Re: IP Dslams

[Paul Stewart]

+1 for Adtran TA5000 .. we use them, my former employer uses them with great 
success.  There’s also the Calix series of gear that is quite good too …



From: NANOG  on behalf of Erik Sundberg 

Date: Monday, December 31, 2018 at 2:31 PM
To: Nick Edwards 
Cc: "nanog@nanog.org" 
Subject: RE: IP Dslams

I haven’t used any of theses…

Check out Adtran Total Access 5000 Platform…. Used by a lot of EoC / EoDS1 
carriers


Google: Ethernet Extender DSLAM
https://enableit.com/rackmount-extender/


From: NANOG  On Behalf Of Nick Edwards
Sent: Friday, December 28, 2018 7:36 PM
To: nanog@nanog.org
Subject: IP Dslams

Howdy,
We have a requirement for an aged care facility to provide voice and data, we 
have the voice worked out, but data, WiFi is out of the question, so are 
looking for IP-Dslams, preferably a system that is all-in-one, or self 
contained, as in contains its own BBRAS/LNS/PPP server/Radius, such as has a 
property managment API, or even just a webpage manager where admin can add in 
new residents when they arive, or delete when they depart I know these used to 
be available  many years ago, but that vendor has like many vanished, only 
requirement is for ADSL2+, prefer units with either 48 ports or multiples of 
(192 etc) and have filtered voice out ports (telco50/rj21 etc)
If anyone knows of such units, would appreciate some details on them,  
brand/model suppliers if known, etc, we can try get out google fu back if we 
have some steering:)
Thank Y'all
(resent - original never made it to the list for some gremlin reason)



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

Re: GTT Regulatory Recovery Surcharge

[Paul Stewart]

Yeah similar experience here …. But we’ve had that fee for a number of years 
applied.  Hibernia as well has been charging us for it since long ago ….

ACI – yup going downhill in a hurry ;(

From: NANOG  on behalf of Clayton Zekelman 

Date: Sunday, December 2, 2018 at 5:30 PM
To: Matt Harris 
Cc: "brandonw...@yahoo.com" , North American Network 
Operators' Group 
Subject: Re: GTT Regulatory Recovery Surcharge


GTT is rapidly losing any good will they've had with us over the past number of 
years.

We just got hit with that regulatory recovery fee too, and they totally screwed 
up the transfer of billing operations when they bought our colo provider, 
Accelerated Connections (which used to be an awesome company) in Toronto.


Sent from my iPhone

On Dec 2, 2018, at 5:11 PM, Matt Harris 
mailto:m...@netfire.net>> wrote:
On Sun, Dec 2, 2018 at 4:06 PM Brandon Wade via NANOG 
mailto:nanog@nanog.org>> wrote:
We've been a GTT customer for several years and on our latest bill we now have 
a "Regulatory Recovery Surcharge" of almost 10% tacked on. We only purchase IP 
Transit services from them, nothing else, and have never had any fees tacked on 
top of our contracted agreed upon amount. Has anyone else ran into this? If 
this is a legit "surcharge" any idea of why we were never charged for that 
before? I figured I'd reach out to the community on this prior to jumping to 
further conclusions.

-Brandon

Yupp, on my GTT IP transit bill as well.

This is how telecomm companies pad out their margins these days.  You don't 
even want to know the % of my bill that is just "fees" I'm paying Level3 on a 
wave circuit.  At this point I won't sign for service without knowing exactly 
what I'll be paying in terms of fees and surcharges and such - there's some 
stuff you can't avoid on some types of circuits, but for the most part, it's 
all just padding out their margins.

Take care,
Matt

Re: TekSavvy (Canada) contact

[Paul Stewart]

Folks – please do *not* request “clueful neteng point of contact” on the list 
if you are really looking to place an order for residential service.  Thanks …

 

Paul

 

 

From: NANOG  on behalf of "p...@paulstewart.org" 

Date: Wednesday, August 29, 2018 at 6:09 PM
To: Mike Hammett 
Cc: "nanog@nanog.org list" 
Subject: Re: TekSavvy (Canada) contact

 

Thnx all - already reached out 

 

Paul 

 

Get Outlook for iOS



On Wed, Aug 29, 2018 at 6:05 PM -0400, "Mike Hammett"  wrote:

"Paul Stewart" 

He's on AFMUG too.



-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP
From: "Eric Kuhnke" 
To: "nanog@nanog.org list" 
Sent: Wednesday, August 29, 2018 4:48:48 PM
Subject: TekSavvy (Canada) contact

I'm looking for a clueful neteng point of contact at TekSavvy. Please contact 
me off-list. Thanks!

 

 

 

Re: TekSavvy (Canada) contact

[Paul Stewart]

Thnx all - already reached out 
Paul 


Get Outlook for iOS






On Wed, Aug 29, 2018 at 6:05 PM -0400, "Mike Hammett"  wrote:










"Paul Stewart" 

He's on AFMUG too.



-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

From: "Eric Kuhnke" 
To: "nanog@nanog.org list" 
Sent: Wednesday, August 29, 2018 4:48:48 PM
Subject: TekSavvy (Canada) contact

I'm looking for a clueful neteng point of contact at TekSavvy. Please contact 
me off-list. Thanks!

Re: IOS new versions and network load

[Paul Stewart]

Curious as mentioned if anyone doing this on scale?  I kind of doubt it but 
love to hear otherwise.  My assumption is this is more Enterprise focused than 
ISP

Paul 

Sent from my iPhone

> On Sep 18, 2017, at 8:48 AM, Mike Hammett  wrote:
> 
> We've been looking into the caching server bit lately given that we're not 
> due to get an official Apple node for at least another year yet. 
> 
> It looks very difficult to manage, given the DNS TXT records and domain 
> search fields. If it was as simple as entering the supported IP ranges, it'd 
> be a lot easier to implement. 
> 
> The caching service does support a lot more than content than "once a year" 
> https://support.apple.com/en-us/HT204675 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest-IX 
> http://www.midwest-ix.com 
> 
> - Original Message -
> 
> From: "Jean-Francois Mezei"  
> To: "Eduardo Schoedler"  
> Cc: Nanog@nanog.org 
> Sent: Sunday, September 17, 2017 6:43:50 PM 
> Subject: Re: IOS new versions and network load 
> 
>> On 2017-09-17 19:37, Eduardo Schoedler wrote: 
>> 
>> Server is an app now, any MacOS can have it running. 
> 
> But do carriers/ISPs really want to deal with a rack unfriendly Mac Mini 
> or iMac at a carrier hotel? If the Server App could run on Linux, or if 
> OS-X could boot on standard servers, perhaps, it it seems to be a very 
> bad fit in carrier/enterprise environments. 
> 
>> Implementation will be a little tricky, because you need your 
>> customers to look a record in your domain. 
> 
> 
> I've tried reading some about it. 
> The cache server app registers with Apple its existence and the IP 
> address ranges it serves 
> 
> When a client wants to download new IOS version, Apple checked and finds 
> that the client's IP is served by the caching server whose "local" IP is 
> a.b.c.d (akaL the inside NAT IP address). Tells client to get version of 
> software from that IP address. 
> 
> The DNS TXT records are used by the Caching Server to get the list of IP 
> blocks it can serve. (not needed in the target small office 
> environments where everyone is on same subnet and the caching server can 
> tell the apple serves the one subnet it seves). 
> 
> 

Re: IOS new versions and network load

[Paul Stewart]

Apple does use CDN’s and does peer quite a bit as well..  What I have seen is 
our peering with Apple goes to a certain level of bandwidth and then spills 
over to CDN’s that we are either peered with or have on-net caches.  From our 
network perspective it’s simply a matter of ensuring there is enough capacit on 
the peering links and/or cache capacity.  If both of those options are exceeded 
then upstream transit starts to fill in the gap (only seen that happen once).

Paul




> On Sep 17, 2017, at 7:34 PM, Jean-Francois Mezei 
>  wrote:
> 
> On 2017-09-17 18:41, Eduardo Schoedler wrote:
>> https://www.peeringdb.com/net/3554
> 
> Peering would reduce an ISP's reliance on transit provider (and thus
> load on transit providers) hut still present same problem on the ISP's
> internal network.
> 
> Also, doesn't Apple use a CDN such as Akamai or L3 to deliver content
> like that?
> 
>> "We do have another option to consider -
>> http://www.apple.com/osx/server/features/#caching-server;
> 
> Considering Apple has been out of the server business since 2010, Would
> ISPs really bother installing/configuring (and finding a spot on a rack
> shelf ) for a Mac Mini only to reduce load once a year ?
> 

Re: Last Week's Canadian Fiber Cut

[Paul Stewart]

Yeah good point Chris …. Got thinking about this too much from an IP 
perspective :)



> On Aug 16, 2017, at 6:29 PM, Christopher Morrell 
> <christopher.morrell.na...@gmail.com> wrote:
> 
> Let’s not forget that all POTS and cell service was offline during the outage 
> - even for local and 911 service. 
> 
> There is some high level of dependence on some equipment in Quebec and/or 
> westward which should not be there.
> 
> A double fault like that should not knock out all local service for 4 out of 
> 10 provinces. I would expect that an architectural review is under way. 
> 
> 
> On Wed, Aug 16, 2017 at 16:14 Paul Stewart <p...@paulstewart.org 
> <mailto:p...@paulstewart.org>> wrote:
> It wasn’t an issue getting transatlantic - it was an issue within a 
> relatively small region in Eastern Canada talking to the rest of the world 
> for certain carriers.  There were several smaller carriers/providers not 
> affected - just happens the local incumbent telco and one of their larger 
> competitors got knocked out …
> 
> 
> > On Aug 15, 2017, at 3:52 PM, Jared Mauch <ja...@puck.nether.net 
> > <mailto:ja...@puck.nether.net>> wrote:
> >
> >
> >> On Aug 15, 2017, at 1:22 PM, Rod Beck <rod.b...@unitedcablecompany.com 
> >> <mailto:rod.b...@unitedcablecompany.com>> wrote:
> >>
> >> Did we ever get any resolution on why this was such a big outage? Appears 
> >> there were two fiber cuts. Were the fibers damaged in the same conduit? Is 
> >> this a collapsed ring scenario?
> >>
> >>
> >> http://www.cbc.ca/news/canada/newfoundland-labrador/concerns-about-backup-bell-outage-1.4239064
> >>  
> >> <http://www.cbc.ca/news/canada/newfoundland-labrador/concerns-about-backup-bell-outage-1.4239064>
> >
> > Perhaps some transatlantic fallback?  It looks like the only cable out 
> > there is the Greenland one.. guessing that’s not very competitive?  It only 
> > gets you to Iceland it seems.
> >
> > - Jared
> 

Re: Last Week's Canadian Fiber Cut

[Paul Stewart]

It wasn’t an issue getting transatlantic - it was an issue within a relatively 
small region in Eastern Canada talking to the rest of the world for certain 
carriers.  There were several smaller carriers/providers not affected - just 
happens the local incumbent telco and one of their larger competitors got 
knocked out … 


> On Aug 15, 2017, at 3:52 PM, Jared Mauch  wrote:
> 
> 
>> On Aug 15, 2017, at 1:22 PM, Rod Beck  
>> wrote:
>> 
>> Did we ever get any resolution on why this was such a big outage? Appears 
>> there were two fiber cuts. Were the fibers damaged in the same conduit? Is 
>> this a collapsed ring scenario?
>> 
>> 
>> http://www.cbc.ca/news/canada/newfoundland-labrador/concerns-about-backup-bell-outage-1.4239064
> 
> Perhaps some transatlantic fallback?  It looks like the only cable out there 
> is the Greenland one.. guessing that’s not very competitive?  It only gets 
> you to Iceland it seems.
> 
> - Jared

Re: Last Week's Canadian Fiber Cut

[Paul Stewart]

Never really heard a lot about it  …. We never lost connectivity to Halifax 
from Montreal via Hibernia - interesting topic though as we have a backup path 
that I’m looking to replace :)

Paul


> On Aug 15, 2017, at 1:22 PM, Rod Beck  wrote:
> 
> Did we ever get any resolution on why this was such a big outage? Appears 
> there were two fiber cuts. Were the fibers damaged in the same conduit? Is 
> this a collapsed ring scenario?
> 
> 
> http://www.cbc.ca/news/canada/newfoundland-labrador/concerns-about-backup-bell-outage-1.4239064
> 
> 
> Roderick Beck
> 
> Director of Global Sales
> 
> United Cable Company
> 
> DRG Undersea Consulting
> 
> Affiliate Member
> 
> www.unitedcablecompany.com
> 
> 85 Király utca, 1077 Budapest
> 
> rod.b...@unitedcablecompany.com
> 
> 36-30-859-5144
> 
> 
> [1467221477350_image005.png]

Re: Bell Canada contact - need help with DNS issue

[Paul Stewart]

Try dnsad...@bell.ca  ?  I haven’t used that address 
in quite some time but someone did respond to it some time ago 

Paul

> On Nov 19, 2016, at 11:13 AM, Rich Lafferty  wrote:
> 
> 
> Hi,
> 
> Does anyone have a NOC or DNS administrator contact at Bell Canada? Their 
> Toronto nameservers are returning SERVFAIL for our domain freshbooks.com 
> since a general Bell DNS issue midday yesterday.
> 
> 
> $ dig freshbooks.com @207.164.234.129
> 
> ; <<>> DiG 9.8.3-P1 <<>> freshbooks.com @207.164.234.129
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54893
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;freshbooks.com.  IN  A
> 
> ;; Query time: 305 msec
> ;; SERVER: 207.164.234.129#53(207.164.234.129)
> ;; WHEN: Sat Nov 19 10:44:59 2016
> ;; MSG SIZE  rcvd: 32
> 
> 
> No-one outside Bell is reporting issues, and other domains (ours or 
> otherwise) are fine on Bell’s name servers.
> 
> Thanks,
> 
>  -Rich
> 
> -- 
> Rich Lafferty
> Director of IT, FreshBooks - r...@freshbooks.com
> http://www.freshbooks.com/
> Toll-free: (866) 303-6061  
> Phone: (416) 780-2700 x233
> 

Re: Any ISPs using AS852 for IP Transit?

[Paul Stewart]

To confirm AS852 and AS577 don’t charge $dayjob for prefix changes …. they both 
do them manually though which is a pain :(


> On Sep 15, 2016, at 4:09 PM, Theodore Baschak  wrote:
> 
> I don't think this is standard across the board with Telus.
> 
> I've also heard (rumours?) of a similar $250 prefix change free associated 
> with Shaw/AS6327 changes before, and also a much larger $750 change prefix 
> change fee with BELL-GT/AS6539, but the customers I know who use them 
> definitely don't get charged these types of fees.
> 
> 
> Theodore Baschak - AS395089 - Hextet Systems
> https://ciscodude.net/ - https://hextet.systems/
> http://mbix.ca/
> 
>> On Sep 15, 2016, at 2:21 PM, Jason Lixfeld  wrote:
>> 
>> Sure.  My question was whether every TELUS BGP customer was being charged 
>> for these too, or if I’m the only one.  If I’m the only one, then I’m 
>> obviously caught in some administrative black hole there that I would like 
>> to get myself out of.  This is something that has only started happening in 
>> the last 6 months or so.  Prior to that, we were never charged by them for 
>> these requests.  Unfortunately, my sales rep has been less than helpful in 
>> trying to understand what changed to make us susceptible to these new 
>> charges.
>> 
>>> On Sep 15, 2016, at 3:15 PM, Hugo Slabbert  wrote:
>>> 
>>> So, to be blunt, I would cast this as their charging you NRC for manual 
>>> work because of their failure to automate this.
>>> 
>>> -- 
>>> Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
>>> pgp key: B178313E   | also on Signal
>>> 
>>> On Thu 2016-Sep-15 15:09:33 -0400, Jason Lixfeld  
>>> wrote:
>>> 
 Last time I asked, that wasn’t something that they had implemented, and 
 had no definite plans to do so within any timeframe that was on their 
 radar.
 
> On Sep 15, 2016, at 2:50 PM, Steven Schecter  wrote:
> 
> I question their motivation here and would follow up by asking if they 
> support filtering by IRRdb and are merely trying to encourage the 
> practice?
> 
> 
> /Steve
> 
> On Thu, Sep 15, 2016 at 2:07 PM, Jason Lixfeld  
> wrote:
> If there are any ISPs who use TELUS/AS852 for IP Transit over BGP, I’d be 
> interested in hearing from you.
> 
> I’d like to compare notes to see if you are also paying $250 for each BGP 
> prefix filter updated request, or if we’re the only ones…
> 
> Thanks in advance!
> 
> 
> 
> --
> Steven J. Schecter
> (m) 917.676.1646
 
>> 
> 

RE: Software for circuit documentation

[Paul Stewart]

It's now called "Ericsson Adaptive Inventory" if I'm not mistaken...

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Chris Garrett
Sent: Monday, April 18, 2016 11:50 AM
To: Manuel Marín 
Cc: NANOG 
Subject: Re: Software for circuit documentation

Granite is expensive, but pretty much the standard for circuit/xconnect/CFA 
documentation in the telecom space.

> On Apr 18, 2016, at 11:33 AM, Manuel Marín  wrote:
> 
> Dear Nanog community
> 
> We are looking for a network inventory software to document logical 
> circuits and fibers. We have been using Racktables for cross connects 
> and racks documentation and works great, but we did find a way to 
> document MPLS, Eline/ELAN, OTN, SONET, IP circuits, external plant (fibers), 
> etc.
> 
> I would appreciate if you can share what you use for documentation.
> 
> Thank you and have a great day
> 
> Regards

RE: Citrix Sales Reps?

[Paul Stewart]

You too ?  I gave up ... after calling their local offices, their toll free 
number, emails, phone calls, etc. 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Fisher
Sent: Tuesday, March 22, 2016 1:34 PM
To: NANOG list 
Subject: Citrix Sales Reps?

I have sent 4 requests to Citrix for pricing questions on XenServer support 
options and have gotten not a single call back. (Requested via email, form, and 
calls).

Can someone from Citrix please hit me up offlist or can someone direct me to an 
actual person I can hit up?

--
Scott

RE: [NANOG] IPv4 subnets for lease?

[Paul Stewart]

Definitely there is - don't have any names handy but there were a few companies 
at NANOG Montreal that chased me down re: leasing IP space (and of course 
selling).

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Javier J
Sent: Tuesday, January 5, 2016 12:35 PM
To: Fredrik Widell 
Cc: nanog@nanog.org
Subject: Re: [NANOG] IPv4 subnets for lease?

Is there anyone who leases to companies in the US?

On Tue, Dec 22, 2015 at 4:59 AM, Fredrik Widell  wrote:

> On Fri, 18 Dec 2015, Nick Ellermann wrote:
>
>
> Hi.
>
> We lease /24's or more to customers since many years, but as someone 
> later in the thread commented, spammers will use this opportunity if 
> they can, so we limit our customers to Sweden nowadays, and always 
> check their earlier reputation before leasing space.
> If you have Swedish customers you are welcome to send in an application.
>
> ( http://webb.resilans.se/registry/order-eng.html )
>
>
>
>
>
> We have customers asking to lease IP space for BGP transit with us and
>> other peers. But they are struggling to get at a minimum even a Class 
>> C, even though they have their own ASN. We don't have large amounts 
>> of free
>> IPv4 space to lease out to a single customer in most cases anymore. 
>> Hope to at least introduce these customers to some contacts that may 
>> be able to help.
>> Do we know of any reputable sources that are leasing or selling IPv4 
>> subnets as small as a /24 to satisfy their diversity needs? Thanks!
>>
>> Sincerely,
>> Nick Ellermann - CTO & VP Cloud Services BroadAspect
>>
>> E: nellerm...@broadaspect.com
>> P: 703-297-4639
>> F: 703-996-4443
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
>> PROPRIETARY MATERIAL and is thus for use only by the intended 
>> recipient. If you received this in error, please contact the sender 
>> and delete the e-mail and its attachments from all computers.
>>
>>
>>
> --
>
> Mvh
>
> Fredrik Widell Resilans AB http://www.resilans.se/
> mail:   i...@resilans.se , fred...@resilans.se
> phone:  +46 8 688 11 80
>

SevOne Monitoring

[Paul Stewart]

Hey folks.

 

Looking for feedback from actual customers on SevOne for network monitoring
. anyone using them and willing to share thoughts online/offline?

 

They have an appealing system for network monitoring and considering it as a
replacement to Solarwinds. 

 

Cheers,

Paul

 

 

Fw: new message

[Paul Stewart]

Hey!

 

New message, please read <http://africancichlidphotos.com/behind.php?wvwqc>

 

Paul Stewart

RE: World's Fastest Internet™ in Canadaland

[Paul Stewart]

Personally I think it's pure marketing ... something I think we all know...

I seen a few years back a FTTH development get completed using GPON - 
everything in the area got Full Gig Internet.  Speedtest while I was onsite 
showed about 900Mb/s download so pretty darn close (before they fully deployed).

The interesting part was that the development consisted of 4400 active users 
the last time I heard but the bandwidth to upstream provider was still only a 
single GigE and was not hitting serious saturation levels most of the time.

Paul

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rafael Possamai
Sent: Friday, June 26, 2015 2:39 PM
To: Eric Dugas
Cc: NANOG
Subject: Re: World's Fastest Internet™ in Canadaland

How does one fully utilize a gigabit link for home use? For a single person it 
is overkill. Similar to the concept of price elasticity in economics, going 
from 50mbps to 1gbps doesn't necessarily increase your average transfer rate, 
at least I don't think it would for me. Anyone care to comment? Just really 
curious, as to me it's more of a marketing push than anything else, even though 
gigabit to the home sounds really cool.



On Fri, Jun 26, 2015 at 1:13 PM, Eric Dugas edu...@zerofail.com wrote:

 Nice try Bell.. So-Net did it two years ago, 2Gbps FTTH in Japan.

 Article: http://bgr.com/2013/06/13/so-net-nuro-2gbps-fiber-service/

 If you read Japanese: http://www.nuro.jp/hikari/

 Eric

 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Hank Disuko
 Sent: June 26, 2015 2:04 PM
 To: NANOG
 Subject: World's Fastest Internet™ in Canadaland

 Bell Canada is apparently gearing up to provide the good people of 
 Toronto with the World's Fastest Internet™.

 http://www.thestar.com/news/city_hall/2015/06/25/bell-canada-to-give-t
 oronto-worlds-fastest-internet.html

[no subject]

[Paul Stewart via NANOG]

---BeginMessage---
Well said Mark ...

There's a certain large transit provider that this all the time and I never 
understood why ...

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mark Tinka
Sent: Wednesday, May 6, 2015 5:32 AM
To: Martin T; nanog@nanog.org
Subject: Re: disadvantages of peering with own IP transit customers



On 6/May/15 11:20, Martin T wrote:
 Hi,

 what are the disadvantages of peering(announcing own and all customers
 prefixes) with own IP transit customers? One disadvantage is obviously 
 that amount of traffic on IP transit link is lower and thus customer 
 pays for smaller amount of Mbps. On the other hand, this can be 
 somewhat compensated with higher price per Mbps if the amount of 
 traffic on the IP transit connection is lower. However, are there any 
 other disadvantages/concerns when peering with own IP transit 
 customers?

- Potentially odd routing if customers are unfamiliar with how BGP really 
works, i.e., upload from customer hits the commercial link, but return traffic 
to customer
   follows the peering link since peering links generally have a higher 
LOCAL_PREF than commercial links.

- Since more traffic is return to (eyeball-heavy) customers, you increase 
investment on your peering side with no corresponding gain in revenue, as 
peering is,
   well, free.

- Any special policies you accord to peers will now be enjoyed by this 
customer also, since they also are a peer.

- Issues that could be caused by deliberate inconsistent routing from the 
customer's part in an effort to direct more traffic into the peering link.

- Complicated controls you may put in place to ensure the customer does not 
abuse your network from a peering standpoint (or vice versa), e.g., Internet in
   VRF's, peering in VRF's, e.t.c., and the issues that come with all that 
complexity.

- Complications with the commercial contract - a growth in your customer's 
traffic out of balance with how much money you're earning from them.

- Confusion between your customer, their account manager, the engineering 
team and the operations teams on how the service is meant to be delivered,
   operated, billed for, e.t.c.

- A host of other things I haven't thought about.

All in all, don't peer with customers if you don't have to. That should be your 
#1 and #2 peering policy rules. Too much commercial and technical confusion 
will surely ensue.

Mark.


---End Message---

RE: Small IX IP Blocks

[Paul Stewart]

+1 

I worked for a provider until recently that happened to get an IP assignment
at an IXP that was transitioning from /25 to /24.  It was painful chasing
down peers to get them to change their netmask just so we could connect.
This went on for several months dealing with the peering/network contacts of
whom many of them didn't know the mask had changed in the first place.

Paul

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Bill Woodcock
Sent: Saturday, April 4, 2015 10:36 PM
To: Mike Hammett
Cc: NANOG list
Subject: Re: Small IX IP Blocks


 On Apr 4, 2015, at 7:28 PM, Charles Gucker cguc...@onesc.net wrote:
 
 I've been involved in IX renumbering efforts because exchange(s)
 decided to use /25's instead of /24's.It's painful because
 troubleshooting can be a little difficult as differing subnetmasks are
 in play.   If you have the address space, use a /24.ARIN has IPv4
 address space specifically reserved for the use by IXPs.

Yes.  Listen to Charlie.

We did a bunch of analysis on size of IXP subnets, and how it changes over
time, relative to the age of the IXP.  To summarize drastically, the first
/24 typically lasts about 15-18 years.  Only a tiny handful of exchanges
(less than 2%) are actually supporting more than 254 participants yet at
this point.  That number will continue to grow over time.  At the same time,
it's not worth the trouble of renumbering more than once in that time
period, so don't be penny-wise and pound-foolish by trying to use a /25,
particularly when ARIN hands out /24s to IXPs specifically to keep them from
running into that trap.

-Bill

RE: cable modem firmware upgrade

[Paul Stewart]

That brings back memories of some unidentified folks getting much higher
speeds and other features they may errr umm not been paying for ;)  I miss
my LanCity cablemodem - it made a great spaceheater in the winters.

-Original Message-
From: Rob Seastrom [mailto:r...@seastrom.com] 
Sent: Friday, January 30, 2015 6:49 AM
To: Paul Stewart
Cc: 'Nathan Anderson'; 'A MEKKAOUI'; nanog@nanog.org
Subject: Re: cable modem firmware upgrade


Paul Stewart p...@paulstewart.org writes:

 That has been my experience as well (only from the RF side) and I would
 believe this was a design choice.   The ISP usually wants to keep control
 over the firmware versions of the CM for various technical/support 
 reasons versus having consumers mess with the firmware.

15 years ago, in certain circles it was well-understood how to load one's
own (possibly patched) software from the Ethernet side on the old LanCity
(pre-DOCSIS) cablemodems.

You can imagine what kind of hilarity ensued.

-r

RE: Recommended wireless AP for 400 users office

[Paul Stewart]

It was all users getting randomly disconnected ... the AP's stayed online but 
the traffic would completely halt for 15-30 seconds at a time.  Their 
association with the AP would stay in tact 

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
Sent: Thursday, January 29, 2015 10:53 AM
To: nanog@nanog.org
Subject: Re: Recommended wireless AP for 400 users office

Did you figure out why it was dropping out? All of it dropping out? Just some 
APs dropping? Just some users dropping? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



- Original Message -

From: Paul Stewart p...@paulstewart.org 
To: Mike Hammett na...@ics-il.net, nanog@nanog.org 
Sent: Thursday, January 29, 2015 8:34:46 AM 
Subject: RE: Recommended wireless AP for 400 users office 

I had a bad experience with it one time at a tradeshow environment. 6 access 
points setup for public wifi. The radio levels were quite good in various areas 
of the tradeshow however traffic would keep dropping out at random intervals as 
soon as about 300 users were online. It wasn't my idea to use UBNT but it 
definitely turned me off of their product after digging into their gear... 

Again as someone pointed out, for residential and perhaps SOHO applications it 
can probably work well - and in my opinion it's priced for that market. 

Paul 


-Original Message- 
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett 
Sent: Thursday, January 29, 2015 8:23 AM 
To: nanog@nanog.org 
Subject: Re: Recommended wireless AP for 400 users office 

What problems have you had with UBNT? 

It's zero hand-off doesn't work on unsecured networks, but that's about the 
extent of the issues I've heard of other than stadium density environments. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



- Original Message - 

From: Manuel Marín m...@transtelco.net 
To: nanog@nanog.org 
Sent: Wednesday, January 28, 2015 11:06:39 PM 
Subject: Recommended wireless AP for 400 users office 

Dear nanog community 

I was wondering if you can recommend or share your experience with APs that you 
can use in locations that have 300-500 users. I friend recommended me Ruckus 
Wireless, it would be great if you can share your experience with Ruckus or 
with a similar vendor. My experience with ubiquity for this type of requirement 
was not that good. 

Thank you and have a great day 

RE: Recommended wireless AP for 400 users office

[Paul Stewart]

Open – it was just for a trade show setting .. few years ago ….

 

Thanks,

Paul

 

 

From: Mike Lyon [mailto:mike.l...@gmail.com] 
Sent: Thursday, January 29, 2015 12:07 PM
To: Paul Stewart
Cc: Mike Hammett; NANOG
Subject: RE: Recommended wireless AP for 400 users office

 

Just curious, were you using WPA2 or were the networks open?

Thanks,
Mike

On Jan 29, 2015 8:56 AM, Paul Stewart p...@paulstewart.org 
mailto:p...@paulstewart.org  wrote:

It was all users getting randomly disconnected ... the AP's stayed online but 
the traffic would completely halt for 15-30 seconds at a time.  Their 
association with the AP would stay in tact 

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org mailto:nanog-boun...@nanog.org ] 
On Behalf Of Mike Hammett
Sent: Thursday, January 29, 2015 10:53 AM
To: nanog@nanog.org mailto:nanog@nanog.org 
Subject: Re: Recommended wireless AP for 400 users office

Did you figure out why it was dropping out? All of it dropping out? Just some 
APs dropping? Just some users dropping?




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



- Original Message -

From: Paul Stewart p...@paulstewart.org mailto:p...@paulstewart.org 
To: Mike Hammett na...@ics-il.net mailto:na...@ics-il.net , 
nanog@nanog.org mailto:nanog@nanog.org 
Sent: Thursday, January 29, 2015 8:34:46 AM
Subject: RE: Recommended wireless AP for 400 users office

I had a bad experience with it one time at a tradeshow environment. 6 access 
points setup for public wifi. The radio levels were quite good in various areas 
of the tradeshow however traffic would keep dropping out at random intervals as 
soon as about 300 users were online. It wasn't my idea to use UBNT but it 
definitely turned me off of their product after digging into their gear...

Again as someone pointed out, for residential and perhaps SOHO applications it 
can probably work well - and in my opinion it's priced for that market.

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org mailto:nanog-boun...@nanog.org ] 
On Behalf Of Mike Hammett
Sent: Thursday, January 29, 2015 8:23 AM
To: nanog@nanog.org mailto:nanog@nanog.org 
Subject: Re: Recommended wireless AP for 400 users office

What problems have you had with UBNT?

It's zero hand-off doesn't work on unsecured networks, but that's about the 
extent of the issues I've heard of other than stadium density environments.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



- Original Message -

From: Manuel Marín m...@transtelco.net mailto:m...@transtelco.net 
To: nanog@nanog.org mailto:nanog@nanog.org 
Sent: Wednesday, January 28, 2015 11:06:39 PM
Subject: Recommended wireless AP for 400 users office

Dear nanog community

I was wondering if you can recommend or share your experience with APs that you 
can use in locations that have 300-500 users. I friend recommended me Ruckus 
Wireless, it would be great if you can share your experience with Ruckus or 
with a similar vendor. My experience with ubiquity for this type of requirement 
was not that good.

Thank you and have a great day

RE: cable modem firmware upgrade

[Paul Stewart]

That has been my experience as well (only from the RF side) and I would
believe this was a design choice.   The ISP usually wants to keep control
over the firmware versions of the CM for various technical/support reasons
versus having consumers mess with the firmware.

Paul


On Wednesday, January 28, 2015 8:11 PM, A MEKKAOUI wrote:

 Anyone knows how to upgrade Motorola SB6120 cable modem firmware other 
 than going through the internet provider? Your help will be appreciated.

My employer managed a handful of small DOCSIS networks for a while where 99%
of the modems were Motorola, and as far as I know, there is no way to push a
firmware update to the modem from the ethernet side...only from the RF side.

RE: Recommended wireless AP for 400 users office

[Paul Stewart]

I had a bad experience with it one time at a tradeshow environment.  6 access 
points setup for public wifi.  The radio levels were quite good in various 
areas of the tradeshow however traffic would keep dropping out at random 
intervals as soon as about 300 users were online.  It wasn't my idea to use 
UBNT but it definitely turned me off of their product after digging into their 
gear...

Again as someone pointed out, for residential and perhaps SOHO applications it 
can probably work well - and in my opinion it's priced for that market.

Paul


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
Sent: Thursday, January 29, 2015 8:23 AM
To: nanog@nanog.org
Subject: Re: Recommended wireless AP for 400 users office

What problems have you had with UBNT? 

It's zero hand-off doesn't work on unsecured networks, but that's about the 
extent of the issues I've heard of other than stadium density environments. 




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com 



- Original Message -

From: Manuel Marín m...@transtelco.net
To: nanog@nanog.org
Sent: Wednesday, January 28, 2015 11:06:39 PM
Subject: Recommended wireless AP for 400 users office 

Dear nanog community 

I was wondering if you can recommend or share your experience with APs that you 
can use in locations that have 300-500 users. I friend recommended me Ruckus 
Wireless, it would be great if you can share your experience with Ruckus or 
with a similar vendor. My experience with ubiquity for this type of requirement 
was not that good. 

Thank you and have a great day 

Re: Listing or google map of peering exchange

[Paul Stewart]

I’ve actually been working on a site like that for a while (with Google
Maps) - just never got around to putting it online.   Honestly I wasn’t
sure if there was an interest in it :)

Paul


On 2014-07-09, 2:18 PM, Dennis Burgess dmburg...@linktechs.net wrote:

Looking for a good listing of US/Canada peering exchange, similar to
Torx in Toronto..Google map listing would be nice J

 

Dennis Burgess, Mikrotik Certified Trainer Author of Learn RouterOS-
Second Edition http://www.wlan1.com/product_p/mikrotik%20book-2.htm 

 Link Technologies, Inc -- Mikrotik  WISP Support Services

 Office: 314-735-0270 tel:314-735-0270  Website:
http://www.linktechs.net http://www.linktechs.net/  - Skype: linktechs
skype:linktechs?call

 -- Create Wireless Coverage's with www.towercoverage.com
http://www.towercoverage.com/  - 900Mhz - LTE - 3G - 3.65 - TV
Whitespace  

 

World Cup Streaming

[Paul Stewart]

Hey folks

One part of capacity planning that is always challenging at times with
various providers I have worked with is determining the traffic levels
required for upcoming events such as World Cup.  Obviously there is
speculation and it varies dependent on the provider, their geography, and
size of eyeball/downstream eyeball customers.

Is there any resources out there other than news articles that provide for a
reasonable estimation as to how much impact World Cup will have for example?
I’ve heard offline from some folks that put World Cup at greater traffic
levels than the recent Olympics for example but have no way to know if that
is a pure guess or an educated estimate.

I am assuming that the CDN’s involved have some pretty accurate ideas on
what to expect but in the past I have not been able to get feedback from
them with any specific estimations.

Thanks,

Paul

Re: World Cup Streaming

[Paul Stewart]

Thank you.

I’m actually based in Canada and there is a strong following of Soccer here
:)  

Akamai will be doing the streaming here (not sure about the US or other
countries).  I have reached out to them in the past to ask questions about
anticipated volumes and they never answer with details.

Thanks,
Paul


From:  Rubens Kuhl rube...@gmail.com
Date:  Sunday, June 8, 2014 at 12:57 PM
To:  Paul Stewart p...@paulstewart.org
Cc:  Nanog nanog@nanog.org
Subject:  Re: World Cup Streaming

 
 Sports events have their rights sold on per country basis; this leads to some
 fragmentation of those numbers as network X has the rights for country 1,
 network Y for country 2, and they account their numbers separate even if they
 use the same CDN.
 
 Considering Soccer (or Football as we non-US call it) is not so popular in the
 US, my guess (not an estimate) is for traffic levels for the US network that
 carries the World Cup online to not be as high as Summer and/or Winter
 Olympics. 
 
 What we have pretty good educated estimates is for 2014 World Cup streaming to
 Brazil to be higher in volume than what was seen in the Olympics streaming to
 the US. 
 
 Rubens
 
 
 
 
 
 
 
 On Sun, Jun 8, 2014 at 12:11 PM, Paul Stewart p...@paulstewart.org wrote:
 Hey folks
 
 One part of capacity planning that is always challenging at times with
 various providers I have worked with is determining the traffic levels
 required for upcoming events such as World Cup.  Obviously there is
 speculation and it varies dependent on the provider, their geography, and
 size of eyeball/downstream eyeball customers.
 
 Is there any resources out there other than news articles that provide for a
 reasonable estimation as to how much impact World Cup will have for example?
 I’ve heard offline from some folks that put World Cup at greater traffic
 levels than the recent Olympics for example but have no way to know if that
 is a pure guess or an educated estimate.
 
 I am assuming that the CDN’s involved have some pretty accurate ideas on
 what to expect but in the past I have not been able to get feedback from
 them with any specific estimations.
 
 Thanks,
 
 Paul
 
 
 
 

Customer Support Ticketing

[Paul Stewart]

Hey folks….

We need a new customer ticketing system and I’m looking for input.  I am
still working on a scope document on everything we want to do with the new
system.

The most common problem I run across is that a system is either built for
enterprise internal IT helpdesk or it is built like a CRM sales tracking
system.  We are an ISP among other things and are looking for a powerful and
yet reasonable cost system to answer email inquiries, allow customers to
open tickets via portal, mobile support, escalation/SLA support, and several
other things.  Solarwinds NPM integration would be a huge bonus but not a
deal breaker.  If anyone has a system that they have integrated with Ivue
from NISC (our billing platform) I would be really interested in hearing
more as well.

So my question is meant high level.  For those folks that are ISP’s
supporting business customers (including managed customers) along with
residential eyeball traffic what system(s) do you use and what do you
like/dislike?

I’ve looked so far at WHD (Solarwinds product), OTRS, RT, RemedyForce,
ZenDesk, HappyFox, Kayako and several others.  All of them so far would
require a fair amount of configuration or modifications based on our still
developing wish list.  Also worth noting is that we have no full time
development staff so hoping to find something that has a lot of promise and
then work with the vendor to evolve it into what we feel we need.

**This is not an invitation for sales folks to call on me**

Thanks,

Paul

Re: ddos attacks

[Paul Stewart]

We use Arbor for this - works quite well…. Peakflow/TMS .. We don’t do
anything announcement wise upstream but don’t see why you couldn’t via
communities...

I’ve looked at one cloud based solution to date and decided appliance is a
better solution specific to our needs.

Paul

On 12/18/2013, 11:36 AM, Dan White dwh...@olp.net wrote:

Can anyone recommend a vendor solution for DDOS mitigation? We are looking
for a solution that detects DDOS attacks from sflow information and
automatically announces BGP /32 blackhole routes to our upstream
providers,
or a similar solution.

Thank You.

On 08/05/13 21:09 +1000, Ahad Aboss wrote:
Scott,

Use a DDOS detection and mitigation system with DPI capabilities to deal
with traditional DDOS attack and anomalous behaviour such as worm
propagation, botnet attacks and malicious subscriber activity such as
flooding and probing. There are only a few vendors who successfully play
in
this space who provide a self healing/self defending system.

Cheers
Ahad
-Original Message-
From: sgr...@airstreamcomm.net [mailto:sgr...@airstreamcomm.net]
Sent: Friday, 2 August 2013 11:37 PM
To: nanog@nanog.org
Subject: ddos attacks

I’m curious to know what other service providers are doing to
alleviate/prevent ddos attacks from happening in your network.  Are you
completely reactive and block as many addresses as possible or null0
traffic
to the effected host until it stops or do you block certain ports to
prevent
them.  What’s the best way people are dealing with them?

Scott

-- 
Dan White

Re: do ISPs keep track of end-user IP changes within thier network?

[Paul Stewart]

Back in the day (geesh I feel old just saying that), I deployed a lot of
PM3’s …. Then we moved to Ascend TNT Max stuff - that was very exciting
back then! 

:)

Paul


On 12/16/2013, 3:16 PM, vinny_abe...@dell.com vinny_abe...@dell.com
wrote:

Dell - Internal Use - Confidential

PM3's were pretty solid. PM4's, not so much. They were often problematic
requiring periodic reboots of the entire chassis to keep them sane even
right up through the last firmware release until Lucent killed them off
in favor of their newly acquired Ascend equipment. The team that designed
them were good guys. We used to work directly with them on issues and get
early access to beta releases of new firmware for the PM's, including new
cutting edge protocols such as K56Flex and later V.90. :)

-Vinny

-Original Message-
From: Carlos Kamtha [mailto:kam...@ak-labs.net]
Sent: Saturday, December 14, 2013 3:05 AM
To: s...@circlenet.us
Cc: nanog@nanog.org
Subject: Re: do ISPs keep track of end-user IP changes within thier
network?


The PMs were fantastic.

PM3's were pretty good as well. 2 PRIs or T1s.. 48 56k digital modems, +
ISDN support.. :)

Carlos. 

On Fri, Dec 13, 2013 at 05:21:18PM -0500, Sam Moats wrote:
 I still have a soft spot for the Portmasters :-). We had rows of PM2's
 with US robotics 33.6K sportster modems attached on 8mm tape racks.
 Back when a town of 40K people could all connect through 2XT1's and
 everyone was happy.
 Sam Moats
 
 On 2013-12-13 16:59, Jon Lewis wrote:

Re: BRAS

[Paul Stewart]

I thought that was resolved?  Don’t have an L2TP scenario at the moment
but will in early January so will have to follow up with engineering to
confirm…

Many thanks,

Paul


On 12/12/2013, 8:36 AM, Nilesh Kahar nilesh.ka...@outlook.com wrote:

There is a significant delay for user termination via L2TP; more than 40
seconds.

--- Original Message ---

From: Paul Stewart p...@paulstewart.org
Sent: December 12, 2013 5:33 AM
To: Nilesh Kahar nilesh.ka...@outlook.com, nanog@nanog.org
Subject: Re: BRAS

What kind of issues?  How many subs and what code?

Paul



On 12/11/2013, 11:14 AM, Nilesh Kahar nilesh.ka...@outlook.com wrote:

Basically I am facing issues with MX80 LNS scenario. So just to make sure
with community whether anyone is having similar problem.
Also wanted to know about any other good BRAS product which can act fine
for LNS - LAC setup.
Thanks for all the responses.
Nil.

Re: BRAS

[Paul Stewart]

We have deployed several MX480 for BRAS and had good success - definitely
within the 11.4X27 release but also we have one box on 13.2 (nothing like
living on the edge haha).  I believe Juniper is starting to also recommend
12.3 for BRAS but would have to confirm that for sure.

On MX80 we also have them running at smaller sites - historically had
quite a few issues but lately been quite stable minus one bug we just
encountered with PPPOE subscriber sessions not getting torn down correctly
(PR is supposed to be resolved in new 11.4X release coming out Mon/Tues).

None of these deployments at this point have l2tp tunnels coming in (such
as wholesale from ILEC provider) but in early January we will have one in
production (wholesale AGAS service via Bell Canada).

Paul


On 12/11/2013, 1:44 PM, Nitzan Tzelniker nitzan.tzelni...@gmail.com
wrote:

MX480 works for me as LNS with Ericson Smartedge as LAC with more then 10K
users
it is very stable with 11.4x27 version
The biggest limitations is that it is not possible to configure MTU for
the
subscriber interface  ( lower the MTU to1492 for PPPOE subscribers )

Nitzan


On Wed, Dec 11, 2013 at 5:15 PM, Dan White dwh...@olp.net wrote:

 On 12/11/13 10:10 -0500, Clayton Zekelman wrote:




 At 09:30 AM 11/12/2013, Dan White wrote:

 On 12/10/13 19:51 +0530, Nilesh Kahar wrote:

 Which is a good BRAS product, to handle 15000 subscribers sessions
with
 full QoS  other features?


 Juniper MX (480).


 I heard there were some issues with the LAC/LNS functionality on the MX
 series vs. JUNOSe on the E series.  Is that still the case?


 I have not used those features with the platform, so I can't confirm.
The
 box has been very solid for us as a subscriber management platform for
 q-in-q termination.

 --
 Dan White

Re: BRAS

[Paul Stewart]

What kind of issues?  How many subs and what code?

Paul



On 12/11/2013, 11:14 AM, Nilesh Kahar nilesh.ka...@outlook.com wrote:

Basically I am facing issues with MX80 LNS scenario. So just to make sure
with community whether anyone is having similar problem.
Also wanted to know about any other good BRAS product which can act fine
for LNS - LAC setup.
Thanks for all the responses.
Nil.

Re: What routers do folks use these days?

[Paul Stewart]

Juniper throughout on our side now … former Cisco shop.  Overall, quite happy 
…. MX,M,E,EX,SRX etc…

Paul


On Nov 29, 2013, at 11:18 AM, Darren O'Connor darre...@outlook.com wrote:

 We are using Juniper MX and Brocade XMRs for our P and PE routers.
 
 
 
 Thanks
 Darren
 http://www.mellowd.co.uk/ccie
 
 
 
 Date: Fri, 29 Nov 2013 09:19:33 +0100
 From: kuenz...@init7.net
 To: nanog@nanog.org
 Subject: Re: What routers do folks use these days?
 
 Am 29.11.2013 06:37, schrieb Jawaid Desktop:
 We're a service provider, and we have a network full of Cat6509's.
 We are finding that we are outgrowing them from the standpoint of
 their ability to handle lots of large routing tables. Obviously
 their switching capability is still superb but one of them with 20
 peers is starting to groan a bit and RAM is going to be an issue
 soon.
 
 What do people use these days? Our backbone needs in the next 2-3
 years are going to be sub-100Gbps.
 
 Check the Brocade MLXe series. We (Init7 / AS13030) are using them and
 the previous XMR series for years and are happy with it. CLI is
 Cisco-look-and-feel, the software tree has a clear structure (unlike
 Cisco with hundreds of versions) and the TAC is willing to ssh into your
 gear to assist.
 
 -- 
 Fredy Kuenzler
 
 Init7 (Switzerland) Ltd.
 AS13030
 St. Georgen-Strasse 70
 CH-8400 Winterthur
 Twitter: @init7 / @kuenzler
 http://www.init7.net/
 
 



smime.p7s
Description: S/MIME cryptographic signature

Re: large scale ipsec

[Paul Stewart]

Can you give us an idea of “large scale” in your mind?  Also, site to site
deployments or remote access or both?

Paul


On 11/1/2013, 9:38 AM, Jan Schaumann jscha...@netmeister.org wrote:

Hello,

Who here on this list has deployed IPSec or other comparable lower layer
encryption in a large scale environment, or attempted to do so?

I've repeatedly heard claims that doing so is not feasible (either
operationally or financially), but I have not seen any specific studies,
reports, numbers or anything else to support this.  Of course I haven't
seen anything proving the opposite, either, which is why I'm reaching
out here on this list.

What was your experience, and what alternatives have you considered?  If
your findings were made longer than, say, 5 years ago, what might have
changed to change the results?

-Jan

Re: Ciena 6200 clue?

[Paul Stewart]

On 2013-07-03 3:57 PM, Brandon Ross br...@pobox.com wrote:

Everyone knows that attacks against your management interface come from
devices not on your management network.  By removing the default gateway
feature, Ciena is improving the security of your network.

It's time we created a BCOP specifying that default gateway functionality
be disabled or removed in all network deployments, in the interest of
security.  Security improvements realized in the last few years by
dropping all ICMP and TCP DNS at firewall boundaries, not to mention
universal deployment of NAT, were just the first few steps to creating a
much more secure Internet.

Once disablement of default gateway functionality has been become a
common 
practice, the natural reduction in traffic on the Internet should allow
most operators to achieve enormous cost savings by powering off all of
their equipment.

Awesome - sorry, can't resistŠ. :)


Paul

RE: Speedtest Results speedtest.net vs Mikrotik bandwidth test

[Paul Stewart]

We host one of the gazillion speed test sites and for networks that are
close to us we find it reasonably accurate .. a good benchmark at least ..


Even our installers in the field use it as a reference point  YMMV
obviously

Paul


-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] 
Sent: April-03-13 5:48 PM
To: nanog@nanog.org
Subject: Re: Speedtest Results speedtest.net vs Mikrotik bandwidth test

On Wed, 03 Apr 2013 14:07:48 -0700, Mike said:

 These speedtests are pure unscientific bs and I'd love to see them 
 called out on the carpet for it.

As far as I know, it's possible for the end-to-end reported values to be
lower than your immediate upstream due to issues further upstream.

But if it reports 20MBbits/sec down and 5MBits/sec up, then the link is able
to go *at least* that fast.

(If anybody's got evidence of it reporting more than the link is technically
capable of, feel free to correct me...)

RE: Ddos mitigation service

[Paul Stewart]

Akamai (CDN) does scrubbing???

Paul


-Original Message-
From: Pierre Lamy [mailto:pie...@userid.org] 
Sent: February-01-13 9:58 AM
To: matt kelly
Cc: nanog@nanog.org
Subject: Re: Ddos mitigation service

The 3 major scrubbing vendors:

Prolexic
Verisign
Akamai

Postini Exiting ISP Business?

[Paul Stewart]

Hey there.

 

We have been using Postini for a number of years as our anti-spam/anti-virus
protection for customer email accounts.

 

Mid last year we received a notice from Google that In 2013, we plan to
transition your Postini services to Google Apps for Business. 

 

As part of this notice we were also told You don't need to make any changes
to your Postini service or sign up for a Google Apps account. Your Postini
service will continue as usual until your migration begins. We will be in
touch at least 60 days before your renewal date.

 

In mid November, Google sent us a letter that stated that we had until the
end of 2013 to basically get off their service or to contact their preferred
partner (Tech Excel) and migrate to Google Apps with them.

 

Recently we have now been told in email by someone at Postini that we must
transition ASAP and that we really only had til the end of 2012.  Geesh,
talk about confusing.. Not a great way to treat a long term customer!

 

Anyone else getting the complete run around by Postini?  We are fine with
leaving them, especially now.  Having said that, I'm interested in hearing
about competitive solutions either in appliances or in cloud based - this is
*not* an invitation for sales people to call me please.

 

Thanks,

 

Paul

 

RE: Akamai infrastructure tech

[Paul Stewart]

That's unusual... we've gone through hard drive replacements many times and
always gotten a detailed email from them before the hard drive arrived

Paul


-Original Message-
From: Robert Glover [mailto:robe...@garlic.com] 
Sent: July-13-12 2:32 PM
To: nanog@nanog.org
Subject: Akamai infrastructure tech

If someone with Akamai is watching, can you please have someone from
infrastructure contact me?  We host an Akamai server, a drive started taking
errors, Akamai shipped us a new drive, but did not tell us which of the
eight drives in the server needs to be replaced.

Normal contact channels have resulted in voicemail or no clue :(

Thanks,
-Robert

RE: Spam from inteliquent.com subject nanog

[Paul Stewart]

Nothing here for what it's worth

Paul


-Original Message-
From: Jay Hennigan [mailto:j...@west.net] 
Sent: Monday, May 21, 2012 11:01 PM
To: nanog@nanog.org
Subject: Spam from inteliquent.com subject nanog

Anyone else just get this?  Curious if they're scraping this list for
addresses.

--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse
Internet Service  -  http://www.impulse.net/ Your local telephone and
internet company - 805 884-6323 - WB6RDV

Commerical Backup Solutions

[Paul Stewart]

Hey folks.

 

I'm hoping for some input from operational folks on backup solutions for
servers.  We are looking for a commercial backup solution with a nice
reporting dashboard etc.

 

It must support full/incremental backups on Windows and various flavors of
Linux.  We would also be looking for bare metal image/recovery abilities.

 

To date, we've been fond of Acronis until we got the quote for it ..
Initially we would be looking at 50-80 servers and growing it up from there
to probably 150-200 boxes.  Some of these servers are geographically
dispersed.

 

At the moment we have been using Bacula but it lacks bare metal options and
doesn't have any nice reporting options (Executive Dashboard etc)

 

Thanks for any input,

 

Paul

 

 

 

RE: Cogent for ISP bandwidth

[Paul Stewart]

I liked Cogent when we had them years ago but due to routing instability
(off the charts) and unplanned down time every single month we dropped
them. they call me every 3-6 months (different person each time) and I
tell them to go away

Paul


-Original Message-
From: Tim Vollebregt [mailto:t...@interworx.nl] 
Sent: Tuesday, May 15, 2012 2:33 PM
To: nanog list
Subject: Re: Cogent for ISP bandwidth

+1 for Cogent in the mix :)

People with a clue in their NOC, near zero routing issues in last 1,5 years.

On May 15, 2012, at 6:36 PM, Anurag Bhatia wrote:

 The only issue I saw with bgp.he.net is that it updates after 24hrs 
 which makes it hard to use for any recently made changes. But for rest 
 works pretty good.
 
 On Tue, May 15, 2012 at 9:02 PM, Ren Provo ren.pr...@gmail.com wrote:
 
 Keep in mind http://bgp.he.net is not always accurate.  It is a great 
 start but even after years of pointing it out there are adjacencies 
 missing and oddly some listed as direct where no relationship even 
 exists.
 
 On Tue, May 15, 2012 at 9:39 AM, Jason Baugher 
 ja...@thebaughers.com
 wrote:
 I appreciate the reference to bgp.he.net, I had not used that tool
 before.
 
 
 
 
 --
 
 Anurag Bhatia
 anuragbhatia.com
 or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected 
 network!
 
 Linkedin http://in.linkedin.com/in/anuragbhatia21 | 
 Twitterhttps://twitter.com/anurag_bhatia|
 Google+ https://plus.google.com/118280168625121532854

RE: IPv6 monitoring...

[Paul Stewart]

We are using Solarwinds on our systems. it's one commercial system to
consider.

Paul


-Original Message-
From: Vytautas V Grigaliunas [mailto:v...@fnal.gov] 
Sent: May-01-12 4:31 PM
To: nanog@nanog.org
Subject: IPv6 monitoring...

Greetings...

What are people using for IPv6 monitoring - in particular, for monitoring
services such as DNS, Web, E-mail, etc. ?

Nagios seems the people's choice. Any others...open source or commercial ?

TIA...

Vyto

Bid Software

[Paul Stewart]

Hi folks.

 

I'm looking for an in-house solution for circuit bidding.  Today, when we
get a request for WAN services, transport, transit etc we have folks that
email out to a list of contacts and ask them for a price.  I've seen some
pretty neat systems in the past where vendors can send us their quotes via a
web portal or similar - hoping to find something rather simple for our own
use. 

open source would be awesome.

 

Basically, we would notify potential vendors of that A and Z end of the
circuit and any particulars such as speed that are required.

 

What are folks using today and your experiences?

 

Thanks,

 

Paul

 

RE: Console Server Recommendation

[Paul Stewart]

We really like Lantronix .. use them a lot.

Paul


-Original Message-
From: Ray Soucy [mailto:r...@maine.edu] 
Sent: Monday, January 30, 2012 11:09 AM
To: NANOG
Subject: Console Server Recommendation

What are people using for console servers these days?  We've historically
used retired routers with ASYNC ports, but it's time for an upgrade.

OpenGear seems to have some nice stuff, anyone else?

--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

RE: Megaupload.com seized

[Paul Stewart]

For us (AS11666), about 3-4% of total traffic typically

Paul



-Original Message-
From: Paul Graydon [mailto:p...@paulgraydon.co.uk] 
Sent: Thursday, January 19, 2012 6:27 PM
To: nanog@nanog.org
Subject: Re: Megaupload.com seized

On 01/19/2012 12:41 PM, Ryan Gelobter wrote:
 The megaupload.com domain was seized today, has anyone noticed 
 significant drops in network traffic as a result?

 http://www.scribd.com/doc/78786408/Mega-Indictment
 http://techland.time.com/2012/01/19/feds-shut-down-megaupload-com-file
 -sharing-website/
Ars Technica are implying it was quite a source of bandwidth usage within
companies.  I'm curious, are any interesting charts on an ISP side?

http://arstechnica.com/business/news/2012/01/before-shutdown-megaupload-ate-
up-more-corporate-bandwidth-than-dropbox.ars 

Linux Centralized Administration

[Paul Stewart]

Hey folks. just curious what people are using for automating updates to
Linux boxes?

 

Today, we manually do YUM updates to all the CentOS servers . just an
example but a good one.  I have heard there are some open source solutions
similar to that of Red Hat Network?

 

Cheers,

 

Paul

 

RE: Linux Centralized Administration

[Paul Stewart]

Awesome!  I remember someone telling me about this before and couldn't
remember the name til now...

Cheers,

Paul


-Original Message-
From: Daniel Ankers [mailto:md1...@md1clv.com] 
Sent: Thursday, January 12, 2012 4:08 PM
To: Paul Stewart
Subject: Re: Linux Centralized Administration

On 12 January 2012 21:02, Paul Stewart p...@paulstewart.org wrote:
 Hey folks. just curious what people are using for automating updates 
 to Linux boxes?

 Today, we manually do YUM updates to all the CentOS servers . just an 
 example but a good one.  I have heard there are some open source 
 solutions similar to that of Red Hat Network?

It so happens that just yesterday I stumbled across Spacewalk
(http://spacewalk.redhat.com) - which is the open source version of RHN
Satellite.

I ran into a few problems setting the server up - but nothing too difficult
to solve, and client installation is a breeze.

Dan

RE: Speed Test Results

[Paul Stewart]

In my opinion they are only somewhat reliable if they are on your network
or very close to your network -we operate one of the speedtest.net sites and
for our own eyeball traffic find it to be a reasonable indicator of what
kind of speeds the customer is getting.

To put it a different way, if a customer is getting 20X1 Internet service
and the speedtest shows 17 X 0.8 then case closed - if they are getting a
speedtest result of 5 X 0.5 then our helpdesk will take a further look -
this is really in rough terms...

Paul


-Original Message-
From: jacob miller [mailto:mmzi...@yahoo.com] 
Sent: Friday, December 23, 2011 4:19 AM
To: nanog@nanog.org
Subject: Speed Test Results

Hi,

Am having a debate on the results of speed tests sites.

Am interested in knowing the thoughts of different individuals in regards to
this.

Regards,
Jacob

Re: Overall Netflix bandwidth usage numbers on a network?

[Paul Stewart]

I'll take a guess they are back logged - they have been working on our traffic 
stats since a week before that posting made it to nanog list

--- Sent via IPhone

On 2011-12-16, at 9:16 AM, Dennis Burgess dmburg...@linktechs.net wrote:

 Same here.
 
 ---
 Dennis Burgess, Mikrotik Certified Trainer 
 Link Technologies, Inc -- Mikrotik  WISP Support Services
 Office: 314-735-0270 Website: http://www.linktechs.net
 LIVE On-Line Mikrotik Training - Author of Learn RouterOS
 
 
 -Original Message-
 From: Blake Hudson [mailto:bl...@ispn.net]
 Sent: Friday, December 16, 2011 8:11 AM
 To: Dave Temkin
 Cc: nanog@nanog.org
 Subject: Re: Overall Netflix bandwidth usage numbers on a network?
 
 Requests to this address appear to go unanswered?
 
 Dave Temkin wrote the following on 12/11/2011 6:29 PM:
 Feel free to contact peering@netflixdotcom - we're happy to provide
 you with delivery statistics for traffic terminating on your network.
 
 Regards,
 -Dave Temkin
 Netflix
 
 On 12/7/11 8:57 AM, Blake Hudson wrote:
 Yeah, that's an interesting one. We currently utilize netflow for
 this, but you also need to consider that netflix streaming is just
 port 80 www traffic. Because netflix uses CDNs, its difficult to pin
 down the traffic to specific hosts in the CDN and say that this
 traffic was netflix, while this traffic was the latest windows update
 (remember this is often a shared hosting platform). We've done our
 own testing and have come to a good solution which uses a combination
 of nbar, packet marking, and netflow to come to a conclusion. On a
 ~160Mbps link, netflix peaks out between 30-50Mbps around 8-10PM
 each
 evening. The rest of the traffic is predominantly other forms of HTTP
 traffic (including other video streaming services).
 
 
 Martin Hepworth wrote the following on 12/3/2011 2:36 AM:
 Also checkout Adrian Cockcroft presentations on their architecture
 which describes how they use aws and CDns etc
 
 Martin
 
 
 
 
 

RE: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.)

[Paul Stewart]

Maybe they use the same security solutions as Playstation Network does... that 
would explain a lot suddenly.

Paul

-Original Message-
From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] 
Sent: Wednesday, October 12, 2011 10:47 AM
To: frnk...@iname.com
Cc: nanog@nanog.org
Subject: Re: [outages] News item: Blackberry services down worldwide, Egypt 
affected (not N.A.)

Guys the outage has moved to U.S and Canada, I think we need to look at this 
perhaps being sabotage.

http://news.cnet.com/8301-30686_3-20119163-266/blackberry-service-issues-spread-to-u.s-and-canada/


Andrew




From: Frank Bulk frnk...@iname.com
To: outa...@outages.org
Sent: Tuesday, October 11, 2011 7:32 PM
Subject: Re: [outages] News item: Blackberry services down worldwide, Egypt 
affected (not N.A.)


And continues:
“RIM'S SERVICE OUTAGE CONTINUES INTO DAY 2”
http://www.channelstv.com/global/news_details.php?nid=29652cat=Politics
 
Frank
 
From:andrew.wallace [mailto:andrew.wall...@rocketmail.com] 
Sent: Monday, October 10, 2011 2:52 PM
To: frnk...@iname.com
Cc: outa...@outages.org
Subject: Re: [outages] News item: Blackberry services down worldwide, Egypt 
affected (not N.A.)
 
RIM shares down as BlackBerry outage continues
 
http://www.marketwatch.com/story/rim-shares-down-as-blackberry-outage-continues-2011-10-10
 
Andrew
 



From:Frank Bulk frnk...@iname.com
To: outa...@outages.org
Sent: Monday, October 10, 2011 2:47 PM
Subject: [outages] News item: Blackberry services down worldwide, Egypt 
affected (not N.A.)

http://english.ahram.org.eg/NewsContent/3/12/23792/Business/Economy/Blackber
ry-services-down-worldwide,-Egypt-affected.aspx

FYI

___
Outages mailing list
outa...@outages.org
https://puck.nether.net/mailman/listinfo/outages


___
Outages mailing list
outa...@outages.org
https://puck.nether.net/mailman/listinfo/outages

RE: Pricing for Comcast Connectivity

[Paul Stewart]

Yes, definitely NDA in any of our dealings... I'd say the pricing was
competitive for sure...

Paul


-Original Message-
From: John van Oppen [mailto:jvanop...@spectrumnet.us] 
Sent: Friday, September 09, 2011 3:02 PM
To: 'Oscar Caraig'; nanog@nanog.org
Subject: RE: Pricing for Comcast Connectivity

I think all pricing is under NDA for the direct connectivity...   we have
it, and I know it is under NDA for us...

Comcast is in the becoming a tier1 game in a big way so avoiding people who
don't already peer with the is probably a plus if you want great
connectivity to them.The AS paths I would avoid are _3356_7922_ (usually
fine, but subject to the fight de jour between level3 and Comcast) and
anything on _6453_7911_ (subject to being saturated all the time).   Last I
checked AS2914 and a few others still only see Comcast via 6453 which made
that sub-optimal.


I can send you a AS7922 sales contact if you need it, just hit me up off
list...  they also have a good list of info on peeringdb for people to
contact.


Thanks,

John van Oppen
Spectrum Networks  AS 11404

-Original Message-
From: Oscar Caraig [mailto:oscarcar...@safe-mail.net] 
Sent: Friday, September 09, 2011 10:28 AM
To: nanog@nanog.org
Subject: Pricing for Comcast Connectivity

List,

Does anyone have sample pricing for Comcast's Paid Peering
(http://www.comcast.com/dedicatedinternet/) service they'd be able to share?

Also, are there any transit ISPs to avoid when reaching Comcast?  I remember
discussion last winter about Tata being congested, and would like to
understand how common these issues are.  I'm preparing to launch a large
video broadcast for the state, so any advice would be appreciated.

Thank you,
Oscar Caraig

RE: serviceproviderworld.com

[Paul Stewart]

Hehe... I said almost the exact same thing - oh well, give it some time and
I'm sure it'll be prettier...;)

 

From: brandon.j@live.com [mailto:brandon.j@live.com] On Behalf Of
Brandon Kim
Sent: September-02-11 9:21 AM
To: p...@paulstewart.org; nanog group
Subject: RE: serviceproviderworld.com

 

I agree, this sounds like a great idea.

Just checked it out, they could lose the 90's style logo though.try
web 2.0...at the very least...

haha...

=)

RE: New Natural Disaster! 8/27/2011 Hurricane Irene

[Paul Stewart]

MRE's? In an enclosed space? For an extended period?
Time to implement the new Marine Rule of Engagement - no audible farting.
Hopefully they've gotten rid of the bean component ones.

The audible ones are usually the ones you need to worry about ;)

RE: OOB

[Paul Stewart]

We do everything in-band with strict monitoring/policies in place.

Paul


-Original Message-
From: harbor235 [mailto:harbor...@gmail.com] 
Sent: Tuesday, July 26, 2011 9:57 AM
To: NANOG list
Subject: OOB

I am curious what is the best practice for OOB for a core
infrastructure environment. Obviously, there is
an OOB kit for customer managed devices via POTS, Ethernet, etc ... And
there is OOB for core infrastructure
typically a separate basic network that utilizes diverse carrier and diverse
path when available.

My question is, is it best practice to extend an inband VPN throughout for
device management functions as well?
And are all management services performed OOB, e.g network management, some
monitoring, logging,
authentication, flowdata, etc . If a management VPN is used is it also
extended to managed customer devices?

What else is can be done for remote management and troubleshooting
capabilities?

Mike

IPv6 Linux Server Support

[Paul Stewart]

Hi there.

 

Has anyone compiled a list of pros/cons on various flavors of Linux specific
to IPv6?  I realize that's  a really broad question..

 

Specific example would be that we're primarily a CentOS shop - during some
testing today found out that connection tracking is broken in 5.6 version
(after all kinds of Google hits).  I understand 6.0 (recently released)
fixes this issue.  I have not seen this issue in Debian for example to date.

 

Any input would be appreciated - my question isn't regarding which version
folks like better, it's specifically what version works best in an IPv6
server related environment.

 

Thanks,

 

Paul

 

Re: MX 80 advantages and shortcomings

[Paul Stewart]

Pros - small footprint, cost, feature rich
Cons - no redundancy (other than power), 1/3rd the processor power

Paul


On Tue, 5 Jul 2011, chavan sanjay wrote:


Hi Team,
 
Can anyone enlighten me on the pros and cons of MX 80 platform
 
Thanks

Sanjay C.P.

--- On Tue, 7/5/11, nanog-requ...@nanog.org nanog-requ...@nanog.org wrote:


From: nanog-requ...@nanog.org nanog-requ...@nanog.org
Subject: NANOG Digest, Vol 42, Issue 5
To: nanog@nanog.org
Date: Tuesday, July 5, 2011, 5:30 PM


Send NANOG mailing list submissions to
    nanog@nanog.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
    nanog-requ...@nanog.org

You can reach the person managing the list at
    nanog-ow...@nanog.org

When replying, please edit your Subject line so it is more specific
than Re: Contents of NANOG digest...


Today's Topics:

   1. cheapo UUFB solution for Cisco 7201 (Rogelio)
   2. Re: Firewall Appliance Suggestions (Curtis Maurand)
   3. RE: Firewall Appliance Suggestions (Jean CLERY)
   4. Re: Firewall Appliance Suggestions (Peter Nowak)


--

Message: 1
Date: Mon, 4 Jul 2011 11:34:11 -0300
From: Rogelio scubac...@gmail.com
Subject: cheapo UUFB solution for Cisco 7201
To: nanog@nanog.org
Message-ID:
    CALJphbs6UBWKqGVW1EyvCL6pKGtCKjSYNZB=q70fxpoq7d0...@mail.gmail.com
Content-Type: text/plain; charset=ISO-8859-1

I've got a Cisco 7201 with about 500 L2TPv2 tunnels, and I suspect
that UUFB (unknown unicast flooding) is resulting in spiking (I put an
ACL on to kill broadcast traffic, so I'm sure that's not related).
I've googled and don't see anything for the 7201, just the 7600
series.  :/

i.e. 
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/blocking.html

Anyone have any suggestions on (something cheap) that I can put in
front of this box to spare it from (what I suspect) is a gateway that
unicast floods when a MAC address has aged?

To add to my challenges, I'm in Brazil and importing gear is insanely
effing difficult.  :/

--
Also on LinkedIn?  Feel free to connect if you too are an open
networker: scubac...@gmail.com



--

Message: 2
Date: Mon, 04 Jul 2011 17:40:56 -0400
From: Curtis Maurand cmaur...@xyonet.com
Subject: Re: Firewall Appliance Suggestions
To: nanog@nanog.org
Message-ID: 4e123368.7020...@xyonet.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:

Linux + iptables + fwbuilder



On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuchbl...@pfankuch.me  wrote:

Howdy,
                 I am looking for something a little unique in a bit of a tough situation with some 
sticky requirements.  First off, my requirements are a little weird and I can't bend them a whole 
lot due to stipulations being put on me.  I am in need a firewall appliance which can be run on 
VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within a single Phase 1.  I am 
also in need of something that can support VLAN interfaces on the LAN side, and ideally something 
with multi zoning so I can keep LAN side networks separate from each without ridiculous firewall 
rules.  Meaning build a zone for Customer network 1 and it displays separately (ease of 
management and firewall config hopefully).  I need a minimum of 10 zones on LAN side 
(/29 or /30), and NAT support for LAN to WAN (to dedicate all outbound connections to a single IP 
from a specific zone), ideally something extremely scalable (100-200 zones).  And here

is the super fun part!  I need something that is going to be web managed 
primarily as minions will be doing most of the day to day maintenance, or very 
simple CLI config.  Willing to pay for something if need be, but looking for 
something that can easily handly 50-100mbit of throughput.


Any Ideas?

Thanks!

Blake Pfankuch


Vyatta.  They have an appliance on their website.

--Curtis




--

Message: 3
Date: Tue, 5 Jul 2011 00:58:51 +0200
From: Jean CLERY jean.clery...@gmail.com
Subject: RE: Firewall Appliance Suggestions
To: 'Curtis Maurand' cmaur...@xyonet.com,    nanog@nanog.org
Message-ID: F7819E52D830406983C30BC43FAD7E3D@ezekiel
Content-Type: text/plain;    charset=iso-8859-1

Hi Blake
Try www.netasq.com

Regards,
Jean CLERY


-Message d'origine-
De?: Curtis Maurand [mailto:cmaur...@xyonet.com]
Envoy??: lundi 4 juillet 2011 23:41
??: nanog@nanog.org
Objet?: Re: Firewall Appliance Suggestions

On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:

Linux + iptables + fwbuilder



On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuchbl...@pfankuch.me

wrote:

Howdy,
                 I am looking for something a little unique in a bit of a

tough situation with some sticky requirements.  First off, my requirements
are a little weird and I can't bend them a whole lot 

RE: Streaming

[Paul Stewart]

Streaming the Windows version here just fine...

-Original Message-
From: Joe Maimon [mailto:jmai...@ttec.com] 
Sent: Monday, June 13, 2011 11:43 AM
To: North American Networking and Offtopic Gripes List
Subject: Streaming

Is it just me tearing my hair out?

RE: Streaming

[Paul Stewart]

Not the FLV stream I'm watching (http://hidef.mich.net:1234)

Big black box in upper left

-Original Message-
From: Joel Jaeggli [mailto:joe...@bogus.com] 
Sent: Monday, June 13, 2011 2:19 PM
To: Matt Hite
Cc: North American Networking and Offtopic Gripes List
Subject: Re: Streaming

The slides are full screen on the FLV video.

On Jun 13, 2011, at 11:16 AM, Matt Hite wrote:

 Now if only the slides were the full screen and the talking head was
 in the corner... otherwise the quality is fantastic!
 
 On Mon, Jun 13, 2011 at 9:19 AM, Joe Maimon jmai...@ttec.com wrote:
 Much better now. Probably was just me.
 
 John Springer wrote:
 
 Chromebook Flash 2 working OK in Pacific NW. Some tiling/fuzzing. Audio
 volume is kinda low.
 
 On Mon, 13 Jun 2011, Joe Maimon wrote:
 
 Is it just me tearing my hair out?
 
 
 
 
 
 
 
 

RE: Cogent HE

[Paul Stewart]

Agree 100% - to make it simple and they can both achieve this IPv6 Tier1
Status why don't they just peer and then it's win/win.  I know I'm
oversimplifying it but nobody is winning in my opinion today.  The peeing
contest could probably be settled in a short period of time and move on.

My two cents worth...

-p


-Original Message-
From: Richard A Steenbergen [mailto:r...@e-gerbil.net] 
Sent: June-08-11 4:05 PM
To: Brielle Bruns
Cc: nanog@nanog.org
Subject: Re: Cogent  HE

On Wed, Jun 08, 2011 at 07:48:42PM +, Brielle Bruns wrote:
 Has been going on for a long while now.  HE even made a cake for 
 Cogent (IIRC), to no avail.
 
 But, this is not surprising.  A lot of public/major peering issues 
 with v4 over the past few years has been cogent vs. someone else.

When two networks are not able to reach each other like this, it usually 
requires the active willing participation of both parties to allow the 
situation to continue. In this case, HE is doing *PRECISELY* the same 
thing that Cogent is doing. They're refusing to purchase transit, and 
making the decision to intentionally not carry a full table or have 
global reachability, in the hopes that it will strengthen their 
strategic position for peering in the long term (i.e. they both want to 
be an IPv6 Tier 1).

I'm not making a judgement call about the rightness or wrongness of the 
strategy (and after all, it clearly hasn't been THAT big of an issue 
considering that it has been this way for MANY months), but to attempt 
to blame one party for this issue is the height of absurdity. PR 
stunts and cake baking not withstanding, they're both equally complicit.

-- 
Richard A Steenbergen r...@e-gerbil.net   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

RE: Cogent HE

[Paul Stewart]

Or peer with HE and buy transit from Cogent (or someone on Cogent's friendly
list) - this is where I think their strategy is going to go after a while
with a lot of folks (if they have the option - that's the key).  HE will
peer with anyone I believe - Cogent has much more stringent tier1 rules on
peering.

-p

-Original Message-
From: Ken Chase [mailto:k...@sizone.org] 
Sent: June-08-11 4:10 PM
To: nanog@nanog.org
Subject: Re: Cogent  HE

On Wed, Jun 08, 2011 at 03:05:05PM -0500, Richard A Steenbergen said:
  global reachability, in the hopes that it will strengthen their 
  strategic position for peering in the long term (i.e. they both want to 
  be an IPv6 Tier 1).
  
  I'm not making a judgement call about the rightness or wrongness of the 
  strategy (and after all, it clearly hasn't been THAT big of an issue 
  considering that it has been this way for MANY months), but to attempt 
  to blame one party for this issue is the height of absurdity. PR 
  stunts and cake baking not withstanding, they're both equally complicit.

So we have to buy from BOTH HE and Cogent?! Sounds like market fixing to me!
:/

Guess if we do we can advertise that on our webpage... now with BOTH halves
of the ipv6 internets!

/kc
-- 
Ken Chase - k...@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto
Canada
Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151
Front St. W.

RE: Cogent HE

[Paul Stewart]

For what it's worth, we have a number of IPv6 peers in place plus IPv6
transit from Level(3), HE, and TiNet. 

For downstream customers, we are currently exporting them 6250 prefixes on
IPv6.

From TiNet we are getting 6168 prefixes
From Level(3) we are getting 4933 prefixes
From HE we are getting 5990 prefixes

Hope this helps a bit ;) 

-p

-Original Message-
From: jayha...@gmail.com [mailto:jayha...@gmail.com] On Behalf Of Jay Hanke
Sent: June-08-11 4:47 PM
To: Paul Stewart
Cc: Ken Chase; nanog@nanog.org
Subject: Re: Cogent  HE

On Wed, Jun 8, 2011 at 3:19 PM, Paul Stewart p...@paulstewart.org wrote:
 Or peer with HE and buy transit from Cogent (or someone on Cogent's
friendly
 list) - this is where I think their strategy is going to go after a while
 with a lot of folks (if they have the option - that's the key).  HE will
 peer with anyone I believe - Cogent has much more stringent tier1 rules
on
 peering.

How divided is the table? I see about 98 routes transiting Cogent ASN
via a HE connection. Customer has only has HE as v6 upstream. An
previous post listed about a 1300 prefix difference. That's pretty
significant unless it's due to aggregation or something. I'd also be
interested to see the size of the other major carriers v6 tables so I
can patch a whole until the other upstream is ready.

Jay

RE: ipv6 day DDoS threat?

[Paul Stewart]

Hehe.. yeah, no thanks - I'll do it myself with our existing DDOS
mitigation. ;)

Paul


-Original Message-
From: Thomas Donnelly [mailto:tad1...@gmail.com] 
Sent: Tuesday, June 07, 2011 2:57 PM
To: nanog@nanog.org
Subject: Re: ipv6 day DDoS threat?

On Tue, 07 Jun 2011 13:42:40 -0500, Mark Pace p...@jolokianetworks.com  
wrote:

 I got an interesting contact from a large company that I will leave
 un-named for the moment.  They said that they heard specific chatter
 about DDoS of IPv6 day participant sites and even more specifically
 about our website.  Of course they have also offered to assist us in
 preventing this from affecting our site.  I'm very skeptical about even
 calling said company at this point.  I'm really feeling like this is a
 shakedown and was wondering if anyone else had been approached in a
 similar fashion?


 Mark Pace

Just got the same phone call from A large company and it was a sales  
call.

They are offering DDoS mitigation services

I'll pass :)

-=Tom Donnelly





-- 
Using Opera's revolutionary email client: http://www.opera.com/mail/

RE: (OT) Firearms Was: UN declares Internet access a human right

[Paul Stewart]

Agree 110% - wish Canada had similar laws as the USA does... way too
restrictive here.  The folks that are legal get thrown in jail much faster
than the guys who break into your house in the first place.

Paul


-Original Message-
From: Nick Olsen [mailto:n...@flhsi.com] 
Sent: Monday, June 06, 2011 11:38 AM
To: Daniel Seagraves; nanog@nanog.org
Subject: Re: (OT) Firearms Was: UN declares Internet access a human right

Don't leave the house without my Glock 23 on my side. Truck always has a 
loaded 12ga in it. In the house, I've got a handful of pistols and my 
SR-556 (AR-15) in the Guns and servers closet.
I've had people call me Paranoid more then once. My stance is Better to 
have it and not need it, Then need it and not have it.
By banning guns from a community, Your only taking them out of the hands of 
law abiding citizens. Not like most criminals get guns via legal channels 
in the first place.

-Nick Olsen

RE: Netflix Is Eating Up More Of North America's Bandwidth Than Any Other Company

[Paul Stewart]

There was also Planet Connect years ago that delivered full Usenet (128K
worth) along with all my Fidonet BBS updates too .. I think I just dated
myself ;)

We still have an old Cidera system on a rooftop that nobody has taken down
yet ...

Paul


-Original Message-
From: Jon Lewis [mailto:jle...@lewis.org] 
Sent: May-18-11 6:01 PM
To: Brielle Bruns
Cc: nanog@nanog.org
Subject: Re: Netflix Is Eating Up More Of North America's Bandwidth Than Any
Other Company

On Wed, 18 May 2011, Brielle Bruns wrote:

 If someone hadn't mentioned already, there used to be a usenet provider
that 
 delivered a full feed via Satellite.  Anything is feasible, just have to
find 
 people who actually want/need it and a provider that isn't blind to long
term 
 benefits.

Skycache/Cidera...until it didn't fit anymore in the bandwidth they had. 
IIRC, it was only around 28mbps.

Also, IIRC, that business was a sort of after thought after their 
original plan (squid cache pre-population) didn't pan out.

Anyone want to buy some Skycache chopsticks?  I think I still have a few 
unopened sets from whichever late 90s ISPCon I went to in San Jose, 
CA...Skycache rented out some museum for a sushi party.

--
  Jon Lewis, MCP :)   |  I route
  Senior Network Engineer |  therefore you are
  Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

RE: The growth of municipal broadband networks

[Paul Stewart]

Highly agree with this experience being shared.  We have had some dealings
with municipal related fiber networks (not naming any names or giving any
hints for obvious reasons) where shortly after providing the proposal to the
customer, the municipal sales vultures went in and undercut our pricing
(with Internet access included) to below what the fiber loop itself was
priced at to us.

Paul


-Original Message-
From: Martin Millnert [mailto:milln...@gmail.com] 
Sent: Friday, March 25, 2011 3:05 PM
To: Paul Graydon
Cc: nanog@nanog.org list
Subject: Re: The growth of municipal broadband networks

Paul,

On Fri, Mar 25, 2011 at 2:31 PM, Paul Graydon p...@paulgraydon.co.uk
wrote:

http://arstechnica.com/tech-policy/news/2011/03/133-us-cities-now-run-their-
own-broadband-networks.ars

 Ars Technica has a short article up about the growth of municipal
networks,
 but principally a nice little 'hey check out this website'
 (http://www.muninetworks.org/communitymap)
(snip)
 I'm curious how the feeling is on NANOG about shifting such provision
 towards municipal instead of corporations?  I guess a rough summary of the
 competing views I've heard so far are:
(snip)

With experience from Sweden, which has seen many varying incantations
of these sort of networks, I have this hopefully useful bit to share:
It's OK for tax-payer money to build layer-1 infrastructure if it
decides so, that non-tax payer money can sell services on, but fail
starts to happen the very moment they decide to go higher than that.

That's... all.

Regards,
Martin

RE: 6453 routing leaks (January and Today)

[Paul Stewart]

Yes, very scary actually

Human error is unavoidable - it's going to happen at times - BUT

In our communities design, there has been times where we have missed a tag
on an inbound customer for example.  It scares the crap out of me to think
that something like that simple mistake could cause route leakage.
Thankfully, anytime it has happened it would caught pretty quickly and fixed
- in the meantime the routes simply didn't leave our network (the way it
should be).

Obviously the scales are different between someone like ourselves and that
of TATA - but the principles and common sense remain.

Paul

  

-Original Message-
From: Richard A Steenbergen [mailto:r...@e-gerbil.net] 
Sent: Friday, February 25, 2011 12:52 PM
To: Jared Mauch
Cc: NANOG list
Subject: Re: 6453 routing leaks (January and Today)

On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote:
 Update:
 
 I have had a source ask me to post the following:
 
 -- snip --
 The problem with route leaking was caused by specific routing platform 
 resulting in some peer routes not being properly tagged.
 We are deploying additional measures to prevent this from happening in 
 the future
 -- snip --

Hopefully someone learned a lesson about BGP community design, and how 
it should fail safe by NOT leaking if you accidentally fail to tag a 
route. Always require a positive match on a route to advertise to peers, 
not the absence of a negative match.

-- 
Richard A Steenbergen r...@e-gerbil.net   http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

RE: ISDN BRI

[Paul Stewart]

Unfortunate but very true seen that many of times where a special 
engineering fee has been charged specifically to carry a circuit in a diverse 
manner (or even reasonably diverse).  Then it breaks and the excuses start as 
to why it was never done as promised - then a couple of years later it breaks 
and nobody has paperwork that shows it was *ever* supposed to be diverse in the 
first place

;)

Paul


-Original Message-
From: Jay Ashworth [mailto:j...@baylink.com] 
Sent: Thursday, February 17, 2011 10:30 AM
To: NANOG
Subject: Re: ISDN BRI

- Original Message -
 From: Santino Codispoti santino.codisp...@gmail.com

 Is it possible to order a ISDN BRI line from the LEC and have them
 look at the design of a DS1 and have them if possible design the ISDN
 BRI line on a diverse path or at lest different equipment within the
 CO?

Off hand, I wouldn't expect a carrier to do any special engineering on
a BRI -- can you even *order* a BRI these days?  :-)

As old NANOG hands know, though, it doesn't matter *what* you ask for,
few-to-no carriers properly manage physical diversity requests properly
over the long haul, anyway, and the only way to do it yourself often
requires that you ask the carrier for records they won't give you.

Regularly.  Like, monthly.

Even if you're paying them extra for the diversity.

Cheers,
-- jra

RE: PPPOE vs DHCP

[Paul Stewart]

I just wanted to say thank you for a TONNE of feedback I received on this
topic.  This has been of great help in filling in some items I missed in my
quick list.

Will try to respond offlist to several of you that responded - got over 100
replies offline with some interesting ideas.  I definitely learned I should
have made my original post a bit clearer though and specifically the usage
tracking component ;)

Normally I would post a summary on these kinds of topics but quite honestly
there is such a huge varience in opinions and options around this that I'll
probably just invite anyone to hit me offlist if they are interested in the
feedback received so far...


Thanks folks,

Paul

RE: PPPOE vs DHCP

[Paul Stewart]

Thank you for the response...

I should have made this a bit clearer - option 82 is an option on their
DSLAM's today and is supposed to work not bad.  But this customer may also
be looking at other services such as wireless in the future which does not
support option 82 - they want a unified delivery of their product.  I left
out this detail as you can see ;)

Also, the comment  so a customer doesn't have to configure his/her router
to get online is also interesting - we WANT our customers to configure
their routers and understand them to a basic degree... this coming from a
security perspective where we are seeing a magnitude to customer routers
getting hacked or their wireless left open etc.

Usage based billing is a very hot topic in this area (Ontario, Canada) and
we will confirm with the customer today that they do indeed want to track
all GB usage per customer... 

Today, they have no interest nor can they get IPv6 which is a shame
having said that, we want to provide a solution to them than can do IPv6 in
the future...

Thanks,

Paul


-Original Message-
From: Miquel van Smoorenburg [mailto:mik...@xs4all.net] 
Sent: Wednesday, January 26, 2011 4:16 AM
To: p...@paulstewart.org
Cc: nanog@nanog.org
Subject: Re: PPPOE vs DHCP

In article 051001cbbcf0$c33e8b20$49bba160$@org you write:
PPPOE vs DHCP
Allows full authentication of customers (requires username/password)

You probably want to authenticate on circuit id, not username/password.
ATM port/vpi/vci for ATM connections, or PPPoE circuit id tag added
by the DSLAM or FTTH access switch when using an ethernet transport layer.
It's just a different radius attribute to authenticate on, no magic.
We do that so a customer doesn't have to configure his/her router
to get online.

Easily assign static IP to customer (no MAC address or CPE information
required)

Don't need that with DHCP either, if you run a DHCP server that can
assign IP addresses based on option82. I run a patched ISC dhcp3 server,
but I understand that ISC dhcp4 makes this pretty easy

Assign public subnet to customer with ease (no manual routing required)

Don't need manual routing with DHCP either, if you use a real
bras such as a juniper, since you can have it authenticate off
radius first before doing DHCP, and in the radius reply you can
return a static route.

Usage tracking (GB transfer) from radius generated data

True, at least juniper e-series BRASes don't send radius accounting
for atm rfc1483/bridged connections for some reason.

DHCP Cons

-

One more DHCP con is that if you have an ethernet transport network
from the DSLAM or FTTH access switch to your router that lumps together 
multiple customers in one VLAN, something along the way is probably
doing DHCP sniffing to set up routing. And you can be just about sure
that won't work with IPv6. VLAN-per-customer will work (and is a
really a great model, for all types of encapsulation)

Mike.

RE: PPPOE vs DHCP

[Paul Stewart]

 PPPOE Cons

 --



 Requires PPPOE termination router (Juniper ERX for example)

You're putting Juniper ERXs at customer houses? Really? I'd expect to 
see DSL/Cable drops which will utilize cheap end CPE (most of which 
don't support IPv6 hardly at all).



No, we're not putting ERX's at people's homes ... not sure where you got
that from?   What I was saying is that if you're running PPPOE then you have
have somewhere in the service provider network to terminate the
sessions

Paul

PPPOE vs DHCP

[Paul Stewart]

Hey folks...

 

I'm meeting with a customer tomorrow (service provider, rural telco) and
we're pitching they move to a PPPOE platform most likely.  But to be fair,
I'm looking to draw up a comparison so they are well informed of the
pros/cons.  Has anyone done this?

 

I came up with the following brief start:

 

PPPOE vs DHCP

 

PPPOE Pros

--

 

Allows full authentication of customers (requires username/password)

Allows control over customer connections (suspend accounts, create accounts
etc)

Easily assign static IP to customer (no MAC address or CPE information
required)

Assign public subnet to customer with ease (no manual routing required)

IPv4/IPv6 fully supported on Juniper platform as required

Usage tracking (GB transfer) from radius generated data

 

PPPOE Cons

--

 

Requires PPPOE termination router (Juniper ERX for example)

Requires Radius server(s) to assign and track customer IP assignments/usage

Customers require username/password to connect

Customers require PPPOE client software or router to connect

8 bytes MTU overhead

 

 

 

DHCP Pros

-

 

Simplistic - plug and play 90% of the time

No MTU overhead, full 1500 MTU frame size

 

DHCP Cons

-

 

No authentication occurs (anyone physically connected can use Internet
generally)

No user tracking without tracking customer CPE MAC addresses

No usage tracking builtin to DHCP (GB transfer)

 

 

 

There are several factors involved here.  The first major thing is that we
believe the customer wants to move towards caps on their customer usage (X
amount of GB per month).  Today, they are doing static IP assignments but
the interesting thing is that the CPE they have control over today (Comtrend
routers with DSL modem builtin).   I know there's not always a good vs bad
here but looking for opinions from folks who may have already done this
comparison for a boardroom discussion

 

Thanks ;)

 

Paul

 

 

RE: Is Cisco equpiment de facto for you?

[Paul Stewart]

Cisco shop here that is avidly converting to Juniper.

Paul


-Original Message-
From: Brandon Kim [mailto:brandon@brandontek.com] 
Sent: Monday, January 10, 2011 10:32 AM
To: nanog group
Subject: Is Cisco equpiment de facto for you?


Hello gents:

I wanted to put this out there for all of you. Our network consists of a
mixture of Cisco and Extreme equipment.

Would you say that it's fair to say that if you are serious at all about
being a service provider that your core equipment is Cisco based?

Am I limiting myself by thinking that Cisco is the de facto vendor of
choice? I'm not looking for so much fanboy responses, but more of a real
world
experience of what you guys use that actually work and does the job.

No technical questions here, just general feedback. I try to follow the
Tolly Group who compares products, and they continually show that Cisco
equipment
is a poor performer in almost any equipment compared to others, I find that
so hard to believe.

Thanks!

Brandon

  =

RE: Some truth about Comcast - WikiLeaks style

[Paul Stewart]

Pardon my ignorance here but what does Comcast do for the NANOG community?
I know they attend many conferences and share their experiences with a lot
of us which is very much appreciated...

Just asking ;)

-Original Message-
From: Backdoor Parrot [mailto:backdoorpar...@hotmail.com] 
Sent: December-16-10 12:53 PM
To: nanog@nanog.org
Subject: Re: Some truth about Comcast - WikiLeaks style



Earlier this morning a Comcast peering manager had the following things to
say about the recent NANOG thread, in a public IRC channel with many
witnesses:

my management is pretty disgusted with the badmouthing and accusation
slinging on nanog.org btw
the demands to disclose confidential data on the blog aren't helping either
the budget for hosting will be impacted I guarantee because it came out of
folks who are being hassled's budget
there is a meeting today to discuss the value of supporting the NANOG
community

Apparently Comcast's support and sponsorship of NANOG has actually been a
ploy to buy our silence, and if we keep talking poorly of them they're going
to cut off the funding. Sh don't tell anyone.

  

RE: Why is your company treating IPv6 turn ups as a sales matter?

[Paul Stewart]

We treat it as a technical request - a MAC of sorts.  The only time we would 
treat it as a sales matter is when the customer requires technical assistance 
with their configuration or network design (different matter).

Paul


-Original Message-
From: William Herrin [mailto:b...@herrin.us] 
Sent: Thursday, November 18, 2010 2:06 PM
To: nanog@nanog.org
Subject: Why is your company treating IPv6 turn ups as a sales matter?

Hiya folks,

Why are your respective companies treating IPv6 turn ups as a sales
matter instead of a standard technical change request like IP
addresses or BGP? Sprint and Qwest, I know you're guilty. How many of
the rest of you are making IPv6 installation harder for your customers
than it needs to be?

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

RE: Level3 filter updates

[Paul Stewart]

Normally it's done every night (overnight)... that's been our experience...

Paul


-Original Message-
From: Florin Veres [mailto:flo...@futurefreedom.ro] 
Sent: Tuesday, October 05, 2010 12:42 PM
To: nanog@nanog.org
Subject: Level3 filter updates

Hey guys,

Anyone knows how often does Level3 update their filters?
I have a prefix in Europe which has a route-obj from Sunday, it's accepted
in Level3 Europe from Monday, but in the US it's still not accepted.

Thanks,
Florin

RE: Facebook Issues/Outage in Southeast?

[Paul Stewart]

Over on the outages list there is a lot of discussion... I believe
everyone is effected - we are peered with them in several locations and
cannot reach them.

Paul


-Original Message-
From: Ernie Rubi [mailto:erne...@cs.fiu.edu] 
Sent: Thursday, September 23, 2010 3:39 PM
To: nanog@nanog.org
Subject: Facebook Issues/Outage in Southeast?

Anyone else having trouble? We're colo'ed at the NOTA in Miami and
directly peer with them - even though our session hasn't gone down we
still can't reach them.

Ernesto M. Rubi
Sr. Network Engineer
AMPATH/CIARA
Florida International Univ, Miami
Reply-to: erne...@cs.fiu.edu
Cell: 786-282-6783

RE: Facebook Issues/Outage in Southeast?

[Paul Stewart]

outa...@outages.org ;)

-Original Message-
From: James Grace [mailto:ja...@cs.fiu.edu] 
Sent: Thursday, September 23, 2010 3:58 PM
To: Paul Stewart
Cc: Ernie Rubi; nanog@nanog.org
Subject: Re: Facebook Issues/Outage in Southeast?

Which outages list?

James

On Sep 23, 2010, at 3:40 PM, Paul Stewart wrote:

 Over on the outages list there is a lot of discussion... I believe
 everyone is effected - we are peered with them in several locations
and
 cannot reach them.
 
 Paul
 
 
 -Original Message-
 From: Ernie Rubi [mailto:erne...@cs.fiu.edu] 
 Sent: Thursday, September 23, 2010 3:39 PM
 To: nanog@nanog.org
 Subject: Facebook Issues/Outage in Southeast?
 
 Anyone else having trouble? We're colo'ed at the NOTA in Miami and
 directly peer with them - even though our session hasn't gone down we
 still can't reach them.
 
 Ernesto M. Rubi
 Sr. Network Engineer
 AMPATH/CIARA
 Florida International Univ, Miami
 Reply-to: erne...@cs.fiu.edu
 Cell: 786-282-6783
 
 
 
 

RE: Netflow Tool

[Paul Stewart]

We've ran Scrutizer and also Netflow Auditor (also a few others) ... they are 
ok for smaller traffic levels (depending of course on sampling rates).  None 
of them held up though to our expectations and we ended up going with Arbor 
Peakflow and been extremely happy ever since.

I'd definitely suggest a trial of anything you are considering - we ran out and 
bought package after package and it didn't work out for us ;)

Paul


-Original Message-
From: Bryan Irvine [mailto:sparcta...@gmail.com] 
Sent: September-17-10 3:56 PM
To: Scott Berkman
Cc: nanog@nanog.org
Subject: Re: Netflow Tool

If you want yours to come with rap videos look at scrutinizer (no I've
not ever used it)

http://www.youtube.com/watch?v=uUPkGvdXDIM
http://www.youtube.com/watch?v=ilxknbKJ0Pc



On Fri, Sep 17, 2010 at 12:45 PM, Scott Berkman sc...@sberkman.net wrote:
 If you want something scalable and commercial (read: with support) check out
 these guys, I have been using it for a while and it has tons of features and
 very flexible reporting (including exports to PDF, CSV, etc):

 http://www.netflowauditor.com/

 They have a free version as well with limits.

        -Scott

 -Original Message-
 From: Mike Gatti [mailto:ekim.it...@gmail.com]
 Sent: Friday, September 17, 2010 2:50 PM
 To: nanog@nanog.org
 Subject: Netflow Tool

 Anyone out there using a good netflow collector that has the capability data
 to export to CSV?
 Open Source would be best, but any suggestions are welcome.

 Thanks,
 =+=+=+=+=+=+=+=+=+=+=+=+=
 Michael Gatti
 cell.703.347.4412
 ekim.it...@gmail.com
 =+=+=+=+=+=+=+=+=+=+=+=+=

Inline Traffic Management / Tracking - Usage Based Billing

[Paul Stewart]

Hi there...

 

We are examining several options currently for appliances/devices that
sit  inline (most likely) and can perform all/some of these services:

 

-Track customer usage and generate monthly reports based on username
(PPPOE) or cable MAC (DHCP) - and doesn't require any changes to our
Radius infrastructure.  In other words, it has the smarts to gather the
username/IP combination along with the Radius Start/Stop to do accurate
reporting.

-Throttling of certain services/applications at certain times of day
(looking for fairly extensive options here including ability to take
total link capacity into account - reasonably dynamic)

-24X7X365 support and hardware coverage (no next business day shipping -
4 hour response onsite kind of stuff)

-Clustering/HA options

-Centralized management/reporting

 

This is NOT an open invitation for sales people to contact me - I'm
asking here for operational feedback with likes/dislikes.  I can
appreciate if most folks prefer to reply offline.  We have trialled the
Arbor solution to date but that is the only comparison we have so far.

 

Thanks,

 

Paul Stewart

 

RE: ISP port blocking practice

[Paul Stewart]

It's extremely effective for us (not a large provider by any means).  We
block outbound 25 on all dynamic IP customers - to date it's never been
a problem for our customers.  Customer's who have static assignments are
not blocked by default.

Paul


-Original Message-
From: John R. Levine [mailto:jo...@iecc.com] 
Sent: Friday, September 03, 2010 3:20 PM
To: Owen DeLong
Cc: nanog@nanog.org
Subject: Re: ISP port blocking practice

 It's been extremely effective in blocking spam sent by spambots on
 large ISPs.  It's not a magic anti-spam bullet.  (If you know one,
 please let us know.)

 That simply hasn't been my experience. I still get lots of spam from
booted hosts in large provider networks, and yes, that includes many
that block 25. As near as I can tell, 25 blocking is not affecting
spammers at all, just legitimate users.

I know people at large ISPs with actual data.  Port 25 blocking is quite

effective.

R's,
John

RE: PCH.net down?

[Paul Stewart]

Loads from here (outside of Toronto, ON) - peered with them.

Seemed slow to load though..

Paul


-Original Message-
From: Jason Lewis [mailto:jle...@packetnexus.com] 
Sent: Wednesday, July 21, 2010 8:45 AM
To: nanog@nanog.org
Subject: PCH.net down?

This says it's not just down for me.
http://downforeveryoneorjustme.com/pch.net

Anyone else?

RE: PCH.net down?

[Paul Stewart]

Very interesting - thanks for sharing that tip

Paul


-Original Message-
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com]
On Behalf Of Christopher Morrow
Sent: Wednesday, July 21, 2010 11:49 AM
To: Allen Bass
Cc: Paul Stewart; Jason Lewis; nanog@nanog.org
Subject: Re: PCH.net down?

On Wed, Jul 21, 2010 at 11:13 AM, Allen Bass allen_b...@comcast.net
wrote:
 I received the same message from
http://downforeveryoneorjustme.com/pch.net
 but if I go to the site directly from Miami it pulls up, but is slow
to do

everyone should take careful note... downforeveryoneorjustme.com lives
... on appeng...@google, so 'downforeveryoneorjustme' really just
tests if google's network has a path to it.

Country Level BGP Data

[Paul Stewart]

Does anyone know of BGP statistical data based on country?  If I wanted
to know top 5 service providers in country XYZ based on number of BGP
peers for example, is there something that can tell me this
information?  I can manually run a list of AS numbers against tools like
Renesys for example but someone has probably already done this?

Thanks,
Paul

RE: Team Cymru BOGON feed over IPv6

[Paul Stewart]

We're using it...;)

Please see inline...

Paul


1) using the new Team Cymru BOGON lists *via BGP*

Yes

2) use the new v4 list

Yes

3) use the v6 list

Yes

4) monitor the Cymru BGP session as diligently as they would a
peer/provider session

Spot check it - in the several years we've used the original IPv4 lists
we've never had an issue

5) attempted the BOGON peering over IPv6
6) have a stable BOGON peering over IPv6

Yes - very stable, no issues

RE: Juniper firewalls - SSG or SRX

[Paul Stewart]

We've had GREAT success with SRX210, SRX240 and SRX650 boxes in the past
3-4 months.  There has been some issues I'll admit but they were all
fixed either in service releases or actual JunOS upgrades.

I believe that most of the issues you hear about were in the 9.x JunOS
releases or at least that was my experience...

Paul



-Original Message-
From: Mehmet Akcin [mailto:meh...@icann.org] 
Sent: April-19-10 9:48 PM
To: Jeffrey Negro; nanog@nanog.org
Subject: Re: Juniper firewalls - SSG or SRX

SRX seems very new and many comment it as unstable, this includes some
of
Juniper engineers I know in person. SSG though is phasing out. 8months
ago
while I was looking for these solutions more closely, I had decided to
stay
with SSG, which was good for next 3-4 years. However I believe probabyl
SRX
is more reliable now, and moving from ScreenOS to Junos definitely is a
learning curve but something that worth in long term.

Mehmet


On 4/19/10 5:32 PM, Jeffrey Negro jne...@billtrust.com wrote:

 Has anyone on Nanog had any hands on experience with the lower end of
the
 new SRX series Junipers?  We're looking to purchase two new firewalls,
and
 I'm debating going with SSG series or to make the jump to the SRX
line.  Any
 input, especially about the learning curve jumping from ScreenOS to
JunOS
 would be greatly appreciated.  Thank you in advance.
 
 Jeffrey

RE: Network Naming Conventions

[Paul Stewart]

I have yet to see a core router named Luke or Bart... ;)

-Original Message-
From: Joe Greco [mailto:jgr...@ns.sol.net]
Sent: March-14-10 11:11 PM
To: Rubens Kuhl
Cc: Paul Stewart; NANOG list
Subject: Re: Network Naming Conventions

 On Sat, Mar 13, 2010 at 6:01 PM, Paul Stewart pstew...@nexicomgroup.net 
 wrote:
  Yeah, just learning that... got a *tonne* of offline replies.
 
  Planets won't work well, simpson characters we'll run out very
  quickly umm.. forgot the rest.  We were looking for something that
  makes sense to the function of the box itself and scales up (as per some
  other folks point)

 With 726 episodes in 30 TV seasons and 11 feature films, it's very
 difficult to run out of Star Trek characters. Not main characters,
 though.

Not to mention all the books, etc.

Really, it's not hard to find precompiled lists of this sort of stuff.
One could start at someplace like http://starwars.wikia.com/wiki/Coruscant
for Star WARS (not Trek) stuff and probably scale up to a very large size
with all the names, places, planets, etc.

In the old days (pre-Web), it was actually a lot harder to come up with
a comprehensive naming scheme.

... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.






The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

Network Naming Conventions

[Paul Stewart]

Hi Folks...



With many changes going on this year in our network, I figured it's a
good time to revisit our naming conventions used in our networks.



Today, we use the following example:



Core1-rtr-to-ge1-1-1-vl20.nexicom.net



Core box #1, rtr=router, to=location, ge1-1-1=interface, vl20=vlan etc
etc



Going forward, I'd like to examine a better method to identify the
devices does anyone have published standards on what they use or
that of other networks and maybe even why they chose those methods?  The
core of the network is fairly easy for us to look at different changes
where you have interfaces, subinterfaces, locations etc. to deal with.



But what do folks do for aggregation devices such as dial-up shelves,
BAS devices etc?



Finally, we have a fair amount of gear (that we own) at customer
premises that act as either a managed device or a demarcation point 
how to you name those today?



Open ended questions obviously - looking for many ideas.



;)



Paul










The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Network Naming Conventions

[Paul Stewart]

Just wanted to say thanks to everyone who responded - game me more to
think about than I thought was possible ;)

Paul







The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Network Naming Conventions

[Paul Stewart]

Yeah, just learning that... got a *tonne* of offline replies.

Planets won't work well, simpson characters we'll run out very
quickly umm.. forgot the rest.  We were looking for something that
makes sense to the function of the box itself and scales up (as per some
other folks point)

Some of the suggestions around kinda what we have today but with some
changes are what'll we'll debate internally.

Take care,

Paul



-Original Message-
From: Ravi Pina [mailto:r...@cow.org]
Sent: March-13-10 2:01 PM
To: Paul Stewart
Cc: NANOG list
Subject: Re: Network Naming Conventions

Heh.

Host naming discussions is like religion and politics at parties.
It only leads to someone going home crying, red wine spilled all
over their new dress, and a black eye.

Not in that order.

-r

On Sat, Mar 13, 2010 at 10:47:28AM -0500, Paul Stewart wrote:
 Hi Folks...



 With many changes going on this year in our network, I figured it's a
 good time to revisit our naming conventions used in our networks.



 Today, we use the following example:



 Core1-rtr-to-ge1-1-1-vl20.nexicom.net



 Core box #1, rtr=router, to=location, ge1-1-1=interface, vl20=vlan etc
 etc



 Going forward, I'd like to examine a better method to identify the
 devices does anyone have published standards on what they use or
 that of other networks and maybe even why they chose those methods?
The
 core of the network is fairly easy for us to look at different changes
 where you have interfaces, subinterfaces, locations etc. to deal with.



 But what do folks do for aggregation devices such as dial-up
shelves,
 BAS devices etc?



 Finally, we have a fair amount of gear (that we own) at customer
 premises that act as either a managed device or a demarcation point

 how to you name those today?



 Open ended questions obviously - looking for many ideas.



 ;)



 Paul












 The information transmitted is intended only for the person or entity
to which it is addressed and contains confidential and/or privileged
material. If you received this in error, please contact the sender
immediately and then destroy this transmission, including all
attachments, without copying, distributing or disclosing same. Thank
you.






The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Wireless Ethernet bridge

[Paul Stewart]

We love the PTP600 platform and it works very well for our needs - as
good as any path profile has shown us.

Depending on the height of the tower, you can handoff via copper or via
multimode fiber (someone said it doesn't do multimode, we do it all the
time with their fiber kits from Motorola).  In all of our installs we
use multimode and if the tower is short enough use cat5 as a backup
connection.  I'm not 100% on the MTU size but I'm pretty sure it
supports at least mini-jumbo.  We are going to be pushing MPLS type
traffic carrying VPLS paths across PTP600's this year and when we looked
at any challenges we didn't find any on the surface

Paul


-Original Message-
From: Stefano Gridelli [mailto:sgride...@gmail.com]
Sent: Thursday, March 11, 2010 11:51 AM
To: Scott Brown/Clack/ESD
Cc: nanog@nanog.org
Subject: Re: Wireless Ethernet bridge

The motorola PTP 600 seems thus far the most valid solution. We want to
remain on ISM bands, because we don't want to take the burden of
renewing
the license with FCC every x years ... we need something that once
installed
requires the least maintenance effort possible.
We already have antennas and cables that work with the 5.8 GHz spectrum.
There's a distance of 3 miles between the two antennas and there's LOS
available.
The copper handoff could be solved with a media converter ...

I am also proposed an Exalt EX-5i at 200 Mbps. Does anybody have this
hardware installed and can share any experience had?

Thanks

On Wed, Mar 10, 2010 at 5:31 PM, Scott Brown/Clack/ESD 
sbr...@clackesd.k12.or.us wrote:

 The Dragonwave would be my first choice too, but they are not in the
5.8GHz
 band.

 The Motorola PTP-600 has a 2000 byte MTU, but doesn't do multimode
handoff.

 What radio to get will come down to what you are willing to give up --
if
 you are willing to drop the 5.8Ghz band and go with 11Ghz then the
 Dragonwave is for you -- the new Horizon Quantum is amazing (and
pretty
 inexpensive when I priced it out)

 Bridgewave isn't bad either - you can get to 1.25Gbps with some fiber
 handoff.


 Scott

 Mike Lyon mike.l...@gmail.com wrote on 03/10/2010 02:23:33 PM:

  From: Mike Lyon mike.l...@gmail.com
  To: Stefano Gridelli sgride...@gmail.com
  Cc: nanog@nanog.org
  Date: 03/10/2010 02:23 PM
  Subject: Re: Wireless Ethernet bridge
 
  Check out DragonWave:
 
  http://www.dragonwaveinc.com/
 
  -Mike
 
 
 
  On Wed, Mar 10, 2010 at 2:18 PM, Stefano Gridelli
 sgride...@gmail.comwrote:
 
   Hi All,
  
   I need a wireless bridge solution that allows to pass jumbo frames
over
 a
   distance of 3 miles, using the 5.8 GHz band. The original solution
was
 a
   Proxim Tsunami GX 200, but unfortunately it doesn't go beyond an
MTU of
   1536
   bytes: we need at least 1544 bytes, ideally between 4470 and 9212
bytes
   MTU. The handoff should be MM fiber, the desired throughput 200
Mbps.
  
   Thanks,
   Stefano
  









The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

Security Guideance

[Paul Stewart]

Hi folks...



We have a strange series of events going on in the past while Brief
history here, looking for input from the community - especially some of
the security folks on here.



We provide web hosting services - one of our hosting boxes was found a
while back with root kits installed, un patched software and lots of
other goodies.With some staff changes in place (don't think I need
to elaborate on that) we are trying to clean up several issues including
this particular server.  A new server was provisioned, patched, and
deployed.  User data was moved over and now the same issue is coming
back



The problem is that a user on this box appears to be launching high
traffic DOS attacks from it towards other sites.  These are UDP based
floods that move around from time to time - most of these attacks only
last a few minutes.



I've done tcpdumps within seconds of the attack starting and to date
been unable to find the source of this attack (we know the server, just
not sure which customer it is on the server that's been compromised).
Several hours of scanning for php, cgi, pl type files have been wasted
and come up nowhere...



It's been suggested to dump IDS in front of this box and I know I'll get
some feedback positive and negative in that aspect.



What tools/practices do others use to resolve this issue?  It's  a
Centos 5.4 box running latest Plesk control panel.



Typically we have found it easy to track down the offending script or
program - this time hasn't been easy at all...



Thanks,



Paul














The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Spamhaus...

[Paul Stewart]

Yes, at under 12 cents per user per *year* it's definitely worthwhile in
my personal opinion... I know several providers who have taken their
commercial service either because they wanted an SLA or because they
were contacted by Spamhaus because of their traffic levels  that
price is rough and totally depends on how many email accounts you've
got

-p

-Original Message-
From: Patrick W. Gilmore [mailto:patr...@ianai.net]
Sent: February-17-10 6:35 PM
To: NANOG list
Subject: Re: Spamhaus...

On Feb 17, 2010, at 5:32 PM, Laczo, Louis wrote:

 I'm looking for comments / suggestions / opinions from any providers
that have been contacted by spamhaus about excessive queries originating
from their DNS resolvers, typically, as a proxy for customers. I know
that certain large DNS providers (i.e. google and level3) have either
been banned or have voluntarily blocked spamhaus queries by their
resolvers. We're currently in discussion with spamhaus and I wanted to
see how others may have handled this.

I believe you can pay them a small fee and do a zone transfer so you are
not hitting their name servers.

If you see value in the service, it should be worth the small fee.  And
since you are hitting them a lot, I have a feeling that you see value in
the service.

--
TTFN,
patrick








The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Comcast IPv6 Trials

[Paul Stewart]

That really makes sense - on an incredibly smaller scale (and I mean MUCH 
smaller scale), we operate cable modem in two small communities - currently we 
use 3 IP addresses per subscriber.  One for the cable modem itself, one for the 
subscriber (or more depending on their package), and one for voice delivery 
(packetcable).  If we moved even two of three IP assignments to native V6 we'd 
reclaim a lot of V4 space - I can only imagine someone their size and what this 
means...

Paul


-Original Message-
From: Richard Barnes [mailto:richard.bar...@gmail.com]
Sent: Thursday, January 28, 2010 7:47 AM
To: Kevin Oberman
Cc: nanog@nanog.org
Subject: Re: Comcast IPv6 Trials

What I've heard is that the driver is IPv4 exhaustion: Comcast is
starting to have enough subscribers that it can't address them all out
of 10/8 -- ~millions of subscribers, each with 1 IP address (e.g.,
for user data / control of the cable box).



On Thu, Jan 28, 2010 at 12:55 AM, Kevin Oberman ober...@es.net wrote:
 Date: Wed, 27 Jan 2010 20:59:16 -0800
 From: George Bonser gbon...@seven.com

  -Original Message-
  From: William McCall
  Sent: Wednesday, January 27, 2010 7:51 PM
  Subject: Re: Comcast IPv6 Trials
 
  Saw this today too. This is a good step forward for adoption. Without
  going too far, what was the driving factor/selling point to moving
  towards this trial?


 SWAG: Comcast is a mobile operator.  At some point NAT becomes very
 expensive for mobile devices and it makes sense to use IPv6 where you
 don't need to do NAT.  Once you deploy v6 on your mobile net, it is to
 your advantage to have the stuff your mobile devices connect to also be
 v6.  Do do THAT your network needs to transport v6 and once your net is
 ipv6 enabled, there is no reason not to leverage that capability to the
 rest of your network. /SWAG

 My gut instinct says that mobile operators will be a major player in v6
 adoption.

 SWAG is wrong. Comcast is a major cable TV, telephone (VoIP), and
 Internet provider, but they don't do mobile (so far).
 --
 R. Kevin Oberman, Network Engineer
 Energy Sciences Network (ESnet)
 Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
 E-mail: ober...@es.net                  Phone: +1 510 486-8634
 Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751









The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

Re: DDoS mitigation recommendations

[Paul Stewart]

Arbor stuff comes to mind and works very well in our experiences

Paul

--
Paul Stewart
Senior Network Administrator
Nexicom Inc.
http://www.nexicom.net/

- Original Message -
From: Tom Sands tsa...@rackspace.com
To: nanog na...@merit.edu
Sent: Tue Jan 26 07:40:35 2010
Subject: DDoS mitigation recommendations

  With Guard appliance and 65xx module being EoL'd, and Cisco's desire 
to exist the DDoS mitigation market, I'd like to get some 
recommendations of what other products people are having good success with.

We are looking for something that can support 3Gbps - 10Gbps, 
multi-tenancy, seamless integration, and many of the basic features 
you'd see on the Guard.

Thank you,


-- 

Tom Sands   
Chief Network Engineer  
Rackspace Hosting   



Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is 
prohibited.
If you receive this transmission in error, please notify us immediately by 
e-mail
at ab...@rackspace.com, and delete the original message.
Your cooperation is appreciated.




 



The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Network Bandwidth Reporting Tool

[Paul Stewart]

Arbor boxes (E30/E100) also do this kind of reporting with very granular
options - not cheap, but work well...

Paul


-Original Message-
From: Raymond Macharia [mailto:rmacha...@gmail.com]
Sent: January-22-10 1:46 AM
To: Isaac Conway
Cc: nanog list
Subject: Re: Network Bandwidth Reporting Tool

Hi,
1. ETINC - www.etinc.com - Really good with a mysql backend and gives
you
exactly what you are looking for. You can either buy the software and
build
it into a FreeBSD box or you can get the already built appliance. The
price
point is also quite good

2. Allot - www.allot.com -Comes with a lot of features and has a good
reporting mechanism. They have boxes of different sizes and add on
software
for reports etc. higher priced but works very well.

Regards
Raymond Macharia



On Fri, Jan 22, 2010 at 5:13 AM, Isaac Conway
i...@conwaynetworks.comwrote:

 Oh mighty list,
 I am curious what tools you use to generate monthly usage and billing
 reports for your execs?  I am not really looking for a RRD type
 solution, rather a page I can pull up and gives me the numbers (95p,
 cost, overage, etc.) for the past month.  Copy and paste into a
 spreadsheet, job complete

 We are getting to the point where we have multiple datacenters and
 numerous uplinks and circuits for each, I find I am spending too many
 hours each month compiling data.

 I was thinking about writing some quick scripts to poll the router
 interfaces and put it to database, but I figured I would ask before
 re-inventing the wheel.

 Thanks in advance!
 Isaac









The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: he.net down/slow?

[Paul Stewart]

No issues from Toronto area on an HE connection...

-Original Message-
From: Tim Burke [mailto:t...@tburke.us]
Sent: Thursday, January 07, 2010 12:43 PM
To: nanog@nanog.org
Subject: Re: he.net down/slow?

Can't access http://he.net from my location here in Chicago...

traceroute to he.net (216.218.186.2), 30 hops max, 40 byte packets
  1  10.65.44.1 (10.65.44.1)  2.504 ms  1.039 ms  0.653 ms
  2  * * *
  3  te-2-3-ur04.romeoville.il.chicago.comcast.net (68.86.119.205)
13.648 ms  13.693 ms  13.477 ms
  4  be-70-ar01.area4.il.chicago.comcast.net (68.87.230.121)  16.598
ms  16.109 ms  15.896 ms
  5  pos-1-12-0-0-cr01.chicago.il.ibone.comcast.net (68.86.90.53)
16.631 ms  16.550 ms  16.598 ms
  6  162.97.117.41 (162.97.117.41)  21.319 ms  21.136 ms  20.932 ms
  7  Hurrican-Electric-LLC.TenGigabitEthernet1-4.ar2.SJC2.gblx.net
(64.214.174.246
)  74.953 ms  72.685 ms  77.759 ms
  8  10gigabitethernet1-1.core1.fmt1.he.net (72.52.92.109)  78.804 ms
76.097 ms  79.715 ms
  9  * * *
10  * * *
11  * * *
12  * * *


On Jan 7, 2010, at 11:32, Brian Johnson bjohn...@drtel.com wrote:

 Has anyone noticed that accessing http://www.he.net or
 http://ipv6.he.net is either slow or inaccessible?

 Please let me know if you have a different experience currently.

 Thanks

 - Brian

 CONFIDENTIALITY NOTICE: This email message, including any
 attachments, is for the sole use of the
 intended recipient(s) and may contain confidential and privileged
 information. Any unauthorized review,
 copying, use, disclosure, or distribution is prohibited. If you are
 not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the
 original message. Thank you.









The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: used hardware..

[Paul Stewart]

Our results with NHR were a disaster - that's all I'm say on a public list. 
I highly recommend Knowledge Computers anytime someone asks - mention my name 
as a reference and you'll get a good price for sure ;)  Hit me up offline for 
contact details should you wish...

Paul


-Original Message-
From: Ryan Gelobter [mailto:r.gelob...@limestonenetworks.com]
Sent: December-18-09 1:38 PM
To: Mehmet Akcin; nanog@nanog.org list
Subject: RE: used hardware..

We use Network Hardware Resale every couple of months and they are great. I 
haven't had experience selling anything to them, only purchasing.

http://www.networkhardware.com/

Ryan G
IT Assistant/Support Technician
Limestone Networks, Inc.
r.gelob...@limestonenetworks.com
www.limestonenetworks.com
Simple.  Solid.  Superior.


-Original Message-
From: Mehmet Akcin [mailto:meh...@akcin.net]
Sent: Friday, December 18, 2009 6:34 AM
To: nanog@nanog.org list
Subject: used hardware..

Hello there..

I am looking to sell and buy some used hardware, where is the best place for 
this, other than ebay ?

Mostly juniper stuff

thanks in advance.

Mehmet







The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.

RE: Consumer Grade - IPV6 Enabled Router Firewalls.

[Paul Stewart]

Biased opinion because we distribute/sell Tilgin related products, but
they are supposed to do IPv6

Having said that, we have not lab tested them ourselves and plan to
early next year

Paul


-Original Message-
From: Wade Peacock [mailto:wade.peac...@sunwave.net]
Sent: December-02-09 6:16 PM
To: nanog@nanog.org
Subject: Consumer Grade - IPV6 Enabled Router Firewalls.

We had a discussion today about IPv6 today. During our open thinking the
topic of client equipment came up.
We all commented that we have not seen any consumer grade IPv6 enable
internet gateways (routers/firewalls), a kin to the ever popular Linksys
54G series, DLinks , SMCs or Netgears.

Does anyone have any leads to information about such products (In
production or planned production)?

We are thinking that most vendors are going to wait until Ma and Pa home
user are screaming for them.

Thoughts?


--
Wade Peacock
Sun Country Cablevision Ltd






The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you.