date:20130129

On 1/29/2013 7:43 AM, William Allen Simpson wrote:
 The graft and corruption was in *private* industry, not the Federal
 government, due to lack of regulation and oversight.

I never said there wasn't graft and corruption in private industry...
but that is anecdotal... hit and miss. In contrast, graft and
corruption in the Federal Government is widespread and rampant. Finding
one example of graft and corruption in private industry is a silly way
to try to disprove my point.

 (B) In the US, we have this thing called the 4th amendment which
 ensures a certain level of freedom and civil liberties and privacy.
 Unfortunately, 4th amendment rights essentially disappear if the US
 Federal government owns and operates broadband access. [...]

 No, this isn't true either.  The 4th Amendment applies to the US
 government.  What happened is the end-around allowing *private*
 industry to collect personal data and infringe civil liberties.

 That should not happen with direct US government ownership.  It could
 be a boon to civil liberties.

(A) If XYZ ISP gets frisky with my data, I can vote with my wallet to
another ISP.

(B) Furthermore, the Federal Government DOES make an excellent
watchdog for policing privacy violations by ISPs... that is, IF they
are on the field as referee,  and NOT as another player. Plus, them
NOT being another player helps them maintain impartiality as their
role as referee. (there are ALREADY examples of their role as
referee being compromised in the auto industry.. where Government
Motors got a break on a certain law, but Honda was slammed hard over the
SAME law!) Also, if the Federal Government owns/operates broadband, then
there is a high likelihood that their operation is subsidized to a point
where it becomes extremely difficult for a private business to compete
against them--as happens in area areas where the Federal Government
stepped out into the field as player. gravity then pulls the
Federal Government into a monopoly position... then, after that happens,
if THEY get frisky with my data, the ISPs I would have voted for with my
wallet... no longer exist.

(C) The fact that the Internet is a series of PRIVATE networks... NOT
owned/operated by the Feds... is a large reason why the 4th amendment
provides such protections... it becomes somewhat of a firewall of
protection against Federal gov't trampling of civil liberties... but if
they own the network, then that opens up many doors for them.

(D) Finally, the potential damage/intrusion/civil-liberties-violations
that can happen from the Feds owning/operating broadband vastly
surpasses what generally occurs in the worst-case-instances of private
ISPs going too far in selling data to make a buck. There is no
comparison. Last I checked, my ISP doesn't have the authority to throw
me in jail... or audit my taxes... doesn't control the FBI or ATF, etc.
The Federal government has the police state powers to throw me in jail.
An ISP cannot. Not that I'm a lawbreaker with things to fear... but
there is this really smart guy who wrote a book called Three Felonies A
Day: How the Feds Target the Innocent... it basically details how there
are so many ridiculous laws on the books that nobody follow (or even
know about)... that if the Feds want to make an example out of someone
or some business, they can ALWAYS find SOMETHING. Even in fortune 500
companies... if one of them decides to get real serious and follow ALL
such laws to a T... then they go out of business because their
overhead costs soar beyond their direct competitors, who are then able
to sell more products/services at a higher profit. My sister used to
work for GE... and she said they had this phrase there called
substantial compliance with Federal Laws. They couldn't be totally
compliant or they'd go out of business.

 Ummm, none of these were on the FCC.  Some were on the stacked
 Republican F*E*C.  And nobody trusts Spakovsky, the architect of
 voter caging, purges, and suppression -- who was (as we now know)
 illegally recess appointed to the FEC, and whose nomination was
 withdrawn after disclosure of conflict of interest and the
 resignation of half the Justice Department voter section staff!

I think you've gone off topic here. The bottom line is that the FCC of
the past few years has TRIED to make a crusade out of supposedly
protecting us against those meany ISPs' allegedly unfair bandwidth
allocation practices... with their proposed solution of net
neutrality... but, in reality, net neutrality is really just a
Federal Government power grab where they can then trample the 4th
amendment. Why would they do that? Because the current administration is
crawling with statist thugs, that is why. They can't help themselves. it
is in their blood. (notice that I'm NOT defending the Republican
administration FCC, nor do I care to. Your example is besides the point
and not relevant to this conversation. But the attempted net
neutrality power grab is relevant. Notice ALSO that neither

RE: switch 10G standalone TOR, core to DC

2013-01-29 Thread Summers, William

We use IBM networking (used to be BLADE networks) Rackswitch 8264. They will do 
TRILL, and have multi-chassis link aggregation, they call vLAG. We use this for 
cross datacenter aggregation. They do have the  L3 features you are looking for 
and  BGP as a possibility, but no full tables. It is a cut-through switch 
(although this can be toggled in software to store and forward in later switch 
os).  I believe, although I can't find the doc where I read this at the moment, 
the packet buffer is 2G, but shared among ports.  

Enterasys S-Series is also an option, but the 10G port densities are much 
lower. S-Series has large packet buffers, chassis bonding, and L3 features 
(some modules support full bgp tables).

Re: switch 10G standalone TOR, core to DC

2013-01-29 Thread Steven Fischer

although everyone here seems to hold Cisco in contempt, the Nexux 5548 is a
rock-solid switch - at least that has been my experience with it.


On Tue, Jan 29, 2013 at 6:27 AM, Piotr piotr.1...@interia.pl wrote:


 Hello,

 I looking some 10G switches, it should work as TOR or core in DC. It
 should have more than 40 port 10G in one unit, wirespeed L2 L3, with
 virtual routers and some other ip functions like some BGP, OSPF, policy
 routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ?

 Other important features are  big port buffers ( something similar to
 Juniper EX8200 - 512 MB per slot), defined counters accessible via snmp
 (like in junos), L3 statistics  accessible via snmp


 Extreme 670 looks good but they have small port buffers. It can be also
 some small chassis with line cards but the cost per 10G ports is too big..

 What vendor, model You prefer or suggest as a solution ?

 thanks for help
 best,
 Peter






-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy

Re: IPV6 in enterprise best practices/white papaers

- Original Message -
 From: Doug Barton do...@dougbarton.us

 On 1/28/2013 6:23 AM, Jay Ashworth wrote:
  To paraphrase Guy L Steele:
 
  If we are this far on into the new IPv6 world and that question is
  not
  one which can be answered by a link on the first page of ghits for
  'implementing IPv6', then the IPv6 people have blown it badly.
 
 Can you show me the equivalent link for I want to implement IPv4 on
 my network?

IPv4 is mature enough that for small to medium sized networks, the answer
is you plug everything in.

My appraisal of v6 is that it's an order of magnitude (or two) more complex
than that, both in 'attack' surface and interoperability issues.

But, I suppose, it took me a couple years to really learn IPv4 well.

That said, *having* learned IPv4 relatively well, I remain surprised
that there's as much additional (perceived) complexity in v6.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: switch 10G standalone TOR, core to DC

2013-01-29 Thread Alain Hebert

Hi,

I do suggest you go over EN offering with a fine tooth comb.

We experienced a whole lot of issues with 6 x650:

. from hardware licensing (start at shipping from the fab and
not when the customers get them);
. software licensing (have to license every box even the ones in
the labs);
. known eeprom defect limiting upgrade from XOS 12 to 15;
. 1 vlan-translation causing all sort of head-aches with
port-grouping (ether-channel);
. EAPS packets being silently filtered out of VMAN's when you do
not use the Core license;
( Undocumented and that is not acceptable when trying to
transport customers owns EAPS traffic on their VLAN's )
. no VLAN flapping logging;

Don't get me wrong, they are good campus switches...  just not
designed for our L2 Core purposes.

And the Licensing is just an exercise in frustration.  I can
understand the business purpose, just not the way they go about doing it.

As for L3 support, it is fine:

. include IP tracking in VRRP with is a plus for us
. Virtual Routers

We don't need them for BGP and we do not have a MPLS network yet.

As for the x670, maybe most of the hardware issue has been
addressed, but I doubt the licensing and undocumented limitations is better.

PS: We're using them (x650), and are planning to keep
using/recommending EN products, but it did cost us a lot of man hours
and un-planned crashes that could have been prevented with better
documentation and support.

Good luck with your project =D

-
Alain Hebertaheb...@pubnix.net   
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

On 01/29/13 06:27, Piotr wrote:

 Hello,

 I looking some 10G switches, it should work as TOR or core in DC. It
 should have more than 40 port 10G in one unit, wirespeed L2 L3, with
 virtual routers and some other ip functions like some BGP, OSPF,
 policy routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ?

 Other important features are  big port buffers ( something similar to
 Juniper EX8200 - 512 MB per slot), defined counters accessible via
 snmp (like in junos), L3 statistics  accessible via snmp


 Extreme 670 looks good but they have small port buffers. It can be
 also some small chassis with line cards but the cost per 10G ports is
 too big..

 What vendor, model You prefer or suggest as a solution ?

 thanks for help
 best,
 Peter

Muni network ownership and the Fourth

- Original Message -
 From: Rob McEwen r...@invaluement.com

 (C) The fact that the Internet is a series of PRIVATE networks... NOT
 owned/operated by the Feds... is a large reason why the 4th amendment
 provides such protections... it becomes somewhat of a firewall of
 protection against Federal gov't trampling of civil liberties... but
 if they own the network, then that opens up many doors for them.

Regular readers know that I'm really big on municipally owned fiber networks
(at layer 1 or 2)... but I'm also a big constitutionalist (on the first, 
second, fourth, and fifth, particularly), and this is the first really good
counter-argument I've seen, and it honestly hadn't occurred to me.

Rob, anyone, does anyone know if any 4th amendment case law exists on muni-
owned networks?

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Muni network ownership and the Fourth

2013-01-29 Thread Dave Crocker



On 1/29/2013 7:59 AM, Jay Ashworth wrote:

- Original Message -

From: Rob McEwen r...@invaluement.com



(C) The fact that the Internet is a series of PRIVATE networks... NOT
owned/operated by the Feds... is a large reason why the 4th amendment
provides such protections... it becomes somewhat of a firewall of
protection against Federal gov't trampling of civil liberties... but
if they own the network, then that opens up many doors for them.


Regular readers know that I'm really big on municipally owned fiber networks
(at layer 1 or 2)... but I'm also a big constitutionalist (on the first,
second, fourth, and fifth, particularly), and this is the first really good
counter-argument I've seen, and it honestly hadn't occurred to me.

Rob, anyone, does anyone know if any 4th amendment case law exists on muni-
owned networks?



The challenge, here, is a classic 'natural monopoly' concern/argument. 
I don't know the right answer, here, but I think the frame for 
discussing it has a long history.


d/

--
 Dave Crocker
 Brandenburg InternetWorking
 bbiw.net

Re: Looking for success stories in Qwest/Centurylink land

2013-01-29 Thread Mark Radabaugh


On 1/29/13 7:43 AM, William Allen Simpson wrote:

On 1/29/13 1:20 AM, Rob McEwen wrote:

[...] the US Federal government:

(A) ...cannot do a darn thing without MASSIVE graft  corruption... plus
massive overruns in costs... including a HEAVY dose of crony
capitalism where, often, the companies who get the contracts are the
ones who pad the wallets of the politicians in charge. [...]


Ummm, this isn't true.  As all of us old enough to remember know, the
ILECs promised that with *REDUCED* regulation they'd roll out
universal broadband IFF they were given the revenues from DSL --
putting the CLECs and small ISPs out of the broadband business.

The graft and corruption was in *private* industry, not the Federal
government, due to lack of regulation and oversight.


The other big problem with putting the government in charge is that it 
creates too 'big' of a project.   Every large contractor wants a piece 
of it, every vendor wants a part, and the end result is a specification 
that is expensive and difficult to build.   Then the bidding process to 
build/supply it starts and takes 3 years plus the 5 years for the 
lawsuits from everyone who didn't win.  By now the specification is well 
out of date but we start building it anyway. Yeah - it's built.   But we 
need to upgrade it   Repeat the above.


Don't believe it?   Take a look at a much smaller Federal system - Air 
Traffic Control and the attempts to upgrade that system.


Why would Federal Internet be any different?

--
Mark Radabaugh
Amplex

m...@amplex.net  419.837.5015

Re: Looking for success stories in Qwest/Centurylink land

2013-01-29 Thread Valdis . Kletnieks

On Tue, 29 Jan 2013 01:20:25 -0500, Rob McEwen said:

 The market will eventually sort this out... and in many cases already
 has! Meanwhile, Amtrack and the Post Office show no signs of ever making
 it without their MASSIVE taxpayer subsidies.

I can't speak to Amtrack, but a large part of the Post Office's current
difficulties is that Congress forced them to pre-fund pensions - which is
nothing unusual.  Most places are required to pay in now for their current
employees so their pensions will be funded when they retire.

What's different about the Post Office is that they're required to pre-fund
for 75 years.  Yes, you read that right - they need to pay in *now* for
the pension fund of mail carriers who won't even be born for another decade.

 Education continues to not know where billions of dollars goes each
 year... Yet, in contrast, Enron execs in are jail and Enron is no longer
 in existence

So where are all the arrests and convictions for the mortgage games and
other Wall Street malfeasance that led to the financial crisis of 2008?
Seems that was a tad more egregious than anything Enron did, so there should
have been more arrests and convictions?


pgppnl5_6t2mX.pgp
Description: PGP signature

Re: Muni network ownership and the Fourth

On 1/29/2013 10:59 AM, Jay Ashworth wrote:
 From: Rob McEwen r...@invaluement.com
 (C) The fact that the Internet is a series of PRIVATE networks... NOT
 owned/operated by the Feds... is a large reason why the 4th amendment
 provides such protections... it becomes somewhat of a firewall of
 protection against Federal gov't trampling of civil liberties... but
 if they own the network, then that opens up many doors for them.
 Regular readers know that I'm really big on municipally owned fiber networks
 (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, 
 second, fourth, and fifth, particularly), and this is the first really good
 counter-argument I've seen, and it honestly hadn't occurred to me.

 Rob, anyone, does anyone know if any 4th amendment case law exists on muni-
 owned networks?

Good question. Here is another thing to consider regarding SOME muni
network... (at least where private citizens/businesses subscribe to that
network)

When any government entity desires log files from an ISP, and if that
ISP is very protective of their customer's privacy and civil liberties,
then the ISP typically ONLY complies with the request if there is a
proper court order, granted by a judge, after probable cause of some
kind of crime has been established, where they are not on a fishing
expedition. But, in contrast, if the city government owns the network,
it seems like a police detective contacting his fellow city employee in
the IT department could easily circumvent the civil liberties
protections. Moreover, there is an argument that the ISP being stingy
with such data causes them to be heros to the public, and they gain
DESIRED press and attention when they refuse to comply with such
requests without a court order. In contrast, the city's IT staff and the
police detective BOTH share the SAME boss's boss's boss. The IT guy
won't get a pat on the back for making life difficult for the police
department. He'll just silently lose his job eventually, or get passed
up for a promotion. The motivation will be on him to PLEASE his fellow
city employees, possibly at the expense of our civil liberties.

PS - of course, no problems here if the quest to gain information
involves a muni network that is only used by city employees.

PPS - then again, maybe my log file example doesn't apply to the
particular implementation that Jay described? Regardless, it DOES apply
to various government implementations of broadband service.

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032

Re: Muni network ownership and the Fourth

- Original Message -
 From: Rob McEwen r...@invaluement.com

 When any government entity desires log files from an ISP, and if that
 ISP is very protective of their customer's privacy and civil liberties,
 then the ISP typically ONLY complies with the request if there is a
 proper court order, granted by a judge, after probable cause of some
 kind of crime has been established, where they are not on a fishing
 expedition. But, in contrast, if the city government owns the network,
 it seems like a police detective contacting his fellow city employee
 in the IT department could easily circumvent the civil liberties
 protections. Moreover, there is an argument that the ISP being stingy
 with such data causes them to be heros to the public, and they gain
 DESIRED press and attention when they refuse to comply with such
 requests without a court order. In contrast, the city's IT staff and
 the police detective BOTH share the SAME boss's boss's boss. The IT guy
 won't get a pat on the back for making life difficult for the police
 department. He'll just silently lose his job eventually, or get passed
 up for a promotion. The motivation will be on him to PLEASE his fellow
 city employees, possibly at the expense of our civil liberties.
 
 PS - of course, no problems here if the quest to gain information
 involves a muni network that is only used by city employees.
 
 PPS - then again, maybe my log file example doesn't apply to the
 particular implementation that Jay described? Regardless, it DOES
 apply to various government implementations of broadband service.

It would, if I were talking about a situation where the muni *was the ISP*,
supplying layer 3+ services.  I'm not.  I'm purposefully only talking
about layer 1 service (where the residents contract with an ISP client 
of the muni, and that client supplies an ONT and takes an optical handoff)
or, my preferred approach, a layer 2 service (where the muni supplies the 
ONT and the ISP client of the muni takes an aggregated Ethernet handoff
(probably 10G fiber, possibly trunked).

(Actually, my approach if I was building it would be Layer 2 unless the 
resident wants a Layer 1 connection to {a properly provisioned ISP,some
other location of theirs}.  Best of both worlds.)

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Muni network ownership and the Fourth

In a message written on Tue, Jan 29, 2013 at 10:59:31AM -0500, Jay Ashworth 
wrote:
 Regular readers know that I'm really big on municipally owned fiber networks
 (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, 
 second, fourth, and fifth, particularly), and this is the first really good
 counter-argument I've seen, and it honestly hadn't occurred to me.
 
 Rob, anyone, does anyone know if any 4th amendment case law exists on muni-
 owned networks?

I don't, but I'd like to point out here that I've long believed
both sides of the muni-network argument are right, and that we the
people are losing the baby with the bath water.

I am a big proponent of muni-owned dark fiber networks.  I want to
be 100% clear about what I advocate here:

  - Muni-owned MMR space, fiber only, no active equipment allowed.  A
big cross connect room, where the muni-fiber ends and providers are
all allowed to colocate their fiber term on non-discriminatory terms.

Large munis will need more than one, no run from a particular MMR
to a home should exceed 9km, allowing the providers to be within
1km of the MMR and still use 10km optics.

  - 4-6 strands per home, home run back to the muni-owned MMR space.
No splitters, WDM, etc, home run glass.  Terminating on an optical
handoff inside the home.

  - Fiber leased per month, per pair, on a cost recovery basis (to
include an estimate of OM over time), same price to all players.

I do NOT advocate that munis ever run anything on top of the fiber.
No IP, no TV, no telephone, not even teleporters in the future.
Service Providers of all types can drop a large count fiber from
their POP to the muni-owned MMR, request individual customers be
connected, and then provide them with any sort of service they like
over that fiber pair, single play, double play, triple play, whatever.

See, the Comcast's and ATT of the world are right that governments
shouldn't be ISP's, that should be left to the private sector.  I
want a choice of ISP's offering different services, not a single
monopoly.  In this case the technology can provide that, so it
should be available.

At the same time, it is very ineffecient to require each provider
to build to every house.  Not only is it a large capital cost and
barrier to entry of new players, but no one wants roads and yards
dug up over and over again.  Reducing down to one player building
the physical in the ground part saves money and saves disruption.

Regarding your 4th amendment concerns, almost all the data the
government wants is with the Service Provider in my model, same as
today.  They can't find out who you called last week without going
to the CDR or having a tap on every like 24x7 which is not cost
effective.  Could a muni still optically tap a fiber in this case
and suck off all the data?  Sure, and I have no doubt some paranoid
service provider will offer to encrypt everything at the transport
level.

Is it perfect?  No.  However I think if we could adopt this model
capital costs would come down (munis can finance fiber on low rate, long
term muni-bonds, unlike corporations, plus they only build one network,
not N), and competition would come up (small service providers can
reach customers only by building to the MMR space, not individual homes)
which would be a huge win win for consumers.

Maybe that's why the big players want to throw the baby out with the
bath water. :P

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgp5AIWIbjcNx.pgp
Description: PGP signature

Re: Looking for success stories in Qwest/Centurylink land

On 1/29/2013 11:38 AM, valdis.kletni...@vt.edu wrote:
 So where are all the arrests and convictions for the mortgage games and
 other Wall Street malfeasance that led to the financial crisis of 2008?
 Seems that was a tad more egregious than anything Enron did, so there should
 have been more arrests and convictions?

Not everyone gets caught. But across the board, corrupt private
businesses get caught  pay a price and/or disappear ...far more often
than corrupt government entities.

But even with the financial crisis of 2008, there was SOME reckoning.
Bernie Madoff is in jail. Lots of CEOs lost their jobs. Boards of
Fortune 500 companies are NOW... FINALLY... doing the due diligence that
used to not get done. Those things have to be done since everyone if
fighting for survival right now. Nobody can afford to do less... except
the Feds... who continue to operate/spend like its 1999.

More locally, on a smaller scale, I know of specific appraisers  real
estate investors who are in jail right now because they finally got
caught in a scam where (1) the investor would buy a property at a low
price, (2) his appraiser, who was in on the scam, would issue an
appraisal that was ridiculously high, (3) the real estate investor would
then get a LARGE loan on that property, (4) the investor would then
spend that money on expenses... showing no money on paper, it was
laundered (5) investor would declare bankruptcy and give those
properties back to the bank. (6) bank discovers that their collateral
on a 200K loan is really worth 40K. (repeat times 10 since the investor
did this several times over just before declaring bankruptcy.

Again, those guys are in jail. And the rules on preventing that have
been tightened. I agree, not enough people like that went to jail... but
LESS of this gets caught and punished with regard to the Federal
government's graft  corruption.

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032

Re: Looking for success stories in Qwest/Centurylink land

- Original Message -
 From: Valdis Kletnieks valdis.kletni...@vt.edu

 What's different about the Post Office is that they're required to pre-fund
 for 75 years. Yes, you read that right - they need to pay in *now* for
 the pension fund of mail carriers who won't even be born for another
 decade.

And if that had not been passed (by a MUMBLE Congress), then instead of being
$6B in the red, they'd be about $1.5B in the black.

So let us not hang the need to save USPS on Congress, when they caused the
problem in the first place.

And let's move this thread to nanog-politics, k?

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Muni network ownership and the Fourth

- Original Message -
 From: Scott Brim s...@internet2.edu

  (Actually, my approach if I was building it would be Layer 2 unless the
  resident wants a Layer 1 connection to {a properly provisioned ISP,some
  other location of theirs}. Best of both worlds.)

 Right, and a public-private partnership model is more common than
 having the city actually operate the network at any layer.

Oh, sure; most muni's contract out the build, and often the day to day
operation and customer support load, to a contractor.

But that wouldn't really help as much in this case, I don't think; that
contract would create an agency relationship, and the contractor would not
protect such log data (if it existed, which for L1 and L2 service, it would
not as this argument posits it) *from the responsible IT employees of the
municipality*.

Cheers,
-- jr 'IANAL, I just play one on the Internet' a
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Muni network ownership and the Fourth

2013-01-29 Thread Scott Brim

On 01/29/13 12:02, Jay Ashworth allegedly wrote:
 - Original Message -
 From: Rob McEwen r...@invaluement.com
 When any government entity desires log files from an ISP, and if that
 ISP is very protective of their customer's privacy and civil liberties,
 then the ISP typically ONLY complies with the request if there is a
 proper court order, granted by a judge, after probable cause of some
 kind of crime has been established, where they are not on a fishing
 expedition. But, in contrast, if the city government owns the network,
 it seems like a police detective contacting his fellow city employee
 in the IT department could easily circumvent the civil liberties
 protections. Moreover, there is an argument that the ISP being stingy
 with such data causes them to be heros to the public, and they gain
 DESIRED press and attention when they refuse to comply with such
 requests without a court order. In contrast, the city's IT staff and
 the police detective BOTH share the SAME boss's boss's boss. The IT guy
 won't get a pat on the back for making life difficult for the police
 department. He'll just silently lose his job eventually, or get passed
 up for a promotion. The motivation will be on him to PLEASE his fellow
 city employees, possibly at the expense of our civil liberties.

 PS - of course, no problems here if the quest to gain information
 involves a muni network that is only used by city employees.

 PPS - then again, maybe my log file example doesn't apply to the
 particular implementation that Jay described? Regardless, it DOES
 apply to various government implementations of broadband service.
 It would, if I were talking about a situation where the muni *was the ISP*,
 supplying layer 3+ services.  I'm not.  I'm purposefully only talking
 about layer 1 service (where the residents contract with an ISP client 
 of the muni, and that client supplies an ONT and takes an optical handoff)
 or, my preferred approach, a layer 2 service (where the muni supplies the 
 ONT and the ISP client of the muni takes an aggregated Ethernet handoff
 (probably 10G fiber, possibly trunked).

 (Actually, my approach if I was building it would be Layer 2 unless the 
 resident wants a Layer 1 connection to {a properly provisioned ISP,some
 other location of theirs}.  Best of both worlds.)
Right, and a public-private partnership model is more common than having
the city actually operate the network at any layer.

Re: Looking for success stories in Qwest/Centurylink land

2013-01-29 Thread William Allen Simpson


On 1/29/13 8:30 AM, Rob McEwen wrote:

On 1/29/2013 7:43 AM, William Allen Simpson wrote:

The graft and corruption was in *private* industry, not the Federal
government, due to lack of regulation and oversight.


I never said there wasn't graft and corruption in private industry...
but that is anecdotal... hit and miss. In contrast, graft and
corruption in the Federal Government is widespread and rampant. Finding
one example of graft and corruption in private industry is a silly way
to try to disprove my point.


Actually, graft and corruption in the Federal Government is very
rare.  State and local government is more common, and the Feds are
usually needed to clean up afterward.  Note the Kwame Kilpatrick
public corruption trial (a big deal around here)

And of course, corruption is incredibly common in the private
sector, notably the financial services industry, the realty
developer industry, etc.



Ummm, none of these were on the FCC.  Some were on the stacked
Republican F*E*C.  And nobody trusts Spakovsky, the architect of
voter caging, purges, and suppression -- who was (as we now know)
illegally recess appointed to the FEC, and whose nomination was
withdrawn after disclosure of conflict of interest and the
resignation of half the Justice Department voter section staff!


I think you've gone off topic here. The bottom line is that the FCC of
the past few years has TRIED to make a crusade out of supposedly
protecting us against those meany ISPs' allegedly unfair bandwidth
allocation practices... with their proposed solution of net
neutrality... but, in reality, net neutrality is really just a
Federal Government power grab where they can then trample the 4th
amendment.


Huh?  You cited a WSJ opinion piece as from the FCC, when it was FEC,
and they are very different entities.  Yet you claim I'm off-topic?

Net Neutrality has nothing what-so-ever to do with the 4th Amendment.



Why would they do that? Because the current administration is
crawling with statist thugs, that is why. They can't help themselves. it
is in their blood. (notice that I'm NOT defending the Republican
administration FCC, nor do I care to.


You seem very confused, and have devolved into ill-informed racist
anti-Obama diatribe that has no place on this list.



Your example is besides the point
and not relevant to this conversation. But the attempted net
neutrality power grab is relevant. Notice ALSO that neither do I defend
all practices of ISPs' bandwidth allocations. But, again, their
customers do have the option to vote with their wallets. Such options
are lost with a Federal Gov't monopoly.)


The Internet was developed by the Federal Government.  I started my
first TCP/IP implementation in 1979 on a NOAA+EPA grant; I wrote the
legislative boilerplate that provided funding for the NSFnet, and
convinced Michigan legislators to support it; then went on to write
many technical standards; and built an ISP starting in 1994.

The NSFnet wouldn't have been possible without a Federal prosecution,
and the resulting ATT Green decision.

With today's oligopolies, there's no way to vote with your wallet.

I'm done with this thread.  Please don't feed the troll.

Re: Muni network ownership and the Fourth

2013-01-29 Thread William Allen Simpson


I'd like to join Jay, Scott, Leo, and presumably Dave
supporting muni network ownership -- or at least a
not-for-profit entity.

I tried to start one a decade ago, but a lawsuit was
threatened by the incumbent cable provider (MediaOne in
those days) who claimed an exclusive right.  Since then
the state law has been changed, so we really ought to
look into it again here.

Although the 4th Amendment originally applied to only
the Federal Government (states routinely violated it),
the 14th Amendment applies it to the state (and local)
governments now.

Re: Looking for success stories in Qwest/Centurylink land

On 1/29/2013 12:21 PM, William Allen Simpson wrote:
 ill-informed racist

Really? And you call me a troll, too?

 anti-Obama diatribe that has no place on this list.

I never said anything about Obama, but, at face value, the 'Disclose'
Act was totalitarian in nature. Something I'd expect to see only
seriously proposed in the old Soviet Union. Those who enthusiastically
supported it are/were statist thugs. Proposing a bill which limits free
political speech by putting ridiculous and hugely-expensive burdens on
mom  pop bloggers typing from their living room computers is
something straight out of East Germany circa 1960 (except with today's
technology). If that means I'm talking about Obama, so be at... if the
shoe fits... but to say this is racist is laughable. Also, you can
try to dismiss the Disclose act critics by throwing labels at them...
but interesting that you didn't go on record challenging the facts in
that wsj op-ed, or go on record supporting the Disclose act. (attach
the messenger as a means of avoiding the actual subject material...
much like your 100% baseless racist accusation towards me.)

Also, you're right, at a couple of points, I did get FCC and FEC labels
mixed up. But my larger points stand. The campaign finance law passed
several years ago and the proposed 'Disclose' Act demonstrated less than
pure intentions regarding the Federal Government's desire to control
information. And the Federal Government's net neutrality proposals ARE
100% all about 4th amendment violations, as a means towards controlling
information. Even if I'm wrong and those proposing net neutrality have
100% best intentions (they don't), then a trampling of the 4th amendment
would STILL become a law of unintended consequences, at least in the
implementation proposes I've read.

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032

Muni fiber: L1 or L2?

- Original Message -
 From: Leo Bicknell bickn...@ufp.org

 I am a big proponent of muni-owned dark fiber networks. I want to
 be 100% clear about what I advocate here:
 
 - Muni-owned MMR space, fiber only, no active equipment allowed. A
 big cross connect room, where the muni-fiber ends and providers are
 all allowed to colocate their fiber term on non-discriminatory terms.

 - 4-6 strands per home, home run back to the muni-owned MMR space.
 No splitters, WDM, etc, home run glass. Terminating on an optical
 handoff inside the home.

Hmmm.  I tend to be a Layer-2-available guy, cause I think it lets smaller
players play.  Does your position (likely more deeply thought out than 
mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients
are *also* permitted to get a Layer 1 patch to a provider in the fashion you
suggest?

(I concur with your 3-pair delivery, which makes this more practical on an
M-A-C basis, even if it might require some users to have multiple ONTs...)

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Muni network ownership and the Fourth

2013-01-29 Thread Eric Brunner-Williams

On 1/29/13 9:40 AM, William Allen Simpson wrote:
 I'd like to join Jay, Scott, Leo, and presumably Dave
 supporting muni network ...

+1

i'm indifferent to the public-can't rational as munis appear to do
an adequate job of water and power delivery-to-the-curb, in eugene,
palo alto, san francisco, ... and the capacity of fiber obsoletes the
early telephone and telegraph notion of poll space contention, a basis
for an earlier natural monopoly theory.

i'm also indifferent to the leo-in-the-noc rational as the
separation is presently somewhat fictive and overzealous prosecutions
are the norm.

-e

Re: Muni network ownership and the Fourth

- Original Message -
 From: Eric Brunner-Williams brun...@nic-naa.net

 i'm also indifferent to the leo-in-the-noc rationale, as the
 separation is presently somewhat fictive and overzealous prosecutions
 are the norm.

So, you're saying muni transport is bad because there's *less* separation
is actually a red herring; private transport carriers are little better
protected?

Yeah, I'll buy that.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Muni network ownership and the Fourth

2013-01-29 Thread Masatoshi Enomoto

ifHCin-が64bitでifin-が32bitカウンタのMIBなんですね
勘違いしてました。

MessageLabs/MXLogic issues

2013-01-29 Thread Thomas York

Have any of you noticed issued delivering email through MessageLabs to
people who use MXLogic for spam/AV filtering? I've seen it more and more
over the last month, to the point that I have to call 5-10 people a day to
tell them to whitelist our domain in MXLogic. It isn't specific to a certain
domain, just to Symantec/MessageLabs IPs. I've also seen this issue once or
twice with domains hosted with Gmail, but those have cleared themselves up.

 

-- Thomas York

 



smime.p7s
Description: S/MIME cryptographic signature

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Doug Barton

On 01/29/2013 09:20 AM, Jay Ashworth wrote:
 - Original Message -
 From: Doug Barton do...@dougbarton.us
 
 On 1/28/2013 6:23 AM, Jay Ashworth wrote:
 To paraphrase Guy L Steele:

 If we are this far on into the new IPv6 world and that question is
 not
 one which can be answered by a link on the first page of ghits for
 'implementing IPv6', then the IPv6 people have blown it badly.

 Can you show me the equivalent link for I want to implement IPv4 on
 my network?
 
 IPv4 is mature enough that for small to medium sized networks, the answer
 is you plug everything in.
 
 My appraisal of v6 is that it's an order of magnitude (or two) more complex
 than that, both in 'attack' surface and interoperability issues.
 
 But, I suppose, it took me a couple years to really learn IPv4 well.
 
 That said, *having* learned IPv4 relatively well, I remain surprised
 that there's as much additional (perceived) complexity in v6.

Jay,

You have perfectly illustrated one of the largest barriers to IPv6
adoption. You of course know that if you were to go into a greenfield
IPv4 deployment the answer would not be just plug everything in. You'd
have to figure out how to split your allocated space (and/or 1918 space)
into reasonable networks, decided which networks get DHCP, assign IP
helpers, carve out p-t-p links, etc. etc. But because you've done that a
million times, and all the terminology and factors to consider are well
known to you, in effect it amounts to, just plug everything in.

Whereas, with IPv6 you have most, if not all of the same factors to
consider, but there is some marginal added complexity around things like
SLAAC/RA, some different terminology, binary math in hex instead of
octal, network sizes are many orders of magnitude larger, etc. So the
net effect is that even though under the hood it's not all that
different, it all feels new and strange. And we all know how humans
react to things that are new and strange. :)

My point in asking you to provide the equivalent link for IPv4 is to
show that there isn't one, nor could there be. You can't give someone a
cookie-cutter IPv4 network layout because the unique factors that they
have to consider will prevent that. The same is true for IPv6. What you
_can_ do, for both protocols, is to teach people best practices around
the key issues, and help and guidance along the way. There are lots of
lists that exist to do this with v6. One of the best is
ipv6-...@lists.cluenet.de. If people are interested in learning more
about v6 by osmosis that's a good list to lurk on. It's medium traffic,
but high signal::noise, and any discussions you are not interested in
you can just delete.

hth,

Doug

Re: IPV6 in enterprise best practices/white papaers

- Original Message -
 From: Doug Barton do...@dougbarton.us

  IPv4 is mature enough that for small to medium sized networks, the
  answer is you plug everything in.
 
  My appraisal of v6 is that it's an order of magnitude (or two) more
  complex than that, both in 'attack' surface and interoperability issues.
 
  But, I suppose, it took me a couple years to really learn IPv4 well.
 
  That said, *having* learned IPv4 relatively well, I remain surprised
  that there's as much additional (perceived) complexity in v6.

 You have perfectly illustrated one of the largest barriers to IPv6
 adoption. You of course know that if you were to go into a greenfield
 IPv4 deployment the answer would not be just plug everything in.

Depends on how big your deployment is.  For a small office -- say, 100 
PCs or less; something that will fit in what I will catch schidt for 
referring to as a Class C :-) -- with a single current generation 
consumer market edge NAT router, then yes, in fact, you Just Plug It All
In.

Yes, I realize, that approach does not apply to being Road Runner.  :-)

 You'd
 have to figure out how to split your allocated space (and/or 1918
 space)
 into reasonable networks, decided which networks get DHCP, assign IP
 helpers, carve out p-t-p links, etc. etc. But because you've done that
 a
 million times, and all the terminology and factors to consider are
 well
 known to you, in effect it amounts to, just plug everything in.

Well, no, not really.  As you note, of course, most of those things
are reflexes for most network engineering types, but certainly they 
took a while to get there.

 Whereas, with IPv6 you have most, if not all of the same factors to
 consider, but there is some marginal added complexity around things like
 SLAAC/RA, some different terminology, binary math in hex instead of
 octal, network sizes are many orders of magnitude larger, etc. So the
 net effect is that even though under the hood it's not all that
 different, it all feels new and strange. And we all know how humans
 react to things that are new and strange. :)

I think marginal added complexity is probably a polite understatement;
my apprehension of IPv6 is that they decided they had to fix *lots* of
problems which almost nobody actually had, *in addition* to fixing
the one which actually was a problem: address length.

In consequence of that, IPv6 feels to me like it has a bad case of what
Fred Brooks would call Second System Syndrome.

 My point in asking you to provide the equivalent link for IPv4 is to
 show that there isn't one, nor could there be. You can't give someone
 a cookie-cutter IPv4 network layout because the unique factors that they
 have to consider will prevent that. The same is true for IPv6. What you
 _can_ do, for both protocols, is to teach people best practices around
 the key issues, and help and guidance along the way. There are lots of
 lists that exist to do this with v6. One of the best is
 ipv6-...@lists.cluenet.de. If people are interested in learning more
 about v6 by osmosis that's a good list to lurk on. It's medium traffic,
 but high signal::noise, and any discussions you are not interested in
 you can just delete.

You seem to be suggesting, though, to drag the conversation back where 
I started it, that there is *so much new stuff* with IPv6 that it's 
difficult *even for old hats with IPv4* to learn it by analogy.

If that's what you mean, then I agree with you. :-)

(Yes, yes, I am coming late to this argument; the networks I'm responsible
are historically relatively small.  IPv6 connectivity has been troublesome
to acquire except at the last couple.)

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: MessageLabs/MXLogic issues

2013-01-29 Thread Rich Kulawiec

On Tue, Jan 29, 2013 at 01:43:04PM -0500, Thomas York wrote:
 Have any of you noticed issued delivering email through MessageLabs [...]

Better on the mailop list.  I believe (but am not certain) that personnel
from those operations are present there.

---rsk

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Doug Barton

On 01/29/2013 01:09 PM, Jay Ashworth wrote:
 - Original Message -
 From: Doug Barton do...@dougbarton.us
 
 IPv4 is mature enough that for small to medium sized networks,
 the answer is you plug everything in.
 
 My appraisal of v6 is that it's an order of magnitude (or two)
 more complex than that, both in 'attack' surface and
 interoperability issues.
 
 But, I suppose, it took me a couple years to really learn IPv4
 well.
 
 That said, *having* learned IPv4 relatively well, I remain
 surprised that there's as much additional (perceived) complexity
 in v6.
 
 You have perfectly illustrated one of the largest barriers to IPv6 
 adoption. You of course know that if you were to go into a
 greenfield IPv4 deployment the answer would not be just plug
 everything in.
 
 Depends on how big your deployment is.  For a small office -- say,
 100 PCs or less; something that will fit in what I will catch schidt
 for referring to as a Class C :-) -- with a single current
 generation consumer market edge NAT router, then yes, in fact, you
 Just Plug It All In.

Well sure, but the same would be true for the equivalent IPv6 deployment.

 Yes, I realize, that approach does not apply to being Road Runner.
 :-)
 
 You'd have to figure out how to split your allocated space (and/or
 1918 space) into reasonable networks, decided which networks get
 DHCP, assign IP helpers, carve out p-t-p links, etc. etc. But
 because you've done that a million times, and all the terminology
 and factors to consider are well known to you, in effect it amounts
 to, just plug everything in.
 
 Well, no, not really.  As you note, of course, most of those things 
 are reflexes for most network engineering types, but certainly they 
 took a while to get there.

Yes, that's precisely my point. :)  No one learned IPv4 networking
overnight. But people who already know IPv4 are complaining that they
can't magically come to the same degree of competence with IPv6 without
spending any time to learn it. The irony is that people who already know
networking will have a much easier time learning IPv6, with a minimal
amount of extra work, but minimal != zero.

 Whereas, with IPv6 you have most, if not all of the same factors
 to consider, but there is some marginal added complexity around
 things like SLAAC/RA, some different terminology, binary math in
 hex instead of octal, network sizes are many orders of magnitude
 larger, etc. So the net effect is that even though under the hood
 it's not all that different, it all feels new and strange. And we
 all know how humans react to things that are new and strange. :)
 
 I think marginal added complexity is probably a polite
 understatement;

No, it really isn't. I realize that the IPv6 zealots hate it when I say
this, but in many ways you can treat IPv6 just like IPv4 with bigger
addresses.

1. Don't filter ICMPv6.
2. Treat a /64 roughly the way you'd treat a /24 in IPv4.
3. Put SLAAC on the networks you have DHCPv4 on.
4. Statically assign addresses and networks for v6 on the systems you
statically assign them on v4 (servers, etc.)
5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need
to worry about it (just like you hardly ever need to worry about arp).

Voila! You've just learned 80% of what you need to know to be successful
with IPv6.

 my apprehension of IPv6 is that they decided they had
 to fix *lots* of problems which almost nobody actually had, *in
 addition* to fixing the one which actually was a problem: address
 length.
 
 In consequence of that, IPv6 feels to me like it has a bad case of
 what Fred Brooks would call Second System Syndrome.

Your assessment is correct, but the good news is that you can ignore
almost all of it. The SLAAC vs. full-featured DHCPv6 thing is still
kind of a PITA, but it's working itself out. Beyond that, if there is a
feature of IPv6 that you're not interested in, don't use it. :)

 My point in asking you to provide the equivalent link for IPv4 is
 to show that there isn't one, nor could there be. You can't give
 someone a cookie-cutter IPv4 network layout because the unique
 factors that they have to consider will prevent that. The same is
 true for IPv6. What you _can_ do, for both protocols, is to teach
 people best practices around the key issues, and help and guidance
 along the way. There are lots of lists that exist to do this with
 v6. One of the best is ipv6-...@lists.cluenet.de. If people are
 interested in learning more about v6 by osmosis that's a good list
 to lurk on. It's medium traffic, but high signal::noise, and any
 discussions you are not interested in you can just delete.
 
 You seem to be suggesting, though, to drag the conversation back
 where I started it, that there is *so much new stuff* with IPv6 that
 it's difficult *even for old hats with IPv4* to learn it by analogy.

No, quite the opposite. What I'm saying is that if you already
understand how to run a network with v4 that learning the v6 terminology
and

Re: IPV6 in enterprise best practices/white papaers

- Original Message -
 From: Doug Barton do...@dougbarton.us

  Depends on how big your deployment is. For a small office -- say,
  100 PCs or less; something that will fit in what I will catch schidt
  for referring to as a Class C :-) -- with a single current
  generation consumer market edge NAT router, then yes, in fact, you
  Just Plug It All In.
 
 Well sure, but the same would be true for the equivalent IPv6
 deployment.

Is that in fact true?  My takeaway from watching NANOG the last 8 years 
is that it doesn't always work like that.

  Well, no, not really. As you note, of course, most of those things
  are reflexes for most network engineering types, but certainly they
  took a while to get there.
 
 Yes, that's precisely my point. :) No one learned IPv4 networking
 overnight. But people who already know IPv4 are complaining that they
 can't magically come to the same degree of competence with IPv6 without
 spending any time to learn it. The irony is that people who already
 know networking will have a much easier time learning IPv6, with a
 minimal amount of extra work, but minimal != zero.

Well, this it my point.  My integration of the questions I see, and
the problems I had trying to even get a first tier grasp of it myself
is that I *expect* leverage from understanding v4 which I did not
in fact *get*; enough stuff has changed at a fundamental level that 
my v4 knowledge isn't all that helpful.

  I think marginal added complexity is probably a polite
  understatement;
 
 No, it really isn't. I realize that the IPv6 zealots hate it when I say
 this, but in many ways you can treat IPv6 just like IPv4 with bigger
 addresses.
 
 1. Don't filter ICMPv6.
 2. Treat a /64 roughly the way you'd treat a /24 in IPv4.
 3. Put SLAAC on the networks you have DHCPv4 on.
 4. Statically assign addresses and networks for v6 on the systems you
 statically assign them on v4 (servers, etc.)
 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need
 to worry about it (just like you hardly ever need to worry about arp).
 
 Voila! You've just learned 80% of what you need to know to be
 successful with IPv6.

Great, and now you've answered the OPs question.

So where, in fact, *is* the IPv6 primer that says that stuff, with 
enough backfill that you can do the further research about how and
why?

  In consequence of that, IPv6 feels to me like it has a bad case of
  what Fred Brooks would call Second System Syndrome.
 
 Your assessment is correct, but the good news is that you can ignore
 almost all of it. The SLAAC vs. full-featured DHCPv6 thing is still
 kind of a PITA, but it's working itself out. Beyond that, if there is
 a feature of IPv6 that you're not interested in, don't use it. :)

Hmmm...

  You seem to be suggesting, though, to drag the conversation back
  where I started it, that there is *so much new stuff* with IPv6 that
  it's difficult *even for old hats with IPv4* to learn it by analogy.
 
 No, quite the opposite. What I'm saying is that if you already
 understand how to run a network with v4 that learning the v6 terminology
 and equivalent concepts, plus the few extra things that you actually
 do need to manage for v6, is not that difficult. It just *seems* hard
 because before you tackle it, it's all new and strange.

Hmmm ^ 2.

  (Yes, yes, I am coming late to this argument; the networks I'm
  responsible are historically relatively small. IPv6 connectivity has
  been troublesome to acquire except at the last couple.)
 
 Roger that. Not that I'm trying to toot my own horn, but most of my
 experience has been with large enterprise networks, often spanning
 multiple continents, so I tend to think in those terms. The good news
 for smaller shops is that if you can get it, IPv6 is pretty much just
 plug it in, very similar to how you described IPv4 for a smaller shop
 above.

You haven't tried to *buy* IPv6 edge transit, have you?

Has that gotten any easier than months later, nobody has the first
clue what I'm talking about?  :-)

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Doug Barton

On 01/29/2013 01:54 PM, Jay Ashworth wrote:
 You haven't tried to *buy* IPv6 edge transit, have you?

*cough*Implementation detail*cough*

:)

Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread Christopher Nielsen

Hello,

We're in need of low-bandwidth ethernet service in our cage at
Datapipe at 150 S. Market Street for OOB. Any recommendations?

TIA

-- 
Christopher Nielsen
They who can give up essential liberty for temporary safety, deserve
neither liberty nor safety. --Benjamin Franklin
The tree of liberty must be refreshed from time to time with the
blood of patriots  tyrants. --Thomas Jefferson

Re: Muni network ownership and the Fourth

2013-01-29 Thread Zachary Giles

Not to sidestep the conversation here .. but, Leo, I love your concept
of the muni network, MMR, etc. What city currently implements this? I
want to move there! :)
-Zach

2013/1/29 Masatoshi Enomoto masatosh...@is.naist.jp:
 ifHCin-が64bitでifin-が32bitカウンタのMIBなんですね
 勘違いしてました。




-- 
Zach Giles
zgi...@gmail.com

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread TJ

 Also, if a switch does not do MLD snooping, it will flood multicast to
 all ports. You lose one of the major benefits of IPv6 multicast - less
 admin traffic.

Agreed; but just to be fair: there is still a difference between
multicast being flodded everywhere and boradcast being flooded
everywhere ... L2 interrupt vs. L2+L3 interrupt; bigger difference
than it sounds ;).


/TJ

Re: Muni network ownership and the Fourth

On 13-01-29 10:59, Jay Ashworth wrote:

 Regular readers know that I'm really big on municipally owned fiber networks
 (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, 
 second, fourth, and fifth, particularly), and this is the first really good
 counter-argument I've seen, and it honestly hadn't occurred to me.

Is last mile infrastructure really considered internet ? If a GPON
system operates as layer 2, it provides no internet connectivity, no IP
routing and would/should not implement any IP use policies such as
throttling etc.  About the only traffic management it would do is
provide separate garanteed bandwidth channel for VoIP. (or via QoS)


If the last mile is sold only as wholesale (as is the case for
Australian NBN), then it is up to each private service provider who buys
access to reach homes to implement IP policies and connect to the
internet, provide services such as DHCP etc.

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread Mike Lyon

GSM modem?  Then you aren't depending on the fiber coming into the
building...

-Mike

On Tue, Jan 29, 2013 at 12:03 PM, Christopher Nielsen cniel...@pobox.comwrote:

 Hello,

 We're in need of low-bandwidth ethernet service in our cage at
 Datapipe at 150 S. Market Street for OOB. Any recommendations?

 TIA

 --
 Christopher Nielsen
 They who can give up essential liberty for temporary safety, deserve
 neither liberty nor safety. --Benjamin Franklin
 The tree of liberty must be refreshed from time to time with the
 blood of patriots  tyrants. --Thomas Jefferson




-- 
Mike Lyon
408-621-4826
mike.l...@gmail.com

http://www.linkedin.com/in/mlyon

Re: Muni network ownership and the Fourth

- Original Message -
 From: Jean-Francois Mezei jfmezei_na...@vaxination.ca

 Is last mile infrastructure really considered internet ? If a GPON
 system operates as layer 2, it provides no internet connectivity, no IP
 routing and would/should not implement any IP use policies such as
 throttling etc. About the only traffic management it would do is
 provide separate garanteed bandwidth channel for VoIP. (or via QoS)
 
 
 If the last mile is sold only as wholesale (as is the case for
 Australian NBN), then it is up to each private service provider who
 buys access to reach homes to implement IP policies and connect to the
 internet, provide services such as DHCP etc.

Though I wouldn't pick GPON over home-run, yes, that's roughly the point I
and another poster were trying to make in earlier replies: 

If you're at layer 1, and arguably at layer 2, then move-add-change on 
physical patches / VLAN assignments is all you would need to log, since you
don't actually touch real traffic.

One of the major arguments in favor of doing it that way.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread Warren Bailey

Satellite! ;)

From my Android phone on T-Mobile. The first nationwide 4G network.

 Original message 
From: Mike Lyon mike.l...@gmail.com
Date: 01/29/2013 12:17 PM (GMT-08:00)
To: Christopher Nielsen cniel...@pobox.com
Cc: nanog@nanog.org
Subject: Re: Ethernet Service at 150 S. Market Street, SJ

GSM modem?  Then you aren't depending on the fiber coming into the
building...

-Mike

On Tue, Jan 29, 2013 at 12:03 PM, Christopher Nielsen cniel...@pobox.comwrote:

 Hello,

 We're in need of low-bandwidth ethernet service in our cage at
 Datapipe at 150 S. Market Street for OOB. Any recommendations?

 TIA

 --
 Christopher Nielsen
 They who can give up essential liberty for temporary safety, deserve
 neither liberty nor safety. --Benjamin Franklin
 The tree of liberty must be refreshed from time to time with the
 blood of patriots  tyrants. --Thomas Jefferson

--
Mike Lyon
408-621-4826
mike.l...@gmail.com

http://www.linkedin.com/in/mlyon

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread Mike Lyon

Last I heard, roof rights are pricey down there :)

On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey 
wbai...@satelliteintelligencegroup.com wrote:

  Satellite! ;)


  From my Android phone on T-Mobile. The first nationwide 4G network.



  Original message 
 From: Mike Lyon mike.l...@gmail.com
 Date: 01/29/2013 12:17 PM (GMT-08:00)
 To: Christopher Nielsen cniel...@pobox.com
 Cc: nanog@nanog.org
 Subject: Re: Ethernet Service at 150 S. Market Street, SJ


  GSM modem?  Then you aren't depending on the fiber coming into the
 building...

 -Mike

 On Tue, Jan 29, 2013 at 12:03 PM, Christopher Nielsen cniel...@pobox.com
 wrote:

  Hello,
 
  We're in need of low-bandwidth ethernet service in our cage at
  Datapipe at 150 S. Market Street for OOB. Any recommendations?
 
  TIA
 
  --
  Christopher Nielsen
  They who can give up essential liberty for temporary safety, deserve
  neither liberty nor safety. --Benjamin Franklin
  The tree of liberty must be refreshed from time to time with the
  blood of patriots  tyrants. --Thomas Jefferson
 
 


 --
 Mike Lyon
 408-621-4826
 mike.l...@gmail.com

 http://www.linkedin.com/in/mlyon




-- 
Mike Lyon
408-621-4826
mike.l...@gmail.com

http://www.linkedin.com/in/mlyon

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread John Kemp


Not sure if anyone mentioned Aaron's presentation on this topic
from way back...  Here's the link:

http://www.nanog.org/meetings/nanog47/presentations/Wednesday/Hughes_Kosters_fundamentals_N47_Wed.pdf

John Kemp (k...@routeviews.org)


On 1/26/13 1:26 AM, Pavel Dimow wrote:
 Hi,
 
 I have read many of those ipv6 documents and they are great but I
 still luck to find something like real word scenario.
 What I mean is that for example I want to start implementation of ipv6
 in my enterprise according to mu knowledge so far
 my first step is to create address plan, then implement security on
 routers/switches then on hosts, and after that I can start to create
  record and PTR recors in DNS and after that I should configure my
 dhcp servers and after all has been done I can test ipv6 in LAN and
 after that I can start configure bgp with ISP.
 Is this correct procedure? Any thoughts? If all is correct I have a
 few questions..
 
 Regarding DNS, if I give a /64 to host using SLAAC or DHCP how do I
 maintain PTR for this /64? I should use DDNS?
 What do you use in your enterprise SLAAC or DHCP? If SLAAC why not DHCP?
 Any other hints/tips?

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread George Herbert

On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.com wrote:
 Last I heard, roof rights are pricey down there :)

 On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey 
 wbai...@satelliteintelligencegroup.com wrote:

  Satellite! ;)

...And somewhat silly, given that it's *that* facility.  But the roof
is mostly clear, if anyone needs to put up a dish.

There are a couple of metro wireless providers that can touch that
location as well, in case your definition of OOB is pretty robustly
out-of-band...

But the likely solution is a network provider already there or nearby.


-- 
-george william herbert
george.herb...@gmail.com

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread Warren Bailey

I would be more than happy to put an antenna on a data center roof. Depending 
on throughput requirements, it would probably end up being cheaper to use 
satellite. Satellite is excellent for actual OOB and obviously much more 
reliable in a DR scenario.


From my Android phone on T-Mobile. The first nationwide 4G network.



 Original message 
From: George Herbert george.herb...@gmail.com
Date: 01/29/2013 12:33 PM (GMT-08:00)
To: Mike Lyon mike.l...@gmail.com
Cc: Warren Bailey wbai...@satelliteintelligencegroup.com,nanog@nanog.org
Subject: Re: Ethernet Service at 150 S. Market Street, SJ


On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.com wrote:
 Last I heard, roof rights are pricey down there :)

 On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey 
 wbai...@satelliteintelligencegroup.com wrote:

  Satellite! ;)

...And somewhat silly, given that it's *that* facility.  But the roof
is mostly clear, if anyone needs to put up a dish.

There are a couple of metro wireless providers that can touch that
location as well, in case your definition of OOB is pretty robustly
out-of-band...

But the likely solution is a network provider already there or nearby.


--
-george william herbert
george.herb...@gmail.com

Re: IPV6 in enterprise best practices/white papaers

- Original Message -
 From: John Kemp k...@network-services.uoregon.edu

 Not sure if anyone mentioned Aaron's presentation on this topic
 from way back... Here's the link:
 
 http://www.nanog.org/meetings/nanog47/presentations/Wednesday/Hughes_Kosters_fundamentals_N47_Wed.pdf

I hadn't, but now that I have, my opinion is it's like most presentation
decks: if you don't already understand what they're talking about, then 
you need the actual presentation to go with it.

It's also biased a bit higher in the stack than I live, but that's not
the presentation's fault, given it's target audience.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread PC

For typical console access/OOB use cases only or a lot more data?  If the
former, I can't see any reason to mess with anything more than a
telemetry-rate plan SIM card in a 3g/4g console server.  Chances are, if
you can get cell phone coverage to your cage, it will work fine.  They're
also very cheap, lower latency, and nothing more than velcro is needed to
install them.



On Tue, Jan 29, 2013 at 1:36 PM, Warren Bailey 
wbai...@satelliteintelligencegroup.com wrote:

 I would be more than happy to put an antenna on a data center roof.
 Depending on throughput requirements, it would probably end up being
 cheaper to use satellite. Satellite is excellent for actual OOB and
 obviously much more reliable in a DR scenario.


 From my Android phone on T-Mobile. The first nationwide 4G network.



  Original message 
 From: George Herbert george.herb...@gmail.com
 Date: 01/29/2013 12:33 PM (GMT-08:00)
 To: Mike Lyon mike.l...@gmail.com
 Cc: Warren Bailey wbai...@satelliteintelligencegroup.com,nanog@nanog.org
 Subject: Re: Ethernet Service at 150 S. Market Street, SJ


 On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.com wrote:
  Last I heard, roof rights are pricey down there :)
 
  On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey 
  wbai...@satelliteintelligencegroup.com wrote:
 
   Satellite! ;)

 ...And somewhat silly, given that it's *that* facility.  But the roof
 is mostly clear, if anyone needs to put up a dish.

 There are a couple of metro wireless providers that can touch that
 location as well, in case your definition of OOB is pretty robustly
 out-of-band...

 But the likely solution is a network provider already there or nearby.


 --
 -george william herbert
 george.herb...@gmail.com

Re: Muni network ownership and the Fourth

2013-01-29 Thread Elle Plato

 See, the Comcast's and ATT of the world are right that governments
 shouldn't be ISP's, that should be left to the private sector.  I
 want a choice of ISP's offering different services, not a single
 monopoly.  In this case the technology can provide that, so it
 should be available.


It has been my experience that the incumbents largely give small
cities the finger until a muni steps in, and makes a profitable go of
it.  Then they are all about legislation to protect them from the
unfairness of it all.  The large incumbents are basically a duopoly as
it is, and general are not offering anything innovative until they are
forced to.

Running an ISP is hard, and most munis have no experience in it.  Then
only reason to do it, is because the incumbents refuse to provide
service.  I don't think munis running networks is any sort of threat
to free enterprise.  I see them more analogous to rural electric
cooperatives that provided electric service when incumbents refused
to.  Legislating that option away, just lets the duopolies serve the
dense urban areas and ignore the less dense areas.

Elle Plato

Re: Ethernet Service at 150 S. Market Street, SJ

2013-01-29 Thread Warren Bailey

Both.

If you're looking for some kind of actual out of band (for disaster recovery 
scenarios), Satellite is an excellent option. If you just need 100-200kbps for 
basic console access, you could absolutely accomplish this with satellite. The 
only real difference between Satellite and Cellular is, if there is any real 
power at the facility Satellite will be online — I don't think we can say the 
same for cellular BTS's. Every Cellular installation I have done (over 300) has 
had a single feed to primary power. Power goes out across several blocks and 
suddenly the BTS's that are outside of that area are saturated with additional 
handset registrations. If it were me, I would not rely on 3G/4G for anything 
that had actual ramifications behind it. If you've got a killer SLA with your 
customers, the funds to deploy a VSAT solution are minimal at best. 1mbps/1mbps 
with no SLA across satellite is in the hundreds of dollars per month, and you 
get a VLAN piped straight back into your gear at your offices.

From: PC paul4...@gmail.commailto:paul4...@gmail.com
Date: Tue, 29 Jan 2013 13:58:12 -0700
To: User 
wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com
Cc: George Herbert george.herb...@gmail.commailto:george.herb...@gmail.com, 
Mike Lyon mike.l...@gmail.commailto:mike.l...@gmail.com, 
nanog@nanog.orgmailto:nanog@nanog.org 
nanog@nanog.orgmailto:nanog@nanog.org
Subject: Re: Ethernet Service at 150 S. Market Street, SJ

For typical console access/OOB use cases only or a lot more data?  If the 
former, I can't see any reason to mess with anything more than a telemetry-rate 
plan SIM card in a 3g/4g console server.  Chances are, if you can get cell 
phone coverage to your cage, it will work fine.  They're also very cheap, lower 
latency, and nothing more than velcro is needed to install them.



On Tue, Jan 29, 2013 at 1:36 PM, Warren Bailey 
wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com
 wrote:
I would be more than happy to put an antenna on a data center roof. Depending 
on throughput requirements, it would probably end up being cheaper to use 
satellite. Satellite is excellent for actual OOB and obviously much more 
reliable in a DR scenario.


From my Android phone on T-Mobile. The first nationwide 4G network.



 Original message 
From: George Herbert george.herb...@gmail.commailto:george.herb...@gmail.com
Date: 01/29/2013 12:33 PM (GMT-08:00)
To: Mike Lyon mike.l...@gmail.commailto:mike.l...@gmail.com
Cc: Warren Bailey 
wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com,nanog@nanog.orgmailto:nanog@nanog.org
Subject: Re: Ethernet Service at 150 S. Market Street, SJ


On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon 
mike.l...@gmail.commailto:mike.l...@gmail.com wrote:
 Last I heard, roof rights are pricey down there :)

 On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey 
 wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com
  wrote:

  Satellite! ;)

...And somewhat silly, given that it's *that* facility.  But the roof
is mostly clear, if anyone needs to put up a dish.

There are a couple of metro wireless providers that can touch that
location as well, in case your definition of OOB is pretty robustly
out-of-band...

But the likely solution is a network provider already there or nearby.


--
-george william herbert
george.herb...@gmail.commailto:george.herb...@gmail.com

Re: Muni network ownership and the Fourth

- Original Message -
 From: Elle Plato techg...@gmail.com

[ attribution lost ]
  See, the Comcast's and ATT of the world are right that governments
  shouldn't be ISP's, that should be left to the private sector. I
  want a choice of ISP's offering different services, not a single
  monopoly. In this case the technology can provide that, so it
  should be available.
 
 It has been my experience that the incumbents largely give small
 cities the finger until a muni steps in, and makes a profitable go of
 it. Then they are all about legislation to protect them from the
 unfairness of it all. The large incumbents are basically a duopoly as
 it is, and general are not offering anything innovative until they are
 forced to.

Yup.  In fact, late last year, it is my understanding that VZN FiOS 
said *in public, on the record* that they were done with new buildouts;
if you didn't have it, tough luck -- canonizing the assertions we'd all
been making for a decade that they would cherry pick, even though they
claimed they would not.

They're a public corporation; they have no real choice.

This is why we grant utilities monopoly franchises, with teeth in them
to recapture the Public Good we want from them; none of this has been 
news for 4 decades, but the fix was in.

And in fact, yes, VZN left behind state laws in several states forbidding
municipal ownership of communications facilities, which they, effectively,
purchased.  (The laws, not the facilities)

 Running an ISP is hard, and most munis have no experience in it. Then
 only reason to do it, is because the incumbents refuse to provide
 service. I don't think munis running networks is any sort of threat
 to free enterprise. I see them more analogous to rural electric
 cooperatives that provided electric service when incumbents refused
 to. Legislating that option away, just lets the duopolies serve the
 dense urban areas and ignore the less dense areas.

FWIW, the posting to which you're replying assumed that we were talking
about municipal service at layer 3+; we weren't, as we later corrected.

What we're talking about is acknowledging the high cost of fiber plant
buildout, and the natural monopoly it encompasses... and thus the 
municipal involvement it encourages, in an open access design.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Miquel van Smoorenburg

In article 
xs4all.12519635.4213.1359489253787.javamail.r...@benjamin.baylink.com you 
write:
- Original Message -
 From: Doug Barton do...@dougbarton.us

  Depends on how big your deployment is. For a small office -- say,
  100 PCs or less; something that will fit in what I will catch schidt
  for referring to as a Class C :-) -- with a single current
  generation consumer market edge NAT router, then yes, in fact, you
  Just Plug It All In.
 
 Well sure, but the same would be true for the equivalent IPv6
 deployment.

Is that in fact true?  My takeaway from watching NANOG the last 8 years 
is that it doesn't always work like that.

That's how it works for all our customers: they plug in the consumer
market edge IPv4 NAT + IPv6 router we send them, and they have IPv4 + IPv6
and often don't even realize it.

Mike.

Re: IPV6 in enterprise best practices/white papaers

 
 Whereas, with IPv6 you have most, if not all of the same factors
 to consider, but there is some marginal added complexity around
 things like SLAAC/RA, some different terminology, binary math in
 hex instead of octal, network sizes are many orders of magnitude
 larger, etc. So the net effect is that even though under the hood
 it's not all that different, it all feels new and strange. And we
 all know how humans react to things that are new and strange. :)
 
 I think marginal added complexity is probably a polite
 understatement;
 
 No, it really isn't. I realize that the IPv6 zealots hate it when I say
 this, but in many ways you can treat IPv6 just like IPv4 with bigger
 addresses.
 

I'm a pretty well known IPv6 zealot and I completely agree with you.

 1. Don't filter ICMPv6.
 2. Treat a /64 roughly the way you'd treat a /24 in IPv4.

Actually, I'd say treat a /64 roughly the way you'd treat any sized subnet
in IPv4, whether it's a /24, a /31, or something in between or even a really
large IPv4 single network such as a /22.

If it's an IPv4 /32, then think IPv6 /128.

 3. Put SLAAC on the networks you have DHCPv4 on.
 4. Statically assign addresses and networks for v6 on the systems you
 statically assign them on v4 (servers, etc.)
 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need
 to worry about it (just like you hardly ever need to worry about arp).
 
 Voila! You've just learned 80% of what you need to know to be successful
 with IPv6.

Agreed. The remainder has to do with:

1. Understanding and configuring RDNSS support if you're going to use SLAAC.
2. Understanding and configuring DHCPv6 if you want to use that.
3. Managing  records and dealing with ip6.arpa (nearly identical to A and 
in-addr.arpa)
4. IPv6 routing protocols (if you are in a larger environment)
5. Security policies that are more complex than simply 
default-deny-all-inbound/permit-outbound.

There's really not a whole lot else one needs to learn for most environments.

 No, quite the opposite. What I'm saying is that if you already
 understand how to run a network with v4 that learning the v6 terminology
 and equivalent concepts, plus the few extra things that you actually do
 need to manage for v6, is not that difficult. It just *seems* hard
 because before you tackle it, it's all new and strange.
 

I 100% agree with this summary.

Owen

Re: Muni fiber: L1 or L2?

2013-01-29 Thread Zachary Giles

One thing that is bothersome about carriers is that sometimes if they
have Tons of fiber to your building, they still will only offer
Layer2/3 services. If there's fiber there, I'd like to be able to
lease it in some fashion (even if expensive, but preferably not).

If a muni is making something that is good for the public, I think
they can and should offer Layer2 services, but also make the option to
directly get the fibers at a reasonable price .. even for Individuals
and small companies. I think services that are offered should also
provide the ability to order the subcomponents including Layer1.

That should encourage competition, usability, and fun. I'd totally get
a 10G from my work to home or whatever.

On Tue, Jan 29, 2013 at 12:54 PM, Jay Ashworth j...@baylink.com wrote:
 - Original Message -
 From: Leo Bicknell bickn...@ufp.org

 I am a big proponent of muni-owned dark fiber networks. I want to
 be 100% clear about what I advocate here:

 - Muni-owned MMR space, fiber only, no active equipment allowed. A
 big cross connect room, where the muni-fiber ends and providers are
 all allowed to colocate their fiber term on non-discriminatory terms.

 - 4-6 strands per home, home run back to the muni-owned MMR space.
 No splitters, WDM, etc, home run glass. Terminating on an optical
 handoff inside the home.

 Hmmm.  I tend to be a Layer-2-available guy, cause I think it lets smaller
 players play.  Does your position (likely more deeply thought out than
 mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients
 are *also* permitted to get a Layer 1 patch to a provider in the fashion you
 suggest?

 (I concur with your 3-pair delivery, which makes this more practical on an
 M-A-C basis, even if it might require some users to have multiple ONTs...)

 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink   
 j...@baylink.com
 Designer The Things I Think   RFC 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
 St Petersburg FL USA   #natog  +1 727 647 1274




-- 
Zach Giles
zgi...@gmail.com

Re: Muni network ownership and the Fourth

There's a really simple solution to this problem...

Let the muni provide L1/L2 network, and make sure that your L3 usage is
entirely run over encrypted channels between you and your (non-muni)
L3 service provider.

At that point, sure, the muni can see that you sent a lot of packets full of
gibberish back and forth to your ISP. And?

Owen

On Jan 29, 2013, at 08:46 , Rob McEwen r...@invaluement.com wrote:

 On 1/29/2013 10:59 AM, Jay Ashworth wrote:
 From: Rob McEwen r...@invaluement.com
 (C) The fact that the Internet is a series of PRIVATE networks... NOT
 owned/operated by the Feds... is a large reason why the 4th amendment
 provides such protections... it becomes somewhat of a firewall of
 protection against Federal gov't trampling of civil liberties... but
 if they own the network, then that opens up many doors for them.
 Regular readers know that I'm really big on municipally owned fiber networks
 (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, 
 second, fourth, and fifth, particularly), and this is the first really good
 counter-argument I've seen, and it honestly hadn't occurred to me.
 
 Rob, anyone, does anyone know if any 4th amendment case law exists on muni-
 owned networks?
 
 Good question. Here is another thing to consider regarding SOME muni
 network... (at least where private citizens/businesses subscribe to that
 network)
 
 When any government entity desires log files from an ISP, and if that
 ISP is very protective of their customer's privacy and civil liberties,
 then the ISP typically ONLY complies with the request if there is a
 proper court order, granted by a judge, after probable cause of some
 kind of crime has been established, where they are not on a fishing
 expedition. But, in contrast, if the city government owns the network,
 it seems like a police detective contacting his fellow city employee in
 the IT department could easily circumvent the civil liberties
 protections. Moreover, there is an argument that the ISP being stingy
 with such data causes them to be heros to the public, and they gain
 DESIRED press and attention when they refuse to comply with such
 requests without a court order. In contrast, the city's IT staff and the
 police detective BOTH share the SAME boss's boss's boss. The IT guy
 won't get a pat on the back for making life difficult for the police
 department. He'll just silently lose his job eventually, or get passed
 up for a promotion. The motivation will be on him to PLEASE his fellow
 city employees, possibly at the expense of our civil liberties.
 
 PS - of course, no problems here if the quest to gain information
 involves a muni network that is only used by city employees.
 
 PPS - then again, maybe my log file example doesn't apply to the
 particular implementation that Jay described? Regardless, it DOES apply
 to various government implementations of broadband service.
 
 -- 
 Rob McEwen
 http://dnsbl.invaluement.com/
 r...@invaluement.com
 +1 (478) 475-9032

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Eugeniu Patrascu

On Mon, Jan 28, 2013 at 6:45 PM, Mukom Akong T. mukom.ta...@gmail.com wrote:

 On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.net
 wrote:

 I thought about running pure IPv6 inside and do 6to4, but it's too
 much of a headache,


 Nice call (skipping 6to4)


 not to mention that not all the internal equipment
 knows about IPv6 - L2 switches, some terminal servers and so on.


 Does an L2 switch really care about IPv6? (except for stuff like DHCPv6
 snooping, etc?)

It doesn't, I was talking about management IP addresses (for example
HP2510 only uses IPv4 management addresses).

Eugeniu

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Eugeniu Patrascu

On Mon, Jan 28, 2013 at 8:58 PM, Doug Barton do...@dougbarton.us wrote:
 On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:

 - configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)


 Hopefully that did not included filtering ICMPv6? :)

No, of course not :)
I did a bit (actually very little) of reading about IPv6 before doing
all that, but nothing compares to the actual implementation when you
discover the quirks each vendor has in that regard :))

Eugeniu

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Eugeniu Patrascu

On Mon, Jan 28, 2013 at 9:54 PM, Owen DeLong o...@delong.com wrote:

 On Jan 28, 2013, at 10:03 , Joe Maimon jmai...@ttec.com wrote:



 Eugeniu Patrascu wrote:
 On Sat, Jan 26, 2013 at 11:26 AM, Pavel Dimow paveldi...@gmail.com wrote:

 As being personally involved deploying IPv6 on an enterprise network,
 here's how I did it (keeping in mind the fact that we have our own
 ASN):


 I suggest this be step 0


 Yes.

 - get a /48 PI from the local LIR

 And this be step 1


 No, this is step 2 and /48 is not necessarily the right answer.

 Step 1 is to evaluate your network and figure out your addressing needs.

 If you have a single corporate office and are not an ISP, then /48 is fine.

 If you have multiple locations, then a /48 per location is more appropriate.


Yes, I know this is the rule, but right now we only have one location,
so I got only a /48.

One thing that I missed in my first e-mail, was to say that for each
subnet I allocated a /64 as it works with most equipment and no funky
netmasks.

One of my ISPs is running /126 netmask on the border links and the
other runs /64 - probably a matter of preference by their network
admins.

Eugeniu

Re: Muni network ownership and the Fourth


On Jan 29, 2013, at 09:05 , Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Tue, Jan 29, 2013 at 10:59:31AM -0500, Jay Ashworth 
 wrote:
 Regular readers know that I'm really big on municipally owned fiber networks
 (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, 
 second, fourth, and fifth, particularly), and this is the first really good
 counter-argument I've seen, and it honestly hadn't occurred to me.
 
 Rob, anyone, does anyone know if any 4th amendment case law exists on muni-
 owned networks?
 
 I don't, but I'd like to point out here that I've long believed
 both sides of the muni-network argument are right, and that we the
 people are losing the baby with the bath water.
 
 I am a big proponent of muni-owned dark fiber networks.  I want to
 be 100% clear about what I advocate here:
 
  - Muni-owned MMR space, fiber only, no active equipment allowed.  A
big cross connect room, where the muni-fiber ends and providers are
all allowed to colocate their fiber term on non-discriminatory terms.
 
Large munis will need more than one, no run from a particular MMR
to a home should exceed 9km, allowing the providers to be within
1km of the MMR and still use 10km optics.
 
  - 4-6 strands per home, home run back to the muni-owned MMR space.
No splitters, WDM, etc, home run glass.  Terminating on an optical
handoff inside the home.
 
  - Fiber leased per month, per pair, on a cost recovery basis (to
include an estimate of OM over time), same price to all players.
 

This is exactly what I have been advocating for years and is similar to
what is already available in Sweden and is being implemented in Australia.
(Or at least the intent of what is supposed to be in process there).

 I do NOT advocate that munis ever run anything on top of the fiber.
 No IP, no TV, no telephone, not even teleporters in the future.
 Service Providers of all types can drop a large count fiber from
 their POP to the muni-owned MMR, request individual customers be
 connected, and then provide them with any sort of service they like
 over that fiber pair, single play, double play, triple play, whatever.
 

IMHO, this is horribly more expensive and inefficient than it should be.

The MMR should, IMHO be a colo facility where service providers can
lease racks if they choose. The colo should also be operated on a cost
recovery basis and should only be open to installation of equipment
directly related to providing service to customers reached via the MMR.

 See, the Comcast's and ATT of the world are right that governments
 shouldn't be ISP's, that should be left to the private sector.  I
 want a choice of ISP's offering different services, not a single
 monopoly.  In this case the technology can provide that, so it
 should be available.
 

+1

 At the same time, it is very ineffecient to require each provider
 to build to every house.  Not only is it a large capital cost and
 barrier to entry of new players, but no one wants roads and yards
 dug up over and over again.  Reducing down to one player building
 the physical in the ground part saves money and saves disruption.
 

Amsterdam had an interesting solution to the repeated digging problem.

As I understand it, if you want to trench something in there, you are
required to provide notice and anyone else that wants to put something
in the trench can join your build, but all comers share equally in the cost
of digging and repairing.

 Regarding your 4th amendment concerns, almost all the data the
 government wants is with the Service Provider in my model, same as
 today.  They can't find out who you called last week without going
 to the CDR or having a tap on every like 24x7 which is not cost
 effective.  Could a muni still optically tap a fiber in this case
 and suck off all the data?  Sure, and I have no doubt some paranoid
 service provider will offer to encrypt everything at the transport
 level.

Exactly.

 Is it perfect?  No.  However I think if we could adopt this model
 capital costs would come down (munis can finance fiber on low rate, long
 term muni-bonds, unlike corporations, plus they only build one network,
 not N), and competition would come up (small service providers can
 reach customers only by building to the MMR space, not individual homes)
 which would be a huge win win for consumers.

The biggest thing blocking this is the entrenched interests of the current
monopoly providers and their very effective lobbying capabilities, IMHO.

 Maybe that's why the big players want to throw the baby out with the
 bath water. :P

Exactly.

Owen

Re: Muni network ownership and the Fourth

On 13-01-29 15:17, Jay Ashworth wrote:

 If you're at layer 1, and arguably at layer 2, then move-add-change on 
 physical patches / VLAN assignments is all you would need to log, since you
 don't actually touch real traffic.

It is in fact important for a government (municipal, state/privince or
federal) to stay at a last mile layer 2 service with no retail offering.
Wholesale only.

Not only is the last mile competitively neutral because it is not
involved in retail, but it them invites competition by allowing many
service providers to provide retail services over the last mile network.

Re: Muni fiber: L1 or L2?

2013-01-29 Thread Miles Fidelman

It's a matter of economies of scale. If everyone has to light their own 
fiber, you haven't saved that much.  If the fiber is lit, at L2, and 
charged back on a cost-recovery basis, then there are tremendous 
economies of scale.  The examples that come to mind are campus and 
corporate networks.


Miles Fidelman

Jay Ashworth wrote:

- Original Message -

From: Leo Bicknell bickn...@ufp.org
I am a big proponent of muni-owned dark fiber networks. I want to
be 100% clear about what I advocate here:

- Muni-owned MMR space, fiber only, no active equipment allowed. A
big cross connect room, where the muni-fiber ends and providers are
all allowed to colocate their fiber term on non-discriminatory terms.
- 4-6 strands per home, home run back to the muni-owned MMR space.
No splitters, WDM, etc, home run glass. Terminating on an optical
handoff inside the home.

Hmmm.  I tend to be a Layer-2-available guy, cause I think it lets smaller
players play.  Does your position (likely more deeply thought out than
mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients
are *also* permitted to get a Layer 1 patch to a provider in the fashion you
suggest?

(I concur with your 3-pair delivery, which makes this more practical on an
M-A-C basis, even if it might require some users to have multiple ONTs...)

Cheers,
-- jra



--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra

Re: switch 10G standalone TOR, core to DC

2013-01-29 Thread Peter Phaal

Peter,

Network visibility wasn't mentioned as a requirement, but it is worth
considering since the ToR switches are the best place monitor server
network I/O, tunneled traffic (VxLAN, GRE etc), storage (iSCSI, FCoE,
HDFS etc).

The Nexus 5548 switch does not include monitoring (i.e. no
NetFlow/sFlow). The Nexus 3048, along with all the other 10G ToR
switches so far mentioned on this thread, supports sFlow and provides
wire speed 10G/40G monitoring.

The following article provides additional background:

http://blog.sflow.com/2012/02/10-gigabit-ethernet.html

Cheers,
Peter

On Tue, Jan 29, 2013 at 7:15 AM, Steven Fischer sfischer1...@gmail.com wrote:
 although everyone here seems to hold Cisco in contempt, the Nexux 5548 is a
 rock-solid switch - at least that has been my experience with it.


 On Tue, Jan 29, 2013 at 6:27 AM, Piotr piotr.1...@interia.pl wrote:


 Hello,

 I looking some 10G switches, it should work as TOR or core in DC. It
 should have more than 40 port 10G in one unit, wirespeed L2 L3, with
 virtual routers and some other ip functions like some BGP, OSPF, policy
 routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ?

 Other important features are  big port buffers ( something similar to
 Juniper EX8200 - 512 MB per slot), defined counters accessible via snmp
 (like in junos), L3 statistics  accessible via snmp


 Extreme 670 looks good but they have small port buffers. It can be also
 some small chassis with line cards but the cost per 10G ports is too big..

 What vendor, model You prefer or suggest as a solution ?

 thanks for help
 best,
 Peter






 --
 To him who is able to keep you from falling and to present you before his
 glorious presence without fault and with great joy

Re: Muni network ownership and the Fourth

2013-01-29 Thread Eric Brunner-Williams

On 1/29/13 3:50 PM, Jean-Francois Mezei wrote:
 It is in fact important for a government (municipal, state/privince or
 federal) to stay at a last mile layer 2 service with no retail offering.
 Wholesale only.

That reminds me, the City of Eugene is interviewing for a CTO. I think
the City could and should populate its rights of way (Eugene's public
utility delivers water and power to residential customers)  with
physical media.

 Not only is the last mile competitively neutral because it is not
 involved in retail, but it them invites competition by allowing many
 service providers to provide retail services over the last mile network.

My guess is that if the offering to use municipal transport was made
to any access provider except those franchise incumbents (Comcast for
ip/cdn, Verizon, ip/ss7), they would sue, under some equity theory or
another, so the last mile competitively neutral really means the
City is paying to do a buildout the local duopoly franchies won't, and
the equity to access providers will be limited to the City owned
infrastructure, not the infrastructure the duopolies have built out in
the past under City granted franchise.

Well, got to read some pleadings and FCC filings related to Oregon law
and municipal authority to impose rights-of-way (ROW) compensation
and management.

Eric

Will wholesale-only muni actually bring the boys to your yard?

- Original Message -
 From: Jean-Francois Mezei jfmezei_na...@vaxination.ca

 It is in fact important for a government (municipal, state/privince or
 federal) to stay at a last mile layer 2 service with no retail
 offering. Wholesale only.
 
 Not only is the last mile competitively neutral because it is not
 involved in retail, but it them invites competition by allowing many
 service providers to provide retail services over the last mile
 network.

This, Jean-Francois, is the assertion I hear relatively frequently.

It rings true to me, in general, and I would go that way... but there is
a sting in that tail: Can I reasonably expect that Road Runner will in fact
be technically equipped and inclined to meet me to get my residents as 
subscribers?  Especially if they're already built HFC in much to all of
my municipality?

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Will wholesale-only muni actually bring the boys to your yard?

2013-01-29 Thread John T. Yocum




On 1/29/2013 4:39 PM, Jay Ashworth wrote:

- Original Message -

From: Jean-Francois Mezei jfmezei_na...@vaxination.ca



It is in fact important for a government (municipal, state/privince or
federal) to stay at a last mile layer 2 service with no retail
offering. Wholesale only.

Not only is the last mile competitively neutral because it is not
involved in retail, but it them invites competition by allowing many
service providers to provide retail services over the last mile
network.


This, Jean-Francois, is the assertion I hear relatively frequently.

It rings true to me, in general, and I would go that way... but there is
a sting in that tail: Can I reasonably expect that Road Runner will in fact
be technically equipped and inclined to meet me to get my residents as
subscribers?  Especially if they're already built HFC in much to all of
my municipality?

Cheers,
-- jra



If there is competition offering next-gen type services, that they can't 
reasonably or more easily offer via their existing HFC plant, then I 
would expect they'd start using the muni network.


I think the biggest factor though, would be cost. If using the muni 
network is cheaper than their own HFC plant, they may actually phase out 
their HFC network over time.


--John

Re: Muni fiber: L1 or L2?

In a message written on Tue, Jan 29, 2013 at 12:54:26PM -0500, Jay Ashworth 
wrote:
 Hmmm.  I tend to be a Layer-2-available guy, cause I think it lets smaller
 players play.  Does your position (likely more deeply thought out than 
 mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients
 are *also* permitted to get a Layer 1 patch to a provider in the fashion you
 suggest?

No, and there's good reason why, I'm about to write a response to Owen
that will also expand on why.

There are a number of issues with the muni running the ONT:

 - Muni now has to have a different level of techs and truck rolls.
 - The Muni MMR now is much more complex, requiring power (including
   backup generators, etc) and likely 24x7 staff as a result.
 - The muni-ont will limit users to the technologies the ONT supports.
   If you want to spin up 96x10GE WDM your 1G ONT won't allow it.
 - The optic cost is not significantly different if the muni buys them
   and provides lit L2, or if the service/provider user provides them.

The muni should sell L1 patches to anyone in the MMR.  Note, this
_includes_ two on-net buildings.  So if your work and home are connected
to the same muni-MMR you could order a patch from one to the other.
It may now be max ~20km, so you'll need longer reach optics, but if you
want to stand up 96x10GE WDM you're good to go.

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpa1jke7mH3w.pgp
Description: PGP signature

Re: Muni network ownership and the Fourth

In a message written on Tue, Jan 29, 2013 at 02:14:46PM -0800, Owen DeLong 
wrote:
 The MMR should, IMHO be a colo facility where service providers can
 lease racks if they choose. The colo should also be operated on a cost
 recovery basis and should only be open to installation of equipment
 directly related to providing service to customers reached via the MMR.

I'm not sure I agree with your point.

The _muni_ should not run any equipment colo of any kind.  The muni
MMR should be fiber only, and not even require so much as a generator
to work.  It should not need to be staffed 24x7, have anything that
requires PM, etc.

I fully support the muni MMR being inside of a colocation facility
run by some other company (Equinix/DLR/CoreSite, whatever) so folks
can colo on site.  I think it is also important someone be able
to set up a colo down the street and just drop in a 1000 strand
fiber cable to the actual MMR.

Why is this important?  Well, look at one of the failure modes of
the CO system.  When DSL was in its hayday, CO's would become full,
and no new DSL providers would be able to get colo space.  Plus the
CO's could use space/power/hands time/etc as profit centers.
Muni-fiber should stay as far away from these problems as possible.

I think it's also important to consider the spectrum of deployments
here.  A small town of 1000 homes may have MuniMMRREIT come in and
build a 5,000 sq foot building with 1,000 of that leased to the
muni for fiber patch panels, and the other 4,000 sold to ISP's by
the rack to provide service.  On the other side consider a space
like New York City, where MuniFiberCo builds out 50,000 square feet
for fiber racks somewhere, and ISP #1 drops in 10,000 strands from
111 8th Ave, and ISP #2 drops in 10,000 strands from 25 Broadway,
and so on.  In the middle may be a mid-sized town, where the build the
MMR in a business park, and 3 ISP's erect their own colos, and a colo
provider builds the fourth a houses a dozen smaller players.

In the small town case, MuniMMRREIT may agree to a regulated price
structure for colo space.  In the New York City case, it would make
no sense for one colo to try and house all the equipment now and
forever, and there would actually (on a per strand basis) be very
minimal cost to pull 10,000 strands down the street.  I'll argue
that running 10,000 strands (which is as few as 12 860 strand fiber
cables) a block or two down the street is far less cost than trying
to shoehorn more colo into an existing building where it is hard
to add generators/chillers/etc.

Basically, running fiber a block or two down the street opens up a
host of cheaper realestate/colo opportunities, and it doesn't cost
significanly more than running the fiber from one end of a colo to
another relative to all the other costs.

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpcPnmYQ0Y32.pgp
Description: PGP signature

Re: Will wholesale-only muni actually bring the boys to your yard?


On Jan 29, 2013, at 4:39 PM, Jay Ashworth j...@baylink.com wrote:

 - Original Message -
 From: Jean-Francois Mezei jfmezei_na...@vaxination.ca
 
 It is in fact important for a government (municipal, state/privince or
 federal) to stay at a last mile layer 2 service with no retail
 offering. Wholesale only.
 
 Not only is the last mile competitively neutral because it is not
 involved in retail, but it them invites competition by allowing many
 service providers to provide retail services over the last mile
 network.
 
 This, Jean-Francois, is the assertion I hear relatively frequently.
 
 It rings true to me, in general, and I would go that way... but there is
 a sting in that tail: Can I reasonably expect that Road Runner will in fact
 be technically equipped and inclined to meet me to get my residents as 
 subscribers?  Especially if they're already built HFC in much to all of
 my municipality?
 

It doesn't actually matter. You don't necessarily need to be the only wholesale
offering, you just need to be open to all service providers. This means that
if Road Runner wants to pay for their own infrastructure instead of using yours,
then that will increase their costs and likely make it harder for them to 
compete
with ISPs (and other services) that choose to use your infrastructure.

Owen

Re: Muni network ownership and the Fourth

In a message written on Tue, Jan 29, 2013 at 03:03:51PM -0500, Zachary Giles 
wrote:
 Not to sidestep the conversation here .. but, Leo, I love your concept
 of the muni network, MMR, etc. What city currently implements this? I
 want to move there! :)

I don't know any in the US that have the model I describe.  :(

My limited understanding is some other countries have a similar model,
but I don't know of any good english language summaries.  For instance I
believe the model used in Sweeden is substantially similar to what I
describe...

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpBu2MnwbPIL.pgp
Description: PGP signature

Re: Muni fiber: L1 or L2?

I would put it differently.

I believe that the entity (muni, county, state, special district, or whatever) 
should
be required to make dark fiber patches available.

I believe they should be allowed to optionally provide L2 enabled services of 
various
forms.

I believe that they should be prohibited from engaging in L3+ services.

I believe they should be required to offer more than a MMR type facility in 
order to
enable cost-effective utilization by smaller providers. There are a number of 
ways
this can be accomplished without necessarily requiring the muni to get into 
anything
complicated.

Owen

On Jan 29, 2013, at 6:51 PM, Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Tue, Jan 29, 2013 at 12:54:26PM -0500, Jay Ashworth 
 wrote:
 Hmmm.  I tend to be a Layer-2-available guy, cause I think it lets smaller
 players play.  Does your position (likely more deeply thought out than 
 mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients
 are *also* permitted to get a Layer 1 patch to a provider in the fashion you
 suggest?
 
 No, and there's good reason why, I'm about to write a response to Owen
 that will also expand on why.
 
 There are a number of issues with the muni running the ONT:
 
 - Muni now has to have a different level of techs and truck rolls.
 - The Muni MMR now is much more complex, requiring power (including
   backup generators, etc) and likely 24x7 staff as a result.
 - The muni-ont will limit users to the technologies the ONT supports.
   If you want to spin up 96x10GE WDM your 1G ONT won't allow it.
 - The optic cost is not significantly different if the muni buys them
   and provides lit L2, or if the service/provider user provides them.
 
 The muni should sell L1 patches to anyone in the MMR.  Note, this
 _includes_ two on-net buildings.  So if your work and home are connected
 to the same muni-MMR you could order a patch from one to the other.
 It may now be max ~20km, so you'll need longer reach optics, but if you
 want to stand up 96x10GE WDM you're good to go.
 
 -- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: Muni fiber: L1 or L2?

In a message written on Tue, Jan 29, 2013 at 07:11:56PM -0800, Owen DeLong 
wrote:
 I believe they should be allowed to optionally provide L2 enabled services of 
 various
 forms.

Could you expand on why you think this is necessary?  I know you've
given this some thought, and I'd like to understand.

The way I see it, for $100 in equipment (2x$50 optics) anyone can
light 1Gbps over the fiber.  The only way the muni has significantly
cheaper port costs than a provider with a switch and a port per
customer is to do something like GPON which allows one port to
service a number of customers, but obviously imposes a huge set of
limitions (bandwiths, protocols you can run over it, etc).

I also think the ONT adds unnecesary cost.  They are used today
primarily for a handoff test point, and to protect shared networks
(like GPON) from a bad actor.  With a dedicated fiber pair per
customer I think they are unnecessary.  I can see a future where
the home gateway at the local big box has an SFP port (or even fixed
1000baseLX optics) and plugs directly into the fiber pair.

No ONT cost, no ONT limitations, no need to power it (UPS battery
replacement, etc).  It's a value subtract, not a value add.

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpQvpQliT8s4.pgp
Description: PGP signature

Re: Muni network ownership and the Fourth


On Jan 29, 2013, at 7:03 PM, Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Tue, Jan 29, 2013 at 02:14:46PM -0800, Owen DeLong 
 wrote:
 The MMR should, IMHO be a colo facility where service providers can
 lease racks if they choose. The colo should also be operated on a cost
 recovery basis and should only be open to installation of equipment
 directly related to providing service to customers reached via the MMR.
 
 I'm not sure I agree with your point.
 
 The _muni_ should not run any equipment colo of any kind.  The muni
 MMR should be fiber only, and not even require so much as a generator
 to work.  It should not need to be staffed 24x7, have anything that
 requires PM, etc.
 

 I fully support the muni MMR being inside of a colocation facility
 run by some other company (Equinix/DLR/CoreSite, whatever) so folks
 can colo on site.  I think it is also important someone be able
 to set up a colo down the street and just drop in a 1000 strand
 fiber cable to the actual MMR.

There's a problem with this. You've now granted an effective monopoly to
said colo facility and they can engage in uneven and/or egregious pricing
schemes to block competition for local access services in much the way
that the current utility owned HFC and twisted pair infrastructures do.

 Why is this important?  Well, look at one of the failure modes of
 the CO system.  When DSL was in its hayday, CO's would become full,
 and no new DSL providers would be able to get colo space.  Plus the
 CO's could use space/power/hands time/etc as profit centers.
 Muni-fiber should stay as far away from these problems as possible.

Full is full. In reality, no matter what mechanism you choose, this will
be a potential issue, even with the MMR architecture.

However, let's look at the real problems with COs… First, the COs were
run by the incumbent monopoly carrier and said carrier was allowed
to compete for services on the lines, not just manage the lines. Since
the operator in this case isn't allowed to operate services on the lines and
is neutral to all service providers, you don't have this issue. If the colo is
operated on a cost-recovery basis, then it also isn't a profit center by
definition.


 I think it's also important to consider the spectrum of deployments
 here.  A small town of 1000 homes may have MuniMMRREIT come in and
 build a 5,000 sq foot building with 1,000 of that leased to the
 muni for fiber patch panels, and the other 4,000 sold to ISP's by
 the rack to provide service.  On the other side consider a space
 like New York City, where MuniFiberCo builds out 50,000 square feet
 for fiber racks somewhere, and ISP #1 drops in 10,000 strands from
 111 8th Ave, and ISP #2 drops in 10,000 strands from 25 Broadway,
 and so on.  In the middle may be a mid-sized town, where the build the
 MMR in a business park, and 3 ISP's erect their own colos, and a colo
 provider builds the fourth a houses a dozen smaller players.

Yes, let's consider these…

Case 1 everything mostly works out OK, but the 4000 feet of colo space
grants a form of monopoly to MuniMMRREIT which basically allows them
to print money on the backs of local consumers. To make matters worse,
nothing prevents them from crawling into bed with favored providers and
producing policies, procedures, and costs which inhibit competition against
those favored providers.

Case 2, you move the CO Full problem from the CO to the adjacent
cable vaults. Even with fiber, a 10,000 strand bundle is not small.

It's also a lot more expensive to pull in 10,000 strands from a few
blocks away than it is to drop a router in the building with the MMR
and aggregate those cross-connects into a much smaller number
of fibers leaving the MMR building.

Case 3 actually seems closer to ideal to me, but you're depending on
a lot of things happening exactly the right way in a situation where markets
have proven to be significantly subject to manipulation by incumbents.

More likely, $TELCO buys the business park and…

 
 In the small town case, MuniMMRREIT may agree to a regulated price
 structure for colo space.  In the New York City case, it would make
 no sense for one colo to try and house all the equipment now and
 forever, and there would actually (on a per strand basis) be very
 minimal cost to pull 10,000 strands down the street.  I'll argue
 that running 10,000 strands (which is as few as 12 860 strand fiber
 cables) a block or two down the street is far less cost than trying
 to shoehorn more colo into an existing building where it is hard
 to add generators/chillers/etc.

In the NY case, it depends. If the colo is a 90+ story building, then it
might well be practical. If you're talking about using existing buildings,
then you might have to get creative. However,  if you're starting
with a vacant lot, then there are lot of possibilities.

 Basically, running fiber a block or two down the street opens up a
 host of cheaper realestate/colo opportunities, and it doesn't cost

Re: Muni fiber: L1 or L2?


On Jan 29, 2013, at 7:23 PM, Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Tue, Jan 29, 2013 at 07:11:56PM -0800, Owen DeLong 
 wrote:
 I believe they should be allowed to optionally provide L2 enabled services 
 of various
 forms.
 
 Could you expand on why you think this is necessary?  I know you've
 given this some thought, and I'd like to understand.
 
 The way I see it, for $100 in equipment (2x$50 optics) anyone can
 light 1Gbps over the fiber.  The only way the muni has significantly
 cheaper port costs than a provider with a switch and a port per
 customer is to do something like GPON which allows one port to
 service a number of customers, but obviously imposes a huge set of
 limitions (bandwiths, protocols you can run over it, etc).
 

But it's not $100 in equipment. It's $100 in optics + $350 in line cards +
technician time to install…

OTOH, if the muni operates L2 services and provides a pre-joined group
of subscribers as a handoff to a single GPON optical port provided by
the ISP or is allowed to provide pre-mused DWDM from a group of
subscribers to a single-fiber hand-off to the ISP or whatever, then you
increase the number and variety of competition and reduce certain
barriers to that competition. I'm not saying it always makes sense in
all situations. I'm saying that the muni should not necessarily be
precluded from doing so where it does make sense.

 I also think the ONT adds unnecesary cost.  They are used today
 primarily for a handoff test point, and to protect shared networks
 (like GPON) from a bad actor.  With a dedicated fiber pair per
 customer I think they are unnecessary.  I can see a future where
 the home gateway at the local big box has an SFP port (or even fixed
 1000baseLX optics) and plugs directly into the fiber pair.

You're going to need a handoff test point of some form for any
residential service. If you think otherwise, then I would argue you
simply don't have enough experience dealing with residential
installations (from a provider perspective).

Bad actor isolation is important on GPON, but it's not nearly as
critical for point-to-point. However, you do still need the test point
at the demarc. You want active equipment of some form at the
CP that you own. You want everything past that active equipment
to be the customer's problem.

 No ONT cost, no ONT limitations, no need to power it (UPS battery
 replacement, etc).  It's a value subtract, not a value add.

It really isn't. You'd be surprised how many uncompensated truck rolls
are eliminated every day by being able to talk to the ONT from the
help desk and tell the subscriber Well, I can manage your ONT and
it's pretty clear the problem is inside your house. Would you like to
pay us $150/hour to come out and troubleshoot it for you?

Owen

Re: Muni network ownership and the Fourth

In a message written on Tue, Jan 29, 2013 at 07:46:06PM -0800, Owen DeLong
wrote:
Case 2, you move the CO Full problem from the CO to the adjacent
cable vaults. Even with fiber, a 10,000 strand bundle is not small.

It's also a lot more expensive to pull in 10,000 strands from a few
blocks away than it is to drop a router in the building with the MMR
and aggregate those cross-connects into a much smaller number
of fibers leaving the MMR building.
[snip]
But what happens when you fill the cable vaults?

It's really not an issue. 10,000 fibers will fit in a space not
much larger than my arm.

I have on my desk a 10+ year old cable sample of a Corning 864
strand cable (36 ribbons of 24 fibers a ribbon). It is barely
larger around than my thumb. Each one terminated into an almost-full
rack of SC patch panels.

A web page on the cable:
http://catalog.corning.com/CableSystems/en-US/catalog/ProductDetails.aspx?cid=pid=105782vid=106018

My company at the time build a duct bank by building 6x4 conduit,
installing 3x1.25 innerduct in each conduct, and pulling one of
those cables in each innerduct. That's a potential capacity of
15,525 fibers in a duct bank perhaps 14 wide by 8 tall.

A vault as used for traditional telco or electrical (one big
enough for a man to go down in) could hold millions of these fibers.
They were never used, because they were way too big. There's also
plenty of experience in this area, telcos have been putting much
larger copper cables into CO's for a long time.

Were there demand, they could easily put more ribbons in a single
armored sheeth. The actual stack of fibers is about 1/2 wide and
3/8 thick for the 864 strands. You could extrapolate a single
10,000 strand cable that would be smaller than the power cables
going to a typical commercial transformer.

The cost of fiber is terminating it. Running 864 strands from one
end of a colo to another inside, compared with running it a block
down the street isn't significantly different; modulo any construction
costs. Obviously if it costs $1M to dig up the street that's bad,
but for instance if there is already an empty duct down the street
and it's just pulling cable, the delta is darn near zero.

That's why I think rather than having the muni run colo (which may
fill), they should just allow providers to drop in their own fiber
cables, and run a fiber patch only room. There could then be hundreds
of private colo providers in a 1km radius of the fiber MMR, generating
lots of competition for the space/power side of the equation. If one
fills up, someone will build another, and it need not be on the same
square of land

--
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: Muni fiber: L1 or L2?

In a message written on Tue, Jan 29, 2013 at 07:53:34PM -0800, Owen DeLong 
wrote:
 It really isn't. You'd be surprised how many uncompensated truck rolls
 are eliminated every day by being able to talk to the ONT from the
 help desk and tell the subscriber Well, I can manage your ONT and
 it's pretty clear the problem is inside your house. Would you like to
 pay us $150/hour to come out and troubleshoot it for you?

I would love statistics from actual providers today.

I don't know of any residential telco services (pots, ISDN BRI, or
DSL) that has an active handoff they can test to without a truck
roll.

I don't know of any cable services with an active handoff similar
to an ONT, although they can interrogate most cable boxes and modems
for signal quality measurements remotely to get some idea of what
is going on.  On the flip side, when CableCo's provide POTS they
must include a modem with a battery, and thus incur the cost of
shipping new batteries out and old batteries back every ~5 years;
which they sometimes do by truck roll...

So it seems to me both of those services find things work just fine
without an ONT-like test point.  ONTs seem unique to FTTH deployments,
of which most today are GPON...

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: Will wholesale-only muni actually bring the boys to your yard?

On 13-01-29 19:39, Jay Ashworth wrote:

 It rings true to me, in general, and I would go that way... but there is
 a sting in that tail: Can I reasonably expect that Road Runner will in fact
 be technically equipped and inclined to meet me to get my residents as 
 subscribers?  Especially if they're already built HFC in much to all of
 my municipality?

I do not have numbers, but based on what I have read. municipal
deployments have occured in cases where incumbents were not interested
in providing modern internet access.

What may happen is that once they see the minucipality building FTTH,
they may suddently develop an interest in that city and deploy HFC and
or DSL and then sue the city for reason X.

The normal behaviour should be: we'll gladly connect to the municipal
system.

A good layer 2 deployment can support DHCP or PPPoE and thus be
compatible with incumbents infrastructure. However, a good layer2
deployment won't have RFoG support and will prefer IPTV over the data
channel (the australian model supports multicast). So cable companies
without IPTV services may be at a disadvantage.

In Canada, Rogers (cableco) has announced that they plan to go all IPTV
instead of conventional TV channels.

Re: Muni network ownership and the Fourth

On 13-01-29 22:03, Leo Bicknell wrote:

 The _muni_ should not run any equipment colo of any kind.  The muni
 MMR should be fiber only, and not even require so much as a generator
 to work.  It should not need to be staffed 24x7, have anything that
 requires PM, etc.

This is not possible in a GPON system. The OLT has to be carrier neutral
so that different carriers can connect to it. It is the last point of
aggregation before reaching homes.

Otherwise, you would need to run multiple strands to each splitter box
and inside run as many splitters as there are ISPs so that one home an
be connect to the splitter used by ISP-1 while the next home's strand is
connected to another splitter associated with ISP-2. This gets complicated.

Much simpler for the municipality to run L2 to a single point of
aggregation where different ISPs can connect.  In the case of Australia,
the aggregation points combine a few towns in rural areas. (so multiple
OLTs).


 I fully support the muni MMR being inside of a colocation facility
 run by some other company (Equinix/DLR/CoreSite, whatever) so folks
 can colo on site.

Just because it is a municipal system does not mean that it has to be
municipal employees who run the OLT and do the maintenance of the fibre
plant. It can very well be a private company comtracted by the city to
provide carrier neutral services to any ISP who wants to connect.

Re: Muni network ownership and the Fourth

2013-01-29 Thread George Herbert

On Tue, Jan 29, 2013 at 8:10 PM, Leo Bicknell bickn...@ufp.org wrote:
 In a message written on Tue, Jan 29, 2013 at 07:46:06PM -0800, Owen DeLong 
 wrote:
 Case 2, you move the CO Full problem from the CO to the adjacent
 cable vaults. Even with fiber, a 10,000 strand bundle is not small.

 It's also a lot more expensive to pull in 10,000 strands from a few
 blocks away than it is to drop a router in the building with the MMR
 and aggregate those cross-connects into a much smaller number
 of fibers leaving the MMR building.
 [snip]
 But what happens when you fill the cable vaults?

 It's really not an issue.  10,000 fibers will fit in a space not
 much larger than my arm.

 I have on my desk a 10+ year old cable sample of a Corning 864
 strand cable (36 ribbons of 24 fibers a ribbon).  It is barely
 larger around than my thumb.  Each one terminated into an almost-full
 rack of SC patch panels.

 A web page on the cable:
 http://catalog.corning.com/CableSystems/en-US/catalog/ProductDetails.aspx?cid=pid=105782vid=106018

 My company at the time build a duct bank by building 6x4 conduit,
 installing 3x1.25 innerduct in each conduct, and pulling one of
 those cables in each innerduct.  That's a potential capacity of
 15,525 fibers in a duct bank perhaps 14 wide by 8 tall.

 A vault as used for traditional telco or electrical (one big
 enough for a man to go down in) could hold millions of these fibers.
 They were never used, because they were way too big.  There's also
 plenty of experience in this area, telcos have been putting much
 larger copper cables into CO's for a long time.

 Were there demand, they could easily put more ribbons in a single
 armored sheeth.  The actual stack of fibers is about 1/2 wide and
 3/8 thick for the 864 strands.  You could extrapolate a single
 10,000 strand cable that would be smaller than the power cables
 going to a typical commercial transformer.

 The cost of fiber is terminating it.  Running 864 strands from one
 end of a colo to another inside, compared with running it a block
 down the street isn't significantly different; modulo any construction
 costs.  Obviously if it costs $1M to dig up the street that's bad,
 but for instance if there is already an empty duct down the street
 and it's just pulling cable, the delta is darn near zero.

 That's why I think rather than having the muni run colo (which may
 fill), they should just allow providers to drop in their own fiber
 cables, and run a fiber patch only room.  There could then be hundreds
 of private colo providers in a 1km radius of the fiber MMR, generating
 lots of competition for the space/power side of the equation.  If one
 fills up, someone will build another, and it need not be on the same
 square of land

It's more than just terminating it; the bulk fiber is not free.  And
it's not the customer end where you see congestion; unless you
(expensively) splice out in the field at intermediate aggregation
points, for a say 10,000 customer wire center you have 10,000 x the
individual cable cross section area at the convergence point.  Which
you have to provision end-to-end unbroken as splicing is likely to
screw with your overall cost model in an atrocious way.  Unlike all
the other media.

Yes, you can buy some fiber that aggregates smaller bundles, but they
don't split nicely 100 ways in a manner you can realistically fan out
from one master bundle at the head end (unless there's a fiber type
out there I am not aware of, I don't do this part of the stuff all the
time).

It's a pain in the ass to provision in a way that you can centralize a
L1 dark fiber service, because of splices.  If you're providing L2
then you don't splice, you just run to a pole or ground or vault box
and terminate there, and have a few 10G or 40G or 100G uplink fibers
from there to your interchange point wire center.  If you're
providing L1 then that's an amazingly complex fiber pull / conduit /
delivered fiber quality / space management problem at the wire center.


-- 
-george william herbert
george.herb...@gmail.com

Re: IPV6 in enterprise best practices/white papaers

2013-01-29 Thread Jussi Peltola

On Tue, Jan 29, 2013 at 09:07:57PM +1100, Karl Auer wrote:
 Also, if a switch does not do MLD snooping, it will flood multicast to
 all ports. You lose one of the major benefits of IPv6 multicast - less
 admin traffic.
 
 You need to spec new switches with IPv6 capability.
 
NDP multicast has scaling issues, and I'd not be surprised if switches
will soon stop learning it and flood all NDP multicasts to save space
for the users' higher-traffic multicast groups.

This is very reasonable, because end-host Ethernet chipsets have been
discarding useless frames since the beginning. Even unicast frames were
flooded in the times of coax and hubs; ethernet chipsets will drop
disinteresting frames on the floor.

The problem with ARP and other broadcasts was that they were never
dropped by any ethernet chipset, because there was no way for it to know
if it is interesting. NDP multicast addresses, on the other hand, allow
for the device to program only the multicast MACs it is interested about
in the ethernet chipset, so the CPU will never see the useless packets.

This is a very good compromise for most cases; you haul some useless
packets, but they are dropped by the ethernet chipset, so even the most
measly print server or internet controlled coffee maker CPU will not be
unduly burdened. You will also not need to burden your network with
multicast groups (=state) to save hauling a few useless packets around.

* * *

There are some cases where it actually is expensive to flood ARP/NDP
requests, like 802.11 WLANs where bandwidth can be limited and
multicast/broadcast is implemented by transmitting at a very low bitrate
to hope everyone can hear it, taking up airtime on access points,
instead of transmitting at high rates with an ACK mechanism like unicast
frames. (*)

If the WLAN implements MLD snooping, an NDP broadcast is unlikely to be
listened to by more than one host; a smart AP could deliver it like a
unicast frame at a high rate to said single client. The other APs in the
same L2 network can drop the frame on the floor altogether, or never see
it if the wired network has MLD snooping. But even in this case it
scales better to have access points throw away a small amount of frames
than have the whole wired switch network learn a large amount of
multicast groups that churn each time the client roams to a new AP.



* I am aware this is a simplification, and many modern WLANs are
smarter than this; many also do proxy ARP to eliminate the problem with
flooded ARP broadcasts altogether.

Re: Looking for success stories in Qwest/Centurylink land

2013-01-29 Thread Michael Painter

- Original Message - 
From: valdis.kletni...@vt.edu

To: Rob McEwen r...@invaluement.com
Cc: nanog@nanog.org
Sent: Tuesday, January 29, 2013 6:38 AM
Subject: Re: Looking for success stories in Qwest/Centurylink land
snip

So where are all the arrests and convictions for the mortgage games and
other Wall Street malfeasance that led to the financial crisis of 2008?
Seems that was a tad more egregious than anything Enron did, so there should
have been more arrests and convictions?

http://www.rollingstone.com/politics/news/secret-and-lies-of-the-bailout-20130104

Re: Muni network ownership and the Fourth

 
 That's why I think rather than having the muni run colo (which may
 fill), they should just allow providers to drop in their own fiber
 cables, and run a fiber patch only room.  There could then be hundreds
 of private colo providers in a 1km radius of the fiber MMR, generating
 lots of competition for the space/power side of the equation.  If one
 fills up, someone will build another, and it need not be on the same
 square of land
 

The two options are not mutually exclusive. Nothing precludes bringing
additional fiber in where that makes sense even if you have an on-site
colo facility.

Owen

Re: Muni fiber: L1 or L2?


On Jan 29, 2013, at 20:16 , Leo Bicknell bickn...@ufp.org wrote:

 In a message written on Tue, Jan 29, 2013 at 07:53:34PM -0800, Owen DeLong 
 wrote:
 It really isn't. You'd be surprised how many uncompensated truck rolls
 are eliminated every day by being able to talk to the ONT from the
 help desk and tell the subscriber Well, I can manage your ONT and
 it's pretty clear the problem is inside your house. Would you like to
 pay us $150/hour to come out and troubleshoot it for you?
 
 I would love statistics from actual providers today.
 
 I don't know of any residential telco services (pots, ISDN BRI, or
 DSL) that has an active handoff they can test to without a truck
 roll.
 

Well, often they will (over the phone) tell the customer to take their
phone (or DSL modem) out to the NIU and see if it works there with
the rest of the house unplugged. So that covers POTS and DSL.

I suppose it would probably also work for BRI if they took the NT out
to the same point.

 I don't know of any cable services with an active handoff similar
 to an ONT, although they can interrogate most cable boxes and modems
 for signal quality measurements remotely to get some idea of what
 is going on.  On the flip side, when CableCo's provide POTS they
 must include a modem with a battery, and thus incur the cost of
 shipping new batteries out and old batteries back every ~5 years;
 which they sometimes do by truck roll...

In the cable world, they can interrogate not only your various boxes
if available, but they can also probe your neighbor's boxes. Because
of the tree-structured nature, if your connection is unresponsive, but
your neighbors all respond, they can be pretty much narrow it down
to your drop and/or your IW. However, in most cases, $CABLECO
takes greater responsibility for the co-ax IW than $TELCO, so this may
be somewhat moot.

 So it seems to me both of those services find things work just fine
 without an ONT-like test point.  ONTs seem unique to FTTH deployments,
 of which most today are GPON...

Not so much...

First, as pointed out above, there is the (less useful, but somewhat
equivalent NIU) for the UTP world.

Cable is a somewhat different business model.

Also, historically, while not residential (in most cases), don't forget
about the various active components on T1 and DS0 circuits which
could be remotely looped by the Telco.

Yes, ONTs are unique to FTTH, but, they do represent one of the
factors that makes FTTH cheaper and more sustainable that copper
plants.

Owen

Re: Muni network ownership and the Fourth


On Jan 29, 2013, at 20:30 , Jean-Francois Mezei jfmezei_na...@vaxination.ca 
wrote:

 On 13-01-29 22:03, Leo Bicknell wrote:
 
 The _muni_ should not run any equipment colo of any kind.  The muni
 MMR should be fiber only, and not even require so much as a generator
 to work.  It should not need to be staffed 24x7, have anything that
 requires PM, etc.
 
 This is not possible in a GPON system. The OLT has to be carrier neutral
 so that different carriers can connect to it. It is the last point of
 aggregation before reaching homes.
 
 Otherwise, you would need to run multiple strands to each splitter box
 and inside run as many splitters as there are ISPs so that one home an
 be connect to the splitter used by ISP-1 while the next home's strand is
 connected to another splitter associated with ISP-2. This gets complicated.
 

Why can't the splitters be in the MMR? (I'm genuinely asking... I confess
to a certain level of GPON ignorance).


 Much simpler for the municipality to run L2 to a single point of
 aggregation where different ISPs can connect.  In the case of Australia,
 the aggregation points combine a few towns in rural areas. (so multiple
 OLTs).
 

Yes, but this approach locks us into GPON only which I do not advocate.
GPON is just the current fad. It's not necessarily the best long term
solution.

Owen

Re: Muni network ownership and the Fourth