Re: ABQNOG -- May 4, 2023

[Chris Grundemann]

Thanks for sharing, John. I'm excited for this event, long overdue!

See everyone there - find me wherever the green chile is being served. =)

~Chris



On Mon, Apr 3, 2023 at 8:58 PM John Osmon  wrote:

> For folks that might be in the southwest US (and any that want to
> visit!), we're going to hold an operators group meeting on May 4,
> 2023 in Albuquerque, New Mexico.
>
> Come to the land of green chile chessburgers, and meet some of the
> local operators.  This inaugural meeting is free.  We hope to
> see you in May!
>
> http://abqnog.org
>
>
>
>

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Wed, Mar 1, 2023 at 9:12 AM Tom Beecher  wrote:

> Fair play, Tom. All I can say is that after 20 years of working on, in,
>> and around the Internet, I'm sure as hell not going to ruin my reputation
>> now.
>>
>
> Apologies if I implied anything like that. Wasn't my intent to do so.
>

Thanks Tom - I just wanted to assure you and all participants that I will
not be using this survey as a jumping off point for a sales pitch; and I
won't be sharing the email addresses nor any identifiable data with anyone
else.

>
>
>> And whether we engineers like it or not, one of the best ways to measure
>> trends is in the relative amount of money organizations spend on them...
>>
>
> I am not sure I completely agree with that assertion honestly.
>
> Seen plenty of projects that saw dumptrucks of time/money thrown at only
> to never be completed or implemented. Have also seen plenty of projects
> that didn't get much investment, yet ended up yielding massive benefits in
> productivity and money.
>
> There is of course some merit there , but I would disagree that spend
> itself is a good barometer.
>
>
Fair points again - my take is that spend is one data point worth looking
at, along with staffing, and of course along with the self reporting on
what things are automated and to what degree. I hope that this combination
of metrics will come together to paint an interesting and informative
picture. And I can say that based on the responses so far - they do!

Cheers,
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Tue, Feb 28, 2023 at 1:09 PM Lou D  wrote:

> Chris ,
>
> Competed the survey , I think I understand why some might feel issues with
> the financial questions but it’s a fair point to understand on how there
> can be avenues to maximize savings for one services if you can get
> automation rolled in with it . All the best with the survey
>

Thanks, Lou!

Savings is one potential aspect, but truly the spend numbers are mostly
about helping to determine how "serious" companies are taking automation.
Along with the other questions, they are a clue to how much automation is
actually out there in the real world.

Cheers,
~Chris


> On Tue, Feb 28, 2023 at 2:37 AM Chris Grundemann 
> wrote:
>
>> On Mon, Feb 27, 2023 at 2:30 PM Tom Beecher  wrote:
>>
>>> Having the opt out is nice, but if I am being completely honest, it
>>> gives me pause as to what the intent of this survey is in the first place.
>>>
>>> I perhaps may be hyper cynical, but those feel like a straight line
>>> towards the standard salesperson line of "look at what you are spending now
>>> on FOO , you could save X if you used BAR".
>>>
>>
>> Fair play, Tom. All I can say is that after 20 years of working on, in,
>> and around the Internet, I'm sure as hell not going to ruin my reputation
>> now.
>>
>> The intent of the survey is exactly as I stated: To report network
>> automation trends back to the community.
>>
>> And whether we engineers like it or not, one of the best ways to measure
>> trends is in the relative amount of money organizations spend on them...
>>
>> HTH,
>> ~Chris
>>
>>
>>> On Mon, Feb 27, 2023 at 4:12 PM Chris Grundemann 
>>> wrote:
>>>
>>>> On Mon, Feb 27, 2023 at 12:15 PM Tom Beecher 
>>>> wrote:
>>>>
>>>>>
>>>>> I was also off put by some of the financial questions in there.
>>>>>
>>>>
>>>> The financial questions (2 of them) both allow opt-out if that is a
>>>> sticking point. They are also both as vague as possible (large ranges, not
>>>> exact figures) while still providing something to baseline against.
>>>>
>>>>
>>>>
>>

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Mon, Feb 27, 2023 at 2:30 PM Tom Beecher  wrote:

> Having the opt out is nice, but if I am being completely honest, it gives
> me pause as to what the intent of this survey is in the first place.
>
> I perhaps may be hyper cynical, but those feel like a straight line
> towards the standard salesperson line of "look at what you are spending now
> on FOO , you could save X if you used BAR".
>

Fair play, Tom. All I can say is that after 20 years of working on, in, and
around the Internet, I'm sure as hell not going to ruin my reputation now.

The intent of the survey is exactly as I stated: To report network
automation trends back to the community.

And whether we engineers like it or not, one of the best ways to measure
trends is in the relative amount of money organizations spend on them...

HTH,
~Chris


> On Mon, Feb 27, 2023 at 4:12 PM Chris Grundemann 
> wrote:
>
>> On Mon, Feb 27, 2023 at 12:15 PM Tom Beecher  wrote:
>>
>>>
>>> I was also off put by some of the financial questions in there.
>>>
>>
>> The financial questions (2 of them) both allow opt-out if that is a
>> sticking point. They are also both as vague as possible (large ranges, not
>> exact figures) while still providing something to baseline against.
>>
>>
>>

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Mon, Feb 27, 2023 at 11:57 AM Denis Fondras  wrote:

> Le Mon, Feb 27, 2023 at 11:16:13AM -0700, Chris Grundemann a écrit :
> > Update: The survey has received almost 4 dozen responses already!
> >
> > Of course, for the most meaningful results possible, I'd like to see that
> > about 10x higher.
> >
>
> Don't expect too much when you need a Google account to answer a survey :)
>

For better or worse, some form of SPAM protection is needed for publically
available surveys. A free account seems like a low bar - but I acknowledge
that it is a bar.

If you would like a private survey to complete without requiring a Google
account, please let me know directly and I will find a way to make that
happen. This is an open invite to all who share Denis' concern.


>
> > If you help run a network and have not yet responded, please consider
> doing
> > so - it really should only take a few minutes, and we'll all be better
> off
> > having the additional data point:
> >
> https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link
> >
> >
> > Thanks so much!
> > ~Chris
> >
>

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

On Mon, Feb 27, 2023 at 12:15 PM Tom Beecher  wrote:

>
> I was also off put by some of the financial questions in there.
>

The financial questions (2 of them) both allow opt-out if that is a
sticking point. They are also both as vague as possible (large ranges, not
exact figures) while still providing something to baseline against.

Re: 2023 State of Network Automation Survey

[Chris Grundemann]

Update: The survey has received almost 4 dozen responses already!

Of course, for the most meaningful results possible, I'd like to see that
about 10x higher.

If you help run a network and have not yet responded, please consider doing
so - it really should only take a few minutes, and we'll all be better off
having the additional data point:
https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link


Thanks so much!
~Chris



On Mon, Feb 20, 2023 at 6:06 PM Chris Grundemann 
wrote:

> Hail NANOGers!
>
> For those of you who were unable to attend my lightning talk las Wednesday
> (link below) I would like to ask that you all complete the 2023 State of
> Network Automation Survey:
>
> https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link
>
> I did my best to make it as short as possible while collecting enough data
> to be useful. I will share the analysed and anonymized results with all
> respondents, as well as (assuming the talk is accepted) at the next NANOG
> meeting.
>
> Feel free to send any questions directly, although I hope the survey is
> self-explanatory.
>
> For a bit more context, the lightning talk can be viewed here:
> https://youtu.be/p7rlhkmlDog
>
> Thanks in advance for your participation!
>
> Cheers,
> ~Chris
>
>
> --
> @ChrisGrundemann
> http://chrisgrundemann.com
>


-- 
@ChrisGrundemann
http://chrisgrundemann.com

2023 State of Network Automation Survey

[Chris Grundemann]

Hail NANOGers!

For those of you who were unable to attend my lightning talk las Wednesday
(link below) I would like to ask that you all complete the 2023 State of
Network Automation Survey:
https://docs.google.com/forms/d/e/1FAIpQLSc5J_i2rkcpgkvI83Vj3DRVsau5jZ1u99M7p_ecWOgnW_9XHg/viewform?usp=sf_link

I did my best to make it as short as possible while collecting enough data
to be useful. I will share the analysed and anonymized results with all
respondents, as well as (assuming the talk is accepted) at the next NANOG
meeting.

Feel free to send any questions directly, although I hope the survey is
self-explanatory.

For a bit more context, the lightning talk can be viewed here:
https://youtu.be/p7rlhkmlDog

Thanks in advance for your participation!

Cheers,
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Intro and Invitation to SANOG

[Chris Grundemann]

Hail NANOGers!

As I must assume you are all aware, NANOG is one of many NOGs & NOFs
around the world these days.

One of the oldest of those NOGs that many of you may not have heard of
is SANOG - the South Asian Network Operators Group. SANOG has been
running strong since 2003. And their community has done amazing work
in their region, from the jungles of Sri Lanka to the mountaintops of
Nepal and a whole lot more.

Learn more about SANOG here: https://sanog.org/

But why am I telling you this?

Well, I'm on the PC for their next meeting (SANOG 37), which will be
held virtually from Colombo.

"Virtually" means you have an opportunity to share your knowledge with
an international audience, without getting on a plane! Present on a
topic that will support the SANOG community with your expertise and
experience from the comfort of your own home/office!

Call for Papers is open:
https://sanog.org/sanog37/

Feel free to hit me with questions.

Cheers,
~Chris

--
@ChrisGrundemann
http://chrisgrundemann.com

Call for Volunteers - 2021 IX-Denver Board Election

[Chris Grundemann]

Hail NANOG!

IX-Denver will be holding an election at our February 2021 members meeting.
The purpose of this election will be selecting three board members for one
year terms (2021) and four board members for two year terms (2021-2022). To
ensure that IX-Denver has the best possible leadership, we are now calling
for volunteers who are willing and able to serve our members as Directors.

Seven board seats are up for election in 2021

You can view all of the current board members here:

https://ix-denver.org/governance/board-of-directors/

We are seeking volunteers and nominations to fill these seven open board
seats. To be considered; please send: Name, email, and a brief biography to
peer...@ix-denver.org.

# Responsibilities

As an all volunteer organization, IX-Denver relies heavily on its Board of
Directors.

Some of the various tasks performed by current board members include:

* Financial planning and bookkeeping

* Setting strategic direction for the organization based on member input

* Providing technical leadership to the organization based on industry best
practices

* Proposing and conducting configuration changes, upgrades, new installs,
etc.

* Developing new and existing software tools

* Configuring member ports, route server sessions, etc.

* Communicating with members directly and via mailing lists

* Seeking out new members and partners and bringing them on-board

* Evangelizing the use of peering

* Website and social media updates

* Event planning and execution

* Accounts payable and accounts receivable

* Leading other volunteers

Not all members take on all of these tasks and this is not a comprehensive
list. You will need to commit at least 10 hours per month to this position
(2-4 hours per week), including monthly online board meetings. Twice a year
we meet in person (once that is practical again) for about a half a day.

Folks who live in Colorado and have Internet technology related experience
are preferred. Feel free to share this call with those you think are a
great fit.

# Important Dates

* 19 January 2021 - Call for Volunteers opens

* 4 February 2021 - Call for Volunteers closes

* 5 February 2021 - Slate of candidates announced

* 18 February 2021 - Members meeting and election

* 5 March 2021 - New Board announced

This information is also posted here:
https://ix-denver.org/governance/2021-election/

Thank you,

Chris Grundemann

Co-Founder, IX-Denver

-- 
@ChrisGrundemann
http://chrisgrundemann.com

CloudFlare Issues?

[Chris Grundemann]

Looks like there may be something big up (read: down) at CloudFlare, but
their status page is not reporting anything yet.

Am I crazy? Or just time to give up on the internet for this week?

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Disney+ CDN

[Chris Grundemann]

On Fri, Apr 12, 2019 at 3:03 PM Jared Geiger  wrote:

> An article mentioned BAMTech's platform which is what NHL, MLB, and HBO GO
> are built on. The bits from the first two come from Akamai and Level3 CDNs.
> I haven't looked into where HBO Go comes from.
>

Yep, they decided to buy BAMTech and build their own:
https://www.thewaltdisneycompany.com/walt-disney-company-acquire-majority-ownership-bamtech/




>
> On Thu, Apr 11, 2019 at 9:58 PM Aaron Gould  wrote:
>
>> Have we found out yet if Disney+ will have a CDN?  Like Netflix oca,
>> Akamai aanp, google ggc, facebook fna … a Disney isp-located cdn presence ?
>>
>>
>>
>> disneyplus.com
>>
>>
>>
>> -Aaron
>>
>>
>>
>>
>>
>>
>>
>> *From:* NANOG [mailto:nanog-boun...@nanog.org] *On Behalf Of *Aaron
>> Graves
>> *Sent:* Saturday, December 29, 2018 7:22 PM
>> *To:* nanog@nanog.org
>> *Subject:* Disney+ CDN
>>
>>
>>
>> Anyone know what Disney is planning on doing for streaming content
>> distribution once they leave Netflix?  Would be nice if they'd provide an
>> on-prem cache server.
>>
>>
>>
>> AG
>>
>

-- 
@ChrisGrundemann
http://chrisgrundemann.com

FYI - IX-Denver Call for Volunteers (3 Board Seats up for Election)

[Chris Grundemann]

>>> FYI <<<

IX-Denver will be holding an election at our 2018 members meeting. The
purpose of this election will be selecting three Board members for two year
terms (2018-2020). To ensure that IX-Denver has the best possible
leadership, we are now calling for volunteers who are willing and able to
serve our members as Directors.

Three Board seats are up for election in 2018, two of which are being
vacated:

 * Mark Calkins - Seeking re-election
 * Jay Hanke - Not seeking re-election
 * Ogi Mitev - Not seeking re-election

You can view all of the current Board members here:
https://ix-denver.org/governance/board-of-directors/

We are seeking volunteers and nominations to fill these three open Board
seats. To be considered; please send name, email, and a brief biography to
peer...@ix-denver.org.

# Responsibilities
As an all volunteer organization, IX-Denver relies heavily on its Board of
Directors.

Some of the various tasks performed by current Board members include:

* Financial planning and book keeping
* Setting strategic direction for the organization based on member input
* Providing technical leadership to the organization based on industry best
practices
* Proposing and conducting configuration changes, upgrades, new installs,
etc.
* Developing new and existing software tools
* Configuring member ports, route server sessions, etc.
* Communicating with members directly and via mailing lists
* Seeking out new members and partners and bringing them on-board
* Evangelizing the use of peering
* Website and social media updates
* Event planning and execution
* Accounts payable and accounts receivable
* Leading other volunteers

Not all members take on all of these tasks and this is not a comprehensive
list. You will need to commit at least 10 hours per month to this position (2-4
hours per week), including monthly online board meetings. Twice a year we
meet in person for about a half a day.

Folks who live in Colorado and have Internet technology related experience
are preferred. In particular this year, we are seeking someone with
accounting experience.

# Important Dates
* 5 September 2018 - Call for Volunteers opens
* 20 September 2018 - Call for Volunteers closes
* 28 September 2018 - Slate of candidates announced
* 18 October 2018 - Members meeting and election
* 26 October 2018 - New Board announced

This information is also posted here:
https://ix-denver.org/governance/2018-election/

Thank you,
~Chris
(President, IX-Denver)

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Broadcom vs Mellanox based platforms

[Chris Grundemann]

Mellanox commissioned a report along these lines from Tolly in 2016:
https://www.mellanox.com/related-docs/tolly/tolly-report-performance-evaluation-2016-march.pdf

Obviously a grain of salt is needed with any commissioned study - but it
will at least point you to some tests and methodologies that you can use...


On Mon, Jun 4, 2018 at 1:41 AM, Kasper Adel  wrote:

> Hello
>
> I’m asked to evaluate switching platforms that has different forwarding
> chips but the same OS.
>
> Assuming these vendors give the same SDK and similar documentation/support,
> then what would be comparison points to consider, other than the obvious
> (price, features, bps, pps).
>
> I’m thinking, how do i validate their claims about capability to do
> leaf/spine arch, ToR/Gateways, telemetry, serviceability, facilities to
> troubleshoot packet drops or FIB programming misses, hidden tools...etc
>
> It would be great if anyonw can give some thoughts around it, specially if
> you have tried one or both.
>
> Thanks
> Kim
>



-- 
@ChrisGrundemann
http://chrisgrundemann.com

MANRS IXP Webinar: Tuesday, 13 March

[Chris Grundemann]

Hail NANOGers!

If you operate an IX in North America, this message is for you.

(I'm passing it along on behalf of my former colleagues at the Internet
Society.)

Hope to "see" you on the webinar this Tuesday!


———
Hi,

The MANRS IXP Partnership program is designed to invite and encourage
participation of IXPs in MANRS (Mutually Agreed Norms for Routing
Security). In accordance with the principles of the initiative, the
membership depends on the visible commitment to improve the routing
security of the peering fabric and Internet infrastructure in general and
demonstrated by the implementation of defined Actions.

The Internet Society is looking for leading IXPs around the world that have
a track record in contributing to routing security, already implement the
majority of Actions and are willing to participate in the launch of this
program, planned in early 2018. The set of Actions was developed by the
development team consisting of IXP representatives around the world. It has
been reviewed in by various IXP communities, such as EURO-IX, LAC-IX, Af-IX.

I’d like to invite you to participate in a webinar on March 13 at 14:00 EDT
(18:00 UTC) where we present the IXP Partnership Program and the Actions to
the North-American IXP community and invite your feedback. Call details are
below. We would also ask you to disseminate the information about the
webinar to the NA IX community.

MANRS (https://www.manrs.org) is a collaborative initiative, coordinated by
the Internet Society. It was launched in November 2014 and has received
much encouragement from all sections of the Internet industry. The key
objective of MANRS is to gain industry-wide agreement on a minimum set of
practices for secure routing across the Internet, through coordinated
action by many parties.

MANRS was designed for network operators, but other parties can play an
important role in facilitating improvements in routing security such as
Internet Exchange Points (IXPs). Many of them represent active communities
with common operational objectives and already contribute to a more
resilient and secure Internet infrastructure.


Thanks!

Mark Buell
Regional Bureau Director, North America
Internet Society





Details:
Topic: MANRS and IXPs
Time: Mar 13, 2018 7:00 PM Amsterdam, Berlin, Rome, Stockholm, Vienna

Join from PC, Mac, Linux, iOS or Android: https://isoc.zoom.us/j/288357813

Or iPhone one-tap :
US: +16699006833,,288357813#  or +16465588656,,288357813#
Or Telephone:
Dial(for higher quality, dial a number based on your current location):
US: +1 669 900 6833  or +1 646 558 8656
Meeting ID: 288 357 813
International numbers available: https://isoc.zoom.
us/zoomconference?m=WXysPTqEpKm5ELZq6evhxxHUX43prdSf




-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Open-IX BCOP Committee Call for Volunteers

[Chris Grundemann]

The call for volunteers ends one week from today - reach out to me today!


On Mon, Sep 25, 2017 at 11:24 AM, Chris Grundemann <cgrundem...@gmail.com>
wrote:

> Pardon the interruption.
>
> There is a new effort underway to ensure that BCOP has a home in North
> America and your help is needed.
>
> Following the publication of the Open-IX Document Development Policy (OIX
> DDP) and the formation of the Best Current Operational Practices committee
> (BCOP) <http://www.open-ix.org/cpages/bcop-committee>, the Open-IX Board
> of Directors is now seeking volunteers to take on this valuable work.
>
> Open-IX Best Current Operational Practices (BCOP) Committee members are
> expected to seek out subject matter experts and encourage the documentation
> of BCOPs from the global network engineering community. This is typically
> done through activity on mailing lists, conversations at industry events,
> and leveraging personal relationships. Committee members are further
> expected to shepherd appropriate documents through the process from Appeal
> to published BCOP, including updates to existing documents as needed.
>
> If you share a passion for sharing knowledge, increasing the resiliency
> and efficiency of the global internet infrastructure, and have a few hours
> a month to dedicate to this effort, we encourage you to volunteer! Please
> send your name, email address, and a brief statement of interest to
> cgrundemann  open-ix.org.
>
> While we continuously seek new voices for all committees, this call is
> expected to close on 31 October, 2017. Please submit before that time to be
> considered for an immediate opening on the BCOP committee.
>
> Thank you,
> ~Chris
>

Open-IX BCOP Committee Call for Volunteers

[Chris Grundemann]

Pardon the interruption.

There is a new effort underway to ensure that BCOP has a home in North
America and your help is needed.

Following the publication of the Open-IX Document Development Policy (OIX
DDP) and the formation of the Best Current Operational Practices committee
(BCOP) , the Open-IX Board of
Directors is now seeking volunteers to take on this valuable work.

Open-IX Best Current Operational Practices (BCOP) Committee members are
expected to seek out subject matter experts and encourage the documentation
of BCOPs from the global network engineering community. This is typically
done through activity on mailing lists, conversations at industry events,
and leveraging personal relationships. Committee members are further
expected to shepherd appropriate documents through the process from Appeal
to published BCOP, including updates to existing documents as needed.

If you share a passion for sharing knowledge, increasing the resiliency and
efficiency of the global internet infrastructure, and have a few hours a
month to dedicate to this effort, we encourage you to volunteer! Please
send your name, email address, and a brief statement of interest to
cgrundemann  open-ix.org.

While we continuously seek new voices for all committees, this call is
expected to close on 31 October, 2017. Please submit before that time to be
considered for an immediate opening on the BCOP committee.

Thank you,
~Chris

Re: Multi-CDN Strategies

[Chris Grundemann]

On Fri, Mar 10, 2017 at 5:19 PM, Chris Woodfield 
wrote:

> I could keep going, but if so, I might as well stick them into a
> powerpoint and submit a talk for Bellevue :)


Not a bad idea!

Maybe there's a BCOP here..?


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Multi-CDN Strategies

[Chris Grundemann]

Hail NANOG;

Is anyone here leveraging multiple CDN providers for resiliency and have
best practices or other advice they'd be willing to share?

Thanks,
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Multi-vendor strategies [was: Re: Benefits (and Detriments) of Standardizing Network Equipment in a Global Organization]

[Chris Grundemann]

On Thu, Dec 29, 2016 at 10:05 AM, Randy Bush  wrote:

> > I apparently wasn't very clear. In the layered approach to multiple
> > vendors, you would (obviously) choose your layer definitions to avoid
> > such delicate interdependence.
>
> can you describe in useful detail your operational experience doing
> this?


I'll certainly try.

As one hopefully fairly clear example; at a large (US-nation-wide) metro
Ethernet provider, we standardized as follows:

L3 devices (aka core, customer edge, and Internet/peering edge routers)
were all from Vendor A
 - These devices spoke OSPF, BGP, and RSVP with each other.

L2 devices (aka metro ring switches) were all from Vendor B
 - These devices spoke STP with each other.

L1 devices (aka optical transport) were all from Vendors C or D (individual
markets got to choose which, but they could only have one each)
 - These devices inter-operated with each other at the optical layer.

Basic network security was handled by devices from Vendor E
 - These devices collected netflow data and flagged alerts

DNS was handled by software from another vendor on servers from yet another
vendor, etc...

Is that enough detail to be useful?

Re: Benefits (and Detriments) of Standardizing Network Equipment in a Global Organization

[Chris Grundemann]

I apparently wasn't very clear. In the layered approach to multiple
vendors, you would (obviously) choose your layer definitions to avoid such
delicate interdependence.

Regardless of my failure to fully explain, I'm curious as to how mixing
vendors at the same layer is seen to be less problematic than assigning
vendors specific roles?


>My Android sent this<
http://chrisgrundemann.com

On Dec 28, 2016 11:13 PM, "David Barak"  wrote:

On Dec 28, 2016, at 5:34 PM, Randy Bush  wrote:

>> An alternative multi-vendor approach is to use 1 vendor per stack layer,
>> but alternate layer to layer. That is; Vendor A edge router, Vendor B
>> firewall, Vendor A/C switches, Vendor D anti-SPAM software, etc. This
>> doesn't address the bug impact issue as well as it alleviates the vendor
>> "ownership" issue though...
>
> i think this is where i say that i hope my competitors do this.  it
> is a recipe for a complex set of delicate dependencies and great fun
> debugging.
>
One of the more spectacular failures I've seen was a bug in a network core
router that caused bad into to be carried by all of that same vendor's
routers across the core to the edges (made by a different vendor) which
promptly barfed and locked up.

So I'd be cautious about saying "vendor X for one layer, vendor Y for
adjacent layer" as a multi-vendor strategy.

David Barak
Sent from mobile device, please excuse autocorrection artifacts

Re: Benefits (and Detriments) of Standardizing Network Equipment in a Global Organization

[Chris Grundemann]

On Tue, Dec 27, 2016 at 3:10 PM, Leo Bicknell  wrote:

> 2 Vendor
>
> Can be implemented multiple ways, for instance 1 vendor per site
> alternating sites, or gear deployed in pairs with one from each vendor
> up and down the stack.
>

An alternative multi-vendor approach is to use 1 vendor per stack layer,
but alternate layer to layer. That is; Vendor A edge router, Vendor B
firewall, Vendor A/C switches, Vendor D anti-SPAM software, etc. This
doesn't address the bug impact issue as well as it alleviates the vendor
"ownership" issue though...

Benefits (and Detriments) of Standardizing Network Equipment in a Global Organization

[Chris Grundemann]

Hail NANOGers!

A global hospitality organization with 100+ locations recently asked us how
to weigh the importance of standardizing infrastructure across all their
locations versus allowing each international location to select on their
own kit.

My first instinct was to jump on my favorite search engine and look for an
authoritative document covering the topic. To my surprise I have not been
able to find such a thing. So I've begun to write one myself, and as I
start I've realized that:
 a) This is likely to be a document that will be helpful to the wider
community, and
 b) This is likely a topic that many of you have a great deal of knowledge
and personal experience.

If you have pointers to an existing doc, please share.

If you have a case study, lesson learned, data point, or even just a strong
opinion; I'd love to hear it!

My intention is to put this together BCOP style, but with more of a focus
on why rather than how this time around. Feel free to reply on or off list.

Thanks in advance for your input!

Cheers,
~Chris

PS - I won't use any direct quotes without advance permission and I'll
provide attribution to all that contribute meaningfully.

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Dyn DDoS this AM?

[Chris Grundemann]

Does anyone have any additional details? Seems to be over now, but I'm very
curious about the specifics of such a highly impactful attack (and it's
timing following NANOG 68)...

https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Fwd: hotel

[Chris Grundemann]

On Tue, May 3, 2016 at 1:22 AM, Randy Bush  wrote:

> > I tried booking earlier today, had the same issue and called in.  I was
> > told they were now full, and only non-block rooms were available (@ >
> > $500/night).
>
> find a non-exhorbitant fall-back?


 The Sheraton Grand Chicago is close and appears to have not-quite-exorbitant
rates (~$400).

Re: Best practices for sending network maintenance notifications

[Chris Grundemann]

On Wed, Apr 6, 2016 at 3:05 PM, Hal Ponton  wrote:

> I think there was a BCP being worked on. I seem to recall it was being
> discussed as a Facebook group.


True.

https://www.facebook.com/groups/maintnote/

Currently under development, but fairly far along...

Cheers,
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Quick Update on the North American BCOP Efforts

[Chris Grundemann]

On Wed, Sep 30, 2015 at 11:25 PM, Jay Ashworth <j...@baylink.com> wrote:

> - Original Message -
> > From: "Chris Grundemann" <cgrundem...@gmail.com>
>
> > After receiving several off-line inquiries about the status of BCOP in
> > North America I think it's appropriate to send a general announcement
> > here.
> >
> > The biggest news here is that the current NANOG Board of Directors has
> > disbanded the NANOG BCOP Committee. The stated rationale for this
> > decision can be found in the minutes from their 2 February 2015 meeting.
>
> I tried it 5 or 6 years ago:
>
>   http://bestpractices.wikia.com


We've been at this for 7 or 8 years now. Related efforts all around the
world are taking root and growing.

http://www.internetsociety.org/deploy360/projects/bcop/

You are invited to help if you have time or ideas!

>
>
> I didn't get any traction either.
>

The really disappointing part is that we have been gaining traction and now
have to re-group in this region rather than smoothly continue to build.

>
> Guessing no one cares.
>

My experience says that guess is wrong. The problem is twofold. Those that
care the most are the ones who need the information, not those who have it
(for obvious reasons). Those that have the information are mostly busy
engineers, for whom writing documentation is not their favorite thing.

Cheers,
~Chris

Quick Update on the North American BCOP Efforts

[Chris Grundemann]

Hail NANOGers!

After receiving several off-line inquiries about the status of BCOP in
North America I think it's appropriate to send a general announcement here.

The biggest news here is that the current NANOG Board of Directors has
disbanded the NANOG BCOP Committee. The stated rationale for this decision
can be found in the minutes from their 2 February 2015 meeting.

https://www.nanog.org/sites/default/files/sites/default/files/BOD-BCOPMinutes_2.2.2015.pdf

As you might expect, I find this extremely disappointing. Our reaction has
been twofold:

1) We're moving to a new home. You can now find all of the current
documents at http://nabcop.org. Everything is moving forward, despite a bit
of jostling. Please jump in and get involved!

2) I'm so disappointed by this decision, and the future course of NANOG
implied, that I've decided to run for the NANOG Board of Directors. There's
a really great slate of candidates running, so whatever your decision, I
highly encourage you to really consider your selections.

https://www.nanog.org/elections/2015/BoDcandidates

If you have any questions at all, please feel free to email me directly, or
send them to bcop-supp...@nabcop.org.

See you in Montréal!

Cheers,
~Chris

Re: Quick Update on the North American BCOP Efforts

[Chris Grundemann]

Hi Suresh,

I believe all the information you seek is on our wiki: http://nabcop.org.
Be sure to look over the list of topics under the "Jump In" heading.

To your question about reinventing wheels specifically: There's two aspects
to that I believe.

The first is that we have no intention to "make work" by duplicating
efforts. In cases where the BCOP is already clearly defined and well
maintained, we simply want to act as curator - giving network engineers a
single place to find the information they need. In other cases, we act as
creator - bringing together subject matter experts to draft new documents
for community review.

The second aspect is that every BCOP must be rooted in existing knowledge.
BCOPs are defined by being tried and true methods for dealing with some
aspect of modern network operations. These are things that have been
presented on and discussed at NANOG. They are things that are "common
sense" to the initiated. They are also things that are profound when
discovered for the first time.

The idea here is to capture what some of us know, vet it, and make it
easily available to all of us.

Cheers,
~Chris



On Wed, Sep 30, 2015 at 11:25 AM, Suresh Ramasubramanian <
ops.li...@gmail.com> wrote:

> Late to the party but which best current practices were these and - as the
> board asked - how much of it reinvents the several other best practice
> wheels around?
>
> --srs
>
> > On 30-Sep-2015, at 8:47 PM, Mike Hammett <na...@ics-il.net> wrote:
> >
> > If NANOG isn't developing and publishing BCOPs, what's the point of
> NANOG other than a mailing list?
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> > http://www.ics-il.com
> >
> > - Original Message -
> >
> > From: "Chris Grundemann" <cgrundem...@gmail.com>
> > To: nanog@nanog.org
> > Sent: Wednesday, September 30, 2015 9:41:38 AM
> > Subject: Quick Update on the North American BCOP Efforts
> >
> > Hail NANOGers!
> >
> > After receiving several off-line inquiries about the status of BCOP in
> > North America I think it's appropriate to send a general announcement
> here.
> >
> > The biggest news here is that the current NANOG Board of Directors has
> > disbanded the NANOG BCOP Committee. The stated rationale for this
> decision
> > can be found in the minutes from their 2 February 2015 meeting.
> >
> >
> https://www.nanog.org/sites/default/files/sites/default/files/BOD-BCOPMinutes_2.2.2015.pdf
> >
> > As you might expect, I find this extremely disappointing. Our reaction
> has
> > been twofold:
> >
> > 1) We're moving to a new home. You can now find all of the current
> > documents at http://nabcop.org. Everything is moving forward, despite a
> bit
> > of jostling. Please jump in and get involved!
> >
> > 2) I'm so disappointed by this decision, and the future course of NANOG
> > implied, that I've decided to run for the NANOG Board of Directors.
> There's
> > a really great slate of candidates running, so whatever your decision, I
> > highly encourage you to really consider your selections.
> >
> > https://www.nanog.org/elections/2015/BoDcandidates
> >
> > If you have any questions at all, please feel free to email me directly,
> or
> > send them to bcop-supp...@nabcop.org.
> >
> > See you in Montréal!
> >
> > Cheers,
> > ~Chris
> >
>



-- 
@ChrisGrundemann
http://chrisgrundemann.com

Join us for the NANOG 63 BCOP Track!

[Chris Grundemann]

Hello NANOG,

This is a friendly notification of the BCOP Track to be held at NANOG 63 in
San Antonio.

We’d (the BCOP Committee) like to invite you to come participate at our
track. Participation can take (at least) two forms:


1) Come present your idea for a BCOP!

Do you have a question that needs answered about the current operational
practice for some portion of your network? Or maybe you have some insight
to share about how something is best done?

Remember that there are no dumb questions here and no BCOP is too basic or
too simple. The things that you take for granted as common sense are new
information for many other network engineers all around the world. Come
tell us the question you’d love to have answered, or the practice you’d
love to see spread!


2) Come observe, and provide feedback.

There are currently 4 active NANOG-BCOP drafts:
Public Peering Exchange Participant -
http://bcop.nanog.org/index.php/Public_Peering_Exchange_Participant_BCOP_v0
Ethernet OAM -
http://bcop.nanog.org/images/b/b0/BCOP-Ethernet_OAM-1_v_0.1.5.docx
DDoS/DoS Attack -
http://bcop.nanog.org/images/e/e2/BCOP-DoS-attack-appeal.docx
eBGP Configuration -
http://bcop.nanog.org/index.php/EBGP_Configuration_BCOP_v0.1

We will be discussing all of these documents, including considering moving
some of them forward for last call and ultimately, publication as community
vetted BCOPs! So, come vet them. ;-)

We will likely also be discussing the Anti-Spoofing BCOP draft that is set
to come out of security community stealth mode any day now.


I hope to see many of you at the NANOG 63 BCOP Track in just a few short
weeks!

Cheers,
~Chris

PS - to stay up to date on all things NANOG-BCOP, join our mailing list:
http://mailman.nanog.org/mailman/listinfo/bcop

PPS - you can also reach the entire commity for questions at:
bcop-supp...@nanog.org


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Seeking IPv6 Security Resources

[Chris Grundemann]

Hail NANOG!

I am looking for IPv6 security resources to add to:
http://www.internetsociety.org/deploy360/ipv6/security/

These could be best current practice documents, case-studies,
lessons-learned/issues-found, research/evaluations, RFCs, or anything else
focused on IPv6 security really.

I'm not requesting that anyone do any new work, just that you point me to
solid public documents that already exist. Feel free to share on-list or
privately, both documents you may have authored and those you have found
helpful.

Thanks!
~Chris

Note: Not every document shared will get posted to the Deploy360 site.

-- 
@ChrisGrundemann
http://chrisgrundemann.com

New BCOPs in Progress

[Chris Grundemann]

Hail NANOGers!

As most of you hopefully know, NANOG now has a BCOP Ad Hoc Committee
and we are pushing forward with new BCOPs!
http://nanog.org/governance/bcop

We currently have three BCOPs in active development:

eBGP configuration, shepherd Bill Armstrong
Public Peering Exchange update, shepherd Shawn Hsiao
Ethernet OAM, shepherd Mark Calkins

All three of these nascent BCOPs will be presented in the BCOP Track
on Monday: http://nanog.org/meetings/abstract?id=2348

We have also collected a list of Appeals (BCOPs that need to be
written): http://bcop.nanog.org/index.php/Appeals

If you would like to help out with any of these BCOPs (or others yet
to be identified) please join the BCOP mailing list and reach out to
the shepherd (if applicable of course):
http://mailman.nanog.org/mailman/listinfo/bcop

Our committee is brand new and we are still finding and smoothing
wrinkles, etc. We would love your help in any capacity. As a BCOP
shepherd or SME or just to point out potential pit falls or room for
improvement, with the process, the wiki, a BCOP or anything at all
really.

This is a bottom-up, community led effort and it will only succeed
with your help - join us in creating what I believe will be a vital
and long-lasting institution!

Cheers,
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Shared Transition Space VS. BGP Next Hop [was: Re: Best practices IPv4/IPv6 BGP (dual stack)]

[Chris Grundemann]

On Sat, May 3, 2014 at 3:26 AM, Måns Nilsson mansa...@besserwisser.org wrote:
 The fact that you need v4 space to build a MPLS backbone is a very good
 reason to not waste a /10 on CGN crap.

Ah, so you're in the camp that a /10 given to one organization for
their private use would have been better than reserving that /10 for
_everyone_ to use. We'll have to agree to disagree there.

 Ideally, we would have a solution where an entire MPLS infrastructure
 could be built without v4 space, demoting v4 to a legacy application
 inside a VRF, but the MPLS standards wg seems content with status quo.

We can agree on that.

Thanks,
~Chris


 --
 Måns Nilsson primary/secondary/besserwisser/machina
 MN-1334-RIPE +46 705 989668
 I wish I was a sex-starved manicurist found dead in the Bronx!!

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Shared Transition Space VS. BGP Next Hop [was: Re: Best practices IPv4/IPv6 BGP (dual stack)]

[Chris Grundemann]

On Sat, May 3, 2014 at 3:58 AM, Randy Bush ra...@psg.com wrote:
 a good number of us use that kinky /10 behind home nats and encourage
 everyone to do so.  it was a sick deal and should be treated as such,
 just more 1918.

A good number of folks use other folks IP space in all kinds of
strange and kinky ways too - it's ALL just more 1918, right??? Or
maybe standards exist for a reason. Perhaps enhancing coordination,
cooperation, and *interoperability* are good things... I'll let you
decide, Randy; is it sick to solve problems through community
consensus and standardization, or is it sick to be the one
intentionally getting in the way of those real world solutions?

Cheers,
~Chris


 randy

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Shared Transition Space VS. BGP Next Hop [was: Re: Best practices IPv4/IPv6 BGP (dual stack)]

[Chris Grundemann]

Hi Mans,

On Fri, May 2, 2014 at 2:35 PM, Måns Nilsson mansa...@besserwisser.orgwrote:

 This is a field where v4 next-hops are essential to make things
 work. rantIn that context, allocating 100.64.0.0/10 to CGN was
 especially un-clever... /rant


Would you expound a bit on what you mean here? I don't quite follow but I
am very interested to understand the issue.

Thanks!
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: Best practices IPv4/IPv6 BGP (dual stack)

[Chris Grundemann]

On Fri, May 2, 2014 at 1:47 PM, Jared Mauch ja...@puck.nether.net wrote:


 On May 2, 2014, at 3:44 PM, Deepak Jain dee...@ai.net wrote:

 
  Between peering routers on a dual-stacked network, is it considered best 
  practices to have two BGP sessions (one for v4 and one for v6) between 
  them? Or is it better to put v4 in the v6 session or v6 in the v4 session?

 We use v4 transport for v4 routes and v6 transport for v6 routes only.

+1

 This way if one plane is unstable the other is unaffected.

This is the key point I believe: No protocol fate sharing!

From the draft BCOP on this topic[1]:
8
Establish new, IPv6-Only peering sessions parallel to existing IPv4
peering. Individual IPv4 and IPv6 BGP peering sessions should be
established between all BGP neighbors, particularly eBGP peers. While
it is possible to use Multiprotocol BGP (MP-BGP)[2] to carry IPv6
Network Layer Reachability Information (NLRI) over existing (or new)
IPv4 BGP peering sessions, this is not recommended. Both BGP sessions
MAY use the same logical circuit, or, a new port MAY be used for IPv6
(separate physical or logical connections is NOT a requirement).
   [removed image]
This maintains independent IPv6 and IPv4 topologies, rather than tying
the two together unnecessarily. It prevents black holing of IPv6
traffic in the event of a protocol outage because the IPv6 session
goes down when IPv6 reachability is lost. When an IPv4 BGP session
carries IPv6 NLRI, IPv6 routes are only withdrawn if IPv4 connectivity
is lost. Independent BGP sessions also facilitate protocol specific
maintenance because the IPv4 and IPv6 sessions don’t affect each other
(e.g. IPv6 can be “bounced” without effecting IPv4 and vice verse).
Finally, establishing new, IPv6-only peering creates better
operational clarity. It allows IPv4 and IPv6 configuration stanzas to
be independent and easily recognizable.
8

Cheers,
~Chris

[1] - http://bcop.nanog.org/index.php/IPv6_Peering_Transit_BCOP_v0-6
[2] - Bates, T., Chandra, R., Katz, D., and Y. Rekhter, “Multiprotocol
Extensions for BGP-4”, RFC 4760, January 2007



 - Jared


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Call for Presenters: The Future of the Internet 2014: Defining Software Defined Networks

[Chris Grundemann]

Hail NANOG,

The Future of the Internet 2014: Defining Software Defined Networks call
for presenters is now open!

The Future of the Internet 2014 (TFI2014) will be held in Denver, Colorado
on Friday, 22 August, 2014.

At this year's event, the Colorado Chapter of the Internet Society (CO
ISOC) is bringing together experts and professionals from across the globe
to discuss SDN, NfV, open networking, and all things related to *network
programability*; the ability for networked applications to more directly
interact with network elements. Whether you call it *Software Defined
Networking*, Software Driven Networks, Open Source Networking, Cloud
Routing, Network Virtualization, or something else; the exciting part is
extrapolating this SDN trend into the future as we make these programs
and languages more fully featured and more standardized. Come extrapolate
with us!

The format for this event will be a bit different than your typical
networking conference. While we intend to have several standard lecture
spots, and a panel or two as well, the real focus is on conversation and
debate. The idea is to fill the room with a mix of experts and people who
want to learn more and get everyone thinking, and talking, about what this
all means. We're not hosting yet-another-conference, instead we are setting
up a breeding ground for new ideas. Because of that, we are issuing this
call for presenters, rather than papers or presentations. Note we however,
that all materials ultimately presented must be free of product pitches,
marketing jargon, and really anything other than solid technical content.

If you are interested in being a presenter at TFI2014, please send the
following information to ch...@coisoc.org by 30 May 2014:

Full name
Preferred email address
Short (1 page) biography
Links to relevant online profiles or websites
A short (1000 words) response to one (or more) of the following questions:
 - What is SDN?
 - Why are you excited about SDN?
 - How does the network of the future differ from today's?

We expect presenter spots to fill quickly and encourage you to respond as
soon as possible. All materials provided may be made public should you be
selected as a presenter for TFI2014.

Connect with TFI2014 on Facebook:
*https://www.facebook.com/events/175863782622579
https://www.facebook.com/events/175863782622579*
Register for TFI2014 now (early bird pricing ends 1 May):
*http://is.gd/futureinternet2014
http://is.gd/futureinternet2014*

I hope to see you all in Denver this August!

Cheers,
~Chris
Founding Chair, CO ISOC
http://www.coisoc.org

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Deadline Approaching [was: Ad Hoc BCOP Committee - Call for Volunteers]

[Chris Grundemann]

Hello again NANOGers,

FYI - The deadline for BCOP committee nominations is 28 February.

We have received several great candidates already and are hoping to receive
several more!

If you are interested in joining this grassroots effort to make the
Internet a safer, more predictable place (or know someone who should) -
please send an email with a brief bio to be...@nanog.org ASAP. We'll be
kicking off committee calls in early March! =)

Thanks!
~Chris


On Fri, Jan 31, 2014 at 1:56 PM, Chris Grundemann cgrundem...@gmail.comwrote:

 Hail NANOGers!

 Per approval of the NANOG Board in February 2013, a community effort to
 develop a NANOG sponsored regional BCOP effort was engaged. NANOG BCOP
 Tracks and updates were provided at RIPE, ARIN, NANOG 57, 58, and 59.

 In November of 2013, sufficient interest and momentum in the NANOG BCOP
 effort emerged. On November 21, 2013, the NANOG Board approved the
 appointment of an Ad Hoc Committee Chair who would report to the Board and
 direct the efforts of NANOG-BCOP.

 I have agreed to serve as Chair and am now seeking volunteers to continue
 with the important work of the committee. Please consider volunteering your
 time and effort in support of this important NANOG activity!

 To help guide you, please review the following committee expectations:

 Strategies and Goals:
 * Support an open, transparent, and bottom-up/grassroots process for the
 creation of current
 and living practical network operation documentation
 * Facilitate the development of mutually rewarding documents and guides
 * Maintain the sense of community and accessibility in BCOP materials
 * Develop and deploy a portfolio of guides that meet the needs of the
 broad range of NANOG operators

 Deliverables:
 * Responsible for recruiting a minimum of 1 shepard per calendar year.
 * Responsible for recruiting a minimum of 1 author per calendar year.
 * Required to attend at least 75% of all scheduled committee calls.
 * Expected to attend 66% of all NANOG meetings over the course of your
 two-year term.
 * A BCOP Ad Hoc Committee Member is expected to volunteer up to 10 hours
 in the 12 weeks Leading into a NANOG meeting and an additional 15 hours all
 year round

 Also see the website at http://bcop.nanog.org for more information.

 If you are interested in participating, please send your short bio to
 Betty Burke, NANOG Executive Director, be...@nanog.org. Betty can also
 answer any and all questions you may have. Betty or I will be sure to
 follow-up with each volunteer and get our important work underway as soon
 as possible.

 Cheers,
 ~Chris

 --
 @ChrisGrundemann
 http://chrisgrundemann.com




-- 
@ChrisGrundemann
http://chrisgrundemann.com

Operators and the IETF

[Chris Grundemann]

Hey all,

As promised in my lightning talk just now, here is the Operators and the
IETF info:

Details:
http://www.internetsociety.org/deploy360/blog/2014/01/new-project-operators-and-the-ietf/

Survey: https://internetsociety2.wufoo.com/forms/operators-and-the-ietf/

Please consider taking the survey, and sharing it with others.

Thanks!
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.)

[Chris Grundemann]

On Fri, Feb 7, 2014 at 2:07 PM, Dobbins, Roland rdobb...@arbor.net wrote:


 On Feb 8, 2014, at 3:37 AM, John Curran jcur...@arin.net wrote:

  It's also true that if a sizable group of network operators were to
 actually deploy source address validation (thus proving that it really is a
 reasonable approach and doesn't carry too much operational or vendor
 implications), then it would be quite reasonable for those operators to
 bring the results to NANOG and get it recognized as a best current
 operating practice for networks of similar design/purpose.

 Many already do - including operators of very large networks.  There are
 operational, vendor, and topological considerations which mean that it's
 achieved utilizing various mechanisms in different scenarios.


Documenting those various mechanisms which are actually utilized is the key
here. =)

$0.02
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Ad Hoc BCOP Committee - Call for Volunteers

[Chris Grundemann]

Hail NANOGers!

Per approval of the NANOG Board in February 2013, a community effort to
develop a NANOG sponsored regional BCOP effort was engaged. NANOG BCOP
Tracks and updates were provided at RIPE, ARIN, NANOG 57, 58, and 59.

In November of 2013, sufficient interest and momentum in the NANOG BCOP
effort emerged. On November 21, 2013, the NANOG Board approved the
appointment of an Ad Hoc Committee Chair who would report to the Board and
direct the efforts of NANOG-BCOP.

I have agreed to serve as Chair and am now seeking volunteers to continue
with the important work of the committee. Please consider volunteering your
time and effort in support of this important NANOG activity!

To help guide you, please review the following committee expectations:

Strategies and Goals:
* Support an open, transparent, and bottom-up/grassroots process for the
creation of current
and living practical network operation documentation
* Facilitate the development of mutually rewarding documents and guides
* Maintain the sense of community and accessibility in BCOP materials
* Develop and deploy a portfolio of guides that meet the needs of the broad
range of NANOG operators

Deliverables:
* Responsible for recruiting a minimum of 1 shepard per calendar year.
* Responsible for recruiting a minimum of 1 author per calendar year.
* Required to attend at least 75% of all scheduled committee calls.
* Expected to attend 66% of all NANOG meetings over the course of your
two-year term.
* A BCOP Ad Hoc Committee Member is expected to volunteer up to 10 hours in
the 12 weeks Leading into a NANOG meeting and an additional 15 hours all
year round

Also see the website at http://bcop.nanog.org for more information.

If you are interested in participating, please send your short bio to Betty
Burke, NANOG Executive Director, be...@nanog.org. Betty can also answer any
and all questions you may have. Betty or I will be sure to follow-up with
each volunteer and get our important work underway as soon as possible.

Cheers,
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: BCP38.info

[Chris Grundemann]

Perhaps instead of trying to do this as a new independent activity (with
all of the difficulties that entails), the community would be better served
by documenting this information as a BCOP or two or three???

 http://bcop.nanog.org/ 

$0.02
~Chris




On Sun, Jan 26, 2014 at 4:08 AM, Jay Ashworth j...@baylink.com wrote:

 Well, coming up with a Mediawiki registration protocol that's hard to
 spam is apparently more difficult than I'd thought.

 For the moment, anyone who wants to contribute to the wiki, and to the
 expanded deployment of BCP38, is invited to toss a note to moderator [at]
 bcp38.info with a username, and we'll tell it to set you up an account and
 mail you a password manually.

 Sorry for the speedbump.

 I just want to tell you good luck.  We're all counting on you.

 Cheers,
 -- jra

 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think   RFC
 2100
 Ashworth  Associates   http://www.bcp38.info  2000 Land
 Rover DII
 St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647
 1274




-- 
@ChrisGrundemann
http://chrisgrundemann.com

Lavabit / Ladar Levison Info

[Chris Grundemann]

Hail NANOG!

I have received multiple off-line and in person requests for information on
the Lavabit Legal Defense Fund, so I'm going to just take a shotgun
approach here:

The Lavabit website:
http://lavabit.com/

PayPal link to donate to the Fund:
https://www.paypal.com/us/cgi-bin/webscr?cmd=_flowSESSION=nQ99ER2hX3k0ZCBcI6h6Sh-4hL3enESRD5dSCS10pTkprxm8kjh_MkI9RECdispatch=5885d80a13c0db1f8e263663d3faee8d0038486cd0d9a2f3f8e698d26650388a

Also, direct link to the QA with Ladar yesterday:
http://www.youtube.com/watch?v=uo9-0So2A_gfeature=sharelist=PLO8DR5ZGla8j7_jnNYY3d8JB0HfdXe85X

Cheers,
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Looking for clue at Yourwebhoster.eu

[Chris Grundemann]

I could use someone with some clue from Yourwebhoster.eu to contact me off
list please.

Thanks,
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: It's the end of the world as we know it -- REM

[Chris Grundemann]

On Fri, Apr 26, 2013 at 3:12 AM, Geoff Huston g...@apnic.net wrote:

 On 26/04/2013, at 4:27 PM, joel jaeggli joe...@bogus.com wrote:


 I also find it a bit strange that the runout in APNIC and RIPE was very 
 different. APNIC address allocation rate accelerated at the end, whereas 
 RIPE exhaustion date kept creeping forward in time instead of closer in 
 time, giving me the impression that there wasn't any panic there.

 apnic allocation reserved  the final /8 for /22 maximal allocations. Couple 
 that with some qualifying very large assignments towards the end of stage 
 two e.g between feb 1 and april 14 2011 7 provider assignments combined 
 soaked up more than 2 /8s and you get rapid runout towards the endgame.



 APNIC used a 12 month allocation window right up to the point of exhaustion, 
 while RIPE was operating on a 3 month window, as is ARIN. That may be a 
 contributing factor in explaining the differences in behaviour in the final 
 months / weeks.

 But its not just that.

 Other factors include large developing countries with massive DSL deployments 
 underway (China, India) mean that in the APNIC region we were not looking at 
 a wired infrastructure market sector that was already saturated. Quite the 
 opposite. Similarly the wireless market in Asia was / is expanding rapidly 
 for much the same reason (wireless is cheaper to deploy than wired if you 
 have absolutely no pre-installed wireless infrastructure). i.e. the unmet 
 demand overhang as compared to the available address pools was massive in 
 Asia. Now that does not imply that Europe and the Middle East has no demand 
 overhang, but perhaps not on the same scale as was experienced by APNIC in 
 early 2011.

 Also in September last year the European financial situation was still 
 impacting on the problems of the service industry (and still is in many 
 countries). So the underlying capital-driven demand factors were different 
 between Europe and Asia. Perhaps it was more challenging for European 
 entities to demonstrate an expansion of their Internet service infrastructure 
 over rolling 3 months windows due to a slow down in consumer demand in parts 
 of Europe.

 What factors will play out in the North American market? It might be 
 interesting to look at address allocations by country by year. One such table 
 of the top 10 countries in terms of IPv4 allocations since 2007 is at 
 http://www.potaroo.net/ispcol/2013-01/2012.html, table 3.The peak US year was 
 2007 with 48M addresses. in 2011 ARIN introduced the 3 month allocation 
 window, and allocating that year halved from the previous year. Last year 
 they were a little higher at 28M addresses. What drove last year's numbers in 
 ARIN was a total of 16M addresses allocated to Canadian entities. So to what 
 extent is this a saturated market already in terms of the deployment of 
 service infrastructure? To what extent are new devices simply replacing old, 
 and to what extent are the dynamics of the market in that region driven by 
 provider churn as distinct from greenfields expansion? Obviously the answers 
 to such questions have a strong impact on the underlying model of overall 
 demand for more addresses in the region.

One interesting twist in all of this is that several of these new
slow-start players in the ARIN region seem to be servicing customers
outside of the region with equipment and services hosted here inside
the ARIN region (see slide 12 on the ARIN 31 Policy Implementation
and Experience Report
https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf).
This fact may negate the market saturation affect completely.

Cheers,
~Chris

 And of course one of the hardest factors of all: Panic is extremely difficult 
 to model. Most forms of predictive modelling reach back in time and then use 
 that date to push forward. but panic is of course different. It does not 
 drive off past behaviour but feeds off itself. The APNIC runout was 
 exceptionally hard to model at the time because the incidence of large 
 allocations rose very quickly in March. Yes, I'd ascribe that to panic. That 
 reaction was not so evident in RIPE in August / September last year. So it 
 appears that panic, or the level of panic, is not a constant factor. 
 Different regions at different times appear to elicit different responses to 
 impending exhaustion.


 Geoff


--
@ChrisGrundemann
http://chrisgrundemann.com

Re: It's the end of the world as we know it -- REM

[Chris Grundemann]

On Thu, Apr 25, 2013 at 12:11 PM, Mikael Abrahamsson swm...@swm.pp.se wrote:

 There is a lot of speculation what IPv4 addresses are worth, I've been
 hearing everything from a few USD to 20 EUR per address.

There was some good information shared at the recent INET Denver on
value vs. price and how to determine value of an IPv4 address, you can
watch the panel discussion on YouTube: http://youtu.be/v43CGqq70rM.

The panel included John Curran (ARIN), Charles Lee (Addrex), Lee
Howard (TWC), and Louis Sterchi.

~Chris

 --
 Mikael Abrahamssonemail: swm...@swm.pp.se


--
@ChrisGrundemann
http://chrisgrundemann.com

Re: It's the end of the world as we know it -- REM

[Chris Grundemann]

On Wed, Apr 24, 2013 at 6:37 AM, Geoff Huston g...@apnic.net wrote:

 But then again APNIC and RIPE NCC both had last /8 policies in place, which 
 has mitigated some of the impacts of address pool exhaustion. For smaller 
 actors there is still a source of addresses in these regions, albeit a very 
 limited trickle of addresses, but there is still some.  As I understand it, 
 ARIN will continue allocating right to the end of their IPv4 address pool and 
 not hold back any addresses for this last chance trickle feed, or have I 
 missed something crucial in ARIN's policy handbook?


Nope, you are correct Geoff. There is a /10 reserved for transition
technologies (e.g. outside addresses on a CGN) and there is a
critical infrastructure reserve, but no general purpose reserve like
in RIPE and APNIC.

~Chris

 Geoff


--
@ChrisGrundemann
http://chrisgrundemann.com

Re: It's the end of the world as we know it -- REM

[Chris Grundemann]

On Wed, Apr 24, 2013 at 8:07 AM, Tore Anderson t...@fud.no wrote:
 * Chris Grundemann

 Nope, you are correct Geoff. There is a /10 reserved for transition
 technologies (e.g. outside addresses on a CGN) and there is a
 critical infrastructure reserve, but no general purpose reserve like
 in RIPE and APNIC.

 One interesting thing is that this is dedicated specifically for
 transition/deployment of *IPv6*. So the way I understand it, you won't
 get any space from this block to number the outside of a NAT444-style
 CGN, while you would for a NAT64-style CGN.

 https://www.arin.net/policy/nrpm.html#four10

That's a very good clarification, thanks Tore.

 Tore



--
@ChrisGrundemann
http://chrisgrundemann.com

Why use PeeringDB?

[Chris Grundemann]

Peering Experts,

I am currently working on a BCOP for IPv6 Peering and Transit and
would very much appreciate some expert information on why using
PeeringDB is a best practice (or why its not). All opinions are
welcome, but be aware that I plan on using the responses to enhance
the document, which will be made publicly available as one of several
(and hopefully many more) BCOPs published at http://www.ipbcop.org/.

Also, if there are those among you who would like to review the entire
document and perhaps volunteer as a SME to help expand and polish it,
please contact me off-list and I'll get you a current draft.

Thanks in advance.

Cheers,
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: ipv6 book recommendations?

[Chris Grundemann]

I believe that Silvia Hagan's book [1] is still the primary reference
available, but there are others reviewed here:
http://getipv6.info/index.php/Book_Reviews.

Cheers,
~Chris

PS - Shameless plug: If you're running Juniper, I wrote two books for
them that you can get for free [2][3]. And I have an intro to IPv6
done in four parts on my blog as well (read from the bottom up) [4].

[1] - http://shop.oreilly.com/product/9780596100582.do
[2] - http://chrisgrundemann.com/index.php/2010/day-exploring-ipv6/
[3] - http://chrisgrundemann.com/index.php/2011/day-advanced-ipv6-configuration/
[4] - http://chrisgrundemann.com/index.php/category/ipv6/introducing-ipv6/


On Tue, Jun 5, 2012 at 8:33 AM, Dobbins, Roland rdobb...@arbor.net wrote:

 On Jun 5, 2012, at 9:29 PM, David Hubbard wrote:

 security practices

 http://www.ciscopress.com/bookstore/product.asp?isbn=1587055945

 http://www.ciscopress.com/bookstore/product.asp?isbn=1587053365

 ---
 Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com

          Luck is the residue of opportunity and design.

                       -- John Milton





-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: ipv6 book recommendations?

[Chris Grundemann]

 On Jun 5, 2012, at 2:23 PM, William Herrin wrote:

 2. Subnetting in v6 in a nutshell:

FWIW - There is a published BCOP on IPv6 subnetting:
http://www.ipbcop.org/ratified-bcops/bcop-ipv6-subnetting/

Cheers,
~Chris


-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: ipv6 book recommendations?

[Chris Grundemann]

On Tue, Jun 5, 2012 at 4:29 PM, Owen DeLong o...@delong.com wrote:

 On Jun 5, 2012, at 3:15 PM, Chris Grundemann wrote:

 On Jun 5, 2012, at 2:23 PM, William Herrin wrote:

 2. Subnetting in v6 in a nutshell:

 FWIW - There is a published BCOP on IPv6 subnetting:
 http://www.ipbcop.org/ratified-bcops/bcop-ipv6-subnetting/


 Unfortunately, this BCOP recommends /56s for residential which is
 potentially harmful.

While it does use /56 as an example (mainly because most of the
operators I have spoken to say that is as big as they'll go and many
are shooting for less) but it does NOT make that a recommendation,
from the BCOP:

This is an example for demonstrative purposes only. Individual
operators will need to determine their own prefix size preference for
serving customers (internal or external). The SMEs of this BCOP highly
recommend a /48 for any site that requires more than one subnet and
that a site be defined as an individual customer in residential
networks.

 I'm also not a fan of the /126 or /127 on point-to-points, but, the 
 theoretical
 issues of neighbor table exhaustion attacks, etc. certainly should not
 be ignored entirely.

Agreed, they must be considered.

Cheers,
~Chris

 Owen




-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: bgp best practice question

[Chris Grundemann]

Depends on a few things, but the main questions are probably:

Are the data-centers connected on the backside (VPN, etc. - could the
new dc failover through the main dc)?
Yes - /22
Will that /24 ever be used in the main datacenter?
Yes - /22

$0.02
~Chris


On Mon, Jun 4, 2012 at 12:36 PM, jon Heise j...@smugmug.com wrote:
 I need to make one of our data centers internet accessible, i plan to 
 advertise a /24 out of our existing /22 network block at our new site. My 
 question is for our main datacenter, is it a better idea to continue to 
 advertise the full /22 or advertise the remaining /23 and /24 networks ?

 - Jon Heise



-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: AAAA on various websites, but they all forgot to enable them on their nameservers....

[Chris Grundemann]

On Wed, Jun 8, 2011 at 12:15, Schiller, Heather A
heather.schil...@verizonbusiness.com wrote:

 ...yes, there is a serious lack of v6 enabled eyeballs.  But it's also
 not clear to me from Akamai's stats just how many of the sites they host
 are v6 enabled. 2? 12? 500?

I remember it being stated that ~40 of their customers would
participate in Wv6 Day, but I obviously don't speak for Akamai and I
can't find a pointer to that info now...

~Chris


  --heather





-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: IPv6 day non-participants

[Chris Grundemann]

ISOC has a red/green dashboard of individual (non)participants:
http://www.worldipv6day.org/participant-websites/index.html

Cheers,
~Chris

On Wed, Jun 8, 2011 at 09:59, James Harr james.h...@gmail.com wrote:
 I noticed that one of our vendors wasn't actually participating when
 they very publicly put on their home page that they would. So I
 queried the IPv6 day participation list to see who didn't have 's
 for their listed website. It turned out to be around 9.5%

 Before you read the list, here's me shedding responsibility with a
 list of caveats:
 - The crappy perl script I am using might be broken. IE - it doesn't
 think about foo.com vs www.foo.com, HTTP redirection, or any of
 that.
 - The organizations in this list may have withdrawn because they found
 out something was terribly broken.
 - DNS caching may be skewing the results if the TTLs are long.

  SNIP 
 www.xiphiastec.com             Xiphiastec
 www.pir.org                    Public Interest Registry
 www.exactabacus.com            Exact Abacus
 www.comcast.net                Comcast
 www.shazzlemail.com            Shazzle, LLC
 www.bangzoom.com               Bangzoom Software Inc
 www.mihostcgi.com              mihostcgi
 www.unclesamnames.com          American Domain Names
 opendns.com                    OpenDNS
 www.mutali.rw                  Mutali
 townnews.com                   TownNews
 www.infoblox.com               Infoblox
 www.ripplecom.net              Ripple Communications
 www.agame.com                  Spil Games
 www.alexville.com              Alexville Games
 www.hkirc.hk                   Hong Kong Internet Registration Corporation
 www.hkdnr.hk                   Hong Kong Domain Name Registration
 www.buffalo.feb.gov            United States Office of Personnel Management
 www.cyberport.hk               Hong Kong Cyberport Management Ltd
 www.catnix.com                 CATNIX
 sucomo.com                     Sucomo OHG
 www.mybrighthouse.com          BrightHouse Networks
 www.it-in.ru                   it-in
 ivancorp.net                   Ivanhoe-IT
 www.forestdaleinc.org          Forestdale Inc
 www.towerstream.com            Towerstream
 www.intuix.com                 Intuix LLC
 suse.org                       Novell Inc.
 www.IronNails.com              IronNails Consultancy
 www.orbitdiensten.com          Orbit-Diensten
 madonnaradio.com               Voila
 www.gov.bc.ca                  Government of British Columbia
 www.zte.com.cn                 ZTE Corporation
 www.tamagawa.jp                Tamagawa Academy  University


 --
 ^[:wq^M





-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: IPv4 address exchange

[Chris Grundemann]

On Mon, Apr 18, 2011 at 18:59, Owen DeLong o...@delong.com wrote:

 At John Curran's advice, the ARIN Advisory Council abandoned my proposals.  
 Two of them are now in petition for further discussion, including 
 ARIN-prop-134 which outlines how to identify a legitimate address holder 
 and ARIN-prop-136 which allows a Legacy holder to opt-out of ARIN's 
 services.  The idea is to make it possible for legacy holders (who don't 
 have a contract with ARIN) to disarm ARIN's whois weapon.

 I don't agree with this characterization of our actions.

Nor do I.

Those that wish to understand the ARIN Advisory Council's actions in
earnest can find the results of the AC meeting in question here:
[http://lists.arin.net/pipermail/arin-ppml/2011-March/020373.html] and
the minutes from that meeting, here:
[https://www.arin.net/about_us/ac/ac2011_0317.html].

You are also welcome to ping me off-list (or on arin-ppml) if you are
interested in a further explanation of my own reasons for voting to
abandon the proposals in question.

Cheers,
~Chris

 I did not feel that John Curran advised us to act in any particular 
 direction. Yes, he did raise some concerns
 about the outcome of the policy proposals being adopted, but, many of us 
 already had those concerns in
 mind before John said anything.

 I believe that if the AC felt that your proposals were in the best interests 
 of the community and/or had the
 broad support of the community, we would have placed them on the docket with 
 or without the concerns
 expressed by Mr. Curran.

 I am speaking here only of my own personal perspective, but, I can assure you 
 that my vote in favor
 of abandoning your proposals was based entirely on the lack of community 
 support for the proposals
 and the nature of the proposals themselves being contrary to what I believed 
 was the good of the
 community.

 Owen






-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6naysayer...)

[Chris Grundemann]

On Fri, Feb 18, 2011 at 12:07, Scott Helms khe...@ispalliance.net wrote:

 We don't have a situation where the existing infrastructure doesn't work, it 
 does.

It does today. IPv4 addresses are still freely available today though.

As soon as we introduce LSN, the infrastructure starts to stop
working. When that happens, IPv6 will have demand. Hopefully we can
deploy it before then and avoid the brokeness though...

Cheers,
~Chris

 --
 Scott Helms
 Vice President of Technology
 ISP Alliance, Inc. DBA ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 


-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)

[Chris Grundemann]

On Fri, Feb 18, 2011 at 16:48, Benson Schliesser bens...@queuefull.net wrote:

 I agree that it's an imperfect analogy, so I won't bother defending it. :)  
 But my point remains:  NAT444 is a deployment scenario, which includes a CGN 
 element.  Other deployment scenarios that also include a CGN element will 
 have the same issues, and perhaps more.  And, indeed, a number of 
 transition (i.e. exhaustion) scenarios include a CGN.  Thus it is 
 appropriate to focus on the root of the problem (CGN) rather than pointing at 
 just one scenario that leverages it.

That I'll agree with. It seems to me that what's called for is an
expansion of the tests done for the draft in question to include
other, currently in-vogue, CGN/LSN technologies.

 So...  I agree that CGN is painful, relative to native connectivity and even 
 relative to CPE-based NAT44.  But I'd like to understand why NAT444 is better 
 or worse than other CGN-based scenarios, before I agree with that conclusion.

That wasn't the conclusion I drew, can't speak for others of course.
My conclusion is that CGN/LSN is broken, as evidenced by brokenness in
NAT444. I agree that a comparison of all (or some reasonable subset of
all) LSN technologies would be valuable, especially as folks may begin
to be forced to choose one. For now I stick with the ideal: Avoid if
possible. (Dual-stack early, dual-stack often?)

 If we get dual v4+v6 connectivity quickly enough, we do not need LSN
 (including NAT444).

 Amen, brother.  I guess I'm just pessimistic about the definition of 
 quickly versus operationally realistic timeframes.

Fair enough, I still have hope. =)
~Chris

 Cheers,
 -Benson



-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)

[Chris Grundemann]

On Thu, Feb 10, 2011 at 14:17, Benson Schliesser bens...@queuefull.net wrote:

 If you have more experience (not including rumors) that suggests otherwise, 
 I'd very much like to hear about it.  I'm open to the possibility that NAT444 
 breaks stuff - that feels right in my gut - but I haven't found any valid 
 evidence of this.

In case you have not already found this:
http://tools.ietf.org/html/draft-donley-nat444-impacts-01

Cheers,
~Chris


 Regardless, I think we can agree that IPv6 is the way to avoid NAT-related 
 growing pains.  We've known this for a long time.

 Cheers,
 -Benson

 ___
 PPML
 You are receiving this message because you are subscribed to
 the ARIN Public Policy Mailing List (arin-p...@arin.net).
 Unsubscribe or manage your mailing list subscription at:
 http://lists.arin.net/mailman/listinfo/arin-ppml
 Please contact i...@arin.net if you experience any issues.







-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: Comcast IPv6 Native Dual Stack Trials

[Chris Grundemann]

Well done John! Here's to a rapid expansion of the native footprint!
~Chris

On Mon, Jan 31, 2011 at 08:26, Brzozowski, John
john_brzozow...@cable.comcast.com wrote:
 Comcast Activates First Users With IPv6 Native Dual Stack Over DOCSIS

 http://blog.comcast.com/2011/01/comcast-activates-first-users-with-ipv6-nat
 ive-dual-stack-over-docsis.html

 John
 =
 John Jason Brzozowski
 Comcast Cable
 e) mailto:john_brzozow...@cable.comcast.com
 o) 609-377-6594
 m) 484-962-0060
 w) http://www.comcast6.net
 =


-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.theIPv6experts.net
www.coisoc.org

Re: Tools for teaching users online safety

[Chris Grundemann]

On Mon, Oct 25, 2010 at 19:13, Alex Thurlow a...@blastro.com wrote:
 I'm trying to find out if there are currently any resources available for
 teaching people how to be safe online.  As in, how to not get a virus, how
 to pick out phishing emails, how to recognize scams.  I'm sure everyone on
 this list knows these things, but a lot of end users don't.  I'm trying to
 find a way to teach these things to people who aren't too technically savvy.

 It seems to me that the fewer end users that have issues, the easier our
 lives will be.

 So what I'm trying to figure out is, is there a good site or set of sites
 for this stuff, or is there anyone out there interested in helping to build
 a unified list of instructions, videos, etc. for all this?

The Colorado Chapter of the Internet Society (CO ISOC) is in the
process of launching a project to do just that. We are calling it
(fairly obviously) the Internet User Best Common Practices.

As stated on the project's wiki landing page
(http://wiki.coisoc.org/index.php/UserBCP):

The idea is to start here on the wiki by gathering and creating a
repository of information on how to be a good Netizen. That is, how to
be a safe and responsible Internet user. We want to use this
information, once gathered and verified, to create simple and
accessible resources for the general population.

I invite you and everyone who reads this to participate, all input is welcome!

Thanks,
~Chris
(founding chair, CO ISOC)

 --
 Alex Thurlow
 Blastro Networks

 http://www.blastro.com
 http://www.roxwel.com
 http://www.yallwire.com


-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Recommendations for Metro-Ethernet Equipment

[Chris Grundemann]

On Wed, Oct 20, 2010 at 09:29, Curtis Maurand cmaur...@xyonet.com wrote:
  I'd add Alcatel to that list.

yep, and also (depending on specific needs/topologies):

Ciena
Cyan
Fujitsu
Corrigent
Adva
Rad Data
Juniper

(in no particular order)

Good luck,
~Chris


 On 10/20/2010 11:24 AM, Eric Merkel wrote:

 I've been tasked with making a recommendation for the core and access
 equipment for a small metro-ethernet network. We're probably talking at
 max
 200-300 subs split between two termination points. Most customers will
 probably be at speeds of 100M or less. We'd like the backbone to be 10G
 and
 be MPLS capable. That being said some of the companies we've been looking
 at
 are



 Cisco

 Extreme

 Brocade

 Adtran

 Occam

 Zhone



 We're looking to build the network in a cost effective manner so we're not
 opposed to doing using aftermarket or refurbished equipment but we don't
 want to start off with equipment that has no future of expanding.



 Any suggestions, success or horror stories are appreciated. ;)



 Eric



 =

 Eric Merkel

 MetaLINK Technologies, Inc.

 Email: merkel at metalink.net




-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Lightly used IP addresses

[Chris Grundemann]

On Sat, Aug 14, 2010 at 22:24,  valdis.kletni...@vt.edu wrote:
 Psst.. Hey.. buddy. Over here... wanna score some gen-yoo-ine Rolex integers, 
 cheap?

Right, because there is no reason to care about the uniqueness of
integers used on the Internet... :/

~Chris

Re: Lightly used IP addresses

[Chris Grundemann]

On Fri, Aug 13, 2010 at 15:25, Ken Chase k...@sizone.org wrote:
 On Fri, Aug 13, 2010 at 05:00:04PM -0400, Jared Mauch said:
  I know of several large providers that would stop routing such rogue 
 space.

 Really? They'd take a seriously delinquent (and we're only talking about non
 payment after several months to Arin, not spammers or other 'criminal'
 elements) that's still paying for their transit and cut off their prefix
 announcements? I dont know that that's true for most outfits in these tough
 times. Nixing a $5000 or $1+ MRC revenue stream probably requires some
 hard thought at high levels in most outfits.

First, in this thread we are not talking about folks who have not paid
ARIN their dues, we are talking about folks who sell addresses
despite not being authorized to do so by ARIN - aka abuse/fraud.

Either way, if ARIN finds strong enough reason to revoke numbers from
Org A who is ISP X' customer, ARIN will eventually reassign those
numbers. When ISP Y calls ISP X and says hey, your customer Org A is
advertising my customer Org B's address space. ISP X will check
WHOIS, see that they are telling the truth and filter that block from
Org A. If ISP X does not, they will likely see peering and transit
options shrink rapidly.

So in short - yes, really.
~Chris


 /kc
 --
 Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA
 Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 
 Front St. W.


-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Lightly used IP addresses

[Chris Grundemann]

On Fri, Aug 13, 2010 at 21:32, Randy Bush ra...@psg.com wrote:
 when the 'community' is defined as those policy wannabes who do the
 flying, take the cruise junkets, ... this is a self-perpetuating
 steaming load that is not gonna change.

Yes, those definitions create a steaming load.

But why is it that the folks actually participating in making policy
are wannabes in your definition?

I suggest the true definition of community includes at least *all*
of the non-AC-member participants in the ARIN policy process; the
folks who subscribe to the PPML and show up at meetings (or
participate remotely at a greatly reduced cost but nearly equal
voice). There are 15 AC members and around 150 participants at each
meeting... That means that _most_ are *not* being funded by ARIN.

For those who claim the system to not be open, I humbly provide myself
as a test case. I am not one of the good old boys of ARIN (if there
is such a thing) and I have never had ARIN pay my way to a meeting (or
for a cruise junket). In fact I am far too young and inexperienced to
possibly qualify as any kind of ruling elite who is handing down
decrees from above. I have however contributed to the formation of
several policies in the ARIN region and to the crafting of several
others currently under discussion, one on a global level amongst all 5
RIRs. I attended a meeting, joined the mailing list and spoke up.
Simple as that. I highly encourage everyone who has an opinion on
Internet numbering policy to do the same.

Cheers,
~Chris


 one start would be for arin to have the guts not to pay travel expenses
 of non-employees/contractors.

 randy



-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: any bring your own bandwidth IPv4 over IPv4 tunnel merchants?

[Chris Grundemann]

On Mon, May 3, 2010 at 12:12, Bill Bogstad bogs...@pobox.com wrote:
 Like many people, I can't justify the expense of commercial IP
 connectivity for my residence.  As a result, I deal with dynamic IP
 addresses; dns issues; and limitations on the services that I can host
 at my residence.
snip

Not sure where you live / what service is available to you but many
business DSL, cable and fixed-wireless offerings are quite
reasonably priced these days.  I pay about $100/mo for 16m x 2m and a
/28 from my local cable operator - which is likely less than
residential service plus a vpn/tunnel service. It sure isn't a fiber
metro-E connection but it does let me run my various servers out of
the house. Perhaps something to look into.

$0.02
~Chris


 Thanks,
 Bill Bogstad




-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Running out of IPv6 (Re: ARIN IP6 policy for those with legacy IP4 Space)

[Chris Grundemann]

On Thu, Apr 8, 2010 at 12:47, Jeroen Massar jer...@unfix.org wrote:
 [changing topics, so that it actually reflects the content]

 On 2010-04-08 20:33, William Herrin wrote:
 Yes, with suitably questionable delegations, it is possible to run out
 of IPv6 quickly.

The bottom line (IMHO) is that IPv6 is NOT infinite and propagating
that myth will lead to waste. That being said, the IPv6 space is MUCH
larger than IPv4. Somewhere between 16 million and 17 billion times
larger based on current standards by my math[1].

 Ever noticed that fat /13 for a certain military network in the ARIN
 region!?

 At least those /19 are justifyiable under the HD rules (XX million
 customers times a /48 and voila). A /13 though, very hard to justify...

Not every customer needs a /48. In fact most probably don't.

 Also, please note that the current policies and waste (ahem) is only
 for 2000::/3, if that runs out we can take another 7 looks at how we
 should distribute address space without waste.
 Indeed the folks now getting IPv6 will have an IPv4 A-class advantage,
 but heck, if 2000::/3 is full, we finally can say we properly deployed
 IPv6 straight all around to the rest of the universe...

Very good point and likely our saving grace in v6. The space is big
enough that we will get a sanity check after (possibly) burning
through the first /3 much faster than expected.

~Chris

[1] - How much IPv6 is there?
http://weblog.chrisgrundemann.com/index.php/2009/how-much-ipv6-is-there/


 Greets,
  Jeroen


-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: FCC dealt major blow in net neutrality ruling favoring Comcast

[Chris Grundemann]

On Wed, Apr 7, 2010 at 08:21, Mark Smith
na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org wrote:
snip
 So, there's the problem. According to the above, I'm both for, and
 against, Network Neutrality.

 One thing which would significantly help this argument for or against
 Network Neutrality is defining exactly what it is.

ISOC has gone a step further and stopped using the term network
neutrality in general. This is due in large part to the problem you
described quite well here - the term is loaded with emotion and
largely undefined. They are now using the phrase Open
Internetworking to describe their stance on the issue.

For what it's worth, here is a good document recently published which
defines that stance:
http://www.isoc.org/pubpolpillar/usercentricity/20100222-Inter-Networking.pdf

~Chris

disclaimerI am the founding chair of the Colorado Chapter of the
Internet Society - CO ISOC/disclaimer

 Regards,
 Mark.



-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: legacy /8

[Chris Grundemann]

On Fri, Apr 2, 2010 at 15:01, Jeroen van Aart jer...@mompl.net wrote:
 I am curious. Once we're nearing exhausting all IPv4 space will there ever
 come a time to ask/demand/force returning all these legacy /8 allocations?
snip

Legacy vs RIR allocated/assigned space is not a proper distinction,
in-use vs not-in-use is a much better defining line for this debate.

Folks have been asked to return unused space for quite some time now,
see https://tools.ietf.org/html/rfc1917.

Unless/until governments get involved, there is no one to demand or
force the return of any space. If that happens, we likely all lose.

 Greetings,
 Jeroen

-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: IPv6 enabled carriers?

[Chris Grundemann]

SixXS maintains a list here:
http://www.sixxs.net/faq/connectivity/?faq=ipv6transit.
The IPv6 BGP weather map is a good resource:
http://bgpmon.net/weathermap.php?inet=6
You can also use Geoff Huston's IPv6 CIDR report:
http://www.cidr-report.org/v6/as2.0/

plugI should also note that my employer, tw telecom, offers IPv6
everywhere on 4323 - you have to ask for it, but it is available./plug

~Chris


On Wed, Mar 10, 2010 at 12:00, Charles Mills w3y...@gmail.com wrote:

 Does anyone have a list of carriers who are IPv6 capable today?

 I would assume this would be rolled out in larger cities first but
 anything outside of testbed environments and trials as in
 Comcast's recent announcement seems to be all that is available.

 I'm being tasked with coming up with an IPv6 migration plan for a data
 center.

 Mostly interested in if ATT, Level3, GLBX, Saavis, Verizon Business
 and Qwest are capable as those are the typical ones I deal with.


 Thanks...Chuck




-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Juniper M120 Alternatives

[Chris Grundemann]

On Mon, Nov 16, 2009 at 09:04, Dale W. Carder dwcar...@wisc.edu wrote:

 On Nov 16, 2009, at 9:54 AM, Gary Mackenzie wrote:

 Having slightly lost track of what everybody is using for peering routers
 these days, what is the consensus about the best alternative to Juniper M
 series routers?

 have you looked at the MX series?

+1
~Chris


 Dale



-- 
@ChrisGrundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Ready to get your federal computer license?

[Chris Grundemann]

On Sun, Aug 30, 2009 at 20:28, Steven M. Bellovins...@cs.columbia.edu wrote:
 On Sun, 30 Aug 2009 22:20:55 -0400
 Eric Brunner-Williams brun...@nic-naa.net wrote:

 randy,

 moveon is a maine-based org. it is an effective, fund raising,
 partisan organization. it is much more than a click-and-opine
 vehicle, it puts hundreds of thousands of dollars into competitive
 races, and has a competent political director.

 to create a NagOn we would have to hire or appoint a political
 director, and a financial director, and charge each with framing the
 issue, and executing a seven figure plan, and a communications
 director, to put the message with the money in targeted media
 markets, and finally, to show teeth, drop the margin of error, or on
 the order of high five, low six figures, in targeted congressional
 races, for challengers and incumbants.

 in about a year after starting down this path, the Congressman, its
 NagOn on line one conversation would be slightly different from
 today, and in several years time, more so.

 A journey of a thousand miles begins with a single step.

 I don't know that a NagOn is the best way or the only way to make
 progress.  I do know that the most likely source of that kind of
 funding is (many of) our employers, who may not have technical
 excellence on the top of their lists.  But I'm even more certain that
 if technical people never speak up, their message will never be heard,
 except perhaps by accident.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb



I believe that this is exactly the kind of thing that the US ISOC
Chapters should be (and are to varying degrees) involved in --
providing legitimate technical information and expert analysis of
local, state and federal policies which impact the Internet, to those
making the policies.  The global ISOC already does this for ICANN and
other international organizations, it seems fitting that the chapters
do more of this here inside the USA.

I encourage everyone with even a fleeting interest in tech-policy to
seek out their local ISOC chapter
(http://www.isoc.org/isoc/chapters/list.php?region=worldwidestatus=A)
and let them know that you care.  I can tell you as the founding chair
of the Colorado chapter that my largest hurdle today is getting active
members to participate - I have funding, etc, just no help...  (I
invite everyone to contact me directly with suggestions and ideas in
this vein - I have some vehicles in place to start making this happen
quickly with a bit of help)

/soapbox
~Chris

-- 
Chris Grundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: Ready to get your federal computer license?

[Chris Grundemann]

On Sat, Aug 29, 2009 at 06:57, Scott Morriss...@emanon.com wrote:
 I must have missed the phrasing that says nobody else can make an
 independent decision regarding any security measure above and beyond the
 minimum standards...

 I'll go back and look for that.



 Scott


 Florian Weimer wrote:
 * Scott Morris:


 I'm trying really hard to find my paranoia hat, and just to relieve
 some boredom I read the entire bill to try to figure out where this was
 all coming from

 (2) may declare a cybersecurity emergency and order the limitation or
 shutdown of Internet traffic to and from any compromised Federal
 Government or United States critical infrastructure information system
 or network;


 Wouldn't this mean you're allowed to set emergency ACLs only if a
 cybersecurity emergency has been declared by the President?





The EFF summed up the problems with the bill's current text quite well
I believe (without any tin-foil hats required): The Cybersecurity Act
is an example of the kind of dramatic proposal that doesn't address
the real problems of security, and can actually make matters worse by
weakening existing privacy safeguards – as opposed to simpler,
practical measures that create real security by encouraging better
computer hygiene. -
http://www.eff.org/deeplinks/2009/04/cybersecurity-act

$0.02
~Chris


-- 
Chris Grundemann
weblog.chrisgrundemann.com
www.burningwiththebush.com
www.coisoc.org

Re: ICSI Netalyzr launch

[Chris Grundemann]

On Fri, Jun 12, 2009 at 09:43, Randy Bushra...@psg.com wrote:
 sure, we need a privacy policy that can be arbitrarily changed with no
 ... previous ...
 notice just as we have for ...
 ... everything !!!

 exactly.  so was the question a troll, a red herring, or just a rant?

 randy



I guess it was just a rant, I like to know more specifically how folks
intend to use data before I hand it over - and I like that promise to
be at least theoretically enforceable.  I am far from a lawyer but it
is my understanding that an official pp is much more substantive and
binding than a single FAQ answer -- especially in the eyes of the FTC.
 Yes policies can be changed but I can follow those changes and stop
using the service/tool/etc if I don't like the changes.

If you are saying that the policy can be changed after the fact to
allow uses of the data for purposes or in manners other than those
originally stated, I think you are wrong, see the 2004 case between
the FTC and Gateway Learning as one example I know of off hand:

Howard Beales, Director of the FTC’s Bureau of Consumer Protection.
“You can change the rules but not after the game has been played.”
(http://www.ftc.gov/opa/2004/07/gateway.shtm)

I will grant you that in this case the data being collected is
probably not that sensitive, but the access to my computer is - to me
at least.  I for one would have used the tool immediately had there
been an acceptable PP or other TOS in place but without it I
hesitate...  So I figured I would bring it up.

~Chris

PS - if you are interested in TOS related stuff, might be worthwhile
to check out http://www.tosback.org/timeline.php a new project
launched by the EFF (no affiliation, just fyi)

Re: ICSI Netalyzr launch

[Chris Grundemann]

On Fri, Jun 12, 2009 at 11:03, Randy Bushra...@psg.com wrote:
 sure, we need a privacy policy that can be arbitrarily changed with no
 ... previous ...
 notice just as we have for ...
 ... everything !!!
 exactly.  so was the question a troll, a red herring, or just a rant?
 If you are saying that the policy can be changed

 i am saying all this is specious.

 if you don't like it, don't use it.  i have been using vern's stuff for
 15 years or so, and trust him vastly more than i trust 94.3% of all the
 other services you trust.

 randy


Probably so and it was not my intention to attack Vern, Berkley, ICIR
nor infer that they were not trustworthy.  Just pointing out a
possible place for improvement from my view.

~Chris

Re: ICSI Netalyzr launch

[Chris Grundemann]

On Tue, Jun 9, 2009 at 16:51, v...@ee.lbl.gov wrote:
 Folks, you might be interested in checking out a network monitoring
 tool we launched today, Netalyzr.  It's a Java applet you can run by
 surfing to netalyzr.com.  It aims to measure a bunch of the properties of
 and end user's network access, particularly looking for transparent
 modifications (e.g., hidden proxies), connectivity restrictions, and some
 security issues (e.g., whether the DNS resolver is vulnerable to the
 Kaminsky attack).

 We've had several thousand users run it today so far, so you may be hearing
 about reports your customers have gotten from it.  You can see a sample
 report at:

        http://netalyzr.icsi.berkeley.edu/restore/id=example-session

 - Vern




Why no privacy policy?  Or am I just partially blind?  Is an answer in
a FAQ legally binding?
~Chris


-- 
Chris Grundemann
weblog.chrisgrundemann.com
www.twitter.com/chrisgrundemann
www.coisoc.org

Re: ground control to TWTelecom

[Chris Grundemann]

On Mon, May 4, 2009 at 11:57, Jon Lewis jle...@lewis.org wrote:
 Seems like we were just here, but yet again, I'm having trouble verifying
 you're accepting a customer route (a different one than last week), and
 since sending me a copy of our prefix filter was apparently too much to ask,
 and you make it so easy to talk on the phone with anyone who knows what BGP
 is, here we are.  Perhaps I'll track down our sales person and chew their
 ear.

 --
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
 _ http://www.lewis.org/~jlewis/pgp for PGP public key_




I assume you checked route-server.twtelecom.net for the route?



-- 
Chris Grundemann
weblog.chrisgrundemann.com

Re: Important New Requirement for IPv4 Requests [re impacting revenue]

[Chris Grundemann]

Apologies for a somewhat latent response - I was attending an IPv6
Seminar (of which ARIN was a sponsor) the last two days and am just
getting to nanog mail today.

On Tue, Apr 21, 2009 at 15:42, Shane Ronan sro...@fattoc.com wrote:
 I'm not sure if anyone agrees with me, but these responses seem like a big
 cop out to me.

 A) If ARIN is so concerned about the potential depletion of v4 resources,
 they should be taking a more proactive roll in proposing potential solutions
 and start conversation rather then saying that the users should come up with
 a proposal which they then get a big vote one.

They is YOU.  ARIN policy is created by the community - Your voice,
your community.  The statement should read: If [you] are so concerned
about the potential depletion of v4 resources, [you] should be taking
a more proactive [role] in proposing potential solutions and
start[ing] conversation.

If you participated in the ARIN PDP (1), even by just lurking on the
ppml (2), you would already be aware that many folks have proposed
many potential solutions (some of which have already been adopted) and
that there _is_ an ongoing conversation that I strongly encourage you
to join.

 B) Again, while it might be the IETF's job, shouldn't the group trusted
 with the management of the IP space at least have a public opinion about
 these solutions are designed. Ensuring that they are designed is such a way
 to guarantee maximum adoption of v6 and thus reducing the potential for
 depletion of v4 space.

I think that developing resource management policy to meet those goals
is much more in line with ARINs mandate.  As I mentioned above, this
is happening.

 C) Are ARIN's books open for public inspection? If so, it might be
 interesting for the group to see where all our money is going, since it's
 obviously not going to outreach and solution planning. Perhaps it is being
 spent in a reasonable manner, and the fees are where they need to be to
 sustain the organizations reasonable operations, but perhaps not.

Links to annual statements etc. have already been provided.  I am sure
an email to ARIN (3) would help you answer your question further.

 Mr Curran, given the response you've seen from the group, and in particular
 the argument that most CEO's or Officers of firms will simply sign off on
 what they IT staff tells them (as they have little to no understanding of
 the situation), can you explain what exactly you are hoping to achieve by
 heaping on yet an additional requirement to the already over burdensome
 process of receiving an IPv4 allocation?

I obviously can not speak for Mr. Curran, but I do applaud this
effort.  I believe that adding this requirement will lower
exaggeration and fraud as well as raise awareness.  These are both
noble goals and well worth the marginal effort required.  The argument
that most officers will sign anything put in front of them is not very
convincing to me.  I have a hard time accepting incompetence or
laziness as a valid rational for any argument at all really.

~Chris (speaking for myself)

(1) - https://www.arin.net/knowledge/pdp/
(2) - https://www.arin.net/participate/mailing_lists/index.html
(3) - mailto:i...@arin.net



 Shane Ronan

 --Opinions contained herein are strictly my own--



 On Apr 21, 2009, at 9:01 AM, John Curran wrote:

 Roger -

   A few nits:

   A) ARIN's not ignoring unneeded legacy allocations, but can't take
      action without the Internet community first making some policy
      on what action should be taken...  Please get together with folks
      of similar mind either via PPML or via Public Policy meeting at
      the the Open Policy Bof, and then propose a policy accordingly.

   B) Technical standards for NAT  NAPT are the IETF's job, not ARIN's.

   C) We've routinely lowered fees since inception, not raised them.

 Thanks,
 /John

 John Curran
 Acting CEO
 ARIN






-- 
Chris Grundemann
weblog.chrisgrundemann.com

Re: google logo

[Chris Grundemann]

On Wed, Jan 28, 2009 at 09:45, Antonio Querubin t...@lava.net wrote:
 Anyone else noticing Google's logo has been scrambled?

If you click on it you will see that it is a Jackson Pollack inspired
image, most likely a tribute to his birthday today.
~Chris


 Antonio Querubin
 whois:  AQ7-ARIN





-- 
Chris Grundemann
www.chrisgrundemann.com

Re: Level 3 / Time Warner problem in Ohio

[Chris Grundemann]

My sources report that both OC-192 circuits in Time Warner's backbone
have recovered.  I see no packet loss or latency across their network
now.
~Chris


On Thu, Jun 19, 2008 at 10:18 AM, Tim Sanderson [EMAIL PROTECTED] wrote:
 Same. Also shut down peering with TWC.

 We have confirmation from some local technicians that an OC-192 is down 
 between Columbus, OH and Ashburton, VA... and an OC-192 down between 
 Indianapolis and Chicago.   Another tech that I spoke to said it was a 
 problem between Ohio and NYC.   That is causing major problems all over Ohio.

 www.donet.com (Dayton Ohio ISP)

 --
 Tim Sanderson, network administrator
 [EMAIL PROTECTED]


 -Original Message-
 From: Steve Searles [mailto:[EMAIL PROTECTED]
 Sent: Thursday, June 19, 2008 12:15 PM
 To: 'Mike Walter'; Peter Pauly; Nanog Mailing list
 Subject: RE: Level 3 / Time Warner problem in Columbus OH?

 Same here, we have also shut down our TWT peer.


 Steve Searles
 Sr. Network Engineer
 Zimmerman Communications Inc.
 http://www.zimcom.net
 Phone. 513-624-3900
 Fax. 513-624-3909
 Toll Free. 888-624-3910

 -Original Message-
 From: Mike Walter [mailto:[EMAIL PROTECTED]
 Sent: Thursday, June 19, 2008 11:48 AM
 To: Peter Pauly; Nanog Mailing list
 Subject: RE: Level 3 / Time Warner problem in Columbus OH?

 Just spoke with TW Telecom on my ticket.  They have (2) OC-192s down in
 the Ohio area.  They have open troubles with their vendor.  Seems odd
 that both are down according to the rep I spoke with.  We have shut down
 our TW Telecom BGP session until resolved due to high latency.

 Mike Walter, MCP
 Systems Administrator
 3z.net


 -Original Message-
 From: Peter Pauly [mailto:[EMAIL PROTECTED]
 Sent: Thursday, June 19, 2008 11:43 AM
 To: Nanog Mailing list
 Subject: Level 3 / Time Warner problem in Columbus OH?

 Time Warner is reporting to me that their provider, Level 3 is having
 problems in Columbus OH that is affecting several large midwest
 cities. Anyone have more details?








-- 
Chris Grundemann

Re: IOS Rookit: the sky isn't falling (yet)

[Chris Grundemann]

On Tue, May 27, 2008 at 11:13 AM, Adrian Chadd [EMAIL PROTECTED] wrote:

 Bloody network people, always assuming their network security stops at
 their router.

 So nowthat someone's done the hard lifting to backdoor an IOS binary,
 and I'm assuming you all either upgrade by downloading from the cisco.com
 website or maintain a set of your own images somewhere, all one needs
 to do is insert themselves into -that- path and you're screwed.

 Hijacking prefixes isn't hard. That was presented at the same security
 conference.

 Cracking a UNIX/Windows management/FTP/TFTP host isn't impossible - how
 many large networks have their server infrastructure run by different
 people to their network infrastructure? Lots and lots? :)

 Sure, its not all fire and brimstone, but the bar -was- dropped a little,
 and somehow you need to make sure that the IOS thats sitting on your
 network management site is indeed the IOS that you put there in the
 first place..

Like MD5 File Validation? - MD5 values are now made available on
Cisco.com for all Cisco IOS software images for comparison against
local system image values.

~Chris




 Adrian






--
Chris Grundemann
www.linkedin.com/in/cgrundemann

Re: [NANOG] OSPF minutia, and, technote publication venues

[Chris Grundemann]

On Mon, May 5, 2008 at 10:07 AM, Paul Vixie [EMAIL PROTECTED] wrote:
 [EMAIL PROTECTED] (Steve Gibbard) writes:

... if each anycast cluster is really several servers, each using OSPF
ECMP, then you can lose a server and still have that cluster advertising
the route upstream, and only when you lose all servers in a cluster will
that route be withdrawn.
  
   This is getting into minutia, but using multipath BGP will also accomplish
   this without having to get the route from OSPF to BGP.  This simplifies
   things a bit, and makes it safer to have the servers and routers under
   independent control.

  i think the minutia is good, especially after a long weekend of layer 9
  threads.  my limited understanding of multipath bgp is that it's a global
  config knob for routers, not a per peer knob, and that it has disasterous
  consequences if the router is also carrying a full table and has many peers.

I am not sure what routers specifically are being discussed here, but
in JunOS you can enable multipath on a global, group or single
neighbor level, possibly eliminating your concern...

  also, in OSPF, ECMP is not optional, even though most BSD-based software
  routers don't implement it yet (since multipath routing is very new.)  so,
  we have been using OSPF for this, it just works out better.  i dearly do
  wish that something like a service advertisement protocol existed, that
  did what OSPF ECMP did, without a router operator effectively giving every
  customer the ability to inject other customer routes, or default routes.
  in that sense, i agree with your safer... independent control assertion.

   But yes, Joe's ISC TechNote is an excellent document, and was a big help
   in figuring out how to set this up a few years ago.

  and now for something completely different -- where in the interpipes could
  a document like that have been published, vs. ISC's web site?  the amount
  of red tape and delay involved in Usenix or IETF or IEEE or ACM are vastly
  more than most smart ops people are willing to put in.  where is the light /
  middle weight class, or is every organization or person who wants to publish
  this kind of thing going to continue to have the exclusive and bad choice of
  blog it, or write an article for ;login:/ACM-Queue/Circle-ID, or write an
  academic paper and wait ten months?  isn't this a job for... NANOG?
  --
  Paul Vixie

  ___
  NANOG mailing list
  NANOG@nanog.org
  http://mailman.nanog.org/mailman/listinfo/nanog




-- 
Chris Grundemann
www.linkedin.com/in/cgrundemann

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

Re: 10GE router resource

[Chris Grundemann]

Greg has laid out a great bit of information and I would like to add just
one possibility to the list of budget 10GE routers: Vyatta.  According to a
recent press release from that company (
http://www.vyatta.com/about/pressreleases.php?id=51) they offer a product
that is 2 to 3X higher performance at a cost savings of more than 75
percent when compared to Cisco's 7200.  Unfortunately I have not had the
opportunity to test or use the Vyatta routers yet; I have however
successfully used other open-source Linux based routers in the past with
great success.  If  you are looking for a truly budget 10GE router, they may
be worth adding to the list and looking into.

On Tue, Mar 25, 2008 at 10:36 AM, Greg VILLAIN [EMAIL PROTECTED] wrote:



 On Mar 24, 2008, at 10:23 AM, user user wrote:
 
  Hi everybody!
 
  I find myself in the market for some 10GE routers. As
  I don't buy these everyday, I was wondering if any of
  you guys had any good resources for evaluating
  different vendors and models. I'm mainly thinking
  about non-vendor resources as the vendorspeak sites
  are not that hard to find.
 
  Also I'd love to hear recommendatios for budget 10GE
  routers. The budget router would be used to hook up
  client networks through one 10GE interface and connect
  to different transit providers through two 10GE
  interfaces.
 
  - Zed

 Hiya,

 When it comes to budget, force10 are good. I wouldn't be able to
 confirm if they're worth performance-wise.
 I'd strongly suggest Foundry, I'm a big fan of their kits, price-wise
 and performance-wise, provided you do not need rocket-science features.
 MLX/XMR models will surely do the trick perfectly.

 When it comes to router purchasing habits, we all tend to get
 religious...
 Bottom line is that most of the 'regular' vendors (namely Cisco,
 Juniper, Foundry, Force10, Extreme, Riverstone) implement pretty much
 the same set of features, which are all IETF/IEEE normalized, meaning
 if you don't need proprietary features (and you'll wish you don't),
 any router will be fine, the only difference will come from:
 - the chassis being non-blocking or not (i.e. backplane design)
 - the price per port
 - the operating OS
 - the feeling you'll get with the salesperson, and the reputation of
 their Support Teams.
 - vendor specific features such as Flow Sampling
 To make it simple, most vendors have an IOS like OS, except Juniper
 which has a really clever and elegant OS, but are very pricey.
 Foundry and Force10 have the cheapest price per port
 Cisco does only Netflow, Foundry  Force10 only SFlow (which is a true
 standard) and I think Juniper does JFlow
 Cisco's kits are packed with proprietary protocols (HSRP and GLBP
 instead of VRRP, their own ethernet trunking, EIGRP as their own and
 yet extremely efficient IGP, TCL scriptable CLI...) , some of them are
 really good, some are crappy, but I suggest you'd stick with IEEE/IETF
 protocol to avoid future trouble.

 One thing: RSTP/802-1w is very (very, very, very) not often
 interoperable between vendors who all have their own interpretation of
 the norm and can quickly turn into a nightmare.
 I'd strongly suggest trybuys if (R)STP interoperability is required,
 but I'm a little paranoid :)

 Greg VILLAIN
 Independant Network  Telco Architecture Consultant





-- 
Those who do not create the future they want must endure the future they
get.
~Draper L. Kaufman, Jr.
--

Re: 10GE router resource

[Chris Grundemann]

On Tue, Mar 25, 2008 at 1:56 PM, William Herrin
[EMAIL PROTECTED] wrote:

 On Tue, Mar 25, 2008 at 1:59 PM, Chris Grundemann [EMAIL PROTECTED] wrote:
  Greg has laid out a great bit of information and I would like to add just
  one possibility to the list of budget 10GE routers: Vyatta.  According to a
  recent press release from that company
  (http://www.vyatta.com/about/pressreleases.php?id=51) they offer a product
  that is 2 to 3X higher performance at a cost savings of more than 75
  percent when compared to Cisco's 7200.


 Vyatta operates at Layer 3 wire speed across three Gigabit Ethernet
 ports in full mesh when forwarding 512-byte frames or higher.

 3x1 GE  1x10 GE

It appears that I put my foot in my mouth.  I have read several claims
that the Vyatta software is scalable to 10G, most notably here:
http://www.networkworld.com/news/2008/031708-vyatta-open-source-router.html.
 Upon further investigation, I have been unable to substantiate that
claim.

My experience is similar to those who have posted here, pps is the
limiting factor - usually somewhere between 500-800K.  Apparently I
was over eager to believe that more had been achieved.

To Ann's question on resources; I have only used Linux routers with 1G
ports but have surpassed 10G total throughput (up+ down) using various
dual proc set ups, most often Intel Xeon in Dell servers.  A gentlemen
by the name of Martin Pels wrote a good paper on the subject early
last year that can be found here:
http://docs.rodecker.nl/10-GE_Routing_on_Linux.pdf.  He hit a wall at
700K pps and was using two dual core Intel Xeon 64bit 2.33GHz CPUs and
2GB of RAM in a Dell PowerEdge 1950.

~Chris


 Regards,
 Bill Herrin


 --
 William D. Herrin  [EMAIL PROTECTED]  [EMAIL PROTECTED]
 3005 Crane Dr. .. Web: http://bill.herrin.us/
 Falls Church, VA 22042-3004