Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]
Hi, Stuart. ] So you believe that the edges of the net are smaller, bandwidth-wise, ] than the core? This was certainly the case in my previous life at a large hosting provider. We had GigE LANs, used providers with OC192 backbones, but had only OC3 to OC12 links to our providers. Like most edge networks, we had CIRs on those uplinks that were considerably lower than the pipe size. A full OC12 turned out, at the time, to be darn expensive. :) Our choke points were always our peering or transit links. This was the case for our (large) enterprise customers as well. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
Re: 68.0.0.0/7 from 3303
On Tue, 25 Nov 2003, Michael Whisenant wrote: Well looks like that have more BOGON problems. They are sending 128.161.0.0/3. These guys love claiming default gateway traffic? 168.0.0.0/6 194.85.4.249 0 3277 13062 20485 8437 3303 i 160.0.0.0/5 194.85.4.249 0 3277 13062 20485 8437 3303 i 82.0.0.0 194.85.4.249 0 3277 13062 20485 8437 3303 i * 63.0.0.0 194.85.4.249 0 3277 13062 20485 8437 3303 i * 64.0.0.0/6 194.85.4.249 0 3277 13062 20485 8437 3303 i * 68.0.0.0/7 194.85.4.249 0 3277 13062 20485 8437 3303 i * 80.0.0.0/7 194.85.4.249 0 3277 13062 20485 8437 3303 i Well, they sure want all of the traffic that is out there. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: 68.0.0.0/7 from 3303
On Tue, Nov 25, 2003 at 08:13:49AM +0100, Mikael Abrahamsson wrote: On Tue, 25 Nov 2003, Michael Whisenant wrote: Well looks like that have more BOGON problems. They are sending 128.161.0.0/3. These guys love claiming default gateway traffic? 168.0.0.0/6 194.85.4.249 0 3277 13062 20485 8437 3303 i Keep in mind both that there is no normalized view presented to route-views (0/0 is seen at times) and that looking at only one POV will always bite you. None of those paths are visible from 3303 directly, nor are visible in a quick survey of a small handful or live-table BGP views. While the as-path is interesting and doesn't directly correspond to a n obvious relationship, this looks more like some entity in the path or at 3277 either representing 0/0 or [more likely] taking a bogon feed and regurgitating it. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
Re: Anit-Virus help for all of us??????
The average user will say OOH! SHINY!! [clicky-click] when offered content promising either dancing hampsters or pop stars wearing less clothing than appropriate. Any security model that doesn't allow for this is doomed to failure. Introducing Telecomplete Security service, with antivirus, stateful content based inspection firewall, and Hamster Protection (TM) :)
Re: Anit-Virus help for all of us??????
On 24.11 18:20, William Allen Simpson wrote: Brian Bruns wrote: One thing that many people don't realize (from my personal experience) is that contrary to popular belief, Win98SE is a good all around desktop OS to use. It can run most things like productivity apps and games, and with 128-256MB of RAM, its quite fast even on an old laptop like mine. Unlike XP, it doesn't have a million services running, nor does it have the nasty UPnP stuff from WinME. I agree wholeheartedly. if haveto(M$) use(W98SE); I recommend that at home to all local primary schools. They often do not have the latest hardware but some of them even run it on the latest hardware now. This and frequent reloads of standard clean disk images tends to keep things clean and operational. The image loads from a *nix server are routinely done by 10-year-olds. Unfortunately this is not a really long term strategy. I expect apps that are essential to the schools but do not run on W98SE in the not-too-distant future. I guess they will have to find loads of money and buy macs then. ;-) Daniel
Re: looking for a review of traffic shapers
A resume of some of the answers I have received: What's missing from (at least some) current traffic shaping appliances http://darkwing.uoregon.edu/~joe/what-shapers-need.pdf Ten Odd Strategies for Picking Numerical Values for Your Traffic Shaper http://darkwing.uoregon.edu/~joe/picking-a-shaper-policy.pdf The Case for Traffic Shaping at Internet2 Schools http://darkwing.uoregon.edu/~joe/i2-traffic-shaping.ppt Bandwidth Management Strategies and Methodologies http://rdweb.cns.vt.edu/~cgaylord/talks/20020507-i2bandwidth.pdf Bandwidth Managers: Going With The Flow http://www.bcr.com/bcrmag/2003/04/p32.asp Reviewing Packet Shaping Products http://www.net.cmu.edu/docs/arch/qospe-pre.html Succesful Bandwidth Management at Crnegie Mellon http://www.net.cmu.edu/pres/jt0803/ Bandwidth Management Technologies http://www.etinc.com/index.php?page=bwcompare.htm Thanks everyone. -W On Mon, 2003-11-24 at 17:36, William Caban wrote: I'm looking for a review/report on traffic/packet shapers products with a side-by-side comparison. Did any one has a clue where I can find one such report? Thanks, -W -- William Caban [EMAIL PROTECTED]
Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]
On Tue, 25 Nov 2003, Rob Thomas wrote: Our choke points were always our peering or transit links. This was the case for our (large) enterprise customers as well. Some people refer to it as the hourglass effect, but it has more than one bump. Generally only the smallest bottleneck controls the congestion. But worms and DDOS (but not DOS) violate some of the assumptions. lower bandwidthhigher bandwidth Local Area Network (LAN) Campus Area Network Customer to ISP uplink ISP POP to Backbone ISP Intra-Backbone ISP to ISP transit/peer (same continent) Intercontinental circuits Of course, there are some exceptions like a customer with an OC192 uplink or an ISP running a web hosting center on a ISDN link.
Re: Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]
Hi, Sean. ] lower bandwidthhigher bandwidth Great ASCII chart. :) ] Of course, there are some exceptions like a customer with an OC192 uplink ] or an ISP running a web hosting center on a ISDN link. Another bit to consider is address space. Code Red discovered a lot of folks with very small pipes (circa T1) and very large netblocks (circa /16). These folks paid a heavy price when hit with the scan all IPs in the netblock worms. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
RE: Anit-Virus help for all of us??????
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Karrenberg Sent: November 25, 2003 3:42 AM To: William Allen Simpson Cc: [EMAIL PROTECTED] Subject: Re: Anit-Virus help for all of us?? On 24.11 18:20, William Allen Simpson wrote: Brian Bruns wrote: One thing that many people don't realize (from my personal experience) is that contrary to popular belief, Win98SE is a good all around desktop OS to use. It can run most things like productivity apps and games, and with 128-256MB of RAM, its quite fast even on an old laptop like mine. Unlike XP, it doesn't have a million services running, nor does it have the nasty UPnP stuff from WinME. I agree wholeheartedly. if haveto(M$) use(W98SE); Have either of you actually followed this advice? Win98SE is totally useless as a desktop OS due to the archaic GDI/USER resource limits. When one average consumerish app (eg: a media player) eats up 10% of those resources, one window in an IM program eats up 2%, etc... it does not take much to bring down an entire system. Last time I was running Win98SE (which is about 3 years ago), it took about 20 minutes after booting while running boring normal apps to get to a dangerously low resource level (30%ish free). That machine got totally unstable needing a reboot after about 3 days. On the same hardware (with additional RAM), Win2K could easily run 3-4 weeks and run any app I wanted just fine. So, some people might say I'm a power user, but the average users I know these days tend to multitask at least a web browser, an IM client with a couple open windows, some bloated media player, perhaps a P2P app, and some office app. This is already stretching Win9X to its limits, and I would expect it to be worse (code just gets sloppier...) than it was three years ago... No wonder people think Windows is unreliable. 98SE may be preferable from a security-from-external-threats POV, yes, but for any type of real use, it's useless. Not to mention the other quirks, like needing to reboot to change network settings, the lack of any local security (or even attempt at local security), etc. I'll take rebooting every week or two for the latest XP security patch any day over rebooting every day or two because Win98SE is an unreliable piece of poorly designed legacy junk. The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the modern world: 1) People who use their computers as game-only machines (or who dual boot a real OS for non-game purposes) 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS reliably. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: Anit-Virus help for all of us??????
- Original Message - From: Vivien M. [EMAIL PROTECTED] To: 'Daniel Karrenberg' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 9:39 AM Subject: RE: Anit-Virus help for all of us?? Have either of you actually followed this advice? Win98SE is totally useless as a desktop OS due to the archaic GDI/USER resource limits. When one average consumerish app (eg: a media player) eats up 10% of those resources, one window in an IM program eats up 2%, etc... it does not take much to bring down an entire system. Last time I was running Win98SE (which is about 3 years ago), it took about 20 minutes after booting while running boring normal apps to get to a dangerously low resource level (30%ish free). That machine got totally unstable needing a reboot after about 3 days. On the same hardware (with additional RAM), Win2K could easily run 3-4 weeks and run any app I wanted just fine. So, some people might say I'm a power user, but the average users I know these days tend to multitask at least a web browser, an IM client with a couple open windows, some bloated media player, perhaps a P2P app, and some office app. This is already stretching Win9X to its limits, and I would expect it to be worse (code just gets sloppier...) than it was three years ago... Yes I do follow my own advice. Back from the days when I was an OEM, I still have a box full of win98SE cd packs/licenses for when I build people new machines. Its what I put on them standard unless you ask for Win2k or XP or NT4 (or any other OS for that matter, ie Linux, BSD). I know full well about the resource limits. Its a PITA, but as long as you run a decent set of apps that don't suffer from resource leaks (Mozilla without a GDI patch does this for example) that eventually use up all GDI/USER memory, you'll be fine. I use Win98SE here all day with only one reboot needed most days, and I run WinAMP, Putty, K-Meleon, Outlook Express, Cygwin, mIRC, Xnews (which has a bad habit of crashing the whole system at times), as well as AIM, Miranda IM, SST, Yahoo Messenger, and various other tools. Thats all at once, multitasking. I know, I could reduce the clutter by letting Miranda IM do AIM and Yahoo, but thats not the point. :-) Many times, resource suckage comes from those ugly faceless background programs that run at startup. Kill as many icons as you can on the desktop and the task bar, and clean out your startup list, and you'll free up alot of GDI resources. No wonder people think Windows is unreliable. 98SE may be preferable from a security-from-external-threats POV, yes, but for any type of real use, it's useless. Not to mention the other quirks, like needing to reboot to change network settings, the lack of any local security (or even attempt at local security), etc. I'll take rebooting every week or two for the latest XP security patch any day over rebooting every day or two because Win98SE is an unreliable piece of poorly designed legacy junk. The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the modern world: 1) People who use their computers as game-only machines (or who dual boot a real OS for non-game purposes) 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS reliably. Lets not forget those people who just don't have the CPU power or memory to support 2k or XP. Just because something is new and 'improved' doesn't make it better. Yes, 9x has alot of legacy crap. Yes, 9x has various issues with resource usage. But sometimes, its just right. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
Re: Anit-Virus help for all of us??????
Vivien M. wrote: if haveto(M$) use(W98SE); Have either of you actually followed this advice? Yes. (30%ish free). That machine got totally unstable needing a reboot after about 3 days. On the same hardware (with additional RAM), Win2K could easily run 3-4 weeks and run any app I wanted just fine. ROFL. :-) My relatives run their machine(s) for a couple of hours and turn them off. My 3000+ customers are primarily dialup, and presumably turn them off, too. If they didn't, the Nachi infections would be much, much worse. No wonder people think Windows is unreliable. 98SE may be preferable from a security-from-external-threats POV, yes, but This thread primarily concerns security. ... I'll take rebooting every week or two for the latest XP security patch any day over rebooting every day or two because Win98SE is an unreliable piece of poorly designed legacy junk. All M$ software is an unreliable piece of poorly designed legacy junk. This is about which piece of junk to recommend to customers, that keeps support costs down, and Nachi et alia from showing up. The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the modern world: 1) People who use their computers as game-only machines (or who dual boot a real OS for non-game purposes) That's me, personally, for games that are not available for Macs -- after all, GreenDragon is a Mac game company! 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS reliably. Although we do run YellowDog Linux on old Mac hardware for much of our server needs, the security monitors and such run NetBSD or OpenBSD. Just had a Linux nameserver hacked the other day I have horrible, horrible, support experiences with 2K and XP. Every customer that I know runs XP has been infected with one thing or another. In the case of 2 DSL customers in particular, they seem to be infected again a week or two later, even tho' they swear that they applied all the patches. This has been a major pain in support costs. My brothers both run XP for Civ3 PTW, and both crash within a half hour or so, while the W98 machines just keep running that program all day, leading me to host on much slower W98 machines -- contrary to the usual instructions. So, I can personally attest to actually WORKS reliably. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Re: Anit-Virus help for all of us??????
The minimalist approach has support advantages as well. Because of the small image size a reimage can be accomplished quickly. For better or worse many network tools/utilities only run under win[*] requiring a windows box for many of these Win98SE fits nicely. My app load is small i.e. browser, ssh client sftp client and the inevitable Office suite. We are primarily a [*}x house here but we do need windows at times. Scott C. McGrath On Tue, 25 Nov 2003, Brian Bruns wrote: - Original Message - From: Vivien M. [EMAIL PROTECTED] To: 'Daniel Karrenberg' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 9:39 AM Subject: RE: Anit-Virus help for all of us?? Have either of you actually followed this advice? Win98SE is totally useless as a desktop OS due to the archaic GDI/USER resource limits. When one average consumerish app (eg: a media player) eats up 10% of those resources, one window in an IM program eats up 2%, etc... it does not take much to bring down an entire system. Last time I was running Win98SE (which is about 3 years ago), it took about 20 minutes after booting while running boring normal apps to get to a dangerously low resource level (30%ish free). That machine got totally unstable needing a reboot after about 3 days. On the same hardware (with additional RAM), Win2K could easily run 3-4 weeks and run any app I wanted just fine. So, some people might say I'm a power user, but the average users I know these days tend to multitask at least a web browser, an IM client with a couple open windows, some bloated media player, perhaps a P2P app, and some office app. This is already stretching Win9X to its limits, and I would expect it to be worse (code just gets sloppier...) than it was three years ago... Yes I do follow my own advice. Back from the days when I was an OEM, I still have a box full of win98SE cd packs/licenses for when I build people new machines. Its what I put on them standard unless you ask for Win2k or XP or NT4 (or any other OS for that matter, ie Linux, BSD). I know full well about the resource limits. Its a PITA, but as long as you run a decent set of apps that don't suffer from resource leaks (Mozilla without a GDI patch does this for example) that eventually use up all GDI/USER memory, you'll be fine. I use Win98SE here all day with only one reboot needed most days, and I run WinAMP, Putty, K-Meleon, Outlook Express, Cygwin, mIRC, Xnews (which has a bad habit of crashing the whole system at times), as well as AIM, Miranda IM, SST, Yahoo Messenger, and various other tools. Thats all at once, multitasking. I know, I could reduce the clutter by letting Miranda IM do AIM and Yahoo, but thats not the point. :-) Many times, resource suckage comes from those ugly faceless background programs that run at startup. Kill as many icons as you can on the desktop and the task bar, and clean out your startup list, and you'll free up alot of GDI resources. No wonder people think Windows is unreliable. 98SE may be preferable from a security-from-external-threats POV, yes, but for any type of real use, it's useless. Not to mention the other quirks, like needing to reboot to change network settings, the lack of any local security (or even attempt at local security), etc. I'll take rebooting every week or two for the latest XP security patch any day over rebooting every day or two because Win98SE is an unreliable piece of poorly designed legacy junk. The way I see it, there are two uses for 98SE (or 95, 98, Me, etc) in the modern world: 1) People who use their computers as game-only machines (or who dual boot a real OS for non-game purposes) 2) Advertising for $OTHER_OS, where $OTHER_OS can be Win2K, XP, or your favourite Linux distro with KDE, GNOME, etc. Anything that actually WORKS reliably. Lets not forget those people who just don't have the CPU power or memory to support 2k or XP. Just because something is new and 'improved' doesn't make it better. Yes, 9x has alot of legacy crap. Yes, 9x has various issues with resource usage. But sometimes, its just right. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
Happy Holidays - Id-al-Fitr / Ramadan Mubarak - Iyi Bayramlar
!EID / RAMADAN / ID-AL-FITR MUBARAK / Ramazan Bayraminiz Mubarek Olsun I wish happy and peaceful holidays to the NANOG'ers either they participate Islam as their religious or other religiouses. In fact this is a muslim holiday (for those who don't know.) Hope the world will be more peaceful in the further days, months, years. (Basic information for those who don't know what ramadan is. and information about the holiday Muslims celebrate today) What is Ramadan? Ramadan is the ninth month of the Muslim calendar. The Month of Ramadan is also when it is believed the Holy Quran was sent down from heaven, a guidance unto men, a declaration of direction, and a means of Salvation It is during this month that Muslims fast. It is called the Fast of Ramadan and lasts the entire month. Ramadan is a time when Muslims concentrate on their faith and spend less time on the concerns of their everyday lives. It is a time of worship and contemplation During the Fast of Ramadan strict restraints are placed on the daily lives of Muslims. They are not allowed to eat or drink during the daylight hours. Smoking and sexual relations are also forbidden during fasting. At the end of the day the fast is broken with prayer and a meal called the iftar. In the evening following the iftar it is customary for Muslims to go out visiting family and friends. The fast is resumed the next morning According to the Holy Quran: One may eat and drink at any time during the night until you can plainly distinguish a white thread from a black thread by the daylight: then keep the fast until night The good that is acquired through the fast can be destroyed by five things - the telling of a lie slander denouncing someone behind his back a false oath greed or covetousness These are considered offensive at all times, but are most offensive during the Fast of Ramadan During Ramadan, it is common for Muslims to go to the Masjid (Mosque) and spend several hours praying and studying the Quran. In addition to the five daily prayers, during Ramadan Muslims recite a special prayer called the Taraweeh prayer (Night Prayer). The length of this prayer is usually 2-3 times as long as the daily prayers. Some Muslims spend the entire night in prayer On the evening of the 27th day of the month, Muslims celebrate the Laylat-al-Qadr (the Night of Power). It is believed that on this night Muhammad first received the revelation of the Holy Quran. And according to the Quran, this is when God determines the course of the world for the following year When the fast ends (the first day of the month of Shawwal) it is celebrated for three days in a holiday called Id-al-Fitr (the Feast of Fast Breaking). Gifts are exchanged. Friends and family gather to pray in congregation and for large meals. In some cities fairs are held to celebrate the end of the Fast of Ramadan. (that's what is today) Mehmet Akcin Netpresence Inc.
TAT 14 failure
The northern leg of TAT14 seems to have just taken an outage about an hour ago. As the southern leg was already down due to other faults, this will probably be an exciting time for many providers.
RE: Anit-Virus help for all of us??????
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Bruns Sent: November 25, 2003 10:21 AM To: Vivien M.; 'Daniel Karrenberg' Cc: [EMAIL PROTECTED] Subject: Re: Anit-Virus help for all of us?? I know full well about the resource limits. Its a PITA, but as long as you run a decent set of apps that don't suffer from resource leaks (Mozilla without a GDI patch does this for example) that eventually use up all GDI/USER memory, you'll be fine. I use Win98SE here all day with only one reboot needed most days, and I run WinAMP, Putty, K-Meleon, Outlook Express, Cygwin, mIRC, Xnews (which has a bad habit of crashing the whole system at times), as well as AIM, Miranda IM, SST, Yahoo Messenger, and various other tools. Thats all at once, multitasking. I know, I could reduce the clutter by letting Miranda IM do AIM and Yahoo, but thats not the point. :-) Many times, resource suckage comes from those ugly faceless background programs that run at startup. Kill as many icons as you can on the desktop and the task bar, and clean out your startup list, and you'll free up alot of GDI resources. You've just conceded that you reboot every day, and honestly, to do what do with Win98 SE, that's what's required. You've also conceded that how you use your system is chosen based around those resource limitations: if $BROWSER_1 uses less resources than $BROWSER_2, that's what you'll use. If Win98 SE was the only game in town, well, you could do that and curse Redmond every time you reboot. However, it is NOT the only game in town. A reasonable OS (Win2K/XP, Linux, etc) will let you run all the things you're running, and will stay up for weeks unless your hardware really sucks. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Re: Anit-Virus help for all of us??????
On 24 Nov, 2003, at 21:20, Gerardo Gregory wrote: [NAT and PAT] is not a security feature, neither does it provide any real security, just ... translations. You can't curse it if you don't know its name -- Len Bosack on this issue, Reykjavik, March 2003. Just cause your broadband router (ahem, switch) vendor states that NAT (in reality PAT) as one of their security 'knobs' does not make it in any way a security feature when implemented. Oh drat. So much for Len. Sean.
Re: Anit-Virus help for all of us??????
Having sat up until the wee hours of the AM last night cleaning up virus traffic on one of my private nets (an inhouse private net at that) i was giving this some thought. It seems that as with all things, knowledge is power. While all of the machines on the floor where the net op's team lives where fine (mostly windows), the entire call center was infected (entirely windows). When i went downstairs and spoke with them i was suprised (ok not really) to find that none of them knew how to run windows update or had ever heard of the xp firewall feature. They are in the process of being jailed behind thier own nat with heavy ACL's. It's something of a difficult spot. Modern society does not hand out cars to every Tom that can afford one. They make you pass a test and obtain a license first. Why? Because if you don't know what your doing and understand some basic safety procedures, you are a danger to other people. But any Joe with $400 can get on the internet and cause havok. Now understand me here, I'm not trying to start a we should license internet users war here. That would be silly. The trick here lies in this: the gvmt (im speaking of US roadways here) has something to the effect of a monopoly on roads. Don't want to get thier lisence? Don't drive on thier roads.. The internet doesn't have that simplicity. So the question is: how to convince the users that there are things they really should know and practice in the interest of everyone's safety? Unfortunatly like everyone else, I don't have the answer. Just another way of looking at it. I have learned however that trying to fix a behavioral problem with technology generally doesn't work. Untill the users in general get a little smarter about thier new toy, things won't get much better. That said someone made an interesting comment pertaining to whom it was that was selling the vulnerable machines. While not particularly usefull for much, it might be amusing to get some nice granular data on infected hosts brandnames. Be entertaining to see who's default config is the least virus prone. Anyway. Just a thought i had been muddling with hehe. Sorry to clutter the list with it. If anyone wants to chat about it drop me a line off list. Er... two or three obvious reasons - there might be more. # Users not updating their virus / firewall definitions, not paying for new definitions after their year of free definitions is done. # Users leaving open windows shares, clicking on random windows attachments etc # Viruses keeping one step ahead of antivirus vendors Ryan Dobrynski Hat-Swapping Gnome Choice Communications Like the ski resort of girls looking for husbands and husbands looking for girls, the situation is not as symmetrical as it might seem.
RE: Anit-Virus help for all of us??????
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Dobrynski Sent: November 25, 2003 12:21 PM To: [EMAIL PROTECTED] Subject: Re: Anit-Virus help for all of us?? like everyone else, I don't have the answer. Just another way of looking at it. I have learned however that trying to fix a behavioral problem with technology generally doesn't work. Untill the users in general get a little smarter about thier new toy, things won't get much better. No, the solution seems to me to increase the liability involved. If a couple of people who neglected to take care of their computers got hauled into court and made to pay a fine and/or spend a few weeks in a jail cell, and if the mainstream media got to watch (and didn't take a those poor people stance that makes the whole initiative look bad), things would change. Fact is, if I don't properly maintain my brakes on my car and I crash into something/someone, there will be legal consequences enforced with the full coercive power of the government. If I don't properly maintain my computer and as a result, it harms someone else (eg: by allowing others to use it for DDoSing that other person's network), there should also be serious legal consequences. And just like saying Oh, I didn't know brakes weren't supposed to last for 15km wouldn't be an acceptable excuse for my poorly-maintained car harming others, neither should I didn't know that computers needed security regular updates be an excuse for me to have a virus/trojan/etc-infected computer that harms others. Yes, this is a political solution, but this is a political and social (and economic, to a lesser extent) problem, not a technological one. When technology has the potential to cause harm, it (except for computer technology) is regulated to limit the amount of harm that is done. Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
Open source traffic shaper experiences? (was Re: looking for a review of traffic shapers)
Note: delurk. Some of the commercial traffic shaping devices reviewed here are tens of thousands of dollars. For a smaller ISP (i.e. less than a DS3 of aggregate upstream bandwidth), that kind of expense doesn't make sense-- but the need to control bandwidth consumption is still an issue. For example, I work at an ISP in Central America where bandwidth costs are quite high. A 2Mbps dedicated link typically sells for over $4,000 per month. One can imagine how important it is to be able to throttle the top P2P talkers in this kind of environment. Is anyone on the NANOG list aware of a disk-less Linux solution? One might imagine a Knoppix-like bootable CD image (perhaps CD-RW, so config files could be updated) that would turn an inexpensive Linux box into an effective traffic shaping device, using tools like CBQinit, MRTG/RRDTOOL, and a Webmin-like admin interface. The closest thing to this I've seen is ETINC's BWMGR, but that's a closed-source solution and is still somewhat expensive. -Andrew White On Tue, 25 Nov 2003, William Caban wrote: A resume of some of the answers I have received: What's missing from (at least some) current traffic shaping appliances http://darkwing.uoregon.edu/~joe/what-shapers-need.pdf Ten Odd Strategies for Picking Numerical Values for Your Traffic Shaper http://darkwing.uoregon.edu/~joe/picking-a-shaper-policy.pdf The Case for Traffic Shaping at Internet2 Schools http://darkwing.uoregon.edu/~joe/i2-traffic-shaping.ppt Bandwidth Management Strategies and Methodologies http://rdweb.cns.vt.edu/~cgaylord/talks/20020507-i2bandwidth.pdf Bandwidth Managers: Going With The Flow http://www.bcr.com/bcrmag/2003/04/p32.asp Reviewing Packet Shaping Products http://www.net.cmu.edu/docs/arch/qospe-pre.html Succesful Bandwidth Management at Crnegie Mellon http://www.net.cmu.edu/pres/jt0803/ Bandwidth Management Technologies http://www.etinc.com/index.php?page=bwcompare.htm Thanks everyone. -W On Mon, 2003-11-24 at 17:36, William Caban wrote: I'm looking for a review/report on traffic/packet shapers products with a side-by-side comparison. Did any one has a clue where I can find one such report? Thanks, -W
Re: Open source traffic shaper experiences? (was Re: looking for a review of traffic shapers)
On Tue, Nov 25, 2003 at 11:38:01AM -0600, [EMAIL PROTECTED] wrote: Note: delurk. Some of the commercial traffic shaping devices reviewed here are tens of thousands of dollars. For a smaller ISP (i.e. less than a DS3 of aggregate upstream bandwidth), that kind of expense doesn't make sense-- but the need to control bandwidth consumption is still an issue. Is anyone on the NANOG list aware of a disk-less Linux solution? One might imagine a Knoppix-like bootable CD image (perhaps CD-RW, so config files could be updated) that would turn an inexpensive Linux box into an effective traffic shaping device, using tools like CBQinit, MRTG/RRDTOOL, and a Webmin-like admin interface. The closest thing to this I've seen is ETINC's BWMGR, but that's a closed-source solution and is still somewhat expensive. http://www.bandwidtharbitrator.com/ perhaps? The full version is inexpensive, the non-GUI version is freely available. Cheers, Steve
Re: Open source traffic shaper experiences? (was Re: looking for a review of traffic shapers)
On Tue, 2003-11-25 at 12:38, [EMAIL PROTECTED] wrote: Is anyone on the NANOG list aware of a disk-less Linux solution? One might imagine a Knoppix-like bootable CD image (perhaps CD-RW, so config files could be updated) that would turn an inexpensive Linux box into an effective traffic shaping device Sounds like you are looking for LART: http://www.lartc.org/ I would expect you could setup your own CD image if that is part of your need. HTH, C
RE: Anit-Virus help for all of us??????
I would hate to blame the users here. In most organizations it is the role of the IT Dept to manage the workstations and not end users. Severely restricting users privileges is often a good thing, at least from the perspective of being able to control what gets installed on the machines in question. Having consistent hardware and software images also helps (where rooted boxes are quickly re-imaged), as well as having a good distributed anti-virus solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Dobrynski Sent: Tuesday, November 25, 2003 12:21 PM To: [EMAIL PROTECTED] Subject: Re: Anit-Virus help for all of us?? Having sat up until the wee hours of the AM last night cleaning up virus traffic on one of my private nets (an inhouse private net at that) i was giving this some thought. It seems that as with all things, knowledge is power. While all of the machines on the floor where the net op's team lives where fine (mostly windows), the entire call center was infected (entirely windows). When i went downstairs and spoke with them i was suprised (ok not really) to find that none of them knew how to run windows update or had ever heard of the xp firewall feature.
Re: TAT 14 failure
Anyone have additional info regarding this outage? Links? Besides tat-14.com - it seems to be down or just flooded with requests. -Jack --- [EMAIL PROTECTED] wrote: The northern leg of TAT14 seems to have just taken an outage about an hour ago. As the southern leg was already down due to other faults, this will probably be an exciting time for many providers.
Re: TAT 14 failure
This is a basic map of the fiber path for those that haven't found one yet. http://www.kddiscs.co.jp/e/business/02_15.html - jared On Tue, Nov 25, 2003 at 10:32:16AM -0800, Jack McCarthy wrote: Anyone have additional info regarding this outage? Links? Besides tat-14.com - it seems to be down or just flooded with requests. -Jack --- [EMAIL PROTECTED] wrote: The northern leg of TAT14 seems to have just taken an outage about an hour ago. As the southern leg was already down due to other faults, this will probably be an exciting time for many providers. -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: TAT 14 failure
I saw that link when I googled for TAT-14. I was looking more for a see, I told you so link that I can forward to management that provides proof that this is why our UK office is down...if you know what I mean. Here's an interesting explanation of undersea cabling: http://davidw.home.cern.ch/davidw/public/SubCables.html -Jack --- Jared Mauch [EMAIL PROTECTED] wrote: This is a basic map of the fiber path for those that haven't found one yet. http://www.kddiscs.co.jp/e/business/02_15.html - jared On Tue, Nov 25, 2003 at 10:32:16AM -0800, Jack McCarthy wrote: Anyone have additional info regarding this outage? Links? Besides tat-14.com - it seems to be down or just flooded with requests. -Jack --- [EMAIL PROTECTED] wrote: The northern leg of TAT14 seems to have just taken an outage about an hour ago. As the southern leg was already down due to other faults, this will probably be an exciting time for many providers. -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Anit-Virus help for all of us??????
On Tue, 25 Nov 2003 13:21:36 EST, Wojtek Zlobicki [EMAIL PROTECTED] said: I would hate to blame the users here. In most organizations it is the role of the IT Dept to manage the workstations and not end users. Remember that Joe Sixpack's IT Dept may not be available past 9:30PM because it's a school night Yes, in large organizations, it's the IT Dept's problem. However, I'm fairly sure that the vast majority of PC's are home/SOHO/small company boxes that don't have an IT Dept. I know for a fact that a music store I do a lot of business with had their computer (singular) set up by a college kid who got paid in guitar gear and then split town. It's worked for 4 years, and the store owner figures it will cost him another guitar to get it fixed if it ever breaks. :) pgp0.pgp Description: PGP signature
MPLS billing model
For those of you who sell MPLS VPNs, what components of the service do you charge for and how do you do the billing? E.g. per port + traffic, per site + traffic, etc. I am not interested in buying MPLS services just how the billing happens. Thanks! Dan
RE: MPLS billing model
I'd appreciate knowing this as well - thanks in advance Jim -Original Message- From: Dan Lockwood To: Nanog List (E-mail) Sent: 11/25/2003 2:04 PM Subject: MPLS billing model For those of you who sell MPLS VPNs, what components of the service do you charge for and how do you do the billing? E.g. per port + traffic, per site + traffic, etc. I am not interested in buying MPLS services just how the billing happens. Thanks! Dan
Activity logging archiving tool
In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010
Re: TAT 14 failure
In message [EMAIL PROTECTED], Jack McCarthy writes: I saw that link when I googled for TAT-14. I was looking more for a see, I told you so link that I can forward to management that provides proof that this is why our UK office is down...if you know what I mean. Here's an interesting explanation of undersea cabling: http://davidw.home.cern.ch/davidw/public/SubCables.html And don't forget Neal Stephenson's wonderful perspective on the subject in Wired: http://www.wired.com/wired/archive/4.12/ffglass.html --Steve Bellovin, http://www.research.att.com/~smb
Re: TAT 14 failure
clarifying the last post, seeing 100ms under the pond to our points of presence in bourne end and beeston (uk). thanks. I saw that link when I googled for TAT-14. I was looking more for a see, I told you so link that I can forward to management that provides proof that this is why our UK office is down...if you know what I mean. Here's an interesting explanation of undersea cabling: http://davidw.home.cern.ch/davidw/public/SubCables.html -Jack --- Jared Mauch [EMAIL PROTECTED] wrote: This is a basic map of the fiber path for those that haven't found one yet. http://www.kddiscs.co.jp/e/business/02_15.html - jared On Tue, Nov 25, 2003 at 10:32:16AM -0800, Jack McCarthy wrote: Anyone have additional info regarding this outage? Links? Besides tat-14.com - it seems to be down or just flooded with requests. -Jack --- [EMAIL PROTECTED] wrote: The northern leg of TAT14 seems to have just taken an outage about an hour ago. As the southern leg was already down due to other faults, this will probably be an exciting time for many providers. -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: TAT 14 failure
still seeing decent ping times. anyone detect an actual outage or issue? thanks. I saw that link when I googled for TAT-14. I was looking more for a see, I told you so link that I can forward to management that provides proof that this is why our UK office is down...if you know what I mean. Here's an interesting explanation of undersea cabling: http://davidw.home.cern.ch/davidw/public/SubCables.html -Jack --- Jared Mauch [EMAIL PROTECTED] wrote: This is a basic map of the fiber path for those that haven't found one yet. http://www.kddiscs.co.jp/e/business/02_15.html - jared On Tue, Nov 25, 2003 at 10:32:16AM -0800, Jack McCarthy wrote: Anyone have additional info regarding this outage? Links? Besides tat-14.com - it seems to be down or just flooded with requests. -Jack --- [EMAIL PROTECTED] wrote: The northern leg of TAT14 seems to have just taken an outage about an hour ago. As the southern leg was already down due to other faults, this will probably be an exciting time for many providers. -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Activity logging archiving tool
Priyantha writes on 11/25/2003 2:15 PM: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. Any help in this regard is appreciated, Sounds like a job for CVS. And when did you move to Canada from the univ of Moratuwa (if you are the same guy)? :) -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: [Activity logging archiving tool]
Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: [RE: MPLS billing model]
St. Clair, James [EMAIL PROTECTED] wrote: I'd appreciate knowing this as well - thanks in advance Jim -Original Message- From: Dan Lockwood To: Nanog List (E-mail) Sent: 11/25/2003 2:04 PM Subject: MPLS billing model For those of you who sell MPLS VPNs, what components of the service do you charge for and how do you do the billing? E.g. per port + traffic, per site + traffic, etc. I am not interested in buying MPLS services just how the billing happens. Thanks! Dan we are still in the testing phases, but i believe that we are planning to use a port+traffic billing scheme, if/when we go live and start trying to sell it /joshua Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: TAT 14 failure
In a message written on Tue, Nov 25, 2003 at 07:24:27PM +, [EMAIL PROTECTED] wrote: still seeing decent ping times. anyone detect an actual outage or issue? Best info we have is that there are two outages. One has existed for the last 3 weeks or so between Tuckerton (New Jersey) and Bude (UK). It takes out the southern path across the atlantic. There is a second outage between Bude (UK) and Katwijk (NL). For circuits that landed in London or France this (should have) taken out the redundant path for those circuits. Circuits from Tuckerton (New Jersey) or Manasquan (New Jersey) to Katwijk (NL), Norden (DE), or some city in Denmark who's name I forget should still be up on the northern path. So, if you're in London or France your circuits are likely to be down, however some people in those locations used Contentinal capacity to link up to Katwijk, in which case they might still be operational. Both problems are undersea issues, so don't expect speedy resolution if you are down. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgp0.pgp Description: PGP signature
Re: [RE: MPLS billing model]
we are still in the testing phases, but i believe that we are planning to use a port+traffic billing scheme, if/when we go live and start trying to sell it do you mean: $port + $traffic_through_port or: $port + $traffic_over_vpn_tunnel I ask this, because, it's very possible that the customer facing port could be a VLAN trunk, and that there would be a hub-and-spoke config to multiple leaf ports; other variations exist, as well. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: MPLS billing model
We charge a flat fee per location, all traffic between locations is free within a metro area. Anything going out to the Internet, or outside a particular metro area is billable per their Internet transit pricing. Dan Lockwood wrote: For those of you who sell MPLS VPNs, what components of the service do you charge for and how do you do the billing? E.g. per port + traffic, per site + traffic, etc. I am not interested in buying MPLS services just how the billing happens. Thanks! Dan
Re: [Re: [RE: MPLS billing model]]
Alex Rubenstein [EMAIL PROTECTED] wrote: we are still in the testing phases, but i believe that we are planning to use a port+traffic billing scheme, if/when we go live and start trying to sell it do you mean: $port + $traffic_through_port or: $port + $traffic_over_vpn_tunnel I ask this, because, it's very possible that the customer facing port could be a VLAN trunk, and that there would be a hub-and-spoke config to multiple leaf ports; other variations exist, as well. good question...i don't think that we had considered that. the expectation was that most of the ports would be serial. guess that is another wrench i can throw at the project ;) thanks /joshua -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
RE: [Activity logging archiving tool]
If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
RE: [Activity logging archiving tool]
Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. I think CW is more of the CVS-like approach whereas ACS is sort of a simple logging method. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Lockwood Sent: Tuesday, November 25, 2003 3:54 PM To: joshua sahala; Priyantha; [EMAIL PROTECTED] Subject: RE: [Activity logging archiving tool] If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: TAT 14 failure
Here's the official word we received: The outage on TAT-14 Segment I is on-going. This segment is on the European side between the Netherlands and France, effecting traffic to UK, Ireland, France, and other areas in Europe. This is the 2nd failure on this ring cable which has caused the protection path to fail. The International Restoration Team is working an ad-hoc restoration which will take several hours. They have already restored some VC4 facilities and this work is on-going. -Jack --- Leo Bicknell [EMAIL PROTECTED] wrote: In a message written on Tue, Nov 25, 2003 at 07:24:27PM +, [EMAIL PROTECTED] wrote: still seeing decent ping times. anyone detect an actual outage or issue? Best info we have is that there are two outages. One has existed for the last 3 weeks or so between Tuckerton (New Jersey) and Bude (UK). It takes out the southern path across the atlantic. There is a second outage between Bude (UK) and Katwijk (NL). For circuits that landed in London or France this (should have) taken out the redundant path for those circuits. Circuits from Tuckerton (New Jersey) or Manasquan (New Jersey) to Katwijk (NL), Norden (DE), or some city in Denmark who's name I forget should still be up on the northern path. So, if you're in London or France your circuits are likely to be down, however some people in those locations used Contentinal capacity to link up to Katwijk, in which case they might still be operational. Both problems are undersea issues, so don't expect speedy resolution if you are down. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org ATTACHMENT part 2 application/pgp-signature
Re: [RE: [Activity logging archiving tool]]
[EMAIL PROTECTED] wrote: Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. or if you cannot afford cisco works (or would rather spend the money on other things...), you can do something similar with swatch. just look for the syslog string: %SYS-5-CONFIG_I: Configured from console by $user then trigger a rancid run on that device /joshua [cut] Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
RE: [Activity logging archiving tool]
CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath On Tue, 25 Nov 2003 [EMAIL PROTECTED] wrote: Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. I think CW is more of the CVS-like approach whereas ACS is sort of a simple logging method. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Lockwood Sent: Tuesday, November 25, 2003 3:54 PM To: joshua sahala; Priyantha; [EMAIL PROTECTED] Subject: RE: [Activity logging archiving tool] If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: [Re: [RE: MPLS billing model]]
On Tue, Nov 25, 2003 at 03:29:26PM -0500, joshua sahala wrote: Alex Rubenstein [EMAIL PROTECTED] wrote: we are still in the testing phases, but i believe that we are planning to use a port+traffic billing scheme, if/when we go live and start trying to sell it do you mean: $port + $traffic_through_port or: $port + $traffic_over_vpn_tunnel I ask this, because, it's very possible that the customer facing port could be a VLAN trunk, and that there would be a hub-and-spoke config to multiple leaf ports; other variations exist, as well. good question...i don't think that we had considered that. the expectation was that most of the ports would be serial. guess that is another wrench i can throw at the project ;) In a working transport system, what goes in must come out. So, if you add all the ports in a common direction (in or out), you'll at least get a nice aggregate even if you can't measure individual virtual circuits properly due to whatever brokeass vendor you're using. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Above.net problems ??
anyone having trouble with above.net at the moment ? cheers -Bert
Re: MPLS billing model
On Tue, Nov 25, 2003 at 11:04:55AM -0800, Dan Lockwood wrote: For those of you who sell MPLS VPNs, what components of the service do you charge for and how do you do the billing? E.g. per port + traffic, per site + traffic, etc. I am not interested in buying MPLS services just how the billing happens. Thanks! I have seen (and use) three primary models: 1) The Cogent Model. A customer pays $X amount per kind of port (say $2000 for a FastE, or $8000 for a GigE, etc), and has the ability to exchange traffic with any other such port they purchase, distance insensitive, any point to any point, with no further usage charges. 2) The Circuit Emulation Model. A customer pays $X amount for transport between two points based on a fixed (by port capacity or rate-limit) amount of bandwidth and the distance (or otherwise costs involved in supplying transport). Remember that while it may be one or more point to point circuit(s), it may be delivered over a single handoff (say a GigE with vlan trunking). 3) The Transit-like Model. A customer pays $X amount per Mbps, with a minimum committment and measured 95th percentile burst. This may be on a per-circuit basis, or it may be the sum of all circuits billed on an aggregate and flat rate basis, depending on the product and locations. Each has their advantages and disadvantages, varying wildly depending on the pricing, customers' traffic and growth patterns, customers' financial situation, locations involved, and even the way the customer chooses to look at it. Nothing makes my head hurt faster than someone asking for a pricing comparison between the different options so they can decide which one is cheaper for them, but hey it's good to have options I guess. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Above.net problems ??
anyone having trouble with above.net at the moment ? cheers -Bert It is unreachable from various european networks for the last 5-6 hours . Best regards , -- = Dimitris Zilaskos Department of Physics @ Aristotle Univercity of Thessaloniki , Greece PGP key : http://tassadar.physics.auth.gr/~dzila/pgp_public_key.asc http://egnatia.ee.auth.gr/~dzila/pgp_public_key.asc MD5sum : 4f84f3f53cb046008b4abcb2a092d28d pgp_public_key.asc =
Re: Above.net problems ??
In a message written on Tue, Nov 25, 2003 at 05:08:29PM -0500, hostmaster wrote: anyone having trouble with above.net at the moment ? AboveNet is having issues due to the second cable cut on TAT-14. In addition I have just received some information that appears to be some helpful ISP's leaking some of our routes. Maybe it's an innocent misconfiguration, but if not please stop. In any event, I'm trying to track that down now and make it better. We're working as hard as we can to fix the problems. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgp0.pgp Description: PGP signature
Re: Above.net problems ??
On Tue, 25 Nov 2003, hostmaster wrote: anyone having trouble with above.net at the moment ? I'm sure somebody is. I have a problem with the way they filter portions of the internet (which I'm just assuming has not been resolved internally yet). Perhaps you're asking about their outage in/to Europe today which they say is being caused by a failure in undersea fiber. Apparently that's going to take weeks to get fixed, so they're looking at alternative connectivity to replace it while it's down. -- Jon Lewis [EMAIL PROTECTED]| I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Above.net problems ??
On Tue, Nov 25, 2003 at 05:08:29PM -0500, hostmaster wrote: anyone having trouble with above.net at the moment ? Yes. The problem seems related to the TAT14 failure. Since, around 16h30 (GMT +0100) our bgp sessions with AS 6461 reset and now they received only 82305 prefix. Regards, -- Laurent Frigault - NOC GANDI
Re: [RE: [Activity logging archiving tool]]
On 25 Nov 2003, at 16:28, joshua sahala wrote: [EMAIL PROTECTED] wrote: Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. or if you cannot afford cisco works (or would rather spend the money on other things...), you can do something similar with swatch. just look for the syslog string: %SYS-5-CONFIG_I: Configured from console by $user then trigger a rancid run on that device I once wrote a rancid-like tool that did that (scripted config gets triggered by syslog). I haven't touched it since I met rancid, but some people tell me that they like it: ftp://ftp.isc.org/isc/ciscoconf/ciscoconf-1.1.tar.gz Joe
Re: [Activity logging archiving tool]
Don't forget that TACACS can log all commands entered into a router. When used in combination with rancid and cvs/cvs-web, it's very useful. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/)
Opentransit (France Telecom) in Seattle
Does anyone know what floor of the Westin building Opentransit's POP is on?
Re: TAT 14 failure
Is there not sizeable UK-FR capacity through the Chunnel? That seems like such an easy win, I'd assume everyone else thought of it years ago.. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
RE: [Activity logging archiving tool]
On Tue, 25 Nov 2003, Scott McGrath wrote: CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. Be cautious that some of the EMS systems will grab configs through snmp WRITE initiated tftp writes, this could be dangerous if your routers are publicly accessible :) -Chris
RE: [Activity logging archiving tool]
If you are really just looking for changes and change comparison's check out Kiwi Cat tools.. www.kiwisyslog.com This software can connect via SSH, Telnet etc, and even do non-Cisco, Linux etc.. Works good as a backup for configs... Later, Jim CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath
Issues with Comcast broadband customers in the Seattle, WA area -- please contact
Hello, Looking for someone @ Comcast (AS22909?) that can help troubleshoot a problem: For a few days, Comcast residential cablemodem customers in the Seattle, WA area are reporting that they cannot reach our application (TCP port 7000/7050/7070). IP's that the customers are coming from: 12.228.98.x 12.208.137.x 67.168.75.x 12.228.151.x 12.228.185.x (and a few more) The issue is not simply connectivity -- they ping in and hit http services on our network, just not get to TCP ports 7000, 7050, 7070. There is no apparant issue on our side, we accept hundreds of thousands of connections to this application each day. Please contact me if you are able to assist in troubleshooting. Thank you - Dani
RE: [Activity logging archiving tool]
I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. While we're being Cisco-centric, 12.3(4)T has a new feature by which the router can keep a configuration audit log: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_ guide09186a00801d1e81.html -Terry
Re: [Activity logging archiving tool]
I created _Cisco repository_ about 1 year ago, using Expect, cvs and CVSWEB, for free, and since this, we did a few installation and are really happy with it (we save all Cisco configs, including routers, 6509 switches, PIX-es and this crazy VPN devices...). This is a simple tool, with the web interface, allowing to save config (1 click and passphrase), save many configs in 1 click, see change log, compare configs, send changes to manager (I do not use it -:)) and so on. It consists of: - FreeBSD (which is main monitoring system - it is easierst system to manage) - Expect (port) - standard FreeBSD tftpd in 'chroot IP' mode - very simple web script - webcvs (port) - apache (I use part of snmpstat installation) (I am thinking about getting all our staff together as some kind of priofessional service or consulting, with all components _opensource_, and using knowledge _how to get it all together_). - Original Message - From: Dan Lockwood [EMAIL PROTECTED] To: joshua sahala [EMAIL PROTECTED]; Priyantha [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 12:53 PM Subject: RE: [Activity logging archiving tool] If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: [Activity logging archiving tool]
This is not dngerous - I do not expect any idiot, opening SNMP from outside (SNMP is excellent protocol, which can crash ANY device in the world; I crashed 6509 switch and PIX firewall in a few days, when debugged new 'snmpstat' system). And moreover, Cisco allows o lock IP and file name for SNMP/TFTP. On the other hand, using 'expect' is not difficult and is much more flexible. Most problems are with PIX-es with their paranoya, which cause a nececity to know enable password for any simple action... I'll send my old expect script here tomorrow, if someone want (it is not big). New script uses cryptography to remember a passwords, so it became more secure, but idea is the same... - Original Message - From: Christopher L. Morrow [EMAIL PROTECTED] To: Scott McGrath [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 1:51 PM Subject: RE: [Activity logging archiving tool] On Tue, 25 Nov 2003, Scott McGrath wrote: CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. Be cautious that some of the EMS systems will grab configs through snmp WRITE initiated tftp writes, this could be dangerous if your routers are publicly accessible :) -Chris
Re: [Activity logging archiving tool]
It is excellent, but _too late. Such features are useless, if you do not have them on all devices, and no one can update all network gear to this new version at once. So, it will be useful in 2 - 3 years -:). - Original Message - From: Terry Baranski [EMAIL PROTECTED] To: 'Christopher L. Morrow' [EMAIL PROTECTED]; 'Scott McGrath' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 7:03 PM Subject: RE: [Activity logging archiving tool] I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. While we're being Cisco-centric, 12.3(4)T has a new feature by which the router can keep a configuration audit log: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_ guide09186a00801d1e81.html -Terry
Re: TAT 14 failure
On Tue Nov 25, 2003 at 08:32:50PM -0500, David Lesher wrote: Is there not sizeable UK-FR capacity through the Chunnel? Yes, I believe there's a sizable amount of fiber going through the service tunnel of the Chunnel (hence the much reduced cost of fiber from UK to Europe these days). Simon -- Simon Lockhart | Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum Technology Manager | Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli BBC Internet Ops | Email: [EMAIL PROTECTED]| id reficere BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
