NANOG58 parking

2013-05-05 Thread Jeff Wheeler
I noticed that some folks were unhappy with the parking fee in Orlando. The Roosevelt New Orleans, for NANOG 58, tells me that the only on-site parking is valet for $42/day. Anyone planning to drive or stay at a different hotel may want to consider that in advance. -- Jeff S Wheeler Sr Network

Re: Mitigating DNS amplification attacks

2013-05-01 Thread Jeff Wheeler
On Tue, Apr 30, 2013 at 8:35 PM, Jared Mauch wrote: > Please provide advice and insights as well as directing customers to the > openresolverproject.org website. We want to close these down, if you need an > accurate list of IPs in your ASN, please email me and I can give you very > accurate da

Re: Cloudflare is down

2013-03-04 Thread Jeff Wheeler
On Mon, Mar 4, 2013 at 9:51 AM, Leo Bicknell wrote: > will fix the problem. It won't. Next time the issue will be > different, and the same undertrained person who missed the packet > size this time will miss the next issue as well. They should all be > sitting around saying, "how can we hire c

Re: 32-bit ASes at routeviews

2012-12-17 Thread Jeff Wheeler
On Mon, Dec 17, 2012 at 6:14 AM, Claudio Jeker wrote: > This can happen when a old 2-byte only routers are doing prepends with the > neighbor address (4-byte). Then the magic in the 4-byte AS RFC to fix up > ASPATH has no chance to work and you will see 23456. After a careful re-read of RFC4893 s

OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

2012-11-29 Thread Jeff Wheeler
I had two downstream BGP customers experience problem with an OpenBGPd bug tonight. Before diving into detail, I would like to link this mailing list thread, because this is not a new issue and a patch is available: http://www.mail-archive.com/misc@openbsd.org/msg115071.html For the following DFZ

Re: Looking for recommendation on 10G Ethernet switch

2012-11-02 Thread Jeff Wheeler
On Fri, Nov 2, 2012 at 11:13 AM, Eric Germann wrote: > I'm looking for a recommendation on a smallish 10G Ethernet switch for a > small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over > iSCSI with some legacy boxes on GigE. > 1Gbps. Assessing whether it is better to go 10G now v

Re: Flood affecting US east coast communication facilities?

2012-10-30 Thread Jeff Wheeler
On Tue, Oct 30, 2012 at 3:46 AM, Kauto Huopio wrote: > Any reports on damage to communications facilities on US east coast? Yes. The outages list is a better place to look for this information. https://puck.nether.net/pipermail/outages/2012-October/date.html -- Jeff S Wheeler Sr Network Oper

Re: IPv6 Address allocation best practises for sites.

2012-09-24 Thread Jeff Wheeler
On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell wrote: > Does the best practise switch to now using one IPv6 per site, or still the > same one IPv6 for multi-sites? Certainly it would be nice to have IPv6 address per vhost. In many cases, this will be practical. It also sometimes will NOT be pra

Re: Bell Canada outage?

2012-08-08 Thread Jeff Wheeler
We have been advised that TATA/6453 is back to normal, and re-activated our BGP to them. Everything seems okay on this front. No update from Bell Canada yet. On Wed, Aug 8, 2012 at 4:11 PM, Harald Koch wrote: > On 8 August 2012 16:10, Zachary McGibbon >> Thanks for the info, looks like Bell nee

Re: Bell Canada outage?

2012-08-08 Thread Jeff Wheeler
On Wed, Aug 8, 2012 at 2:35 PM, Chris Stone wrote: > Outages mailing list is reporting that Tata is having problems in Montreal > affecting 'many routers'...maybe this is related? I am a transit customer of both TATA and Bell Canada. We saw route churn and heavy packet loss via both Bell and

Re: POTS Ending (Re: Operation Ghost Click)

2012-05-07 Thread Jeff Wheeler
On Wed, May 2, 2012 at 11:29 PM, Jared Mauch wrote: > http://www.usatoday.com/news/nation/story/2012-04-16/landline-service-becoming-obsolete/54321184/1 Indiana is doing away with its requirement that the incumbent LECs supply voice service to rural areas. Indiana also used to require a telephon

filtering /48 is going to be necessary

2012-03-09 Thread Jeff Wheeler
On Fri, Mar 9, 2012 at 3:23 AM, Mehmet Akcin wrote: > if you know anyone who is filtering /48 , you can start telling them to STOP > doing so as a good citizen of internet6. I had a bit of off-list discussion about this topic, and I was not going to bring it up today on-list, but since the other

Re: L3 VPN Management

2012-03-07 Thread Jeff Wheeler
On Wed, Mar 7, 2012 at 2:07 AM, Leigh Porter wrote: > What's the nicest way of allowing the ops servers all talk to each VPN > instance? At the moment I just us pretty normal L3VPN techniques so that > every VPN sees routes tagged with the ops VPN target community and so that > the ops VPN sees

Re: common time-management mistake: rack & stack

2012-02-17 Thread Jeff Wheeler
On Fri, Feb 17, 2012 at 3:34 AM, Nathan Eisenberg wrote: > No, your CTO shouldn't  be racking and stacking routers all the time.  The > fundamental concept of an organizational hierarchy dictates that.  But a CTO > who has lost touch with the challenges inherent in racking and stacking a > rout

common time-management mistake: rack & stack

2012-02-16 Thread Jeff Wheeler
Randy's P-Touch thread brings up an issue I think is worth some discussion. I have noticed that a lot of very well-paid, sometimes well-qualified, networking folks spend some of their time on "rack & stack" tasks, which I feel is a very unwise use of time and talent. Imagine if the CFO of a bank

Re: Common operational misconceptions

2012-02-15 Thread Jeff Wheeler
On Wed, Feb 15, 2012 at 3:47 PM, John Kristoff wrote: > I have a handful of common misconceptions that I'd put on a top 10 list, By your classful addressing example, it sounds like these students are what most nanog posters would consider to be entry-level. RFC1918 is misused a lot by entry-leve

Re: UDP port 80 DDoS attack

2012-02-06 Thread Jeff Wheeler
On Mon, Feb 6, 2012 at 8:43 PM, Sven Olaf Kamphuis wrote: > there is a fix for it, it's called "putting a fuckton of ram in -most- > routers on the internet" and keeping statistics for each destination > ip:destination port:outgoing interface so that none of them individually can > (entirely/proce

Re: UDP port 80 DDoS attack

2012-02-05 Thread Jeff Wheeler
On Sun, Feb 5, 2012 at 10:08 PM, Steve Bertrand wrote: > This is so very easily automated. Even if you don't actually want to trigger > the routes automatically, finding the sources you want to blackhole is as What transit providers are doing flow-spec, or otherwise, to allow their downstreams to

Re: Verisign deep-hacked. For months.

2012-02-02 Thread Jeff Wheeler
On Thu, Feb 2, 2012 at 7:26 PM, Suresh Ramasubramanian wrote: > So what part of VRSN got broken into?  They do a lot more than just DNS. Indeed, VeriSign owns Illuminet, who are mission-critical for POTS. Illuminet is also in the business of recording telephone calls, SMS messages, etc. for law e

Re: MD5 considered harmful

2012-01-27 Thread Jeff Wheeler
On Fri, Jan 27, 2012 at 6:35 PM, Keegan Holley wrote: > realizes that it's ok to let gig-e auto-negotiate.  I've never really > seen MD5 cause issues. I have run into plenty of problems caused by MD5-related bugs. 6500/7600 can still figure the MSS incorrectly when using it. It used to be possi

Re: subnet prefix length > 64 breaks IPv6?

2011-12-28 Thread Jeff Wheeler
On Wed, Dec 28, 2011 at 5:07 PM, Ray Soucy wrote: > The suggestion of disabling ND outright is a bit extreme.  We don't > need to disable ARP outright to have functional networks with a > reasonable level of stability and security.  The important thing is I don't think it's at all extreme. If yo

Re: subnet prefix length > 64 breaks IPv6?

2011-12-28 Thread Jeff Wheeler
On Wed, Dec 28, 2011 at 10:19 AM, Ray Soucy wrote: > There are a few solutions that vendors will hopefully look into.  One > being to implement neighbor discovery in hardware (at which point > table exhaustion also becomes a legitimate concern, so the logic > should be such that known associations

Re: IPv6 RA vs DHCPv6 - The chosen one?

2011-12-23 Thread Jeff Wheeler
On Fri, Dec 23, 2011 at 4:13 PM, Mohacsi Janos wrote: > If you can limit number of ARP/NDP entries per interfaces and you complement > RAGuard and DHCPv4 snooping your are done. That depends on how ARP/ND gleaning works on the box. In short, Cisco already has a knob to limit the number of ND ent

Re: De-bogon not possible via arin policy.

2011-12-15 Thread Jeff Wheeler
On Thu, Dec 15, 2011 at 4:54 PM, Joel jaeggli wrote: > We know rather alot about the original posters' business, it has ~34 > million wireless subscribers in north america. I think it's safe to > assume that adequate docuementation could be provided. I missed the post where he supplied this infor

Re: local_preference for transit traffic?

2011-12-14 Thread Jeff Wheeler
On Thu, Dec 15, 2011 at 2:24 AM, Keegan Holley wrote: > I always assumed that taking in more traffic was a bad thing.  I've heard > about one sided peering agreements where one side is sending more traffic > than the other needs them to transport. Am I missing something?  Would this > cause a shif

Re: local_preference for transit traffic?

2011-12-14 Thread Jeff Wheeler
On Thu, Dec 15, 2011 at 1:07 AM, Keegan Holley wrote: > Had in interesting conversation with a transit AS on behalf of a customer > where I found out they are using communities to raise the local preference That sounds like a disreputable practice. While not quite as obvious, some large transit

Re: De-bogon not possible via arin policy.

2011-12-14 Thread Jeff Wheeler
On Wed, Dec 14, 2011 at 4:15 PM, Cameron Byrne wrote: > Fyi, I just was rejected from arin for an ipv4 allocation. I demonstrated I > own ~100k ipv4 addresses today. > > My customers use over 10 million bogon / squat space ip addresses today, > and I have good attested data on that. Cameron, I h

Re: Writable SNMP

2011-12-06 Thread Jeff Wheeler
On Tue, Dec 6, 2011 at 11:07 AM, Keegan Holley wrote: > For a few years now I been wondering why more networks do not use writable > SNMP.  Most automation solutions actually script a login to the various I've spent enough time writing code to deal with SNMP (our own stack, not using Net-SNMP or

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

2011-12-01 Thread Jeff Wheeler
On Thu, Dec 1, 2011 at 9:42 AM, Chuck Anderson wrote: > Jumping in here, how about static ND entries?  Then you can use the > /64 for P-t-P, but set the few static ND entries you need, and turn > off dynamic ND.  An out-of-band provisioning system could add static > ND entries as needed. > > Anoth

Re: Link local for P-t-P links? (Was: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?)

2011-12-01 Thread Jeff Wheeler
On Wed, Nov 30, 2011 at 9:15 PM, Mike Jones wrote: > Link-Local? > > For "true" P-t-P links I guess you don't need any addresses on the Point-to-point links in your backbone are by far the easiest thing to defend against this attack. I wish we would steer the discussion away from point-to-point

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

2011-11-30 Thread Jeff Wheeler
On Wed, Nov 30, 2011 at 3:13 PM, Owen DeLong wrote: > As such, I prefer to deploy IPv6 as it is today and resolve the bugs > and the security issues along the way (much like we did with IPv4). Why is the Hurricane Electric backbone using /126 link-nets, not /64? You used to regularly claim there

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

2011-11-30 Thread Jeff Wheeler
On Wed, Nov 30, 2011 at 9:48 AM, Ray Soucy wrote: > 1. Using a stateful firewall (not an ACL) outside the router > responsible for the 64-bit prefix.  This doesn't scale, and is not a > design many would find acceptable (it has almost all the problems of > an ISP running NAT) Owen has suggested "

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

2011-11-29 Thread Jeff Wheeler
On Tue, Nov 29, 2011 at 12:42 AM, Owen DeLong wrote: > That's _NOT_ a fair characterization of what I said above, nor is it > a fair characterization of my approach to dealing with neighbor table > attacks. Here are some direct quotes from our discussion: > Since we have relatively few customers

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

2011-11-29 Thread Jeff Wheeler
On Tue, Nov 29, 2011 at 1:43 AM, wrote: > It's worked for us since 1997.  We've had bigger problems with IPv4 worms That's not a reason to deny that the problem exists. It's even fixable. I'd prefer that vendors fixed it *before* there were massive botnet armies with IPv6 connectivity, but in

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

2011-11-28 Thread Jeff Wheeler
On Mon, Nov 28, 2011 at 4:51 PM, Owen DeLong wrote: > Technically, absent buggy {firm,soft}ware, you can use a /127. There's no > actual benefit to doing anything longer than a /64 unless you have > buggy *ware (ping pong attacks only work against buggy *ware), > and there can be some advantages t

Re: Anyone seen this kind of problem? SIP traffic not getting to destination but traceroute does

2011-11-09 Thread Jeff Wheeler
On Wed, Nov 9, 2011 at 1:47 PM, Jay Nakamura wrote: > So my questions is, is it possible there is some kind of filter at > Qwest or Level 3 that is dropping traffic only for udp 5060 for select > few IPs?  That's the only explanation I can come up with other than I ran into exactly this problem l

Re: BGP conf

2011-11-02 Thread Jeff Wheeler
On Wed, Nov 2, 2011 at 10:04 PM, Jack Bates wrote: > Have to read the current cymru bgp templates? > > ! manner. Why not consider peering with our globally distributed bogon > ! route-server project? Alternately you can obtain a current and well I'm not telling you something you don't already kno

Re: BGP conf

2011-11-02 Thread Jeff Wheeler
On Wed, Nov 2, 2011 at 8:44 PM, Jack Bates wrote: > Now I have the mile long monstrosity that uses BGP communities for > everything, and of route-maps/policies with prefix-lists for downstream > customers. You have to start somewhere. > > cymru secure bgp templates is probably a good beginning. I

Re: BGP conf

2011-11-02 Thread Jeff Wheeler
On Wed, Nov 2, 2011 at 7:50 PM, Edward avanti wrote: > sorry, my english not so perfect, at no time I mean send to IX what Verizon > send me, I'm not THAT stupid hehe > I mean if destination/origin is via IX, then send THAT traffic only by IX > and not Verizon. I understood what you mean. The re

Re: BGP conf

2011-11-01 Thread Jeff Wheeler
On Tue, Nov 1, 2011 at 9:01 PM, Edward avanti wrote: > many example seem > insecure no prefix list so on. ... > I am not ignorant with cisco 7201, but am total newby to BGP. Your concern about a lack of any prefix-lists in the documentation / examples you have read is justified. If you are conne

Re: iCloud - Is it going to hurt access providers?

2011-09-04 Thread Jeff Wheeler
On Sun, Sep 4, 2011 at 4:45 PM, Wayne E Bouchard wrote: > Okay, so to state the obvious for those who missed the point... > > The congestion will either be directly in front of user because > they're flooding their uplink or towards the destination (beit a > single central network or a set of stor

Deploying IPv6 Responsibly

2011-08-19 Thread Jeff Wheeler
On Fri, Aug 19, 2011 at 12:59 PM, Frank Bulk wrote: > I just noticed that the quad-A records for both those two hosts are now > gone.  DNS being what it is, I'm not sure when that happened, but our > monitoring system couldn't get the for www.qwest.com about half an hour > ago. > > Hopefully

Re: OSPF vs IS-IS

2011-08-12 Thread Jeff Wheeler
I thought I'd chime in from my perspective, being the head router jockey for a bunch of relatively small networks. I still find that many routers have support for OSPF but not IS-IS. That, plus the fact that most of these networks were based on OSPF before I took charge of them, in the absence of

Re: IPv6 end user addressing

2011-08-10 Thread Jeff Wheeler
On Wed, Aug 10, 2011 at 8:40 PM, Mark Andrews wrote: > No.  A typical user has 10 to 20 addresses NAT'd to one public address. I'd say this is fair. Amazingly enough, it all basically works right with one IP address today. It will certainly be nice to have the option to give all these devices p

Re: IPv6 end user addressing

2011-08-10 Thread Jeff Wheeler
On Wed, Aug 10, 2011 at 7:12 PM, Owen DeLong wrote: >> Is it true that there is no existing work on this?  If that is the >> case, why would we not try to steer any such future work in such a way >> that it can manage to do what the end-user wants without requiring a >> /48 in their home? > > No,

Re: IPv6 end user addressing

2011-08-10 Thread Jeff Wheeler
On Wed, Aug 10, 2011 at 2:03 PM, Owen DeLong wrote: > That said, /48 to the home should be what is happening, and /56 is > a better compromise than anything smaller. Is hierarchical routing within the SOHO network the reason you believe /48 is useful? You don't really imagine that end-users will

Re: IPv6 end user addressing

2011-08-10 Thread Jeff Wheeler
On Wed, Aug 10, 2011 at 6:55 AM, Alexander Harrowell wrote: > Thinking about the CPE thread, isn't this a case for bridging as a > feature in end-user devices? If Joe's media-centre box etc would bridge > its downstream ports to the upstream port, the devices on them could > just get an address, w

Re: IPv6 end user addressing

2011-08-07 Thread Jeff Wheeler
On Sun, Aug 7, 2011 at 6:58 PM, Mark Andrews wrote: > So you want HE to force all their clients to renumber. No. I am simply pointing out that Owen exaggerated when he stated that he implements the following three practices together on his own networks: * hierarchical addressing * nibble-aligned

Re: IPv6 end user addressing

2011-08-07 Thread Jeff Wheeler
On Sat, Aug 6, 2011 at 7:26 PM, Owen DeLong wrote: >> Well, you aren't actually doing this on your network today.  If you >> practiced what you are preaching, you would not be carrying aggregate >> routes to your tunnel broker gateways across your whole backbone. > > Yes we would. No, if you actu

Re: IPv6 end user addressing

2011-08-06 Thread Jeff Wheeler
On Sat, Aug 6, 2011 at 12:36 PM, Owen DeLong wrote: > On Aug 6, 2011, at 3:15 AM, Jeff Wheeler wrote: >> Note that in this thread, you advocate three things that are a little >> tough to make work together: >> * hierarchical addressing plan / routing >> * nib

Re: IPv6 end user addressing

2011-08-06 Thread Jeff Wheeler
On Sat, Aug 6, 2011 at 5:21 AM, Owen DeLong wrote: >> At least don't make your life miserable by experimenting with too many >> different assignment sizes, >> or advocate /64s or something, that's considered a design fault which will >> come back to you some day. >> Read the RfCs and RIR policy

Re: [lisp] Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-18 Thread Jeff Wheeler
On Mon, Jul 18, 2011 at 12:15 PM, Noel Chiappa wrote: > Let me make sure I understand your point here. You don't seem to be > disagreeing with the assertion that for most sites (even things like very > large universities, etc), their 'working set' (of nodes they communicate) > with will be much sm

Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?))

2011-07-17 Thread Jeff Wheeler
On Sun, Jul 17, 2011 at 3:40 PM, Owen DeLong wrote: > Basically an ND entry would have the following states and timers: I've discussed what you have described with some colleagues in the past. The idea has merit and I would certainly not complain if vendors included it (as a knob) on their boxes

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-17 Thread Jeff Wheeler
On Sun, Jul 17, 2011 at 11:07 AM, Eliot Lear wrote: > We all make mistakes in not questioning our own positions, from time to > time.  You, Jeff, seem to be making that very same mistake. > Rome wasn't built in a day.  The current system didn't come ready-made > pre-built with all the bells and w

Re: NDP DoS attack (was Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?))

2011-07-17 Thread Jeff Wheeler
On Sun, Jul 17, 2011 at 11:42 AM, William Herrin wrote: > My off-the-cuff naive solution to this problem would be to discard the > oldest incomplete solicitation to fit the new one and, upon receiving > an apparently unsolicited response to a discarded solicitation, > restart the process flagging

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-13 Thread Jeff Wheeler
Luigi, you have mis-understood quite a bit of the content of my message. I'm not sure if this is of any further interest to NANOG readers, but as it is basically what seems to go on a lot, from my observations of IETF list activity, I'll copy my reply to the list as you have done. On Wed, Jul 13,

Re: in defense of lisp (was: Anybody can participate in the IETF)

2011-07-13 Thread Jeff Wheeler
On Wed, Jul 13, 2011 at 2:27 AM, Randy Bush wrote: >> I fear that at its worst and most successful, LISP ensures ipv4 is the >> backbone transport media to the detriment of ipv6 and at its best, it >> is a distraction for folks that need to be making ipv6 work, for real. > > i suspect that a numbe

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-12 Thread Jeff Wheeler
On Tue, Jul 12, 2011 at 11:42 AM, Leo Bicknell wrote: > I'll pick on LISP as an example, since many operators are at least > aware of it.  Some operators have said we need a locator and identifier > split.  Interesting feedback.  The IETF has gone off and started > playing in the sandbox, trying t

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-11 Thread Jeff Wheeler
On Mon, Jul 11, 2011 at 7:48 PM, Jimmy Hess wrote: > If every vendor's implementation is vulnerable to a NDP Exhaustion > vulnerability, > how come the behavior of specific routers has not been documented > specifically? Well, I am in the business of knowing the behavior of kit being considered

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-11 Thread Jeff Wheeler
On Mon, Jul 11, 2011 at 5:12 PM, Owen DeLong wrote: > No... I like SLAAC and find it useful in a number of places. What's wrong > with /64? Yes, we need better DOS protection in switches and routers See my slides http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf for why no vendor's implementatio

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-11 Thread Jeff Wheeler
On Mon, Jul 11, 2011 at 3:35 PM, Leo Bicknell wrote: > The IETF does not want operators in many steps of the process.  If > you try to bring up operational concerns in early protocol development > for example you'll often get a "we'll look at that later" response, > which in many cases is right.  

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-11 Thread Jeff Wheeler
On Mon, Jul 11, 2011 at 3:18 PM, William Herrin wrote: > On the other hand, calling out ops issues in RFCs is a modest reform > that at worst shouldn't hurt anything. That beats my next best idea: I think if this were done, some guy like me would spend endless hours arguing with others about what

Re: Why is IPv6 broken?

2011-07-11 Thread Jeff Wheeler
On Mon, Jul 11, 2011 at 3:25 AM, Tom Hill wrote: > On Sun, 2011-07-10 at 10:14 -0400, Jeff Wheeler wrote: >> Cogent's policy of requiring a new contract, and from what I am still >> being told by some European customers, new money, from customers in >> exchange for pro

Re: Anybody can participate in the IETF (Was: Why is IPv6 broken?)

2011-07-10 Thread Jeff Wheeler
On Sun, Jul 10, 2011 at 3:45 PM, Owen DeLong wrote: > Number two: While anyone can participate, approaching IETF as an > operator requires a rather thick skin, or, at least it did the last couple > of times I attempted to participate. I've watched a few times where I am subscribed to the IDR (BGP

Re: Why is IPv6 broken?

2011-07-10 Thread Jeff Wheeler
On Sat, Jul 9, 2011 at 5:25 PM, Bob Network wrote: > Why is IPv6 broken? You should have titled your thread, "my own personal rant about Hurricane Electric's IPv6 strategy." You may also have left out the dodgy explanation of peering policies and technicalities, since these issues have been rema

Re: Wacky Weekend: NERC to relax power grid frequency strictures

2011-06-25 Thread Jeff Wheeler
On Sun, Jun 26, 2011 at 12:23 AM, Alex Rubenstein wrote: > At least here in JCPL territory (northern NJ), closed transition is frowned > upon. Too much risk, they think. They are correct, really, but the risk is > mostly yours. If you lock to the utility out-of-phase, you will surely lose > and

Re: ICANN to allow commercial gTLDs

2011-06-17 Thread Jeff Wheeler
On Sat, Jun 18, 2011 at 12:04 AM, George B. wrote: > I think I will get .payme  and make sure coke.payme, pepsi.payme, > comcast.payme, etc. all get registered at the low-low price of > $10/year.  All I would need is 100,000 registrations to provide me > with a million dollar a year income stream

Re: Consequences of BGP Peering with Private Addresses

2011-06-16 Thread Jeff Wheeler
On Wed, Jun 15, 2011 at 12:47 PM, James Grace wrote: > So we're running out of peering space in our /24 and we were considering > using private /30's for new peerings.  Are there any horrific consequences to > picking up this practice? I agree with other posters that this is not a good practice

Re: Cogent IPv6

2011-06-09 Thread Jeff Wheeler
On Thu, Jun 9, 2011 at 8:50 AM, ML wrote: > I guess someone with a >1 Gb commit in a not so small city deserves to be > charged extra for a few Mbps of IPv6... > > For a not so full table at that. We canceled some 10GbE Cogent circuits because of Cogent's refusal to provision IPv6 without adding

v6 transit swaps harmful

2011-06-07 Thread Jeff Wheeler
In case there are folks who missed this in the past few years, we will soon be past the point where IPv6 transit swaps and other incubation tools are acceptable to customers. How is it that Tiscali and Sprint can only get together via IIJ? Who is to blame? From my perspective, all three networks

Re: IPv6 foot-dragging

2011-05-12 Thread Jeff Wheeler
On Thu, May 12, 2011 at 8:39 PM, Jimmy Hess wrote: > A very important distinction. The _immediate_  hit to the DFZ might be > the same as obtaining PI V6 space, > but the _long term_ hit to the DFZ might be much greater; The real issue is that there are many /48 announcements today which should b

Re: Yahoo and IPv6

2011-05-09 Thread Jeff Wheeler
On Mon, May 9, 2011 at 10:04 PM, Joel Maslak wrote: > On Mon, May 9, 2011 at 3:57 PM, Jeff Wheeler wrote: > I do take issue with your suggestion that /64 LANs are in any way >> smart in the datacenter.  They are not.  I have some slides on this >> topic: http://i

Re: Yahoo and IPv6

2011-05-09 Thread Jeff Wheeler
On Mon, May 9, 2011 at 4:41 PM, Jared Mauch wrote: > I'd like to see more progress getting there than finger pointing. I would, too; but one harsh reality is that vendors are driven by RFPs, not by what they consciously know their customers will need in the near future. Why should vendors invest

Re: Finger pointing [was: Yahoo and IPv6]

2011-05-09 Thread Jeff Wheeler
On Mon, May 9, 2011 at 4:40 PM, Patrick W. Gilmore wrote: > Unfortunately, finger-pointing will not fix the problem. Actually, finger-pointing is very helpful at this stage. I was able to change my local ISP's tune from "we have enough IPv4 addresses for our customers, so we aren't going to supp

Re: Yahoo and IPv6

2011-05-09 Thread Jeff Wheeler
On Mon, May 9, 2011 at 3:58 PM, Doug Barton wrote: > I do agree with you that pointing fingers at this stage is really not > helpful. I continue to maintain that being supportive of those content > networks that are willing to wade in is the right answer. Frankly, I think the finger is simply poi

Re: How do you put a TV station on the Mbone?

2011-05-04 Thread Jeff Wheeler
On Thu, May 5, 2011 at 1:55 AM, George Bonser wrote: > multicast. How do I encrypt something in a way that anyone can decrypt > but nobody can duplicate?  If I have a separate stream per user, that is Have you ever seen a CableCARD? That's pretty much what it does, except not "anyone" can decryp

Re: How do you put a TV station on the Mbone?

2011-05-04 Thread Jeff Wheeler
On Wed, May 4, 2011 at 2:22 PM, Scott Helms wrote: > Local caching is MUCH more efficient than having the same traffic running in > streams and depending on everyone's PC to try and update in the same time This only works, of course, if there is a local cache which PCs are aware of. > Same issue

Re: How do you put a TV station on the Mbone?

2011-05-04 Thread Jeff Wheeler
On Wed, May 4, 2011 at 12:45 PM, Leigh Porter wrote: > Agreed, it seems the only demand really for this live viewing is sport, news > and background programming like the mentioned breakfast television. I disagree with the general notion that multicast is not useful except for live content. Allow

Re: Amazon diagnosis

2011-05-01 Thread Jeff Wheeler
On Sun, May 1, 2011 at 2:18 PM, Andrew Kirch wrote: > Sure they can, but as a thought exercise fully 2n redundancy is > difficult on a small scale for anything web facing.  I've seen a very > simple implementation for a website requiring 5 9's that consumed over > $50k in equipment, and this wasn'

Re: IPv4 address exchange

2011-04-19 Thread Jeff Wheeler
On Tue, Apr 19, 2011 at 5:16 PM, Benson Schliesser wrote: > Without defining what an optimal cost might be, my comment was intended to > show that our current baseline already results in a surplus. I don't think the cost of IPv4 addresses has anywhere to go but up. This mysterious Nortel/Microso

Re: IPv4 address exchange

2011-04-19 Thread Jeff Wheeler
On Tue, Apr 19, 2011 at 4:14 PM, Benson Schliesser wrote: > Meanwhile, under the current system, ARIN has managed to accumulate a >$25M > cash reserve despite an increasing budget. (see > https://www.arin.net/participate/meetings/reports/ARIN_XXVII/PDF/Wednesday/andersen_treasurer.pdf) If you w

Re: IPv4 address exchange

2011-04-19 Thread Jeff Wheeler
On Tue, Apr 19, 2011 at 2:37 PM, John Curran wrote: >    Imagine for a moment that you had quite a few > unneeded addresses and the upheaval also meant > no pesky policy constraints on your monetization efforts - > would you then view it as having some benefit?  You just > might not have the right

Re: IPv4 address exchange

2011-04-19 Thread Jeff Wheeler
On Tue, Apr 19, 2011 at 12:16 PM, David Conrad wrote: > However, as far as I can tell, multiple registries isn't what is implicitly > being proposed.  What appears to be eing proposed is something a bit like the > registry/registrar split, where there is a _single_ IPv4 registry and > multiple

Re: IPv4 address exchange

2011-04-18 Thread Jeff Wheeler
On Mon, Apr 18, 2011 at 10:35 PM, David Conrad wrote: > And yet, Ron has recently raged on this list about hijacked prefixes used for > spamming, so clearly "no transit network" is inaccurate. I try to qualify my remarks when necessary. In this case, I wrote "except by act of omission/mistake,"

Re: IPv4 address exchange

2011-04-18 Thread Jeff Wheeler
On Mon, Apr 18, 2011 at 7:33 PM, David Conrad wrote: > [ARIN] does not have full buy-in from those who they would try to regulate ARIN has all the buy-in they need: No transit network will (except by act of omission/mistake) allow you to announce IPs that aren't registered to you in an RIR databa

Re: Implementations/suggestions for Multihoming IPv6 for DSL sites

2011-04-18 Thread Jeff Wheeler
2011/4/18 Lukasz Bromirski : > LISP scales better, because with introduction of *location* > prefix, you're at the same time (or ideally you would) > withdraw the original aggregate prefix. And as no matter how > you count it, the number of *locations* will be somewhat > limited vs number of *PI* a

Re: Implementations/suggestions for Multihoming IPv6 for DSL sites

2011-04-13 Thread Jeff Wheeler
On Tue, Apr 12, 2011 at 4:59 AM, Luigi Iannone wrote: > This is not true. There are several works out there showing that the FIB will > not grow as you are saying. Having taken some time to discuss this off-list with Luigi. I'd already read the paper he had in mind, which does not address DoS o

Re: Level 3 Agrees to Purchase Global Crossing

2011-04-11 Thread Jeff Wheeler
If I were a large tier-2 with SFI to one, but not both, of Level3 and GBLX, I would see this acquisition as an opportunity to squeeze peering out of the other network, or eventual combination of both, in trade for not stirring the pot with regulators. Perhaps AS3356 will carry AS6939 IPv6 routes s

Re: Implementations/suggestions for Multihoming IPv6 for DSL sites

2011-04-11 Thread Jeff Wheeler
On Mon, Apr 11, 2011 at 2:03 PM, Owen DeLong wrote: > I do tend to think that any technology sufficiently confusing that I cannot > understand it well after reasonable effort is of questionable value > for wide deployment. The secret is to ignore all the crazy acronyms and boil it down to this --

Re: Implementations/suggestions for Multihoming IPv6 for DSL sites

2011-04-11 Thread Jeff Wheeler
On Mon, Apr 11, 2011 at 11:26 AM, Owen DeLong wrote: > I'd agree with you if it weren't for the fact I keep thinking I just about > understand LISP and then get told > that my understanding is incorrect (repeatedly). I agree it is not simple. At a conceptual level, we can think of existing mult

Re: [torix-ops] Fabric Issues Update

2011-04-08 Thread Jeff Wheeler
Netelligent's sessions are also down to allow for troubleshooting without disrupting customer traffic, and we'll turn back up once TORIX indicates everything is okay. For any members who might have a usage-based billing for carrier transport to TORIX, it is worth mentioning that if you see extra "

Re: State of QoS peering in Nanog

2011-04-02 Thread Jeff Wheeler
On Sat, Apr 2, 2011 at 5:56 PM, Leo Bicknell wrote: > The PSTN "features" fixed, known bandwidth.  QoS isn't really the > right term.  When I nail up a BRI, I know I have 128kb of bandwidth, > never more, never less.  There is no function on that channel similar > to IP QoS. The PSTN also has exa

Re: Regional AS model

2011-03-28 Thread Jeff Wheeler
On Mon, Mar 28, 2011 at 5:40 PM, Owen DeLong wrote: > I agree that allowas-in is not as bad as default, but, I still think that > having one AS per routing policy makes a hell of a > lot more sense and there's really not much downside to having an ASN for each > independent site. Well, let's sa

Re: The growth of municipal broadband networks

2011-03-25 Thread Jeff Wheeler
On Fri, Mar 25, 2011 at 10:52 PM, George Bonser wrote: > I don't.  What happens when the "government" then decides what content > is and is not allowed to go over their network?  If one had a site that > provided a view that the government didn't like, would they cut it off? I appreciate your arg

Re: Nortel, in bankruptcy, sells IPv4 address block for $7.5 million

2011-03-24 Thread Jeff Wheeler
What is needed is for the networks in the transit-free club to decide they will not honor any "gray market" route advertisements resulting from extra-normal transfers of this nature, whether the announcement is from a peer or a customer. As we are all aware, no real dent was ever made in routing t

Re: Regional AS model

2011-03-24 Thread Jeff Wheeler
On Thu, Mar 24, 2011 at 5:51 PM, Graham Wooden wrote: > with one site being in the middle. I only have one public AS, but I have > selected doing the confederation approach (which some may consider to be > overkill with only three edges). There are really several issues to consider, one of which

Re: CSI New York fake IPv6

2011-03-20 Thread Jeff Wheeler
On Sun, Mar 20, 2011 at 10:21 PM, Jay Ashworth wrote: > No, there are several reserved stretches of both IPv4 and DNS space > for just such reasons.  example.com is the most common and well known, > but see also RFC 3330 and RFC 5737, not necessarily in that order. See also this thread http://mai

Re: SP's and v4 block assignments

2011-03-20 Thread Jeff Wheeler
On Sun, Mar 20, 2011 at 3:28 AM, Owen DeLong wrote: > This assumes an HFC network and not a PON or DSL topology > where it is not an issue. It assumes that the access network topology does not employ any kind of triangular routing to terminate the subscriber's layer-3 traffic on a desired access

Re: SP's and v4 block assignments

2011-03-19 Thread Jeff Wheeler
On Sat, Mar 19, 2011 at 11:53 AM, Nathan Eisenberg wrote: > As for charging for residential static assignments, I don't think it's all > that odd, or 'despicable'.  Allocating static assignments consumes engineer > time for configuration and documentation.  On a business class service, you > ca

Re: bfd-like mechanism for LANPHY connections between providers

2011-03-16 Thread Jeff Wheeler
On Wed, Mar 16, 2011 at 8:00 PM, Sudeep Khuraijam wrote: > There a difference of several orders of magnitude  between BFD keepalive > intervals  (in ms) and BGP (in seconds) with generally configurable > multipliers vs. hold timer. > With Real time media and ever faster last miles, BGP hold time

  1   2   >