Re: L3 having issues on the west coast?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They could be possible rate-limiting it. That's why tools such as mtr and others do not necessarily tell you the whole truth. regards, /virendra Elijah Savage wrote: > Jon Lewis wrote: > > >>I was trying to get some IOS and compare a few images in FN, and found >>I cisco.com was being sluggish, and FN wouldn't load at all. >> >> Packets Pings >>Hostname%Loss Rcv Snt Last Best >>Avg Worst >>... >> 6. ge-6-2-0.mp1.Orlando1.Level3.net 0% 44 44 54 >>13120 >> 7. ae-0-0.bbr1.SanJose1.Level3.net 14% 38 4475 74 >>75 77 >> 8. ge-11-1.ipcolo1.SanJose1.Level3.net 23% 34 4475 75 >>75 76 >> 9. p1-0.cisco.bbnplanet.net 10% 40 4475 75 >>81160 >>10. sjce-dmzbb-gw1.cisco.com 0% 44 4477 75 >>82292 >>11. sjck-dmzdc-gw2.cisco.com 25% 33 4476 76 >>76 77 >>12. www.cisco.com 59% 18 4476 76 >>77 78 >> >>That doesn't look right. Anyone know what's going on out there? >> >> > > I am not sure what is going on there, but Cisco has been this way for a > month or more for me. I do not have problems bringing up their website > but I do notice that ICMP packet loss to them has been horrible the last > month or so. > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDauHNpbZvCIJx1bcRAnUQAJ9g/6HFPLH5XeKk14iiYxfNE+dsVQCfd7LJ 3ecLHsu0tJ8iDvzJJ9pOCaQ= =r4me -END PGP SIGNATURE-
Re: New Rules On Internet Wiretapping Challenged
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in-line: Adam Chesnutt wrote: > This whole thread is silly! It's not hard to trap and trace a suspect. > It doesn't require a "Whole new generation of routers and switches" - -- That was exactly my understanding but I think it goes beyond that. > > Correct me if I'm wrong here, but it seems to me that it's a fairly > trivial task to mirror and upstream, and isolate the traffic required. > I've performed such taps before and usually find it to easily performed > with a single FreeBSD box, and a mirrored port on the router. - --- true enough. > > Or maybe I'm just missing the point of this thread. - - You might want to take a look at rfc 2804 for some background. regards, /virendra > > Flounder > > > Vicky Rode wrote: > > > comments in-line: > > > Peter Dambier wrote: > > > >>Vicky Rode wrote: > > > > >>>...Raising my hand. > >>>My question is on Terry Hartle's comments, maybe someone with more >>>insight into this could help clear my confusion. > >>>Why would it require to replace every router and every switch when my >>>understanding is, FCC is looking to install *additional* gateway(s) to >>>monitor Internet-based phone calls and emails. >>> > > >>In a datacenter you have lines coming in and lines going out. And you >>have internal equippment. > >>You have to eavesdrop on all of this because the supposed terrorist >>might come in via ssh and use a local mail programme to send his email. > > > > -- > How do you differentiate between a hacker and a terrorist? > > For all you know this so called "terrorist" might be coming from a > spoofed machine(s) behind anyone's desk. > > > > > >>So you have to eavesdrop on all incoming lines because you dont know >>where he comes in. Via aDSL? via cable modem? Via a glass fiber? > >>And you have to monitor all internal switches because you dont know >>which host he might have hacked. > >>Guess a cheap switch with 24 ports a 100 Mbit. That makes 2.4 Gig. >>You have to watch all of these. They can all send at the same time. >>Your switch might have 1 Gig uplink. But that uplink is already in >>use for your uplink and it does not even support 2.4 Gig. > > > > - > There are ways to address over-subscription issues. > > > > > >>How about switches used in datacenters with 48 ports, 128 ports, ... >>Where do you get the capacity for multiple Gigs just for eavesdropping? > >>On the other hand - most switches have a port for debugging. But this >>port can only listen on one port not on 24 or even 48 of them. > >>So you have to invent a new generation of switches. > > > > > I don't believe this is the primary reason for replacing every router > and every switch. > > I think (correct me if I'm wrong) it has to do with the way wiretap > feature (lack of a better term) that .gov is wanting vendors to > implement within their devices, may be at the network stack level. > > I guess it's time to revisit rfc 2804. > > > > > >>How about the routers? They are even more complicated than a switch. > >>As everybody should know by now - every router can be hacked. So >>your monitoring must be outside the router. > >>The gouvernment will offer you an *additional* gateway. >>I wonder what that beast will look like. It must be able to take >>all input you get from a glass fiber. Or do they ask us to get >>down with our speed so they have time to eavesdrop. > > > > - > powered by dhs w/ made in china sticker :-) > > I'm not being smarty pants about this...it is actually happening. That's > all I can say. > > > > regards, > /virendra > > > > > > > >>>I can see some sort of >>>network redesign happening in order to accodomate this but replacing >>>every router and every switch sounds too drastic, unless I >>>mis-understood it. Please, I'm not advocating this change but just >>>trying to understand the impact from an operation standpoint. > >>> > > >>Yes, it is drastic. But if they want to eavesdrop that is the only >>way to do it. > > > > > >>>Any insight will be appreciated. > > > >>>regards, >>>/virendra > >>> > > >>Here in germany we accidently have found out why east germany had >>to finally give up: > >>They installed equippement to eavesdrop and tape on every single >>telefone line. They could not produce enough tapes to keep up >>with this :) > >>Not to mention what happened when they "recycled" the tapes and >>did not have the time to first erase them :) > > >>Kind regards, >>Peter and Karin > > > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDakYzpbZvCIJx1bcRAv2XAKDxgQqfs+nZMrUCR7zyKATJjfEBbgCg9/lu N7waCSlgruy6yecfnFwO17M= =1vBJ -END PGP SIGNATURE-
Re: New Rules On Internet Wiretapping Challenged
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 comments in-line: Peter Dambier wrote: > Vicky Rode wrote: > >>...Raising my hand. >> >>My question is on Terry Hartle's comments, maybe someone with more >>insight into this could help clear my confusion. >> >>Why would it require to replace every router and every switch when my >>understanding is, FCC is looking to install *additional* gateway(s) to >>monitor Internet-based phone calls and emails. > > > In a datacenter you have lines coming in and lines going out. And you > have internal equippment. > > You have to eavesdrop on all of this because the supposed terrorist > might come in via ssh and use a local mail programme to send his email. - -- How do you differentiate between a hacker and a terrorist? For all you know this so called "terrorist" might be coming from a spoofed machine(s) behind anyone's desk. > > So you have to eavesdrop on all incoming lines because you dont know > where he comes in. Via aDSL? via cable modem? Via a glass fiber? > > And you have to monitor all internal switches because you dont know > which host he might have hacked. > > Guess a cheap switch with 24 ports a 100 Mbit. That makes 2.4 Gig. > You have to watch all of these. They can all send at the same time. > Your switch might have 1 Gig uplink. But that uplink is already in > use for your uplink and it does not even support 2.4 Gig. - - There are ways to address over-subscription issues. > > How about switches used in datacenters with 48 ports, 128 ports, ... > Where do you get the capacity for multiple Gigs just for eavesdropping? > > On the other hand - most switches have a port for debugging. But this > port can only listen on one port not on 24 or even 48 of them. > > So you have to invent a new generation of switches. - I don't believe this is the primary reason for replacing every router and every switch. I think (correct me if I'm wrong) it has to do with the way wiretap feature (lack of a better term) that .gov is wanting vendors to implement within their devices, may be at the network stack level. I guess it's time to revisit rfc 2804. > > How about the routers? They are even more complicated than a switch. > > As everybody should know by now - every router can be hacked. So > your monitoring must be outside the router. > > The gouvernment will offer you an *additional* gateway. > I wonder what that beast will look like. It must be able to take > all input you get from a glass fiber. Or do they ask us to get > down with our speed so they have time to eavesdrop. - - powered by dhs w/ made in china sticker :-) I'm not being smarty pants about this...it is actually happening. That's all I can say. regards, /virendra > > > >>I can see some sort of >>network redesign happening in order to accodomate this but replacing >>every router and every switch sounds too drastic, unless I >>mis-understood it. Please, I'm not advocating this change but just >>trying to understand the impact from an operation standpoint. >> > > > Yes, it is drastic. But if they want to eavesdrop that is the only > way to do it. > > >>Any insight will be appreciated. >> >> >> >>regards, >>/virendra >> > > > Here in germany we accidently have found out why east germany had > to finally give up: > > They installed equippement to eavesdrop and tape on every single > telefone line. They could not produce enough tapes to keep up > with this :) > > Not to mention what happened when they "recycled" the tapes and > did not have the time to first erase them :) > > > Kind regards, > Peter and Karin > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDaSmqpbZvCIJx1bcRAhU9AJoC54jYhsUMs7aO6xQ/5kEX79gt9wCcDWkT L8hApJtW2gqfibjYfq7E7Z0= =3yz1 -END PGP SIGNATURE-
New Rules On Internet Wiretapping Challenged
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.washingtonpost.com/wp-dyn/content/article/2005/10/25/AR2005102501807.html or By Arshad Mohammed Washington Post Staff Writer Wednesday, October 26, 2005; Page D01 New federal wiretapping rules that would make it easier for law enforcement to monitor e-mails and Internet-based phone calls were challenged by privacy, high-tech and telecommunications groups in federal court yesterday. The groups argued that the rules would force broadband Internet service providers, including universities and libraries, to pay for redesigning their networks to make them more accessible to court-ordered wiretaps. The groups also said the Federal Communications Commission rules, scheduled to take effect in May 2007, could erode civil liberties and stifle Internet innovation by imposing technological demands on developers. "It's simply a very bad idea for privacy and for free speech for the government to design any technology, much less the Internet, to be surveillance-friendly," said Lee Tien, a senior staff lawyer with the Electronic Frontier Foundation, a nonprofit privacy rights group. The government was trying to "build tentacles of control throughout telecommunications networks," Tien said. The FCC rules make broadband Internet providers and voice over Internet protocol companies subject to a 1994 federal law that requires telecom companies to assist law enforcement agencies in carrying out court-ordered wiretaps. The Communications Assistance for Law Enforcement Act requires telecom carriers to design their networks so they can quickly intercept communications and deliver them to the government when presented with a court order. In adopting the rules, the FCC said it wanted to ensure the government could carry out wiretaps as more communications move from the traditional telephone system to the Internet. "It is clearly not in the public interest to allow terrorists and criminals to avoid lawful surveillance by law enforcement agencies," the commission wrote in its order. Opponents argued the law was tailored for a simpler, earlier era of traditional telephone service and could cripple the evolution of the Internet by forcing engineers to design products so they can be easily monitored by the government. The 1994 law "will have a devastating impact on the whole model of technical innovation on the Internet," said John Morris, staff counsel for the Center for Democracy and Technology in Washington, which filed an appeal of the rules with the U.S. Court of Appeals for the District of Columbia Circuit yesterday. "The Internet evolves through many tens of thousands, or hundreds of thousands, of innovators coming up with brand new ideas," he said. "That is exactly what will be squelched." Morris said his group did not dispute the idea that the government should be able to carry out court-ordered wiretaps, but rather argued that the 1994 law was a blunt instrument ill-suited for the Internet age. He said the matter should be referred to Congress, which "can tailor the obligations to the Internet context as opposed to importing the very clumsy [telephone system] obligations and imposing them on the Internet." The American Council on Education, a higher-education trade group, separately asked the court Monday to review the rules. "We fear that doing what they want will require every router and every switch in an IT system to be replaced," said Terry W. Hartle, the council's senior vice president. He estimated that the upgrades could cost colleges and universities $6 billion to $7 billion. "Our quarrel with them is fairly specific," Hartle said. "We are concerned about the cost, and the complexity, and the schedule on which they want this accomplished." Spokesmen for the FCC and the Justice Department declined comment on the court challenges. - --- end --- ...Raising my hand. My question is on Terry Hartle's comments, maybe someone with more insight into this could help clear my confusion. Why would it require to replace every router and every switch when my understanding is, FCC is looking to install *additional* gateway(s) to monitor Internet-based phone calls and emails. I can see some sort of network redesign happening in order to accodomate this but replacing every router and every switch sounds too drastic, unless I mis-understood it. Please, I'm not advocating this change but just trying to understand the impact from an operation standpoint. Any insight will be appreciated. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDX/AApbZvCIJx1bcRAktgAKDzp+GaIDlpp5vdYT61jOWzEciClACfRkkW uQBPWQSzNpsw1M80tUQgWdI= =4t1U -END PGP SIGNATURE-
[Fwd: Re: FCC Outage Reports ..(.was Verizon outage in Southern California?)]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just taking a quick poll to see if nanog community would consider this a worthwhile effort to pursue? regards, /virendra - Original Message Subject: Re: FCC Outage Reports ..(.was Verizon outage in Southern California?) Date: Fri, 21 Oct 2005 21:26:51 +0300 (EEST) From: Juuso Lehtinen <[EMAIL PROTECTED]> To: nanog@merit.edu References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> On Fri, 21 Oct 2005, Andre Oppermann wrote: > Here we see again that the secrecy ("to prevent terrorism") of this > information costs more than having it in the open as the FCC did in > the past. The whole terrorism sham was just a convenient excuse to > prevent outsiders from assessing the quality of the carriers network. In the field of security engineering, this is something called security through obscurity. Terrorists are well funded, and they, no doubt, can get hold on those 'secret' fiber maps if they have interest in them. > Do I feel better that neither me nor the terrorist know that my "redundant" > fiber routes are in the same dig? Or in the same cable even? We all know > how reliable the carriers bonus driven sales droid promises are... Only ones suffering are us... - -- juuso lehtinen -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWUsYpbZvCIJx1bcRAh2IAJsGJqCMtsuyMjYSDJFhCjzI07GBKwCfW7aG uPBNNwW0I75xGyKP1Tlg9iw= =l5Jg -END PGP SIGNATURE-
Re: FCC Outage Reports ..(.was Verizon outage in Southern California?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thinking out loud. I guess some sort of trust model would help similar to what nsp-sec has in place (not sure its current state). It could be nice if there was some sort of a consensus among this consortium to distribute executive health metrics with the help of some secure trusted monitoring mechanism or maybe push model to a central database of some sort. Like to hear more thoughts as well. regards, /virendra Wallace Keith wrote: > I wasn't thinking in terms of automatic monitoring, that would open up > a can of worms security wise. > Just looking at some way of getting the manual reporting (that is still > taking place to the FCC) back in the (semi?)public domain. Due to > terrorism concerns, that information is no longer available online. I'm > pretty sure the LEC's and IXC's like it that way also, as they no longer > have to air their dirty laundry. I was able to get some information > under the Freedom of Information act for an outage that affected me > directly , but that takes days or weeks. As close to real-time > information as possible is what's needed to assess and respond to a > major outage, i.e. routing voice/data via different carriers, being able > to explain to end users why their email or phone calls didn't go through > , etc. and eliminating the need to open tons of trouble tickets during a > major event. One master ticket - such as fiber cut affect xxx OC48's > would suffice. > Not sure how this can be balanced against DHS perceived needs > though...any suggestions? > > -Original Message- > From: Vicky Rode [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 19, 2005 5:45 PM > To: Wallace Keith > Subject: Re: Verizon outage in Southern California? > > I wonder how would Telcos, ISPs and GOV agencies feel about a third > party polling their devices, not to mention security. > > > I think netcarft comes close to what you're suggesting. > > > regards, > /virendra > > > > Wallace Keith wrote: > >>>All this speculation!! >>>Remember the good old days when you could see faxes of FCC outage >>>reports online? >>>Was sure nice to know what was going on, before the FCC took these >>>offline (due to DHS?) It would really by nice to have some sort of an >>>online clearing house, and gain some visibility again into overall >>>network status. This will become even more important as things >>>continue to converge. DACS and DC Power failures tend to affect >>>multiple services and in the case of power, multiple carriers that >>>are colo'd in the CO. >>>-Keith >>> >>>-Original Message- >>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >>>Of Vicky Rode >>>Sent: Wednesday, October 19, 2005 1:29 PM >>>To: [EMAIL PROTECTED] >>>Cc: nanog list >>>Subject: Re: Verizon outage in Southern California? >>> >>> >>>I wonder what ever happened to redundancy? I guess 5 9s (dunno what >>>the going number is) got blown out of the water for them. >>> >>> >>> >>>regards, >>>/virendra >>> >>>David Lesher wrote: >>> >>> >>>>>Speaking on Deep Background, the Press Secretary whispered: >>>>> >>>>> >>>>> >>>>>>I'm not completely familiar with the telco jargon. >>>>>>Does Tandem mean the same as a local central office, where POTS >>>>>>lines terminate at the switch? Long Beach has a population of >>>>>>470,000. The C/Os I know of are: >>>>> >>>>> >>>>> >>>>>A "Central Office" switch talks to subscribers aka end-users. >>>>>On its backside, it talks to other CO's and tandems. Time was, that >>>>>was also VF copper pairs, but it's long since all >>>>>DS1 and up. >>>>> >>>>>A tandem is a switch that talks not to subs, but only to CO's. In >>>>>days >>> >>> >>>>>of old, when a {dialup} call went to the other side of town, chances >>>>>are it went you-yourCO-downtown tandem-joesCO-joe. {copper all the >>>>>way...}. >>>>> >>>>>A tandem was always housed in large CO building, but might have been >>>>>ATT's vice the operationg company, etc... >>>>> >>>>>But ESS's and ""classless switching"" and massive
Re: Verizon outage in Southern California?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I wonder what ever happened to redundancy? I guess 5 9s (dunno what the going number is) got blown out of the water for them. regards, /virendra David Lesher wrote: > > Speaking on Deep Background, the Press Secretary whispered: > >> >>I'm not completely familiar with the telco jargon. >>Does Tandem mean the same as a local central office, where >>POTS lines terminate at the switch? Long Beach has a population >>of 470,000. The C/Os I know of are: > > > > A "Central Office" switch talks to subscribers aka end-users. > On its backside, it talks to other CO's and tandems. Time > was, that was also VF copper pairs, but it's long since all > DS1 and up. > > A tandem is a switch that talks not to subs, but only to CO's. In > days of old, when a {dialup} call went to the other side of town, > chances are it went you-yourCO-downtown tandem-joesCO-joe. {copper > all the way...}. > > A tandem was always housed in large CO building, but might have > been ATT's vice the operationg company, etc... > > But ESS's and ""classless switching"" and massive expansion of the > plant really muddled the picture. An ESS could be both a CO switch > [for multiple prefixes and even multiple NPA's..] AND act like a > tandem.. And oh, the actual "line cards" can be remoted 100 miles > away in a horz. phonebooth box alongside the road in Smallville > with DS1's/OC coming back. > > My guess is a DACS, a cross-connect point that is an software-driven > patch panel, lost its marbles. [engineering term of art.] > A DACS could have dozen->MANY dozen DS1/DS3/OC-n going hither > and yon. Some will be leased circuits. Others will be the CO trunks > going from one switch to another. It may/may not have muxes internal, > so that what arrives on a DS1 leaves in a OC96.. > > I note it went down at 2:20 AM. That SCREAMS software > upgrade/cutover. What's to bet GEE, no...VZEEE, was doing just > that and there was a major ohshit. > > Sean noted a long while back that somehow, DACS crashes always > seem to take hours to recover. Maybe the backups are on Kansas > City standard tapes, I donno.. but this sounds like that.. > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVoJXpbZvCIJx1bcRAstJAJ0dnrQL1P2QJyxNU3r0T/X8g9fukQCgnm/N yW5EvW7gI3gfjY7XSozyMds= =ocNd -END PGP SIGNATURE-
Re: FW: Verizon outage in Southern California?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Apparently there was a software glitch in the switch(s) which disrupted route calls. regards, /virendra Hannigan, Martin wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Black Sent: Tuesday, October 18, 2005 3:13 PM >>> > > > >>I'm not completely familiar with the telco jargon. >>Does Tandem mean the same as a local central office, where >>POTS lines terminate at the switch? Long Beach has a population >>of 470,000. The C/Os I know of are: > > > A tandem office is a CO primarily used as an aggregated switch point > between local CO's. Think interconnection of local CO's or long haul > tandems. > > > >>Alamitos at 7th Street and Termino, ZIP 90814 >> >>Clark near Clark Ave and Pacific Coast Highway, ZIP 90804 >> >>LongBeach at 6th Street and Elm Ave, ZIP 90802 >> >>Lakewood at Clark Ave and Connant St, ZIP 90808 >> >>LNBHCAXG at 3440 California Ave, ZIP 90807 (for my home) > > > That's the building CLLI, the switch is LNBCHAXGDS0. > > This one is a 5ESS and serves 12 exchanges. > > 562-290 562-424 562-426 562-427 562-490 > 562-492 562-595 562-933 562-981 562-988 > 562-989 562-997 > > I see 7 5ESS and 1 Nortel SLC DMS 10, possibly a remote to > a campus or something, in Long Beach. > > 507 E LEW is holding the most switching gear is likely > a tandem. Um, I think this is the tandem code, PNTCMIMN50T, > and it's servicing about 20 areas. > > > >>I have no idea whether cell service was truly affected. The >>announcements we sent to our campus suggested people use their >>cell phones for 911 service which would be serviced by the >>CA Highway Patrol (Erik Estrada, etc.) or a campus telephone >>which is serviced by our local campus police (sworn state police). >>I was completely unaware of the outage until someone else >>mentioned it in my office. > > > If you know of an NPA-NXX of a cell phone that was impacted, > send it privately and I'll tell you what CO it terminates in. > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDVYhLpbZvCIJx1bcRApL+AKDRikufgOgg032THSg/Ai4S/iKSVwCg0O8c HrvDIjtCgTVh5l+NFM8RG6I= =vFGk -END PGP SIGNATURE-
The exhaustion of IPv4 address space
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 well, if the existing discussion is not enough, cisco has an interesting article out...see /. for more information. http://www.cisco.com/en/US/about/ac123/ac147/archived_issues/ipj_8-3/ipv4.html wearing my flame suite :-) regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDU9cKpbZvCIJx1bcRAoNWAKC5UUyUqfPcAEKJ8GX5Iky2y1qbxwCeMdUM TkjJ1xoc4NK+y8Bv3YnZCjU= =kVtG -END PGP SIGNATURE-
Address Space & ASN Allocation Process
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Just trying to get some clarity and direction regarding obtaining address space/ASN for my client. Is there a minimum address space (?) an entity would need to justify to go directly to RIR (ARIN in this case) as opposed to the upstream provider? Is /20 the minimum allocation? Can my client approach RIR and request for a /23? If my client do procure a /23 how do they make make sure that this address space will be globally routable? Multihome will also be part of their network implementation, can they apply for an ASN number? Any insight will be appreciated. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOHZ1pbZvCIJx1bcRAihfAJwLF026eea0TxIt5nww7/jCr4YBxQCg57M/ zTUBKD1pkuE7S3NHnjqyqPU= =lWUk -END PGP SIGNATURE-
Re: colo price matrix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 this is a good start for me...i'll take it from here :-) regards, /vicky Paul Vixie wrote: | [EMAIL PROTECTED] (Vicky Rode) writes: | | |>Just wondering if anyone has any links and /or price matrix for colos? |> |>Any pointers will be appreciated. | | | at the very low end, there's <http://www.vix.com/personalcolo/>. i've thus | far resisted several tempting requests to generalize this to the ixp, hosting, | on-net, and transit markets. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCwv9hpbZvCIJx1bcRAj9yAJ48B8jE0Dj0ZrA0SWSLAPU+alGyvACg+GNc axeob2iSVglMu3ADcMhltjo= =iBbi -END PGP SIGNATURE-
colo price matrix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Just wondering if anyone has any links and /or price matrix for colos? Any pointers will be appreciated. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCwt+ypbZvCIJx1bcRAotTAJ0f17A0qfo+ysueR3GRpB4+yCXmXgCZAczY fRVgNFEOB3oUiP3KBt9p3hk= =AdGf -END PGP SIGNATURE-
Re: Vulnerability Issue in Implementations of the DNS Protocol
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone (a) experienced or noticed issues related to this vulnerability (b) what action(s) have you taken to address this, if any? What do folks at verisign and isc think about this? Any insight will be appreciated. regards, /vicky Fergie (Paul Ferguson) wrote: | | UNIRAS (UK Gov CERT)/NISCC: | http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html | | [snip] | | | Summary | - --- | A vulnerability affecting the Domain Name System (DNS) | protocol was identified by Dr. Steve Beaty from the | Department of Mathematical and Computer Science of | Metropolitan State College of Denver. | | The Domain Name System (DNS) protocol is an Internet | service that translates domain names into Internet Protocol | (IP) addresses. Because domain names are alphabetic, | they're easier to remember, however the Internet is | really based on IP addresses; hence every time a domain | name is requested, a DNS service must translate the name | into the corresponding IP address. | | The vulnerability concerns the recursion process used by | some DNS implementations to decompress compressed DNS | messages. Under certain circumstances, it is possible to | cause the DNS server to terminate abnormally. | | All users of applications that support DNS are recommended | to take note of this advisory and carry out any remedial actions | suggested by their vendor(s). | | [snip] | | - ferg | | | -- | "Fergie", a.k.a. Paul Ferguson | Engineering Architecture for the Internet | [EMAIL PROTECTED] or [EMAIL PROTECTED] | ferg's tech blog: http://fergdawg.blogspot.com/ | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCk2n/pbZvCIJx1bcRAldAAJ9dxlg30J3jMX/W3bwXvdFlwvCj7gCgxQ0/ fGUMug5/x1Wg6wsrZg/n/NE= =9iP/ -END PGP SIGNATURE-
Google Web Accelerator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Did anyone catch this? Has anyone experienced any issues and if so, what steps did you take to address this? http://google.blognewschannel.com/index.php/archives/2005/05/05/much-controversy-over-googles-accelerator/ http://consumingexperience.blogspot.com/2005/05/google-web-accelerator-gwa-panacea-or_08.html http://www.searchenginejournal.com/index.php?p=1676 According to Google Blogoscoped (see below), the download page has been shut down because they can't handle the load. http://blog.outer-court.com/archive/2005-05-08-n20.html regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCf6hJpbZvCIJx1bcRAsSiAKC1hRB4epeMef3FAxeC9/dSbfju9gCfSASO OUOZb1US1CLLZ8w/W5n1lnc= =v32F -END PGP SIGNATURE-
Re: Internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, comments in-line: Dan Hollis wrote: | On Wed, 27 Apr 2005, Randy Bush wrote: | |>to source is still the big gap. imiho, from the ops perspective, |>only sally's ecn has made any useful approach. sadly, we may be |>able to judge the actual demand for e2e qos by ecn's very slow |>deployment. i think this is unfortunate, as ecn is pretty cool. - - yeah ecn make sense to us as well. We are currently looking at piece mealing this deployment at our end. fyi - I think kernel.org has also implemented ecn at their end. | | | The low demand is partially due to IWF[0] who unwittingly block it. Many | OSes deploy with ecn support but default it off due to the IWF problem. - --- True enough. Plus devices (by default) may not honor CE (congestion experienced) bits and hence could become non compliant end node which could result in an unnecessary packet drop in the network. | | And there are so many IWF that applying enough cluebats to clear the path | for ECN is going to take enormous effort. | | We could demonstrate how cool ECN is, if there werent so many IWF making | this impossible. Entities who try to deploy ECN are deluged with "hey wtf | I cant reach site XYZ anymore, your shit is broken, fix it you ***!" | | I have no idea if microsoft supports ECN yet, but if they dont then I | suspect that a sufficiently embarassing benchmark would prod them into | adding it. | | I wonder how many network operators on nanog block ECN. If you do, why? - In fact I raised similar point at NANOG33 in two separate sessions (How to Use Network Design Principles to Differentiate the Good, the Bad, and the Ugly AND IP Fast-Reroute: An Analysis of Applicability to a Core Network) about vendor experience/feedback in this area. Didn't get much feedback. regards, /vicky | | -Dan | | [0]Idiots With Firewalls. See http://urchin.earth.li/cgi-bin/ecn.pl | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCctVxpbZvCIJx1bcRAgwcAKDvvBlpDBZBaXfUJysTJ0GUByLUIACgln1F HFQixDoE4zvsyPmdQy7Aa98= =R64s -END PGP SIGNATURE-
Re: Internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 since you deviated from my original post... http://www.icir.org/floyd/ccmeasure.html regards, /vicky Daniel Roesen wrote: | On Tue, Apr 26, 2005 at 02:07:15PM -0700, Vicky Rode wrote: | |>Basically I meant to say not congested as the current Internet is. | | | It is? | | | Regards, | Daniel | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCbtTopbZvCIJx1bcRAhoYAKDbWlRfn24TrCf1qiL4onXZDZSoSwCgqkEN NxQzrae8KtOS60CQDPyJKEA= =g+6Y -END PGP SIGNATURE-
Re: Internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe you should checkout some performance measurement numbers/papers from ACM (www.acm.org) which should help answer some of your questions. We are doing some interesting measurement research (qos related) and unfortunately I don't have any data to share. Then again, I'm not saying that Internet is going to crash and burn, its doomed and that one should switch to I2. All I'm asking is for some insight about potential risk of I2 abuse, that's all. Not that this link answers your question, since you asked hopefully this ~ will keep you busy for few hours. http://www.slac.stanford.edu/comp/net/wan-mon/netmon.html regards, /vicky Randy Bush wrote: |>Basically I meant to say not congested as the current Internet is. | | | cool. and your measurements of internet congestion are? cites, please. | | randy | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCbtOZpbZvCIJx1bcRAkWTAKDgkf+gKJ4klHh/aVKJ9gh+9wQ58wCgvVG8 RBNfdo1cb3WdpZyUwBWauD8= =I8AO -END PGP SIGNATURE-
Re: Internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I made that up :-) Basically I meant to say not congested as the current Internet is. regards, /vicky Mikael Abrahamsson wrote: | On Tue, 26 Apr 2005, Vicky Rode wrote: | | |>In general, how are they protecting themselves from malicious code |>infection spreading at internet2 speed? How are the devices coping up |>with filters in place, if any? | | | What is "internet2 speed"? As far as I can see Internet2 is a 10G based | national network. What is so special about that in this day and age? | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCbq2DpbZvCIJx1bcRAgOjAKCuprmc0AVDET7d7qokD+3IlrScngCg22Pj vV0ZVZS8egBkpmIprN3h9f4= =9zJe -END PGP SIGNATURE-
Internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Just wondering how's internet2 community/partners protecting themselves from lawsuits of illegal use of music/movie downloads. In general, how are they protecting themselves from malicious code infection spreading at internet2 speed? How are the devices coping up with filters in place, if any? Like to hear what nanog community and the people who are involved w/ internet2 connectivity think. Any insight and /or pointers to any papers will be appreciated. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCbp19pbZvCIJx1bcRApbRAKCNWtZP/f+5TPwzB0gkU7tLmgpq9gCgiR+H bsR8d1Ai9zWFnUQeXPPB7fs= =ebza -END PGP SIGNATURE-
Re: DSCP ECN bits
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Christian, The ECN capable transport (ECT) bit would need to be set by the data sender to indicate that the end-points of the transport protocol are ECN-capable. The intermediate routers will need to honor these bits as well. Fore more information, checkout, http://www.faqs.org/rfcs/rfc2481.html regards, /vicky [EMAIL PROTECTED] wrote: | Hi, | | Is anyone using the DSCP ECN bits to any great extent? Does it require | end-host support in the stack to actually work? | | Cheers, | Christian | | | | This message and any attachments (the "message") is | intended solely for the addressees and is confidential. | If you receive this message in error, please delete it and | immediately notify the sender. Any use not in accord with | its purpose, any dissemination or disclosure, either whole | or partial, is prohibited except formal approval. The internet | can not guarantee the integrity of this message. | BNP PARIBAS (and its subsidiaries) shall (will) not | therefore be liable for the message if modified. | | ** | | BNP Paribas Private Bank London Branch is authorised | by CECEI & AMF and is regulated by the Financial Services | Authority for the conduct of its investment business in the | United Kingdom. | | BNP Paribas Securities Services London Branch is authorised | by CECEI & AMF and is regulated by the Financial Services | Authority for the conduct of its investment business in the | United Kingdom. | | BNP Paribas Fund Services UK Limited is authorised and | regulated by the Financial Services Authority. | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCZCyZpbZvCIJx1bcRAnBdAKCIBOzBExnGSHKa3VvSN2gCbb/zUwCg6zJI AiguIwhvN6jIyu7/rri3s/c= =chxS -END PGP SIGNATURE-
Re: djbdns: An alternative to BIND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thanks for the insight to all who responded. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCVyRKpbZvCIJx1bcRArkUAKCufhrpcR1KqZ1hGJ8NRWxcOs0yWQCcC802 qhn641Q/PIGw0GKEWmPbnGU= =u65M -END PGP SIGNATURE-
djbdns: An alternative to BIND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://software.newsforge.com/article.pl?sid=05/04/06/197203&from=rss Just wondering how many have transitioned to djbdns from bind and if so any feedback. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCVwvTpbZvCIJx1bcRAh5sAKCxu8Ab2BJUn7lH6GFQtWiRcfleEQCfbxvH mOmy510OhNffb8sSCWCckZ0= =tlMB -END PGP SIGNATURE-
Re: Contact from ACM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Mark, You are not alone. I've had problems even as a member :-) I'll try and ping someone there and see what I can do. Feel free to contact me directly if need be. regards, /virendra Mark Newton wrote: | I need to talk to someone who can update the bogon filters on www.acm.org. | Attempts to reach technical contacts via the website have failed, which | is a bit surprising given the nature of the org. | | If anyone reading this is an ACM member who can pass this message along | to someone who cares I'd appreciate it. | | Thanks, | | - mark | | -- | Mark Newton Email: [EMAIL PROTECTED] (W) | Network Engineer Email: [EMAIL PROTECTED] (H) | Internode Systems Pty Ltd Desk: +61-8-82282999 | "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223 | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCS5e4pbZvCIJx1bcRAsAYAKCN6n2N+sKOzgHQetns9brTgW45ngCeIJk2 oGn49qTY90KMFdTaEdRe12M= =dg// -END PGP SIGNATURE-
Re: outage/maintenance window opinion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It depends. If your device(s) was part of the change management notification then that's correct. regards, //virendra// Luke Parrish wrote: | Trying to get clarification on an issue. | | Maintenance/outage window is 2:00AM to 5:00AM, during the window the router | we are working on fails and does not come back online until 8:00AM. | | From a outage reporting/documentation standpoint is the outage start time | 2:00AM or 5:01AM since 5:01AM is when the maintenance window and planned | outage was over... | | My take is that the outage starts when the planned maintenance/outage | window is over at 5:01AM. | | Luke | | Luke Parrish | Centurytel Internet Operations | 318-330-6661 | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCSD8+pbZvCIJx1bcRAkB3AKCMIDKF4yMufSfmPtBpS9JQ+yRhfQCgumRE DxtoyAD6VvFrWENniiZiu90= =4R3G -END PGP SIGNATURE-
Re: IBM to offer service to bounce unwanted e-mail back to the computers that sent them
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Why even bother responding. Just imagine frontbridge (using them an example, I have no affiliation with them) responding to each and every spam they block..something like 7 terrabytes of data per week or so. I guess this is one way to justify for more bandwidth :-) regards, /virendra Colin Johnston wrote: | The better idea would be fingerprint the spam to match the bot used to match | the exploit used to run the bot to then reverse exploit back to the | exploited machine patching in the process. | I managed to setup such a system a while ago with nimda traffic however I | could not a find a software tool which exploited a nimda exploited machine | which could then patch it and remove the virus | (Ie a remote doctor without you knowing :) | | Colin Johnston | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCQHd3pbZvCIJx1bcRAhPZAJsFJeNXkjKbtUkiMG5LKUH1C1ipPwCfYG1W KHZwd5enWFB+mTp5kkJaEyw= =ZtDG -END PGP SIGNATURE-
public accessible snmp devices?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Just wondering if there are any pool of public accessible (read-only) snmp enabled devices that one can access for testing purposes (such as snmpwalk, polling devices via oid/mib, graphing chart..etc)? I'm looking for a pool of devices that I run my test on. Any pointers will be appreciated. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJzLfpbZvCIJx1bcRAqLcAJ95PzxXE4v51JgzTpeqfuEDZG6ibgCaAg20 WJxjcsJYroHriTPr635QOBE= =SV3b -END PGP SIGNATURE-
scanner<->dns
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Just wondering if there is any way I could use a scanner (I have a home grown script for this) that would go thru the DNS registries from some public source, scan for keywords in the domain name. Anything that is available only to ISP's and perhaps we can dovetail onto that if we cough up some $. Any pointers will be appreciated. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJzEJpbZvCIJx1bcRAoIRAKC0JxOAUVuD30jKzrbtElrqWCoYWwCfdXop b5J3TIDs4i2xILgtaYpApZI= =T5GG -END PGP SIGNATURE-
Re: broke Inktomi floods?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in-line: Suresh Ramasubramanian wrote: | Vicky Rode <[EMAIL PROTECTED]> wrote: | | |>not sure if spiders falls under spam or ddos bracket when they |>repeatedly start hammering one's network. you could possible report to |>spamcop (*grin*) to get a quicker response. spamcom hasn't been accurate |>in some instances :-) | | | Er.. just what would you report to spamcop, and what would spamcop do with your | reports? - -- that's why i asked, this type of behavior falls under what abuse terms? | | |>do you remember this incident, http://www.cs.wisc.edu/~plonka/netgear-sntp/ | | | Not very new .. broken apps which keep hammering on a resource for some reason | are a fairly regular "feature" of the internet. - - doesn't mean that it shouldn't be blocked/reported. regards, /vicky | | srs | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8a1ipbZvCIJx1bcRAmOrAKCnCHmj72VsJIec/CsA0JBjkbGdCACgi9BB N20N5nuLVPFN5+bYVF3k7pY= =BwbD -END PGP SIGNATURE-
Re: broke Inktomi floods?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 not sure if spiders falls under spam or ddos bracket when they repeatedly start hammering one's network. you could possible report to spamcop (*grin*) to get a quicker response. spamcom hasn't been accurate in some instances :-) do you remember this incident, http://www.cs.wisc.edu/~plonka/netgear-sntp/ regards, /vicky Dan Hollis wrote: | On Thu, 20 Jan 2005, Suresh Ramasubramanian wrote: | |>On Thu, 20 Jan 2005 14:30:04 +0200, Gadi Evron <[EMAIL PROTECTED]> wrote: |> |>>Inktomi (now Yahoo!) sends it's spiders all over the Internet. Lately |>>some of our systems are reporting that they open many HTTP connections |>>to our web sites, without ever sending any data and immediately |>>disconnecting. This is getting to a level where it disturbs us. |> |>I have heard previous stories of inktomi ignoring robots.txt (not seen |>this for myself though). And there are threads like this - |>Quoting from http://www.webmasterworld.com/forum11/1968-1-15.htm | | | back in 1999 inktomi hammered our nameserver (which never has, and never | will run http. ever.) After _weeks_ of complaining to them and to their | upstream exodus (hah!) I finally got them to stop. Only to have them | start up again a month later. | | not suprising to see them up to their old antics again. | | time to nullroute i guess? | | -Dan | | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8DFOpbZvCIJx1bcRAu2FAJ4+a2SHF7XxWgaHKFZzi7hf46tJFwCfcU12 fbIMwtwkPhI33onPawlBKYE= =P+y0 -END PGP SIGNATURE-
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in-line: Jared Mauch wrote: | On Thu, Jan 20, 2005 at 06:26:15PM +0530, Suresh Ramasubramanian wrote: | |>David Barak <[EMAIL PROTECTED]> wrote: |> |>>While it says that bogon filters change, and provides |>>a URL to check it, what percentage of folks who would |>>use a feature like "autosecure" would ever update |>>their filters? |>> |> |>What do they do to update that bogon list anyway - push a new IOS image? | | | Actually, my assumption is anyone with autosecure gets | free software upgrades for life, as this is a flexible list that | will change over time. Each time a change is made they | need to release new software, and notify their installed | customer base. - --- i understand bogon filters and reasoning behind it and i'm all for it. but why does one think (maybe i missing something) this approach (autosecure) is scalable and acceptable to update your ios or even constantly updating your acls every time one has to update their bogon filters? yet another think to look out for? i like to see the network availability for aol, google, nasdaq, every time they update their bogons. why can't this somehow be dynamically updated and /or linked to a master file as opposed to upgrading the ios? like to hear more thoughts on it. regards, /vicky | | - jared | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB7+ugpbZvCIJx1bcRApL0AJ0T2xb1ZHkxDSg0Ne3UwXqQ8z7xogCaA4rc /An79+f9qmCKqfqkDsMH1wU= =Sv6E -END PGP SIGNATURE-
Re: Measure overall network availability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in-line: Jim Popovitch wrote: | On Fri, 2005-01-07 at 12:09 +0530, Suresh Ramasubramanian wrote: | | |>Maybe maintain a few 1U colo boxes (cheap!) in data centers on |>selected networks around the world, from where you want to measure |>reachablity .. run nothing except nagios or some other monitoring app |>for measuring availablity of services like http, smtp, etc that you |>want to know are available or not, | | | I've often wondered, as I work intimately with NMS software, just how | much cross network traffic is "are you there?" related. Would it have a | positive impact on overall net performance if everyone just turned off | all internetwork status polling? - - depends on the polling period. regards, /vicky | | | | -Jim P. | | | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3pt6pbZvCIJx1bcRAhZFAKDony2dCnDUUcH9T7wntDfDNMA2kQCdGSmU gO++o+vIxzUAEaEUmFT5T3M= =KBqR -END PGP SIGNATURE-
tools for traffic engineering networks
Hi there, I'm curious to know what tools (in traffic engineering arena) people use in order to manage and verify their service assurance that they are providing and / or receiving they think they are. How do you know the policers are functioning correctly? How do you know whether your service provider and / or your internal traffic is not being over-book? Any recommendations, thoughts, white papers, pointers will be greatly appreciated. regards, /vicky
Re: best effort has economic problems
interesting reading http://mail.internet2.edu:8080/guest/archives/qbone-arch-dt/log200205/msg0.html regards, /vicky Edward B. Dreger wrote: GC> Date: Sat, 29 May 2004 16:53:17 -0400 GC> From: Gordon Cook GC> The point I am making in my report is NOT that the best GC> effort network has technology problems but rather that it has GC> ECONOMIC PROBLEMS. That it might support 2 or 3 players not GC> 2 or 3 HUNDRED. Best effort is cheaper to provide. Cheaper sells. Is there enough of a market to sustain premium services? IP-based VPNs haven't replaced FR and PtP WAN links, but FR and PtP haven't thwarted IP-based VPNs. GC> That until companies begin to go chapter seven and vanish, GC> the best effort net will be a black hole that burns up GC> capital because, for many players, the OPERATIONAL expense is GC> more than they get for bandwidth never mind cap-ex. Definitely true about opex and capex... but I'm not convinced that QoS is the magic bullet that will make the marketplace big enough and profitable enough. I don't see service offerings fixing the woes of screwball pricing. GC> best effort won't go away. many best effort players will. If all best effort players provided QoS/guaranteed services, would the survival rate be significantly higher as a result? GC> for the time being, best effort bandwidth prices as an GC> absolute commodity cannot sustain networks over the long GC> haul. A network that can deliver QoS the report hypothesizes GC> may be able to attract enough revenue to become profitable. That's where I'm not convinced. Current IP delineates the lower reliability boundary and a benchmark price point. Premium services won't have a lower cost than best-effort, so they must sell for more. Would the incremental service improvements be high enough to draw customers away from cheap BE _and_ support "sufficient" margins? First class hasn't stopped the cycle of airline bankruptcies and government bailouts. I don't see "first class data" as much different. GC> How to to this my group is still discussing. We don't GC> pretend that QoS is easy or any kind of mature collection of GC> technologies, but increasingly it looks as though the GC> industry, if it is ever going to be self sustaining, really GC> needs to look at QoS services and solutions. Perhaps, but only if the price is right. DSL sells better than Internet T1 lines, which sell better than end-to-end private lines and packet clouds. There's a reason for that. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses : [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: WAN accelerator recommendations
I'm interested in hearing people's view points on this as well. In general what do folks thing about implementing yet another appliance within their networks as opposed to implementing the same features (if supported by their gear vendor) within their choke points. regards, /vicky Matt Bazan wrote: Hello, I'm looking for advice and recommendations on WAN (T1 speeds) accelerator devices. I've seen the literature on the offerings from Peribit, NetCelera and Packeteer and am looking for some real-world feedback. Can anyone provide me with their experiences using these products or similar? Thanks, Matt
New QoS Mailing List [nsp-qos]
Mailing list for QoS discussions has been created. This is multi-vendor list accelerating the adoption of IP products and services that benefit from QoS capabilities. This list is intended to aid anyone deploying QoS solutions. Feel free to spread the word. Many thanks to Jared Mauch in setting this up. Subscribe: https://puck.nether.net/mailman/listinfo/nsp-qos regards, /vicky
Spamcop
Hi there, Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just trying to understand so that I don't repeat it. Below is a cut and paste of the reported incident. Please advice. regards, /vicky cut here -- Return-Path: <[EMAIL PROTECTED]> Received: from vamx01.mgw.rr.com ([24.28.193.148]) by acme-reston.va.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U25L25S0V35) with SMTP id com for <[EMAIL PROTECTED]>; Mon, 10 May 2004 10:42:14 -0400 Received: from vmx2.spamcop.net (vmx2.spamcop.net [206.14.107.117]) by vamx01.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i4AEkwhn017175 for <[EMAIL PROTECTED]>; Mon, 10 May 2004 10:47:01 -0400 (EDT) Received: from sc-app3.verio.ironport.com (HELO spamcop.net) (192.168.11.203) by vmx2.spamcop.net with SMTP; 10 May 2004 07:47:00 -0700 Received: from [68.13.211.63] by spamcop.net with HTTP; Mon, 10 May 2004 14:47:01 GMT From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SpamCop (24.30.181.126) id:988145978]Hierarchical Credit-based Queuing (HCQ): QoS Precedence: list Message-ID: <[EMAIL PROTECTED]> Date: Sun, 9 May 2004 21:36:30 -0700 (PDT) X-SpamCop-sourceip: 24.30.181.126 X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) via http://www.spamcop.net/ v1.3.4 X-Virus-Scanned: Symantec AntiVirus Scan Engine [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Email from 24.30.181.126 / Sun, 9 May 2004 21:36:30 -0700 (PDT) http://www.spamcop.net/w3m?i=z988145978zab5cec781dcfa15ae459c11bd03b7bef z [ Offending message ] Return-path: Envelope-to: x Delivery-date: Mon, 10 May 2004 00:39:15 -0400 Received: from [198.108.1.26] (helo=trapdoor.merit.edu) by wilma.widomaker.com with esmtp (Exim 3.36 #1) id 1BN2ZP-000Jo6-00 for x; Mon, 10 May 2004 00:39:15 -0400 Received: by trapdoor.merit.edu (Postfix) id B68EC91206; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8645591243; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 50AFD91206 for ; Mon, 10 May 2004 00:36:34 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 3B3955914F; Mon, 10 May 2004 00:36:34 -0400 (EDT) Delivered-To: x Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by segue.merit.edu (Postfix) with ESMTP id EAB7358E5D for ; Mon, 10 May 2004 00:36:33 -0400 (EDT) Received: from [192.168.2.2] (cpe-24-30-181-126.socal.rr.com [24.30.181.126]) by ms-smtp-02-eri0.socal.rr.com (8.12.10/8.12.7) with ESMTP id i4A4aUce025659 for ; Sun, 9 May 2004 21:36:30 -0700 (PDT) Message-ID: <[EMAIL PROTECTED]> Date: Sun, 09 May 2004 21:36:41 -0700 From: Vicky Rode <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: x Subject: Hierarchical Credit-based Queuing (HCQ): QoS X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Sender: owner-x Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog Hi there, Just wondering if anyone out there has either implemented or looked into this queuing method for quality of service implementation. This solution is offered (hardware solution) and patented by foursticks.com. According to foursticks, "HCQ achieves the efficiency and flexibility of first generation queuing systems, without the disadvantages." It compares HCQ (interesting reading) w/ Class-Based Queuing (CBQ), Random Early Discard (RED) and Weighted Random Early Discard (WRED),Weighted Fair Queuing (WFQ),Priority Queuing (PQ) & Low Latency Queuing (LLQ). Also can anyone recommend a qos forum which I can ping as well. Any insight will be appreciated. regards, /vicky
Re: Type of Service (TOS)
Hi, Do you know by default if the routers pass the TOS bits? regards, /vicky Scott McGrath wrote: The answer is it depends. routers _usually_ honor the TOS bits unless they are configured to clear or rewrite them. We use the TOS bits for designating traffic classes so in some cases we rewrite the TOS bits set by the host so in your case we would modify the TOS bits. Scott C. McGrath On Mon, 10 May 2004, Vicky Rode wrote: Hi there, Say if I had a qos appliance installed on networks between a lan and a wan box would the qos policies be carried across wan end points (point to point connection)? In other words, will the router retain the TOS bits across to the other side of the wan connection to provide QoS-style priority for the packets or will it clear the TOS bits? BTW, the other side of the wan connection also has the qos appliance sitting between a lan and a wan box. Just so that I'm clear, I'm not talking about an upstream neighbor being an ISP connection which I know they will likely ignore the TOS bits unless I pay them extra for the feature. The above scenario is a point to point connection to a remote site. Any insight will be appreciated. regards, /vicky
Type of Service (TOS)
Hi there, Say if I had a qos appliance installed on networks between a lan and a wan box would the qos policies be carried across wan end points (point to point connection)? In other words, will the router retain the TOS bits across to the other side of the wan connection to provide QoS-style priority for the packets or will it clear the TOS bits? BTW, the other side of the wan connection also has the qos appliance sitting between a lan and a wan box. Just so that I'm clear, I'm not talking about an upstream neighbor being an ISP connection which I know they will likely ignore the TOS bits unless I pay them extra for the feature. The above scenario is a point to point connection to a remote site. Any insight will be appreciated. regards, /vicky
Hierarchical Credit-based Queuing (HCQ): QoS
Hi there, Just wondering if anyone out there has either implemented or looked into this queuing method for quality of service implementation. This solution is offered (hardware solution) and patented by foursticks.com. According to foursticks, "HCQ achieves the efficiency and flexibility of first generation queuing systems, without the disadvantages." It compares HCQ (interesting reading) w/ Class-Based Queuing (CBQ), Random Early Discard (RED) and Weighted Random Early Discard (WRED),Weighted Fair Queuing (WFQ),Priority Queuing (PQ) & Low Latency Queuing (LLQ). Also can anyone recommend a qos forum which I can ping as well. Any insight will be appreciated. regards, /vicky
RE: has anyone notice this ?
Hi Jay, comments in-line: -Original Message- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 10:22 PM To: Vicky Rode Cc: [EMAIL PROTECTED] Subject: RE: has anyone notice this ? On Sat, 28 Jun 2003, Vicky Rode wrote: > It would be easier to troubleshoot if you used a browser that returned > a meaningful error message. "The page could not be found" could be just > about anything. DNS, routing, broken link, etc. > --- > vickyr> i even tried the same thing under linux--->mozilla and i get site > name not found which i believe is less meaningful than ie :) "No such domain" is the Mozilla response. This points to a DNS issue, which is more useful than "Page could not be displayed". What does dig give you for the domain? How about dig with a different name server specified? -- vickyr> you might be correct but like i said in my case linux--->mozilla states "www.cnn.com could not be found. please check the name and try again". i finally gave up playing ping pong with time warner and started using my dns servers. > Also, you don't indicate if you're a Time Warner customer trying to reach > web sites elsewhere or a non-customer trying to reach sites on the Time > Warner network. Your IP address or ISP's network and the URL of the site > you're trying to reach, for example. > - > vickyr> i'm a time warner end-user trying to access outside world which > could be anything. Nag their tech support. --- vickyr> i even tried talking to their level 2 support and they still think its my cable modem box even after presenting them the facts unless for some reason their box also runs a cache server. > Have you queried the Time Warner support staff? > --- > vickyr> yes i have and they think it could be the cable modem box and have > issued a replacement. i sure hope they have a good stock because vickyr> i > know whole bunch of people who are having similar problems. It's those Warner Brothers Acme brand modems. Same outfit that makes all of Wile E.s stuff. It's probably also an Acme nameserver. Seriously, you should use some other tools such as name lookup to find the IP address of the site in question. If it fails with their default resolvers, try a different resolver. Then see if you can get to the site (or a default site on the same server) by IP address, use traceroute, etc. > maybe its time to buy some 3com stocks :) If a whole bunch of people are having the same issue and they're all on Time Warner in your neck of the woods, it probably isn't the cable modem hardware. --- vickyr> exactly my point. regards, /vicky -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: has anyone notice this ?
Hi Todd, sorry about the late responseyes in fact i am using my own dns servers w/o any problems (knock on wood)time warner think its their cable modem box but i think its a caching issue on there end. regards, /vicky -Original Message- From: Todd Mitchell - lists [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 7:19 PM To: [EMAIL PROTECTED] Cc: 'David A. Ulevitch'; [EMAIL PROTECTED] Subject: RE: has anyone notice this ? Have you tried using DNS servers other than the ones supplied by your ISPs DHCP server? Todd -- | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of | Vicky Rode | Sent: Saturday, June 28, 2003 9:57 PM | To: David A. Ulevitch; [EMAIL PROTECTED] | Subject: RE: has anyone notice this ? | | | Hi David, | | i'm just couple feet away from my box. i'm currently using wireless and | even | tried wired with same results. the fact others are experiencing similar | problems makes me believe the problem could be on time warner end, | possible | caching issue. | | | | regards, | /vicky | | | | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of | David A. Ulevitch | Sent: Saturday, June 28, 2003 6:03 PM | To: [EMAIL PROTECTED] | Subject: RE: has anyone notice this ? | | | | | | > vickyr> i'm a time warner end-user trying to access outside world | > which could be anything. | | [SNIP] | | > vickyr> yes i have and they think it could be the cable modem box | > and have issued a replacement. i sure hope they have a good stock | > because i know whole bunch of people who are having similar problems. | > maybe its time to buy some 3com stocks :) | | A twisted or crumpled up ethernet cable can sometimes impede the flow of | ones and zeros. Often looping up extra slack in your cat-5 can prove | catastrophic for the free flow of electrons down the pipe. | | Ahh...Saturday (PDT)... | | -davidu | | |David A. Ulevitch -- http://david.ulevitch.com | http://everydns.net -+- http://communitycolo.net | Campus Box 6957 + Washington University in St. Louis | | |
RE: has anyone notice this ?
Hi David, i'm just couple feet away from my box. i'm currently using wireless and even tried wired with same results. the fact others are experiencing similar problems makes me believe the problem could be on time warner end, possible caching issue. regards, /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David A. Ulevitch Sent: Saturday, June 28, 2003 6:03 PM To: [EMAIL PROTECTED] Subject: RE: has anyone notice this ? > vickyr> i'm a time warner end-user trying to access outside world > which could be anything. [SNIP] > vickyr> yes i have and they think it could be the cable modem box > and have issued a replacement. i sure hope they have a good stock > because i know whole bunch of people who are having similar problems. > maybe its time to buy some 3com stocks :) A twisted or crumpled up ethernet cable can sometimes impede the flow of ones and zeros. Often looping up extra slack in your cat-5 can prove catastrophic for the free flow of electrons down the pipe. Ahh...Saturday (PDT)... -davidu David A. Ulevitch -- http://david.ulevitch.com http://everydns.net -+- http://communitycolo.net Campus Box 6957 + Washington University in St. Louis
RE: has anyone notice this ?
Hi Jay, see comments in-line: -Original Message- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 4:09 PM To: Vicky Rode Cc: [EMAIL PROTECTED] Subject: Re: has anyone notice this ? On Sat, 28 Jun 2003, Vicky Rode wrote: > just wondering has anyone noticed http access issue ("the page cannot be > displayed") on time warner network ? i literally have to try 5 to 6 times to > get to the page. i believe this problem just started a week or so back. It would be easier to troubleshoot if you used a browser that returned a meaningful error message. "The page could not be found" could be just about anything. DNS, routing, broken link, etc. --- vickyr> i even tried the same thing under linux--->mozilla and i get site name not found which i believe is less meaningful than ie :) Also, you don't indicate if you're a Time Warner customer trying to reach web sites elsewhere or a non-customer trying to reach sites on the Time Warner network. Your IP address or ISP's network and the URL of the site you're trying to reach, for example. - vickyr> i'm a time warner end-user trying to access outside world which could be anything. > i've even talked to few other people on socal.rr.com network and they are > experiencing similar problems. is this socal.rr.com related or other regions > are expediting same problems too. time warner's network status page shows > everything is okay. It really depends on the nature of the failure. More information is needed. Have you queried the Time Warner support staff? --- vickyr> yes i have and they think it could be the cable modem box and have issued a replacement. i sure hope they have a good stock because vickyr> i know whole bunch of people who are having similar problems. maybe its time to buy some 3com stocks :) regards, /vicky -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
has anyone notice this ?
howdy folks, just wondering has anyone noticed http access issue ("the page cannot be displayed") on time warner network ? i literally have to try 5 to 6 times to get to the page. i believe this problem just started a week or so back. i've even talked to few other people on socal.rr.com network and they are experiencing similar problems. is this socal.rr.com related or other regions are expediting same problems too. time warner's network status page shows everything is okay. regards, /vicky