Fw: [swinog] Contact @ AOL?

[Pascal Gloor]

Please reply to him directly, thanks,
Pascal

- Original Message -
From: "Benoit Panizzon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 06, 2002 9:32 PM
Subject: [swinog] Contact @ AOL?


> Does somebody have any contact to an AOL hostmaster or abuse person?
>
> Since about three months I get multiple attempts to send spam via a
> Formmail installation every day from the AOL.COM IP-Range. I forward the
> logs to [EMAIL PROTECTED] nearly every day but I never get any human answering
> my emails. I also called AOL in Germany but they don't know who I should
> contact or how I should escalate that problem. (They just told me
> [EMAIL PROTECTED] are the only ones known to care about such problems).
>
> PS: It's a secured Formmail and those attempts were all unsuccessfull, so
> no need to tell me it's not secure ;-)
>
> Benoit Panizzon
>
> ASCII-Ribbon Campaign
> "
> No HTML or WORD in Mails
> HTML is for WEB, Word is for Micro$oft.
> ** Get stoned - drink wet concrete
>
> --
> [EMAIL PROTECTED] Maillist-Archive:
> http://www.mail-archive.com/swinog%40swinog.ch/
>

Re: KPNQwest ns.eu.net server.

[John Payne]

On Fri, Jun 07, 2002 at 03:17:51AM +, [EMAIL PROTECTED] wrote:
...
> > So how does the operation of  gTLD servers differ from ccTLD servers, other
> > than perhaps more focus on geographical diversity?
> > 
> 
>   number and distributions  of registrations, legacy considerations 
>   that may reflect on legal issues,  local policy issues
>   that off the top of my head.
> 
>   .com vs .um -- for example.

number and distribution of registrations maybe - that comes down to number
and sizing of servers and geography/network diversity, the others are at best
operational concerns for the backend, not for the "frontend" DNS servers.

Taking RFC 2870, why wouldn't all of section 2 and most of section 3 and
section 4 be applicable to both gTLD and ccTLD servers (changing root zone
and IANA as appropriate)?

Re: KPNQwest ns.eu.net server.

[bmanning]

> 
> On Thu, Jun 06, 2002 at 07:53:49PM +, [EMAIL PROTECTED] wrote:
> ... 
> > > I don't know of any official requirements.  But RFCs 2182 and 2870 
> > > offer good guidance.  (Some of 2870 is root zone-specific, but most of 
> > > it would apply to a ccTLD server.)
> > > 
> > >   --Steve Bellovin, http://www.research.att.com/~smb (me)
> > 
> > It is perhaps instructive to note that when RFC 2870 was written, (most of)
> > the roots also hosted COM,NET,ORG.  Considered properly, RFC 2870 is 
> > more targeted toward gTLD servers.  ccTLDs have a moderately different
> > focus, while root servers are distinct from either in their requirements.
> 
> So how does the operation of  gTLD servers differ from ccTLD servers, other
> than perhaps more focus on geographical diversity?
> 

number and distributions  of registrations, legacy considerations 
that may reflect on legal issues,  local policy issues
that off the top of my head.

.com vs .um -- for example.

--bill

Re: Bogon list

[John Payne]

On Thu, Jun 06, 2002 at 09:08:34PM -0400, Richard A Steenbergen wrote:
> Even if there was an option to source ICMP from loopbacks (which I 

backhoe, nail... ip unnumbered loopback0

:)

Re: KPNQwest ns.eu.net server.

[John Payne]

On Thu, Jun 06, 2002 at 07:53:49PM +, [EMAIL PROTECTED] wrote:
... 
> > I don't know of any official requirements.  But RFCs 2182 and 2870 
> > offer good guidance.  (Some of 2870 is root zone-specific, but most of 
> > it would apply to a ccTLD server.)
> > 
> > --Steve Bellovin, http://www.research.att.com/~smb (me)
> 
> It is perhaps instructive to note that when RFC 2870 was written, (most of)
> the roots also hosted COM,NET,ORG.  Considered properly, RFC 2870 is 
> more targeted toward gTLD servers.  ccTLDs have a moderately different
> focus, while root servers are distinct from either in their requirements.

So how does the operation of  gTLD servers differ from ccTLD servers, other
than perhaps more focus on geographical diversity?

Re: Bogon list

[Richard A Steenbergen]

On Thu, Jun 06, 2002 at 06:34:48PM -0400, Stephen Griffin wrote:
> 
> Do you:
> 1) Not believe in PMTU-D

Yes.

> 2) Not believe in filtering RFC1918 sourced traffic at enterprise
> boundaries

Yes.

> I would love if RFC1918 were adhered to such that L3 packet-passing
> devices either weren't numbered out of those blocks, or allowed what
> juniper allows with the ability to select the ip address with which
> packets sourced by the L3 packet-passing device sent traffic (other than
> primary ip on destination interface). The latter would permit
> intra-enterprise use of RFC1918 addresses, while still conforming with
> RFC1918. Failing that, use of RFC1918 addresses in places where
> inter-provider packets get RFC1918 sources, is a violation of RFC1918.

Why? Why do you care about your inter-device link IPs other than for 
traceroute results? Please, someone tell me another reason why they're 
important. :)

There are very legitimate reasons for wanting that communication to be 
one-way, for example DoS attacks directed at the IPs which show up in 
traceroutes. But using RFC1918 IPs is not practical for large networks, 
since you can't communicate any DNS information about those IPs.

Even if there was an option to source ICMP from loopbacks (which I 
support, the OPTION is nice), I wouldn't use it. The devices along the 
path is far less important than the actual path, and you would immediately 
lose the ability to see which of multiple circuits is being taken between 
two endpoints. Loopbacks are better used for administrative access.

-- 
Richard A Steenbergen <[EMAIL PROTECTED]>   http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

Re: Bogon list

[Stephen Griffin]

In the referenced message, Sean M. Doran said:
> Basically, arguing that the routing system should carry around
> even more information is backwards.  It should carry less.  
> If IXes need numbers at all (why???) then use RFC 1918 addresses
> and choose one of the approaches above to deal with questions
> about why 1918 addresses result in "messy traceroutes."
> 
> Fewer routes, less address consumption, tastes great, less filling.
> 
>   Sean.

Do you:
1) Not believe in PMTU-D
2) Not believe in filtering RFC1918 sourced traffic at enterprise boundaries
(of which an exchange would be a boundary)
3) Not believe packet-passing devices have legitimate needs in contacting
hosts, even if hosts don't have legitimate needs for contacting them? (a
superset of 1, above)
4) All or some of the above?

I would love if RFC1918 were adhered to such that L3 packet-passing devices
either weren't numbered out of those blocks, or allowed what juniper allows
with the ability to select the ip address with which packets sourced by
the L3 packet-passing device sent traffic (other than primary ip on
destination interface). The latter would permit intra-enterprise use
of RFC1918 addresses, while still conforming with RFC1918. Failing that,
use of RFC1918 addresses in places where inter-provider packets get
RFC1918 sources, is a violation of RFC1918.

In any event, exchanges are inter-enterprise, and shouldn't be RFC1918.

Re: NAS filed chp 11

[Grant A. Kirkwood]

On Thursday 06 June 2002 02:46 pm, Steven J. Sobol wrote:
> form of bankruptcy. Chapter 11 is a reorg, typically.

...in theory, anyway.

-- 
Grant A. Kirkwood - [EMAIL PROTECTED]
Fingerprint = D337 48C4 4D00 232D 3444 1D5D 27F6 055A BF0C 4AED

Re: it's official

[Nathan J. Mehl]

In the immortal words of Sean M. Doran ([EMAIL PROTECTED]):
> 
> i hate spamarrest.  i really do.  i hate it.  
> you don't know who you are, but lots of the rest of us do.

64.39.29.161:allow,RBLSMTPD="-learn to filter on precedence headers, idiots"

Adjust for local filtering methodology.

-n

--<[EMAIL PROTECTED]>
"When the going gets weird, the weird turn pro."
--

Re: NAS filed chp 11

[Steven J. Sobol]

On Thu, 6 Jun 2002, Dan Hollis wrote:

> > http://biz.yahoo.com/djus/020605/200206051047000419_1.html
> 
> now someone will surely step up to the plate in their defence and rant 
> about how this is all a good thing for NASC and how they will go on to 
> reemerge next year as a lean, mean, bigger & better company.

I'm certainly a lot less worried than I would be if it was another
form of bankruptcy. Chapter 11 is a reorg, typically.

I won't say it's *good* for the company - and there are too many telecomm
firms filing bankruptcy these days anyhow. It might not be the end of the
world.

-- 
Steve Sobol, CTO  JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET
- I do my best work with one of my cockatiels sitting on each shoulder -
6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance 
stance towards abusive priests. The fact that 20% didn't, scares me...

Re: LINX-accredited certs

[cw]

On Thu, 6 Jun 2002 19:10:19 +0100, Andy Harding wrote:
>at the risk of re-igniting the formal- vs. cert-educated thread, I
>wonder whether anyone has seen the new (to me at least) LINX
>-accredited certs?

I was pointed in the direction of this after making my post on said
thread. I have seriously been considering these courses (and know
other people in the same position).

If anyone here has done or has comments about the courses I'm sure
we'd all be grateful...otherwise I'll get some comments if I end up
doing them :0)
--
O- cw, [EMAIL PROTECTED] on 06/06/2002

Re: Diagnostic Tools

[Gerald]

I've seen the usual list of HP Openview/Ciscoworks (bad name)/Big Brother.

I've used Netsaint at 2 installations. http://www.netsaint.org.
Only problem is they are changing their name to nagios due to a request
from the SAINT people. The latest development version of netsaint is at
http://www.nagios.org

Really good program and you can usually set it up pretty quick.
With the plugins you can have it monitor just about anything you want.

I know it supports monitoring:
smtp,pop,nntp,ping,mysql,radius,ldap,disks,ntp,oracle,load,ircd,swap...and
on and on.

Don't let the beta in the version fool you. It's not just beta quality.

Gerald

P.S. Long time listener first time poster.

On Thu, 6 Jun 2002, Pawlukiewicz Jane wrote:

> Hi,
>
> I'm new here but I already have a quick question.
>
> What are the best diagnostic tools available to network operators today?
>
> Thanks for any info,
>
> Jane

Re: KPNQwest ns.eu.net server.

[bmanning]

> 
> 
> In message <[EMAIL PROTECTED]>, Daniel Concepcion writes:
> >
> >Yes Neil,
> >
> >It should be interesting to know the 'official' requirements/recommendations 
> >for ccTLD's hosting
> >For example: diversity geographical, network needs, security needs, building 
> >environment., etc
> >
> 
> I don't know of any official requirements.  But RFCs 2182 and 2870 
> offer good guidance.  (Some of 2870 is root zone-specific, but most of 
> it would apply to a ccTLD server.)
> 
>   --Steve Bellovin, http://www.research.att.com/~smb (me)

It is perhaps instructive to note that when RFC 2870 was written, (most of)
the roots also hosted COM,NET,ORG.  Considered properly, RFC 2870 is 
more targeted toward gTLD servers.  ccTLDs have a moderately different
focus, while root servers are distinct from either in their requirements.

--bill

RE: NAS filed chp 11

[James]

> now someone will surely step up to the plate in their defence and rant
> about how this is all a good thing for NASC and how they will go on to
> reemerge next year as a lean, mean, bigger & better company.

I think at this point we are all long past the innocent stage and
rapidly approaching apathy.

- James

Re: NAS filed chp 11

[E.B. Dreger]

DH> Date: Thu, 6 Jun 2002 12:09:56 -0700 (PDT)
DH> From: Dan Hollis


DH> now someone will surely step up to the plate in their defence
DH> and rant about how this is all a good thing for NASC and how
DH> they will go on to reemerge next year as a lean, mean, bigger
DH> & better company.

Heh.  What I want to see is someone doing that in response to a
Chapter 7 filing. ;-)  Sounds silly, but I stood corrected by
many people when I said "that'll be the day" that IWFs freak out
over unreachables...

H.  Another post that keeps me in the "prolific posters"
list, yet does not help my standing in the "useful contribution"
department.  Back to my corner I go.


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~
Date: Mon, 21 May 2001 11:23:58 + (GMT)
From: A Trap <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to
be blocked.

Re: NAS filed chp 11

[Dan Hollis]

On Thu, 6 Jun 2002, Christopher X. Candreva wrote:
> http://biz.yahoo.com/djus/020605/200206051047000419_1.html

now someone will surely step up to the plate in their defence and rant 
about how this is all a good thing for NASC and how they will go on to 
reemerge next year as a lean, mean, bigger & better company.

-Dan
-- 
[-] Omae no subete no kichi wa ore no mono da. [-]

Re: Updates to the root zone Re: KPNQwest ns.eu.net server.

[Simon Lyall]

On Thu, 6 Jun 2002, Randy Bush wrote:
> that was the fast track.  it can take months.

Months? Years more like.

.nz have been trying to update their whois information for a couple of
years (IIRC) now. From what I understand the update have been refused
since their won't sign the ICANN contracts (like 95% of the other TLDs)

NOTE: The specific change I'm thinking of is their street address (and
organisation name for that matter). I *think* a name server change *did*
go though after a lot of pushing.

Disclaimer: I'm not involved with running .nz at all nor ICANN politics
  for that matter.

-- 
Simon Lyall.|  Newsmaster  | Work: [EMAIL PROTECTED]
Senior Network/System Admin |  Postmaster  | Home: [EMAIL PROTECTED]
ihug, Auckland, NZ  | Asst Doorman | Web: http://www.darkmere.gen.nz

Re: Results of query on auth usage

[Barbara Fraser]

Hi,

There were notes about problems with other vendors' implementations too but 
I didn't include them either.  But, you're right I probably should have 
added that product defects have been a factor in folks not deploying this 
technology :-)

Barb

At 11:01 AM 6/6/2002, Jared Mauch wrote:

>On Wed, Jun 05, 2002 at 01:34:16PM -0700, Barbara Fraser wrote:
> > ==
> >
> > eBGP-MD5 use
> >
> > 2 responded that they used it and required it of all peers
> > 12 others replied they used BGP-MD5 whenever their peers supported it
> > 1 replied they use it only when required by a peer
> > 5 said they do not use it
>
>You seem to have lost my note about CSCdw39691 in your summary.
>
> - Jared
>
>
>--
>Jared Mauch  | pgp key available via finger from [EMAIL PROTECTED]
>clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: KPNQwest ns.eu.net server.

[John Payne]

On Thu, Jun 06, 2002 at 02:12:36PM -0400, Steven M. Bellovin wrote:
> 
> In message <[EMAIL PROTECTED]>, Daniel Concepcion writes:
> >
> >Yes Neil,
> >
> >It should be interesting to know the 'official' requirements/recommendations 
> >for ccTLD's hosting
> >For example: diversity geographical, network needs, security needs, building 
> >environment., etc
> >
> 
> I don't know of any official requirements.  But RFCs 2182 and 2870 
> offer good guidance.  (Some of 2870 is root zone-specific, but most of 
> it would apply to a ccTLD server.)

Unfortunately most of the ccTLD nameserver operators ignore 2870 (including one
of the authors...)

Re: KPNQwest ns.eu.net server.

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, Daniel Concepcion writes:
>
>Yes Neil,
>
>It should be interesting to know the 'official' requirements/recommendations 
>for ccTLD's hosting
>For example: diversity geographical, network needs, security needs, building 
>environment., etc
>

I don't know of any official requirements.  But RFCs 2182 and 2870 
offer good guidance.  (Some of 2870 is root zone-specific, but most of 
it would apply to a ccTLD server.)

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)

LINX-accredited certs

[Andy Harding]

at the risk of re-igniting the formal- vs. cert-educated thread, I wonder
whether anyone has seen the new (to me at least) LINX-accredited certs?

http://www.linx.org/training/index.thtml

http://www.s-nt.co.uk/

looks (to me) like an interesting concept - ie ISP-industry-oriented rather
than vendor-specific - although I'm not sure it would get offered outside
the UK

it may be vendor-independant, but I'd put good money on the lab kit being
vendor-c 2500s  ;-)

-andy

Re: Results of query on auth usage

[Jared Mauch]

On Wed, Jun 05, 2002 at 01:34:16PM -0700, Barbara Fraser wrote:
> ==
> 
> eBGP-MD5 use
> 
> 2 responded that they used it and required it of all peers
> 12 others replied they used BGP-MD5 whenever their peers supported it
> 1 replied they use it only when required by a peer
> 5 said they do not use it

You seem to have lost my note about CSCdw39691 in your summary.

- Jared


-- 
Jared Mauch  | pgp key available via finger from [EMAIL PROTECTED]
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: Diagnostic Tools

[E.B. Dreger]

JP> Date: Thu, 06 Jun 2002 13:42:41 -0400
JP> From: Pawlukiewicz Jane


JP> Why do you think I joined this group? very smart man.

In all seriousness, one has the basics like traceroute, ping,
route servers, looking glasses, et cetera.  However, those tools
only give a view from a certain point or along a path... they
provide a limited cross-section of a complex N-dimensional beast.

Bill was right:  Sean Donelan's posts are very handy.  And I was
only halfway being a smart-aleck... if one deduces that there
just _has_ to be something anomalous, posting to NANOG is an
amusingly low-tech "distributed layer-9" diagnostic.

Note that I'm assuming you refer to internetwork diagnostics.  If
you seek intranetwork diagnostics, one has SNMP and other tools.


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~
Date: Mon, 21 May 2001 11:23:58 + (GMT)
From: A Trap <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to
be blocked.

Re: Diagnostic Tools

[Pawlukiewicz Jane]

Why do you think I joined this group? very smart man.

Jane

"E.B. Dreger" wrote:
> 
> PJ> Date: Thu, 06 Jun 2002 09:50:48 -0400
> PJ> From: Pawlukiewicz Jane
> 
> PJ> What are the best diagnostic tools available to network
> PJ> operators today?
> 
> NANOG posts. ;-)
> 
> --
> Eddy
> 
> Brotsman & Dreger, Inc. - EverQuick Internet Division
> Phone: +1 (785) 865-5885 Lawrence and [inter]national
> Phone: +1 (316) 794-8922 Wichita
> 
> ~
> Date: Mon, 21 May 2001 11:23:58 + (GMT)
> From: A Trap <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Please ignore this portion of my mail signature.
> 
> These last few lines are a trap for address-harvesting spambots.
> Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to
> be blocked.

begin:vcard 
n:Pawlukiewicz;Jane
tel;cell:703 517-2591
tel;fax:703 289-5814
tel;work:703 289-5307
x-mozilla-html:FALSE
org:Booz Allen Hamilton;Visit us on the Internet: http://boozallen.com";>BoozOnline 
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Senior Consultant
fn:Jane Pawlukiewicz
end:vcard

Re: Diagnostic Tools

[E.B. Dreger]

PJ> Date: Thu, 06 Jun 2002 09:50:48 -0400
PJ> From: Pawlukiewicz Jane


PJ> What are the best diagnostic tools available to network
PJ> operators today?

NANOG posts. ;-)


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~
Date: Mon, 21 May 2001 11:23:58 + (GMT)
From: A Trap <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to
be blocked.

Re: Diagnostic Tools

[Bill Woodcock]

  Jane Pawlukiewicz wrote:
> Ping and traceroute give me a ton of data. I was thinking of something
> that takes that data and turns it into the bottom line. Where is the
> problem, when did it start, all the good stuff.

I think that's called Sean Donelan.  :-)

To give you a serious answer, though, there are a few reasons why this is
a problem that smart software developers are leery of tackling.  Two big
ones are:

- What to measure?  Loss, latency, jitter and path length and changes are
  obvious metrics, but where do you measure to and from?  Do you measure
  from the desktop machine of whoever buys your software, or do you
  measure from somewhere or some large set of somewheres which might be
  more representative of the Internet overall, at the risk of being less
  representative of the customer themselves?  Do you measure to some set
  of generic frequently-viewed web sites, although this is likely to
  annoy the proprietors of those sites, if the tool becomes popular?  Or
  to some set of routers within the backbone infrastructure, although
  someone may get wise and put them on private addresses or cause them to
  stop wasting cycles responding to your tool?  Is there even a right
  answer to this?  It may be that one size doesn't fit all.

- If you know what you want to measure to and from, can you observe the
  path in both directions?  In order to do either active or passive
  measurement of a path, you have to have devices in that path, and a path
  is generally uni-directional for at least a portion of its length.  That
  is, the forward and reverse directions pass through different equipment
  across different links, utilize capacity differentially in each
  direction, and share available capacity with other flows which are
  utilizing it differentially as well.  If you think about what this
  means, the unfortunate conclusion that most people reach is that even if
  one were able to distribute thousands of probes throughout the Internet,
  one would still only be able to measure a _tiny_ portion of the paths,
  and the portion is tiny enough that it may not be sufficient to
  extrapolate any useful statistics from.

   -Bill

Re: KPNQwest ns.eu.net server.

[John Payne]

On Thu, Jun 06, 2002 at 04:24:40PM +0200, Daniel Concepcion wrote:
> 
> Yes Neil,
> 
> It should be interesting to know the 'official' requirements/recommendations 
> for ccTLD's hosting
> For example: diversity geographical, network needs, security needs, building 
> environment., etc

I've only been able to find a best practise guideline that specifies
that the nameserver be online 24/7.

(http://www.wwtld.org/ongoing/bestpractices/BestPractice_10Mar2001.html)

I found it interesting to note that a significant number of cctld servers
ignore the suggestions for root-servers in BCP40/RFC2870...
"Other major zone server operators (gTLDs, ccTLDs, major zones) may also find 
it useful." and leave recursion enabled on the ccTLD servers (2.5) - the old 
ns.eu.net was one of these, I believe RIPE have done the right thing with the 
new one.  

What is even more disturbing is that there is a non-zero number of ccTLD
servers that are still cache poisonable.

Re: Diagnostic Tools

[brett watson]

> - Original Message -
> From: "Pawlukiewicz Jane" <[EMAIL PROTECTED]>
> To: "Marc Pierrat" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, June 06, 2002 10:02 AM
> Subject: Re: Diagnostic Tools
>
>
>> No. But I was thinking of something more robust. And I think it depends
>> on what level you want your diagnostics to go to. Then there's metrics,
>> analysis, detection processes.
>>
>> Ping and traceroute give me a ton of data. I was thinking of something
>> that takes that data and turns it into the bottom line. Where is the
>> problem, when did it start, all the good stuff.
>>
>> I still can't believe someone hasn't cashed in on this. Or is it
>> something you wouldn't need or use?

the bottom line is, when you're on the outside looking in, there's only so 
much you're going to be able to see or analyze on someone else's network. 
everyone needs tools like this, and would use them.  trouble is, it's a 
hard problem to solve and design tools for.  many groups have formed to 
discuss "standard metrics" with respect to IP backbones.  i'm not sure 
there's ever been much concensus from them.

see www.caida.org.  just poke around, lots of data on the order of what i 
think you're looking for.  however, they usually anonymize (is that a 
word?) the data to be politically correct and protect themselves legally.

some folks at caimis.com (acquired by ixia) were doing some really 
interesting development of tools for routing performance metrics. 
www.ixiacom.com.

if you want to participate in standards for this kind of thing, go peruse 
www.ietf.org and look for the performance metrics working groups and netops 
groups.

-b

Re: Diagnostic Tools

[Eric Rogers]

I use something call netscan tools 2002. It may or may not be what your
looking for.
netscantools.com

-Eric
- Original Message -
From: "Pawlukiewicz Jane" <[EMAIL PROTECTED]>
To: "Marc Pierrat" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 06, 2002 10:02 AM
Subject: Re: Diagnostic Tools


> No. But I was thinking of something more robust. And I think it depends
> on what level you want your diagnostics to go to. Then there's metrics,
> analysis, detection processes.
>
> Ping and traceroute give me a ton of data. I was thinking of something
> that takes that data and turns it into the bottom line. Where is the
> problem, when did it start, all the good stuff.
>
> I still can't believe someone hasn't cashed in on this. Or is it
> something you wouldn't need or use?
>
> Jane
>
> Marc Pierrat wrote:
> >
> > Is there a problem with good ol' fashioned ping and traceroute?  They're
on every platform, even windows.
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Pawlukiewicz Jane
> > > Sent: Thursday, June 06, 2002 12:39 PM
> > > To: Nicolas Maton; [EMAIL PROTECTED]
> > > Subject: Re: Diagnostic Tools
> > >
> > >
> > > Sorry it took so long to reply. Work gets in the way...
> > >
> > > Nicolas Maton wrote:
> > > >
> > > > hmmm,
> > > >
> > > > I still don't get the global picture??
> > > > You want to poll routers andso outside of your network ?
> > >
> > > That's the idea I had, yeah. The traffic on my network is not hard to
> > > pull. We can analyze that data forever. What I'm curious about is the
> > > performance, or detection of problems in the routers that serve other
> > > networks, the gateways. Not like I'm curious about your internal
network
> > > or anything, just there should be some way to determine the what,
where,
> > > when of a boggle on the internet.
> > >
> > > I thought by now there'd be a nice package we could buy from somebody
> > > that would pinpoint the problem(s).  I was told they haven't developed
> > > that yet and couldn't believe it.
> > >
> > > >
> > > > If you have access to them you can use some monitoring software like
> > > >
> > > > Big Brother
> > > > HP openvieuw
> > > > Aprisma Spectrum
> > > > CiscoWorks
> > > > and so on.
> > > >
> > > > If you mean something else please let me know so i can search
> > > an solution with you.
> > >
> > > I'm not sure yet. Access is the rub, I think. Everyone is so
proprietary
> > > these days. I suppose it doesn't matter.
> > >
> > > >
> > > > <<<  Cogito ergo sum  >>>
> > >
> > > ?? (as in, what does that mean?)
> > > >
> > > > Nicolas Maton
> > > > Network Engineer
> > > > s.a. Tiscali Belgium n.v.
> > > > Rue de Stassart 43 de Stassartstraat
> > > > 1050 Brussel -Bruxelles
> > > > Belgie-Belgique
> > > > NEW Direct number:+32 (0)2 4003663
> > > > NEW Cell Phone:+32 (0)498 889363
> > > > E-mail: [EMAIL PROTECTED]
> > > > http://www.tiscali.be
> > > >
> > > > This email and any attachments may be confidential and the
> > > subject of legal
> > > > professional privilege.  Any disclosure, use, storage or copying of
this
> > > > email without the consent of the sender is strictly prohibited.
Please
> > > > notify the sender immediately if you are not the intended
> > > recipient and then
> > > > delete the email from your inbox and do not disclose the
> > > contents to another
> > > > person, use, copy or store the information in any medium.
> > > >
**
> > > >
> > > > -Original Message-
> > > > From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]]
> > > > Sent: donderdag 6 juni 2002 16:01
> > > > To: Nicolas Maton
> > > > Subject: Re: Diagnostic Tools
> > > >
> > > > Thanks for responding so quickly.
> > > >
> > > > I think I need to rephrase the question. I'm not thinking of
diagnostics
> > > > on a specific network, as in my company's intranetwork. I'm thinking
> > > > there must be a set of diagnostic tools to determine where the
problem
> > > > is outside of my network. If its platform specific it wouldn't work
very
> > > > well, would it?
> > > >
> > > > I was just thinking again. A dangerous hobby.
> > > >
> > > > Thanks,
> > > >
> > > > Jane
> > > >
> > > > Nicolas Maton wrote:
> > > > >
> > > > > For what platform?
> > > > >
> > > > > -Original Message-
> > > > > From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]]
> > > > > Sent: donderdag 6 juni 2002 15:51
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Diagnostic Tools
> > > > >
> > > > > Hi,
> > > > >
> > > > > I'm new here but I already have a quick question.
> > > > >
> > > > > What are the best diagnostic tools available to network
> > > operators today?
> > > > >
> > > > > Thanks for any info,
> > > > >
> > > > > Jane

Re: Clarification needed on ATM

[Valdis . Kletnieks]

On Thu, 06 Jun 2002 08:23:14 EDT, Rich Sena <[EMAIL PROTECTED]>  said:
> OK - sorry if this is elementary - however I am dealing with a challenge
> to the security of some ATM links that we have connecting remote
> facilities to a main campus.  The connections are all PVPs with individual
> PVCs defined point to point.  The concern that is being raised is that
> although these connections appear point-to-point PVCs to the router
> interfaces at our sites and our main campus - they are more than likely
> switched SVCs on the provider backbone...

Do the security analysis further.  You only care about the difference if
it means that different classes of people can do Something Evil to you.

So, for instance, if you asked for fiber because it requires physical access
and at least a bit of clue to tap, and instead one hop is over microwave,
that *is* a problem, because you can often tap microwave without having to get
physical access to the towers.  I would say that the actual media used
for the circuit *is* a valid security issue.  On the other hand, the media
used probably has little or no relationship to whether it's nailed or not.

So let's think. There's two classes of people you need to worry about:

1) rogue employees of your carrier.  Here, the distinction doesn't matter,
because they can do Something Evil whether it's a nailed connection or
a virtual connection.

2) outside agents.  Again, if they can do Something Evil when it's a virtual
connection, making it a nailed connection won't slow them down much.

If your security needs are so stringent that you care about the distinction
between virtual and nailed connections, it's time to start deploying in-depth
defenses:

Yes, somebody could hijack a virtual connection by hacking one of the
switches involved, to either perform a MITM attack or a DoS attack.

In the first case (MITM attack), you should be using an end-to-end
authentication/encryption scheme.  After all, MITM attacks can happen elsewhere
along the path (it's amazing how many cases I've heard of where a rogue PC or
hacked server on the same subnet as the target server was used to MITM by the
simple expedient of sending forged ICMP Redirect packets).

In the second case (DoS), you should be utilizing multihoming (remember
that they can DoS you by using a chainsaw - you slice the cables, it doesn't
matter what sort of connection it used to be.  Anybody who hasn't had a chat
with a backhoe operator hasn't been in this business for long ;)

Also, remember that although outside hackers from some 2nd/3rd world country
are getting all the attention, the *really* bad news is usually a disgruntled
(possible former) employee.

-- 
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech




msg02493/pgp0.pgp
Description: PGP signature

Re: Diagnostic Tools

[Pawlukiewicz Jane]

No. But I was thinking of something more robust. And I think it depends
on what level you want your diagnostics to go to. Then there's metrics,
analysis, detection processes.

Ping and traceroute give me a ton of data. I was thinking of something
that takes that data and turns it into the bottom line. Where is the
problem, when did it start, all the good stuff.

I still can't believe someone hasn't cashed in on this. Or is it
something you wouldn't need or use?

Jane

Marc Pierrat wrote:
> 
> Is there a problem with good ol' fashioned ping and traceroute?  They're on every 
>platform, even windows.
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Pawlukiewicz Jane
> > Sent: Thursday, June 06, 2002 12:39 PM
> > To: Nicolas Maton; [EMAIL PROTECTED]
> > Subject: Re: Diagnostic Tools
> >
> >
> > Sorry it took so long to reply. Work gets in the way...
> >
> > Nicolas Maton wrote:
> > >
> > > hmmm,
> > >
> > > I still don't get the global picture??
> > > You want to poll routers andso outside of your network ?
> >
> > That's the idea I had, yeah. The traffic on my network is not hard to
> > pull. We can analyze that data forever. What I'm curious about is the
> > performance, or detection of problems in the routers that serve other
> > networks, the gateways. Not like I'm curious about your internal network
> > or anything, just there should be some way to determine the what, where,
> > when of a boggle on the internet.
> >
> > I thought by now there'd be a nice package we could buy from somebody
> > that would pinpoint the problem(s).  I was told they haven't developed
> > that yet and couldn't believe it.
> >
> > >
> > > If you have access to them you can use some monitoring software like
> > >
> > > Big Brother
> > > HP openvieuw
> > > Aprisma Spectrum
> > > CiscoWorks
> > > and so on.
> > >
> > > If you mean something else please let me know so i can search
> > an solution with you.
> >
> > I'm not sure yet. Access is the rub, I think. Everyone is so proprietary
> > these days. I suppose it doesn't matter.
> >
> > >
> > > <<<  Cogito ergo sum  >>>
> >
> > ?? (as in, what does that mean?)
> > >
> > > Nicolas Maton
> > > Network Engineer
> > > s.a. Tiscali Belgium n.v.
> > > Rue de Stassart 43 de Stassartstraat
> > > 1050 Brussel -Bruxelles
> > > Belgie-Belgique
> > > NEW Direct number:+32 (0)2 4003663
> > > NEW Cell Phone:+32 (0)498 889363
> > > E-mail: [EMAIL PROTECTED]
> > > http://www.tiscali.be
> > >
> > > This email and any attachments may be confidential and the
> > subject of legal
> > > professional privilege.  Any disclosure, use, storage or copying of this
> > > email without the consent of the sender is strictly prohibited. Please
> > > notify the sender immediately if you are not the intended
> > recipient and then
> > > delete the email from your inbox and do not disclose the
> > contents to another
> > > person, use, copy or store the information in any medium.
> > > **
> > >
> > > -Original Message-
> > > From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]]
> > > Sent: donderdag 6 juni 2002 16:01
> > > To: Nicolas Maton
> > > Subject: Re: Diagnostic Tools
> > >
> > > Thanks for responding so quickly.
> > >
> > > I think I need to rephrase the question. I'm not thinking of diagnostics
> > > on a specific network, as in my company's intranetwork. I'm thinking
> > > there must be a set of diagnostic tools to determine where the problem
> > > is outside of my network. If its platform specific it wouldn't work very
> > > well, would it?
> > >
> > > I was just thinking again. A dangerous hobby.
> > >
> > > Thanks,
> > >
> > > Jane
> > >
> > > Nicolas Maton wrote:
> > > >
> > > > For what platform?
> > > >
> > > > -Original Message-
> > > > From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]]
> > > > Sent: donderdag 6 juni 2002 15:51
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Diagnostic Tools
> > > >
> > > > Hi,
> > > >
> > > > I'm new here but I already have a quick question.
> > > >
> > > > What are the best diagnostic tools available to network
> > operators today?
> > > >
> > > > Thanks for any info,
> > > >
> > > > Jane

begin:vcard 
n:Pawlukiewicz;Jane
tel;cell:703 517-2591
tel;fax:703 289-5814
tel;work:703 289-5307
x-mozilla-html:FALSE
org:Booz Allen Hamilton;Visit us on the Internet: http://boozallen.com";>BoozOnline 
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Senior Consultant
fn:Jane Pawlukiewicz
end:vcard

Re: Diagnostic Tools

[Pawlukiewicz Jane]

Sorry it took so long to reply. Work gets in the way...

Nicolas Maton wrote:
> 
> hmmm,
> 
> I still don't get the global picture??
> You want to poll routers andso outside of your network ?

That's the idea I had, yeah. The traffic on my network is not hard to
pull. We can analyze that data forever. What I'm curious about is the
performance, or detection of problems in the routers that serve other
networks, the gateways. Not like I'm curious about your internal network
or anything, just there should be some way to determine the what, where,
when of a boggle on the internet. 

I thought by now there'd be a nice package we could buy from somebody
that would pinpoint the problem(s).  I was told they haven't developed
that yet and couldn't believe it.  

> 
> If you have access to them you can use some monitoring software like
> 
> Big Brother
> HP openvieuw
> Aprisma Spectrum
> CiscoWorks
> and so on.
> 
> If you mean something else please let me know so i can search an solution with you.

I'm not sure yet. Access is the rub, I think. Everyone is so proprietary
these days. I suppose it doesn't matter. 

> 
> <<<  Cogito ergo sum  >>>

?? (as in, what does that mean?)
> 
> Nicolas Maton
> Network Engineer
> s.a. Tiscali Belgium n.v.
> Rue de Stassart 43 de Stassartstraat
> 1050 Brussel -Bruxelles
> Belgie-Belgique
> NEW Direct number:+32 (0)2 4003663
> NEW Cell Phone:+32 (0)498 889363
> E-mail: [EMAIL PROTECTED]
> http://www.tiscali.be
> 
> This email and any attachments may be confidential and the subject of legal
> professional privilege.  Any disclosure, use, storage or copying of this
> email without the consent of the sender is strictly prohibited. Please
> notify the sender immediately if you are not the intended recipient and then
> delete the email from your inbox and do not disclose the contents to another
> person, use, copy or store the information in any medium.
> **
> 
> -Original Message-
> From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]]
> Sent: donderdag 6 juni 2002 16:01
> To: Nicolas Maton
> Subject: Re: Diagnostic Tools
> 
> Thanks for responding so quickly.
> 
> I think I need to rephrase the question. I'm not thinking of diagnostics
> on a specific network, as in my company's intranetwork. I'm thinking
> there must be a set of diagnostic tools to determine where the problem
> is outside of my network. If its platform specific it wouldn't work very
> well, would it?
> 
> I was just thinking again. A dangerous hobby.
> 
> Thanks,
> 
> Jane
> 
> Nicolas Maton wrote:
> >
> > For what platform?
> >
> > -Original Message-
> > From: Pawlukiewicz Jane [mailto:[EMAIL PROTECTED]]
> > Sent: donderdag 6 juni 2002 15:51
> > To: [EMAIL PROTECTED]
> > Subject: Diagnostic Tools
> >
> > Hi,
> >
> > I'm new here but I already have a quick question.
> >
> > What are the best diagnostic tools available to network operators today?
> >
> > Thanks for any info,
> >
> > Jane

begin:vcard 
n:Pawlukiewicz;Jane
tel;cell:703 517-2591
tel;fax:703 289-5814
tel;work:703 289-5307
x-mozilla-html:FALSE
org:Booz Allen Hamilton;Visit us on the Internet: http://boozallen.com";>BoozOnline 
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Senior Consultant
fn:Jane Pawlukiewicz
end:vcard

Re: OT: Re: Bogon list

[Greg A. Woods]

[ On Wednesday, June 5, 2002 at 23:22:38 (-0400), [EMAIL PROTECTED] wrote: ]
> Subject: Re: OT: Re: Bogon list 
>
> 3) Remember that for procmail to nuke the second copy, the second copy
> has to arrive - I'm personally just a bit miffed at somebody who sent me
> 2 copies of a large file.   Yes, procmail nuked the second one - *after*
> I'd pulled several hundred K over a modem.

Indeed.  That was my original point.  I don't want to _receive_ two
copies of any messages, especially not those that are also forwarded via
any mailing list.  I do what I can to ensure things work the way I
desire for replies to my posts, and I'm surprised more people don't do
what I do as well.

-- 
Greg A. Woods

+1 416 218-0098;  <[EMAIL PROTECTED]>;  <[EMAIL PROTECTED]>;  <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>

Re: KPNQwest ns.eu.net server.

[Joao Luis Silva Damas]

At 16:35 +0200 6/6/02, Gert Doering wrote:
>
>Hmmm?  As far as I can see, RIPE has enough providers.  The problem is
>that the ccTLD secondary server hosted at KQ broke -

ns.eu.net has not "broke". At least not yet.
KPNQwest still has very competent people (and I would like to 
specifically thank Berislav Todorovic for embracing the idea of 
placing ns.eu.net outside KPNQwest to ensure stability and for all 
the support in actually doing it)

The RIPE  NCC doesn't currently need further support to operate the 
service, which is why we volunteered to do it, to provide a stable 
service until further steps are undertaken without the concern for 
the time period KPNQwest will be able to continue to operate.

With time, since EUNet will not exist, ns.eu.net should also 
disappear (I am not quite sure the RIPE NCC would want to "own" the 
eu.net domain), but it should be after everyone has got time to think 
properly about a solution that suits them in the long term.

Cheers,
Joao

Re: KPNQwest ns.eu.net server.

[David Conrad]

Hi,

Just as a (potentially self-serving, apologies if this offends) aside, there
are several companies that specialize in DNS hosting out there.  The one
that I'm most familiar with (Nominum's), co-locates our equipment at IXPs,
has an open peering policy (of course), and has multiple (paid) transit
providers.  We decided upon this approach for exactly the reasons you
indicate: they tend to be both more stable and more neutral than ISPs.  We
also believe locating at IXPs can reduce latency and improve performance.
We were already providing secondary for one of the TLDs affected by
ns.eu.net going away and would, of course, be happy to provide services to
others.

Rgds,
-drc

On 6/6/02 7:07 AM, "Nipper, Arnold" <[EMAIL PROTECTED]> wrote:

> 
> As a lot of people are offering secondary services: may be it's a good idea
> to place infrastructural services at IXP. IXP seem to be more stable than
> any ISPs and often more neutral than ISPs.
> 
> Comments?
> 
> 
> Arnold
> --
> Arnold Nipper, DE-CIX, the German Internet Exchange
> email: [EMAIL PROTECTED]
> mobile: +49 172 2650958
> handle: an6695-ripe
> 
> 
> - Original Message -
> From: "Sabine Dolderer/Denic" <[EMAIL PROTECTED]>
> To: "Jan-Ahrent Czmok" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, June 06, 2002 9:43 AM
> Subject: Re: Re: KPNQwest ns.eu.net server.
> 
> 
> 
> Hello,
> 
> DENIC runs currently several secondarys (not only DE but also for some
> other TLDs) in different places worldwide. We are willing to offer
> secondary service for other ccTLDs. But there will be because of
> security/stability reasons a limit on the number of ccTLDs we want to run
> on a single machine.
> 
> Sabine
> 
> --
> Sabine  Dolderer
> DENIC eG
> Wiesenhüttenplatz 26
> D-60329 Frankfurt
> 
> eMail: [EMAIL PROTECTED]
> Fon: +49 69 27235 0
> Fax: +49 69 27235 235
> 
> 
> 
>   Jan-Ahrent
>   CzmokAn: Joao Luis Silva Damas
> <[EMAIL PROTECTED]>
>[EMAIL PROTECTED], [EMAIL PROTECTED],
>   net> [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED],
>   Gesendet von:[EMAIL PROTECTED],
> [EMAIL PROTECTED]
>   owner-lir-wg@Thema:  Re: KPNQwest ns.eu.net
> server.
>   ripe.net
> 
> 
>   06.06.2002
>   01:29
> 
> 
> 
> 
> 
> 
> PostedDate: 06.06.2002 01:29:37
> $MessageID: <[EMAIL PROTECTED]>
> From: [EMAIL PROTECTED]
> SendTo: Joao Luis Silva Damas <[EMAIL PROTECTED]>
> CopyTo:
> [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams-
> ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED]
> 
> Subject: Re: KPNQwest ns.eu.net server.
> Received: from smtp.denic.de ([194.246.96.22])  by notes.denic.de
> (Lotus Domino Release 5.0.8)  with ESMTP id 2002060601283597:15602
> ;  Thu, 6 Jun 2002 01:28:35 +0200
> Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])  by
> smtp.denic.de with smtp  id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34
> +0200
> Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 -
> Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 -
> Delivered_To: [EMAIL PROTECTED]
> PRINCIPAL: Jan-Ahrent Czmok <[EMAIL PROTECTED]>
> In_Reply_To: 
> References: <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>   
> Organization: Global Access Telecommunications Inc.
> $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu)
> X_Ncc_RegID: de.gatel
> MIME_Version: 1.0
> Precedence: bulk
> X_Loop_Detect: RIPE NCC
> SMTPOriginator: [EMAIL PROTECTED]
> RouteServers: CN=notes/O=Denic
> RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38
> DeliveredDate: 06.06.2002 01:28:38
> DENICDOCOPENCOUNT: 1
> $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18,
> 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine
> Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002
> 09:32:28;MIME-CD complete at 06.06.2002 09:32:28
> BlindCopyTo:
> WebSubject: Re: KPNQwest ns.eu.net server.
> 
> 
> On Thu, 6 Jun 2002 01:08:46 +0200
> Joao Luis Silva Damas <[EMAIL PROTECTED]> wrote:
> 
>> 
>> At 11:04 -0700 5/6/02, Randy Bush wrote:
 Given the current situation of KPNQwest and the possibility
  of its services going offline sometime soon, the RIPE NCC in
  agreement with KPNQwest will be temporally hosting this
  server (ns.eu.net) in its premises.
>>> 
>>> nice emergency hack and sorry to whine.  but i used them both
>>> to get diversity.
>> 
>> Hi Randy,
>> 
>> there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both
>> secondary. So we will definitely request thos

Re: Updates to the root zone Re: KPNQwest ns.eu.net server.

[Randy Bush]

> Has ICANN and NTIA worked out their operational issues so they can quickly
> change the root zone to reflect changes in ccTLD nameservers if people
> need to change which name servers are handling the ccTLDs.  Last year,
> some of the ccTLD operators were complaining it sometimes took weeks after
> they submitted the change for it to make it into the root zone.

that was the fast track.  it can take months.

luckily, the dns protocols will route around this kind of damage as
long as a primary or secondary remain alive.

randy

Re: Re: KPNQwest ns.eu.net server.

[Chrisy Luke]

Stephen J. Wilcox wrote (on Jun 06):
> Indeed, for example k.root-servers.net is hosted at LINX and is reachable
> globally by this kind of setup..

A few of LINXs' members also transit the services provided by LINX
"for the good of the community" - ie, at zero cost. That includes
k.root. I don't mind doing it. I wouldn't mind for others either.

Chris.
-- 

Re: Updates to the root zone Re: KPNQwest ns.eu.net server.

[Måns Nilsson]

--On Thursday, June 06, 2002 10:47:52 -0400 Sean Donelan <[EMAIL PROTECTED]>
wrote:

> 
> 
> This is not a political question, only operational process.
> 
> Has ICANN and NTIA worked out their operational issues so they can quickly
> change the root zone to reflect changes in ccTLD nameservers if people
> need to change which name servers are handling the ccTLDs.  Last year,
> some of the ccTLD operators were complaining it sometimes took weeks after
> they submitted the change for it to make it into the root zone.

I tried this game fall 2000. It was a farce. We (I then worked at NIC-SE,
the SE registry) tried to remove "sparky.arl.mil" from the SE delegation. 

After all the politcs in Sweden wrt this move had been sorted out, we
e-mailed the correct (as announced on webpage) contact at IANA/ICANN. 

Weeks went by. 

Nothing happened. 

We grew tired of this and started pulling some threads. ONLY after informal
prodding (by well-known people that then had no formal role in SE
operations) the root zone was updated! And, we NEVER got any
acknowledgement back, we simply noticed that the delegation had been
adjusted. 

We were not impressed. I thought along the same lines as Sean, poor ccTLDs
if this (root admin unresponsiveness) is a continuing state of affairs...

-- 
Måns NilssonSystems Specialist
+46 70 681 7204 KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

Re: Re: KPNQwest ns.eu.net server.

[Stephen J. Wilcox]

Indeed, for example k.root-servers.net is hosted at LINX and is reachable
globally by this kind of setup..

Steve

On Thu, 6 Jun 2002, Jared Mauch wrote:

> 
>   While a good idea, not everyone can announce or reach the
> IX fabrics that they connect to or are out there.
> 
>   One solution to that problem is to have the IX operate a
> zeebra/gated/whatnot box (or router+machine combo) that
> announces a /24 and as part of connecting to the IX people
> are required to peer (and provide transit) for that /24 for
> the "good of the internet".
> 
>   This would allow everyone that connects to the IX to see
> the benifits of having a close (to their network that is) dns server
> as well as if my provider does not announce the DE-CIX, LINX, mae-e, mae-w,
> paix, nyiix, or whatever space to me, i can still reach a server
> placed at the IX via their network or via their peers/upstreams.
> 
>   - Jared
> 
> http://puck.nether.net/dns/
> (very rough ui)
> 
> On Thu, Jun 06, 2002 at 04:07:09PM +0200, Nipper, Arnold wrote:
> > 
> > As a lot of people are offering secondary services: may be it's a good idea
> > to place infrastructural services at IXP. IXP seem to be more stable than
> > any ISPs and often more neutral than ISPs.
> > 
> > Comments?
> > 
> > 
> > Arnold
> > --
> > Arnold Nipper, DE-CIX, the German Internet Exchange
> > email: [EMAIL PROTECTED]
> > mobile: +49 172 2650958
> > handle: an6695-ripe
> > 
> > 
> > - Original Message -
> > From: "Sabine Dolderer/Denic" <[EMAIL PROTECTED]>
> > To: "Jan-Ahrent Czmok" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Thursday, June 06, 2002 9:43 AM
> > Subject: Re: Re: KPNQwest ns.eu.net server.
> > 
> > 
> > 
> > Hello,
> > 
> > DENIC runs currently several secondarys (not only DE but also for some
> > other TLDs) in different places worldwide. We are willing to offer
> > secondary service for other ccTLDs. But there will be because of
> > security/stability reasons a limit on the number of ccTLDs we want to run
> > on a single machine.
> > 
> > Sabine
> > 
> > --
> > Sabine  Dolderer
> > DENIC eG
> > Wiesenhüttenplatz 26
> > D-60329 Frankfurt
> > 
> > eMail: [EMAIL PROTECTED]
> > Fon: +49 69 27235 0
> > Fax: +49 69 27235 235
> > 
> > 
> > 
> > Jan-Ahrent
> > CzmokAn: Joao Luis Silva Damas
> > <[EMAIL PROTECTED]>
> >  > [EMAIL PROTECTED], [EMAIL PROTECTED],
> > net> [EMAIL PROTECTED], [EMAIL PROTECTED],
> > [EMAIL PROTECTED],
> > Gesendet von:[EMAIL PROTECTED],
> > [EMAIL PROTECTED]
> > owner-lir-wg@Thema:  Re: KPNQwest ns.eu.net
> > server.
> > ripe.net
> > 
> > 
> > 06.06.2002
> > 01:29
> > 
> > 
> > 
> > 
> > 
> > 
> > PostedDate: 06.06.2002 01:29:37
> > $MessageID: <[EMAIL PROTECTED]>
> > From: [EMAIL PROTECTED]
> > SendTo: Joao Luis Silva Damas <[EMAIL PROTECTED]>
> > CopyTo:
> > [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams-
> > ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED]
> > 
> > Subject: Re: KPNQwest ns.eu.net server.
> > Received: from smtp.denic.de ([194.246.96.22])  by notes.denic.de
> > (Lotus Domino Release 5.0.8)  with ESMTP id 2002060601283597:15602
> > ;  Thu, 6 Jun 2002 01:28:35 +0200
> > Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])  by
> > smtp.denic.de with smtp  id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34
> > +0200
> > Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 -
> > Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 -
> > Delivered_To: [EMAIL PROTECTED]
> > PRINCIPAL: Jan-Ahrent Czmok <[EMAIL PROTECTED]>
> > In_Reply_To: 
> > References: <[EMAIL PROTECTED]>
> > <[EMAIL PROTECTED]>   
> > Organization: Global Access Telecommunications Inc.
> > $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu)
> > X_Ncc_RegID: de.gatel
> > MIME_Version: 1.0
> > Precedence: bulk
> > X_Loop_Detect: RIPE NCC
> > SMTPOriginator: [EMAIL PROTECTED]
> > RouteServers: CN=notes/O=Denic
> > RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38
> > DeliveredDate: 06.06.2002 01:28:38
> > DENICDOCOPENCOUNT: 1
> > $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18,
> > 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine
> > Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002
> > 09:32:28;MIME-CD complete at 06.06.2002 09:32:28
> > BlindCopyTo:
> > WebSubject: Re: KPNQwest ns.eu.net server.
> > 
> > 
> > On Thu, 6 Jun 2002 01:08:46 +0200
> > Joao Luis Silva Damas <

RE: KPNQwest ns.eu.net server.

[Neil J. McRae]

Gert,

> On Thu, Jun 06, 2002 at 02:59:22PM +0100, Neil J. McRae wrote:
> > I suggest that if the RIPE need another provider that they
> > take time and issue a proper RFI/P/Q through the European
> > Journal. It does ask an interesting question over disaster
> > recovery in situations like this.
> 
> Hmmm?  As far as I can see, RIPE has enough providers.  The problem is
> that the ccTLD secondary server hosted at KQ broke - which isn't RIPEs 
> fault, and doesn't even host anything RIPE is master for (like ripe.net
> or the *.in-addr.arpa zones).
> 

Hence why I said "if the RIPE need another provider". Note the
part that has "if" in it.

Regards,
Neil.

Re: Re: KPNQwest ns.eu.net server.

[Arnold Nipper]

On Thu, Jun 06, 2002 at 04:31:21PM +0200, Daniel Concepcion wrote:
> 
> 
> Yes, but there is problem about the transit for the network of the IXP
> In my experience, some big providers only have the commercial view of 
> internet. 

If an IXP decides to offer infrastructural services then you have to buy
upstream of course.

> Really, if all the IXP members give some transit to the IXP for essential 
> services, internet will be more robust. 
> 

At least each IXP member would have direct connectivity to such
infrastructural services (DNS, NTP, WHOIS, NNTP??) and thereby their
customers would benefit from it.

And an IXP should be in a good position to get upstream :-)) And for
the commercials: these services are not for free of course. So bills
for IXP members will drop not raise.


-- Arnold

RE: Re: KPNQwest ns.eu.net server.

[Daniska Tomas]

ok,

let's suppose that usually provides the most appropriate environment for placing the 
dns servers and their co-infrastructure. taking it only technically, providing the 
connectivity for the ixp is a detail (to announce or not to announce). maybe the ixp 
could allocate a 'stub' subnet - separate from the transit subnet - and provide a 
voluntary mlpa to all the hosted isps. this would not break the isp policies on 
announcing the transit ixp subnet. all these are details.

i see a space for another topic in this thread - updating the dns infrastrucure a bit. 
to be more specific:
- would the ixp-located tld dns servers server only a small set of tld's each? if so, 
would it be region-based or agreement-based?
- would it be worth the effort starting a project similar to irr that would serve as a 
common source for dns configurations?


it'd be nice to hear your oppinions


--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.



> -Original Message-
> From: Arnold Nipper [mailto:[EMAIL PROTECTED]] 
> Sent: 6. júna 2002 16:29
> To: Daniska Tomas
> Cc: Nipper, Arnold; [EMAIL PROTECTED]
> Subject: Re: Re: KPNQwest ns.eu.net server.
> 
> 
> On Thu, Jun 06, 2002 at 04:13:08PM +0200, Daniska Tomas wrote:
> > how would you guarantee connectivity?
> > 
> 
> as you have a lot of ISPs around you it should be really easy 
> to get some
> connectivity. Very easy: tell some friendly ISP to announce 
> your prefix/AS
> to outside.
> 
> > should each isp present should provide bandwidth as part of 
> collocation expenses?
> 
> What do you mean by this? If some ISP want to donate bw, 
> nice. If not also Ok.
> 
> > should the opexes be included in the colo bill?
> 
> Which colo bill? 
> 
> > 
> > and then - this would probably make the colo becoming a 
> connectivity provider, wouldn't it?
> > 
> 
> Not necessarily. This much depends on your IXP model. Let's 
> take DE-CIX. 
> There is an association running DE-CIX, but InterXion as colo 
> partner takes
> cae for a lot of things. If DE-CIX would offer 
> infrastructural services,
> InterXion still would remain a simple colo provider.
> 
> 
> Arnold
> -- 
> Arnold Nipper  Email:  
> [EMAIL PROTECTED]
> DE-CIX, The German Internet Exchange   Mobile: +49 172 2650958
> 

Re: OT: Re: Bogon list

[Scott Francis]

On Thu, Jun 06, 2002 at 02:14:21AM +0300, [EMAIL PROTECTED] said:
> Richard,
> 
>  Kindly explain how not knowing procmail (or Unix for that matter)
> relates to configuring BGP/OSPF/Cisco IOS/JunOS
> (Yes I know JunOS is based on FreeBSD -
>  but I doubt anyone runs an MTA or MUA on it ... ;-)

It's not a causal relationship, but more of an indirect one: those that tend
to have networking clue very frequently also possess UNIX clue. Which is what
I (and I suspect Richard) was driving at ...

[snip]
>   Also don't even get me started on *security* consultants that are forced
> (by corporate policy) to read Email on MS OutLook from an Exchange server :-(

The MUA someone may have to use has nothing to do with whether or not that
person possesses experience with UNIX and standard UNIX utilities.
-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg02480/pgp0.pgp
Description: PGP signature

Updates to the root zone Re: KPNQwest ns.eu.net server.

[Sean Donelan]

This is not a political question, only operational process.

Has ICANN and NTIA worked out their operational issues so they can quickly
change the root zone to reflect changes in ccTLD nameservers if people
need to change which name servers are handling the ccTLDs.  Last year,
some of the ccTLD operators were complaining it sometimes took weeks after
they submitted the change for it to make it into the root zone.

Re: Re: KPNQwest ns.eu.net server.

[Måns Nilsson]

--On Thursday, June 06, 2002 10:16:34 -0400 Jared Mauch
<[EMAIL PROTECTED]> wrote:

>   While a good idea, not everyone can announce or reach the
> IX fabrics that they connect to or are out there.
> 
>   One solution to that problem is to have the IX operate a
> zeebra/gated/whatnot box (or router+machine combo) that
> announces a /24 and as part of connecting to the IX people
> are required to peer (and provide transit) for that /24 for
> the "good of the internet".
> 
>   This would allow everyone that connects to the IX to see
> the benifits of having a close (to their network that is) dns server
> as well as if my provider does not announce the DE-CIX, LINX, mae-e,
> mae-w, paix, nyiix, or whatever space to me, i can still reach a server
> placed at the IX via their network or via their peers/upstreams.

This is done in Sweden, by the exchange point company Netnod,
. They have an AS of their own, which is free to
peer with, in which a number of crucial services are located, for instance:

* Root DNS server
* COM/NET/ORG DNS server
* DNS for a number of ccTLDs including Sweden. 
* NTP masters directly synchronised to swedish standard time
* RIPE whois mirror. 

Some of these services are present at several Netnod IXen, notably ccTLD
and NTP. 

It works, and gives excellent service levels. 

-- 
Måns NilssonSystems Specialist
+46 70 681 7204 KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

NAS filed chp 11

[Christopher X. Candreva]

http://biz.yahoo.com/djus/020605/200206051047000419_1.html


==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

Are you seeing ATM framing errors at Chicago AADS?

[John Kristoff]

The Chicago SBC (formerly AADS) NAP upgraded their Lucent switch code
this past Sunday and we suspect we may be having some problems due to
that upgrade.  If anyone else is there and has been seeing framing
errors since then, I'd appreciate a private reply back saying so (or not
even).  It would be particularly valuable to know what vendor's
equipment you have on your side of that link as well.   Thanks,

John

Re: Re: KPNQwest ns.eu.net server.

[Daniel Concepcion]

Yes, but there is problem about the transit for the network of the IXP
In my experience, some big providers only have the commercial view of 
internet. 
Really, if all the IXP members give some transit to the IXP for essential 
services, internet will be more robust. 

Daniel
Intelideas


On Thursday 06 June 2002 16:07, Nipper, Arnold wrote:
> As a lot of people are offering secondary services: may be it's a good idea
> to place infrastructural services at IXP. IXP seem to be more stable than
> any ISPs and often more neutral than ISPs.
>
> Comments?
>
>
> Arnold

Re: Re: KPNQwest ns.eu.net server.

[Arnold Nipper]

On Thu, Jun 06, 2002 at 04:13:08PM +0200, Daniska Tomas wrote:
> how would you guarantee connectivity?
> 

as you have a lot of ISPs around you it should be really easy to get some
connectivity. Very easy: tell some friendly ISP to announce your prefix/AS
to outside.

> should each isp present should provide bandwidth as part of collocation expenses?

What do you mean by this? If some ISP want to donate bw, nice. If not also Ok.

> should the opexes be included in the colo bill?

Which colo bill? 

> 
> and then - this would probably make the colo becoming a connectivity provider, 
>wouldn't it?
> 

Not necessarily. This much depends on your IXP model. Let's take DE-CIX. 
There is an association running DE-CIX, but InterXion as colo partner takes
cae for a lot of things. If DE-CIX would offer infrastructural services,
InterXion still would remain a simple colo provider.


Arnold
-- 
Arnold Nipper  Email:  [EMAIL PROTECTED]
DE-CIX, The German Internet Exchange   Mobile: +49 172 2650958

Re: KPNQwest ns.eu.net server.

[Daniel Concepcion]

Yes Neil,

It should be interesting to know the 'official' requirements/recommendations 
for ccTLD's hosting
For example: diversity geographical, network needs, security needs, building 
environment., etc

Regards,
Daniel
Intelideas


On Thursday 06 June 2002 15:59, Neil J. McRae wrote:
> I suggest that if the RIPE need another provider that they
> take time and issue a proper RFI/P/Q through the European
> Journal. It does ask an interesting question over disaster
> recovery in situations like this.
>
> Regards,
> Neil.

Re: Re: KPNQwest ns.eu.net server.

[Jared Mauch]

While a good idea, not everyone can announce or reach the
IX fabrics that they connect to or are out there.

One solution to that problem is to have the IX operate a
zeebra/gated/whatnot box (or router+machine combo) that
announces a /24 and as part of connecting to the IX people
are required to peer (and provide transit) for that /24 for
the "good of the internet".

This would allow everyone that connects to the IX to see
the benifits of having a close (to their network that is) dns server
as well as if my provider does not announce the DE-CIX, LINX, mae-e, mae-w,
paix, nyiix, or whatever space to me, i can still reach a server
placed at the IX via their network or via their peers/upstreams.

- Jared

http://puck.nether.net/dns/
(very rough ui)

On Thu, Jun 06, 2002 at 04:07:09PM +0200, Nipper, Arnold wrote:
> 
> As a lot of people are offering secondary services: may be it's a good idea
> to place infrastructural services at IXP. IXP seem to be more stable than
> any ISPs and often more neutral than ISPs.
> 
> Comments?
> 
> 
> Arnold
> --
> Arnold Nipper, DE-CIX, the German Internet Exchange
> email: [EMAIL PROTECTED]
> mobile: +49 172 2650958
> handle: an6695-ripe
> 
> 
> - Original Message -
> From: "Sabine Dolderer/Denic" <[EMAIL PROTECTED]>
> To: "Jan-Ahrent Czmok" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, June 06, 2002 9:43 AM
> Subject: Re: Re: KPNQwest ns.eu.net server.
> 
> 
> 
> Hello,
> 
> DENIC runs currently several secondarys (not only DE but also for some
> other TLDs) in different places worldwide. We are willing to offer
> secondary service for other ccTLDs. But there will be because of
> security/stability reasons a limit on the number of ccTLDs we want to run
> on a single machine.
> 
> Sabine
> 
> --
> Sabine  Dolderer
> DENIC eG
> Wiesenhüttenplatz 26
> D-60329 Frankfurt
> 
> eMail: [EMAIL PROTECTED]
> Fon: +49 69 27235 0
> Fax: +49 69 27235 235
> 
> 
> 
> Jan-Ahrent
> CzmokAn: Joao Luis Silva Damas
> <[EMAIL PROTECTED]>
>  [EMAIL PROTECTED], [EMAIL PROTECTED],
> net> [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED],
> Gesendet von:[EMAIL PROTECTED],
> [EMAIL PROTECTED]
> owner-lir-wg@Thema:  Re: KPNQwest ns.eu.net
> server.
> ripe.net
> 
> 
> 06.06.2002
> 01:29
> 
> 
> 
> 
> 
> 
> PostedDate: 06.06.2002 01:29:37
> $MessageID: <[EMAIL PROTECTED]>
> From: [EMAIL PROTECTED]
> SendTo: Joao Luis Silva Damas <[EMAIL PROTECTED]>
> CopyTo:
> [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams-
> ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED]
> 
> Subject: Re: KPNQwest ns.eu.net server.
> Received: from smtp.denic.de ([194.246.96.22])  by notes.denic.de
> (Lotus Domino Release 5.0.8)  with ESMTP id 2002060601283597:15602
> ;  Thu, 6 Jun 2002 01:28:35 +0200
> Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])  by
> smtp.denic.de with smtp  id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34
> +0200
> Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 -
> Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 -
> Delivered_To: [EMAIL PROTECTED]
> PRINCIPAL: Jan-Ahrent Czmok <[EMAIL PROTECTED]>
> In_Reply_To: 
> References: <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>   
> Organization: Global Access Telecommunications Inc.
> $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu)
> X_Ncc_RegID: de.gatel
> MIME_Version: 1.0
> Precedence: bulk
> X_Loop_Detect: RIPE NCC
> SMTPOriginator: [EMAIL PROTECTED]
> RouteServers: CN=notes/O=Denic
> RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38
> DeliveredDate: 06.06.2002 01:28:38
> DENICDOCOPENCOUNT: 1
> $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18,
> 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine
> Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002
> 09:32:28;MIME-CD complete at 06.06.2002 09:32:28
> BlindCopyTo:
> WebSubject: Re: KPNQwest ns.eu.net server.
> 
> 
> On Thu, 6 Jun 2002 01:08:46 +0200
> Joao Luis Silva Damas <[EMAIL PROTECTED]> wrote:
> 
> >
> > At 11:04 -0700 5/6/02, Randy Bush wrote:
> > >  > Given the current situation of KPNQwest and the possibility
> > >>  of its services going offline sometime soon, the RIPE NCC in
> > >>  agreement with KPNQwest will be temporally hosting this
> > >>  server (ns.eu.net) in its premises.
> > >
> > >nice emergency hack and sorry to whine.  but i used them both
> > >to get diversity.
>

RE: Re: KPNQwest ns.eu.net server.

[Daniska Tomas]

how would you guarantee connectivity?

should each isp present should provide bandwidth as part of collocation expenses?
should the opexes be included in the colo bill?

and then - this would probably make the colo becoming a connectivity provider, 
wouldn't it?

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.



> -Original Message-
> From: Nipper, Arnold [mailto:[EMAIL PROTECTED]] 
> Sent: 6. júna 2002 16:07
> To: Jan-Ahrent Czmok; Sabine Dolderer/Denic
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Re: KPNQwest ns.eu.net server.
> 
> 
> 
> As a lot of people are offering secondary services: may be 
> it's a good idea
> to place infrastructural services at IXP. IXP seem to be more 
> stable than
> any ISPs and often more neutral than ISPs.
> 
> Comments?
> 
> 
> Arnold
> --
> Arnold Nipper, DE-CIX, the German Internet Exchange
> email: [EMAIL PROTECTED]
> mobile: +49 172 2650958
> handle: an6695-ripe
> 
> 
> - Original Message -
> From: "Sabine Dolderer/Denic" <[EMAIL PROTECTED]>
> To: "Jan-Ahrent Czmok" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; 
> <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; 
> <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, June 06, 2002 9:43 AM
> Subject: Re: Re: KPNQwest ns.eu.net server.
> 
> 
> 
> Hello,
> 
> DENIC runs currently several secondarys (not only DE but also for some
> other TLDs) in different places worldwide. We are willing to offer
> secondary service for other ccTLDs. But there will be because of
> security/stability reasons a limit on the number of ccTLDs we 
> want to run
> on a single machine.
> 
> Sabine
> 
> --
> Sabine  Dolderer
> DENIC eG
> Wiesenhüttenplatz 26
> D-60329 Frankfurt
> 
> eMail: [EMAIL PROTECTED]
> Fon: +49 69 27235 0
> Fax: +49 69 27235 235
> 
> 
> 
> Jan-Ahrent
> CzmokAn: Joao Luis Silva Damas
> <[EMAIL PROTECTED]>
>  [EMAIL PROTECTED], [EMAIL PROTECTED],
> net> [EMAIL PROTECTED], 
> [EMAIL PROTECTED],
> [EMAIL PROTECTED],
> Gesendet von:[EMAIL PROTECTED],
> [EMAIL PROTECTED]
> owner-lir-wg@Thema:  Re: KPNQwest 
> ns.eu.net
> server.
> ripe.net
> 
> 
> 06.06.2002
> 01:29
> 
> 
> 
> 
> 
> 
> PostedDate: 06.06.2002 01:29:37
> $MessageID: <[EMAIL PROTECTED]>
> From: [EMAIL PROTECTED]
> SendTo: Joao Luis Silva Damas <[EMAIL PROTECTED]>
> CopyTo:
> [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED]
> et;tech-l@ams-
> ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];apnic-talk@lists.
> apnic.net
> 
> Subject: Re: KPNQwest ns.eu.net server.
> Received: from smtp.denic.de ([194.246.96.22])  by 
> notes.denic.de
> (Lotus Domino Release 5.0.8)  with ESMTP id 
> 2002060601283597:15602
> ;  Thu, 6 Jun 2002 01:28:35 +0200
> Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])  by
> smtp.denic.de with smtp  id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34
> +0200
> Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 -
> Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 -
> Delivered_To: [EMAIL PROTECTED]
> PRINCIPAL: Jan-Ahrent Czmok <[EMAIL PROTECTED]>
> In_Reply_To: 
> References: <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>   
> 
> Organization: Global Access Telecommunications Inc.
> $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; 
> i386-debian-linux-gnu)
> X_Ncc_RegID: de.gatel
> MIME_Version: 1.0
> Precedence: bulk
> X_Loop_Detect: RIPE NCC
> SMTPOriginator: [EMAIL PROTECTED]
> RouteServers: CN=notes/O=Denic
> RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38
> DeliveredDate: 06.06.2002 01:28:38
> DENICDOCOPENCOUNT: 1
> $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 
> 5.0.8 |June 18,
> 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine
> Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002
> 09:32:28;MIME-CD complete at 06.06.2002 09:32:28
> BlindCopyTo:
> WebSubject: Re: KPNQwest ns.eu.net server.
> 
> 
> On Thu, 6 Jun 2002 01:08:46 +0200
> Joao Luis Silva Damas <[EMAIL PROTECTED]> wrote:
> 
> >
> > At 11:04 -0700 5/6/02, Randy Bush wrote:
> > >  > Given the current situation of KPNQwest and the possibility
> > >>  of its services going offline sometime soon, the RIPE NCC in
> > >>  agreement with KPNQwest will be temporally hosting this
> > >>  server (ns.eu.net) in its premises.
> > >
> >

Re: Re: KPNQwest ns.eu.net server.

[Nipper, Arnold]

As a lot of people are offering secondary services: may be it's a good idea
to place infrastructural services at IXP. IXP seem to be more stable than
any ISPs and often more neutral than ISPs.

Comments?


Arnold
--
Arnold Nipper, DE-CIX, the German Internet Exchange
email: [EMAIL PROTECTED]
mobile: +49 172 2650958
handle: an6695-ripe


- Original Message -
From: "Sabine Dolderer/Denic" <[EMAIL PROTECTED]>
To: "Jan-Ahrent Czmok" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 06, 2002 9:43 AM
Subject: Re: Re: KPNQwest ns.eu.net server.



Hello,

DENIC runs currently several secondarys (not only DE but also for some
other TLDs) in different places worldwide. We are willing to offer
secondary service for other ccTLDs. But there will be because of
security/stability reasons a limit on the number of ccTLDs we want to run
on a single machine.

Sabine

--
Sabine  Dolderer
DENIC eG
Wiesenhüttenplatz 26
D-60329 Frankfurt

eMail: [EMAIL PROTECTED]
Fon: +49 69 27235 0
Fax: +49 69 27235 235



Jan-Ahrent
CzmokAn: Joao Luis Silva Damas
<[EMAIL PROTECTED]>
 [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED],
Gesendet von:[EMAIL PROTECTED],
[EMAIL PROTECTED]
owner-lir-wg@Thema:  Re: KPNQwest ns.eu.net
server.
ripe.net


06.06.2002
01:29






PostedDate: 06.06.2002 01:29:37
$MessageID: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
SendTo: Joao Luis Silva Damas <[EMAIL PROTECTED]>
CopyTo:
[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams-
ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED]

Subject: Re: KPNQwest ns.eu.net server.
Received: from smtp.denic.de ([194.246.96.22])  by notes.denic.de
(Lotus Domino Release 5.0.8)  with ESMTP id 2002060601283597:15602
;  Thu, 6 Jun 2002 01:28:35 +0200
Received: from postman.ripe.net (postman.ripe.net [193.0.0.199])  by
smtp.denic.de with smtp  id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34
+0200
Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 -
Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 -
Delivered_To: [EMAIL PROTECTED]
PRINCIPAL: Jan-Ahrent Czmok <[EMAIL PROTECTED]>
In_Reply_To: 
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>   
Organization: Global Access Telecommunications Inc.
$Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu)
X_Ncc_RegID: de.gatel
MIME_Version: 1.0
Precedence: bulk
X_Loop_Detect: RIPE NCC
SMTPOriginator: [EMAIL PROTECTED]
RouteServers: CN=notes/O=Denic
RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38
DeliveredDate: 06.06.2002 01:28:38
DENICDOCOPENCOUNT: 1
$MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18,
2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine
Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002
09:32:28;MIME-CD complete at 06.06.2002 09:32:28
BlindCopyTo:
WebSubject: Re: KPNQwest ns.eu.net server.


On Thu, 6 Jun 2002 01:08:46 +0200
Joao Luis Silva Damas <[EMAIL PROTECTED]> wrote:

>
> At 11:04 -0700 5/6/02, Randy Bush wrote:
> >  > Given the current situation of KPNQwest and the possibility
> >>  of its services going offline sometime soon, the RIPE NCC in
> >>  agreement with KPNQwest will be temporally hosting this
> >>  server (ns.eu.net) in its premises.
> >
> >nice emergency hack and sorry to whine.  but i used them both
> >to get diversity.
>
> Hi Randy,
>
> there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both
> secondary. So we will definitely request those ccTLDs to look for a
> new host as soon as possible.

Hi Randy, hi Joao, dear routing-wg,

probably my Company (GATEL, AS13129) is able to host a secondary
server for the ccTLDs.

The question is rather what are the hardware "requirements" for the
secondary
server.

We have sufficient bandwidth capacity available and rack space as well.

> The rest can take bit more time to think what they want to do since
> ns.eu.net will keep running.

Well done ! Congrats for the good ideas and coordination work.

>
> We are offering secondary service on ns.ripe.net for any ccTLD that
> we weren't sencodaring for, as are other people.
>
> The idea is not to have ns.eu.net running for ever, just to enable
> people to have time to take rational decisions, without the fear of
> having the server going away because of some unexpected turn of
> events.
>
> >
> >when in less of a panic, please move it to moscow or something.
>
> Panic? what panic? this is just common sense
>

right. it's not panic.

--jan

--
 Jan Ahrent Czmok - Sen

Re: Diagnostic Tools

[David A. Snodgrass]

Well, i dunno about everyone else, but i start screaming when my ICQ flower
turns orange and starts spinning.


- Original Message - 
From: "Pawlukiewicz Jane" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 06, 2002 9:50 AM
Subject: Diagnostic Tools


> Hi,
> 
> I'm new here but I already have a quick question.
> 
> What are the best diagnostic tools available to network operators today?
> 
> Thanks for any info,
> 
> Jane

RE: KPNQwest ns.eu.net server.

[Neil J. McRae]

I suggest that if the RIPE need another provider that they
take time and issue a proper RFI/P/Q through the European
Journal. It does ask an interesting question over disaster
recovery in situations like this.

Regards,
Neil.
--
Neil J. McRae - COLT 
[EMAIL PROTECTED] 

Diagnostic Tools

[Pawlukiewicz Jane]

Hi,

I'm new here but I already have a quick question.

What are the best diagnostic tools available to network operators today?

Thanks for any info,

Jane

begin:vcard 
n:Pawlukiewicz;Jane
tel;cell:703 517-2591
tel;fax:703 289-5814
tel;work:703 289-5307
x-mozilla-html:FALSE
org:Booz Allen Hamilton;Visit us on the Internet: http://boozallen.com";>BoozOnline 
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Senior Consultant
fn:Jane Pawlukiewicz
end:vcard

Re: Clarification needed on ATM

[Anthony D Cennami]

You are only nailing the PVP/PVC to your physical port.  The provider 
almost certainly has sPVP/C's to route througout their actual ATM 
backbone, each of those routes with a destination NSAP of your ATM port 
(the port that terminates your physical link)

I'm not sure how this raises any security issue since any traffic that 
you feel should remain secure must be encrypted long before it reaches 
your carriers transit backbone.

Were these statically mapped (which I might add would be a horrific job 
for the network engineers and admins at a carrier) then one link failing 
in between any of your facilities would cause the entire PVP/C to 
collapse.  sPVP/C's on NNI links are very common and 
beneficial/necessary to continuity on an ATM network.





Rich Sena wrote:
> OK - sorry if this is elementary - however I am dealing with a challenge
> to the security of some ATM links that we have connecting remote
> facilities to a main campus.  The connections are all PVPs with individual
> PVCs defined point to point.  The concern that is being raised is that
> although these connections appear point-to-point PVCs to the router
> interfaces at our sites and our main campus - they are more than likely
> switched SVCs on the provider backbone...
> 
> I had thought that a PVC was a nailed up connection between vpi-vci pairs
> throughout the provider ATM network - is that an incorrect assumption? And
> if so is the scenario that was raised possible/probable and a concern?
> 
> Thanks for any info kids...
> 

Niagara Falls cheapie trip

[Simon Lockhart]

All,

For those of you going to NANOG25, I'm planning on driving up from
the hotel to Niagara Falls for a bit of a tourist on Saturday. A few
people have expressed an interest in doing likewise. In the interests
of doing a bit of co-ordination, can I suggest we meet at 10am in
the hotel foyer, and head off from there.

If people want to email me privately, I'll collect a list of who
has got cars and who needs a lift, but I can't help resolve mismatch
of numbers!

Simon
-- 
Simon Lockhart   |   Tel: +44 (0)1737 839676 
Internet Engineering Manager |   Fax: +44 (0)1737 839516 
BBC Internet Services| Email: [EMAIL PROTECTED] 
Kingswood Warren,Tadworth,Surrey,UK  |   URL: http://support.bbc.co.uk/

Re: KPNQwest ns.eu.net server.

[Jesper Skriver]

On Wed, Jun 05, 2002 at 07:25:47PM +0200, Daniel Diaz wrote:

> Dear all,
>
>
> Given the current situation of KPNQwest and the possibility of its
> services going offline sometime soon, the RIPE NCC in agreement with
> KPNQwest will be temporally hosting this server (ns.eu.net) in its
> premises.
>
> This is to avoid major problems in the Internet as this server is
> secondary for a large number of ccTLD's zones, and thousand other
> zones.
>
> We (AS) will be soon announcing the 192.16.202.0/24 prefix.

TDC is currently secondary for the dk TLD, if any other TLD need a
secondary, please contact [EMAIL PROTECTED] and/or [EMAIL PROTECTED]

best regards
/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:Network manager   @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

Re: KPNQwest ns.eu.net server.

[Daniel Concepcion]

Hi People,

Here from Intelideas (AS12359)  we are ready for hosting ccTLDs in our 
network. We are present in Espanix, Linx, Catnix and diverse upstreams.

Our contact data: 
DNS: [EMAIL PROTECTED] 
DNS Master: Enrique Iglesias Rodriguez. (+34 917882517)

regards,
Daniel
Intelideas



On Thursday 06 June 2002 01:08, Joao Luis Silva Damas wrote:
> At 11:04 -0700 5/6/02, Randy Bush wrote:
> >  > Given the current situation of KPNQwest and the possibility
> >>
> >>  of its services going offline sometime soon, the RIPE NCC in
> >>  agreement with KPNQwest will be temporally hosting this
> >>  server (ns.eu.net) in its premises.
> >
> >nice emergency hack and sorry to whine.  but i used them both
> >to get diversity.
>
> Hi Randy,
>
> there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both
> secondary. So we will definitely request those ccTLDs to look for a
> new host as soon as possible.
> The rest can take bit more time to think what they want to do since
> ns.eu.net will keep running.
>
> We are offering secondary service on ns.ripe.net for any ccTLD that
> we weren't sencodaring for, as are other people.
>
> The idea is not to have ns.eu.net running for ever, just to enable
> people to have time to take rational decisions, without the fear of
> having the server going away because of some unexpected turn of
> events.
>
> >when in less of a panic, please move it to moscow or something.
>
> Panic? what panic? this is just common sense
>
> Joao
>
> >randy