your primary connections either. This is, of course, dependent on the OP's location and budget. I know when we were getting our NLR connection set up, there was a fair amount of "You want 40G worth o

Re: Failover how much complexity will it add?

2009-11-08 Thread Seth Mattinen
a...@baklawasecrets.com wrote: > Thanks for all your comments guys. With regards to bgp I did > think about placing two bgp routers in front of the ssg's. However > my limited understanding makes me think that if I had two bgp > connections from different providers I would still have issues. So

RE: Failover how much complexity will it add?

2009-11-08 Thread John.Herbert
Seth Mattinen [se...@rollernet.us] said: >Forget all of that and just multihome to two separate providers with BGP --Assuming that you're advertising PI space or can work around that appropriately with your providers, I agree, that's the ideal situation. >Having multiple circuits to one provider

Re: Failover how much complexity will it add?

2009-11-08 Thread adel
Thanks for all your comments guys. With regards to bgp I did think about placing two bgp routers in front of the ssg's. However my limited understanding makes me think that if I had two bgp connections from different providers I would still have issues. So I guess that if my primary Internet go

Re: Failover how much complexity will it add?

2009-11-08 Thread Adam Rothschild
On 2009-11-08-10:23:41, Blake Pfankuch wrote: > Make sure they operate their own network for last mile [...] > I wouldn't sway from the big names for your primary connections > either. Because ownership of the provider/subsidiary delivering the last mile means one hand is talking to the other, an

Re: Failover how much complexity will it add?

2009-11-08 Thread Seth Mattinen
a...@baklawasecrets.com wrote: > HI, > > I was recently brought onto a project where some failover is desired, but I > think that the number of connections provisioned is excessive. Also hoping > to get some guidance with regards to how well I can get the failover to > actually work. So curre

Re: Human Factors and Accident reduction/mitigation

2009-11-08 Thread JC Dill
Anton Kapela wrote: What curve must we shift to get routers with hardware and software that's both a) fast b) reliable and c) cheap -- in the hopes that the only problems left to solve indeed are human ones? Fast, Reliable, Cheap - pick any two. No, you can't have all three. The fastest(best

Re: Human Factors and Accident reduction/mitigation

2009-11-08 Thread Anton Kapela
Owen, > We could learn a lot about this from Aviation.  Nowhere in human history has > more research, care, training, and discipline been applied to accident > prevention, > mitigation, and analysis as in aviation.  A few examples: Others later in this thread duly noted a definite relationship of

Re: Failover how much complexity will it add?

2009-11-08 Thread Joe Maimon
a...@baklawasecrets.com wrote: HI, Now I couldn't get any good answers as to why Internet connections 1 and 2 need to be separate. I think the idea was to make sure that there was enough bandwidth for the third party support VPN. I feel that I can consolidate this into one connection and

RE: Failover how much complexity will it add?

2009-11-08 Thread Blake Pfankuch
>> -Original Message- >> From: a...@baklawasecrets.com [mailto:a...@baklawasecrets.com] >> Sent: Sunday, November 08, 2009 4:52 AM >> To: nanog@nanog.org >> Subject: Failover how much complexity will it add? >> >> HI, >> >> I was recently brought onto a project where some failover is desire

Failover how much complexity will it add?

2009-11-08 Thread adel
HI, I was recently brought onto a project where some failover is desired, but I think that the number of connections provisioned is excessive. Also hoping to get some guidance with regards to how well I can get the failover to actually work. So currently 4 X 100Mb/s Internet connections have

Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN

2009-11-08 Thread noc acrino
2009/11/6 Jeffrey Lyon > The primary issue is that we receive a fair > deal of customers who end up with wide scale DDoS attacks followed by > an offer for "protection" to move to your network. In almost every > case the attacks cease once the customer has agreed to pay this > "protection" fee.