Re: OMB: IPv6 by June 2008

[william(at)elan.net]

On Tue, 12 Jul 2005 [EMAIL PROTECTED] wrote:



On Tue, Jul 12, 2005 at 08:41:04AM +0300, Hank Nussbacher wrote:


At 12:24 PM 11-07-05 -0400, Rich Emmings wrote:


According to IANA, (http://www.iana.org/assignments/ipv4-address-space)
MIT & MERIT are the two .edu /8 holders on the list.  Stanford turned
their /8 in a while ago.


And I'm still holding my breathe to see when a commercial company returns
their /8.   -Hank


its already happened... over a dozen have been returned.


List that dozen blocks please or I'll not believe it.
(I can only see 3 blocks that have been returned)

--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: OMB: IPv6 by June 2008

[bmanning]

On Tue, Jul 12, 2005 at 08:41:04AM +0300, Hank Nussbacher wrote:
> 
> At 12:24 PM 11-07-05 -0400, Rich Emmings wrote:
> 
> >According to IANA, (http://www.iana.org/assignments/ipv4-address-space) 
> >MIT & MERIT are the two .edu /8 holders on the list.  Stanford turned 
> >their /8 in a while ago.
> 
> And I'm still holding my breathe to see when a commercial company returns 
> their /8.   -Hank


its already happened... over a dozen have been returned.
--bill
> 
> 
> 
> >Many?
> >
> >
> >On Fri, 8 Jul 2005, Daniel Golding wrote:
> >
> >>Rubbish. Many of the organizations that hold legacy /8s are Universities. 
> >>If
> >>a .edu can pick up even a few million dollars from selling off a class A,
> >>they will. After all, they could simply sell chunks.
> >+++
> >This Mail Was Scanned By Mail-seCure System
> >at the Tel-Aviv University CC.

Re: OMB: IPv6 by June 2008

[Hank Nussbacher]

At 12:24 PM 11-07-05 -0400, Rich Emmings wrote:

According to IANA, (http://www.iana.org/assignments/ipv4-address-space) 
MIT & MERIT are the two .edu /8 holders on the list.  Stanford turned 
their /8 in a while ago.


And I'm still holding my breathe to see when a commercial company returns 
their /8.   -Hank





Many?


On Fri, 8 Jul 2005, Daniel Golding wrote:


Rubbish. Many of the organizations that hold legacy /8s are Universities. If
a .edu can pick up even a few million dollars from selling off a class A,
they will. After all, they could simply sell chunks.

+++
This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.

Re: London incidents

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, Bill Nash writ
es:
>
>
>Would the folks posting news related events please footnote source URLS, 
>especially if arguing over factual details?

http://networks.silicon.com/mobile/0,39024665,39150177,00.htm
has what Sean was referring to.



>- billn
>
>On Mon, 11 Jul 2005, Sean Donelan wrote:
>
>>
>> On Mon, 11 Jul 2005, Hannigan, Martin wrote:
 All this while I was trying unsuccessfully to use my
 mobile to ring the office.
>>>
>>> Some cell relays were temporarily shut to prevent a remote
>>> detonation of additional explosives. Cellular remotes seem
>>> to be a favorite of Al Qaeda and others.
>>
>> UK Government officials deny they shutdown any cell phone service.
>>




http://networks.silicon.com/mobile/0,39024665,39150177,00.htm

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

RE: London incidents

[Bill Nash]

Would the folks posting news related events please footnote source URLS, 
especially if arguing over factual details?


Thanks.

- billn

On Mon, 11 Jul 2005, Sean Donelan wrote:



On Mon, 11 Jul 2005, Hannigan, Martin wrote:

All this while I was trying unsuccessfully to use my
mobile to ring the office.


Some cell relays were temporarily shut to prevent a remote
detonation of additional explosives. Cellular remotes seem
to be a favorite of Al Qaeda and others.


UK Government officials deny they shutdown any cell phone service.

RE: London incidents

[Sean Donelan]

On Mon, 11 Jul 2005, Hannigan, Martin wrote:
> > All this while I was trying unsuccessfully to use my
> > mobile to ring the office.
>
> Some cell relays were temporarily shut to prevent a remote
> detonation of additional explosives. Cellular remotes seem
> to be a favorite of Al Qaeda and others.

UK Government officials deny they shutdown any cell phone service.

Re: Advanced port mirroring with filtering

[Tim Stevenson]

At 11:49 AM 7/11/2005, Nathan Allen Stratton commented:



I wanted to ping the list and get some feedback on switches with advanced
port mirroring with filtering. Right now we are using Cisco 6509s with SUP
720s in a VoIP application. The routers and switches work well, but we keep
hitting the wall on port monitoring because cisco only lets us have two
monitoring ports.


That is not exactly true - we give you two sessions (in IOS). Each session 
can monitor a number of ports or VLANs and mirror the traffic to one or 
more destination ports, an RSPAN VLAN, or a remote device over GRE using 
ERSPAN. You can configure dot1q trunking on the destination interfaces & 
use allowed vlan lists to create "virtual" VLAN span sessions using a 
single actual session. I can send you a document describing this 
configuration if you like.



Lets say I have a 32 port switch with all sorts of SIP hardware on it. I
am looking for a switch that would let me do someting like this:

Mirror all POP ISP traffic to NetVMG box
Mirror all SIP and RTP traffic to VoIP Hammer probe
Mirror all SIP (5060 65060) traffic to signaling to Ethereal box
Mirror all RTCP traffic to VoIP quality engine


So you may be able to accomplish what you need using the various SPAN 
session options above.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/span.htm

There is also the VLAN ACL feature which uses the ACL TCAM entries to 
either capture or redirect IP traffic to capture or redirect ports 
respectively.


This is accomplished by configuring a vlan access-map (assuming IOS) to 
match the traffic you want and say whether you want to 
permit/permit+capture/deny/redirect it. Then you tie the access-map to the 
vlan with the vlan filter command.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/vacl.htm

Hope that helps,
Tim



><>
Nathan Stratton   BroadVoice, Inc.
nathan at robotics.net Talk IS Cheap
http://www.robotics.net   http://www.broadvoice.com




Tim Stevenson, [EMAIL PROTECTED]
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

RE: London incidents

[Hannigan, Martin]

> 
> All this while I was trying unsuccessfully to use my
> mobile to ring the office. 

Some cell relays were temporarily shut to prevent a remote
detonation of additional explosives. Cellular remotes seem 
to be a favorite of Al Qaeda and others.

-M< 

Re: London incidents

[Jay R. Ashworth]

On Mon, Jul 11, 2005 at 12:31:35PM +0100, [EMAIL PROTECTED] wrote:
> It was an interesting experience which seems to show that
> it is better to have several completely different communications
> channels to choose from. In my case I had lost landline and
> DSL Internet access due to moving house, and I lost mobile 
> voice access due to congestion. But SMS still functioned.

The lower the bandwidth channel, the less likely it is to break.

Cheers,
-- jr 'cf: Morse Code' a
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer  Baylink RFC 2100
Ashworth & AssociatesThe Things I Think'87 e24
St Petersburg FL USA  http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system administrator.  Or two.  --me

Re: London incidents

[Jay R. Ashworth]

On Mon, Jul 11, 2005 at 12:16:34PM +0200, Brad Knowles wrote:
>   I don't know the specifics of how much capacity is reserved, but 
> this sort of thing has been done on telecommunications networks for a 
> long time.  Back before cell phones existed, you could have "flash" 
> traffic on the DDN or even the PSTN, and when placing a flash call 
> the phone system would disconnect anyone that stood in your way of 
> getting the connection you wanted.
> 
>   You had to be using special telephone equipment, or connected to 
> a special operator with the right equipment, and you had damn well 
> better be sure that your call was worthy of knocking anyone else off 
> the network, but the capability was there.  Even the President would 
> normally make his calls at lower than "flash" priority.

See also http://tsp.ncs.gov/ and http://wps.ncs.gov/ , as well as 
http://www.disa.mil/gs/dsn/tut_mlpp.html and 
http://www.disa.mil/gs/dsn/tut_precedence.html which explain those Fo,
F, I and P keys on AutoVON 16-button WECo 2500s.

Cheers,
-- jra
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer+-Internetworking--+--+   RFC 2100
Ashworth & Associates   |  Best Practices Wiki |  |'87 e24
St Petersburg FL USAhttp://bestpractices.wikicities.com+1 727 647 1274

  If you can read this... thank a system administrator.  Or two.  --me

Cell phone links disabled in New York tunnels

[Fergie (Paul Ferguson)]

For those of you living and/or working in the NYC metro
area, Reuters reports that:

[snip]

Cellular phone service has been shut off in four busy New
York commuter tunnels since last week's deadly blasts in
London, officials said on Monday.

No specific reason was given for the move but cell phones
have been used to trigger bombs in the past.

Cell phone service is disabled in the Holland and Lincoln
tunnels that connect Manhattan to New Jersey under the
Hudson River, the Midtown Tunnel to the city's Queens
borough and the Battery Tunnel to Brooklyn, officials said.

The move came immediately after the bombings in London on
Thursday, said a spokesman for the Port Authority of New
York and New Jersey, which oversees operation of the
Lincoln and Holland tunnels.

[snip]

http://today.reuters.com/news/newsarticle.aspx?type=technologyNews&storyid=2005-07-11T181623Z_01_N11494917_RTRIDST_0_TECH-SECURITY-CELLPHONES-DC.XML

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or [EMAIL PROTECTED]
 ferg's tech blog: http://fergdawg.blogspot.com/

Advanced port mirroring with filtering

[Nathan Allen Stratton]

I wanted to ping the list and get some feedback on switches with advanced
port mirroring with filtering. Right now we are using Cisco 6509s with SUP
720s in a VoIP application. The routers and switches work well, but we keep
hitting the wall on port monitoring because cisco only lets us have two
monitoring ports.

Lets say I have a 32 port switch with all sorts of SIP hardware on it. I
am looking for a switch that would let me do someting like this:

Mirror all POP ISP traffic to NetVMG box
Mirror all SIP and RTP traffic to VoIP Hammer probe
Mirror all SIP (5060 65060) traffic to signaling to Ethereal box
Mirror all RTCP traffic to VoIP quality engine

><>
Nathan Stratton   BroadVoice, Inc.
nathan at robotics.net Talk IS Cheap
http://www.robotics.net   http://www.broadvoice.com

RE: ATT CDPD

[Kuhtz, Christian]

> > AT&T doesn't use CDMA... so they wouldn't be running 1xRTT. EDGE, 
> > perhaps?
> 
> Yes.  AT&T also announced plans to get into the next layer, 
> UMTS, which uses the concept of code division multiple access 
> (CDMA), but isn't the same as Quallcomm CDMA 
> (IS-95/IS-2000/CDMA2000).  I don't know offhand which of the 
> GSM-core technologies are/will be deployed by them at this 
> time, as they aren't the carrier I currently use.
> 
> (To my knowledge, however, AT&T does offer GPRS, which is 
> slow, but if using at least two timeslots, still faster than 
> IS-95 CDMA non-1X data.  8-)

Actually, you should be able to get EDGE from T or its new parent. It
has been productized for a while.

Thanks,
Christian

--
"Sometimes a phone is just a phone."

*
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material. Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, 
please contact the sender and delete the material from all computers. 162

Re: E-Mail authentication fight looming: Microsoft pushing Sender ID

[Suresh Ramasubramanian]

On 11/07/05, Todd Vierling <[EMAIL PROTECTED]> wrote:
> And this is the problem -- but then, such miserably inept admins are usually
> also responsible for the *outflow*, and are thus working for a highly
> intersecting set of ISPs that should be targeted for escalation, "collateral
> damage", "false positive" blocking in order to get them to wake up and read
> documentation for once

I'd not be too quick to blame them considering that they are after all
supposed to be on the same side we are.  And because occam's razor is
always in mind.

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: Yahoo and Cisco to submit e-mail ID spec to IETF

[J.D. Falk]

On 07/11/05, Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: 

> 
> On 11-jul-2005, at 14:22, Fergie (Paul Ferguson) wrote:
> 
> >Discussions on DKIM will begin at the IETF meeting in Paris
> >scheduled to run between July 31 and August 5, Yahoo and
> >Cisco officials said.
> 
> Then there must be a draft submitted earlier today or before. Anyone  
> know the title?

draft-allman-dkim-base and draft-allman-dkim-ssp

-- 
J.D. Falk  a decade of cybernothing.org
<[EMAIL PROTECTED]>   registered 24 June 1995

"US govt interference is a big deal, says Europe"

[Fergie (Paul Ferguson)]

Regarding the statement by the Dept. of Commerce a
couple of weeks ago, as John Leyden writes in The
Register this morning, it has a few poeple upset:

"Despite an increasing number of newspaper articles-
all from US media organisations-claiming that the
internet community is happy to let the US government
continue its role, a recent meeting of registries
from across Europe begs to differ."

http://www.theregister.com/2005/07/11/centr_root/

And althought everyone knew this would rankle a lot
of people, there's no shortage of comments about it
over on /.

http://politics.slashdot.org/politics/05/07/11/1539242.shtml?tid=95&tid=219

- ferg

ps. And, ironicallt, all of this is boiling up during ICANN's
meeting in Luxembourg this week...

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or [EMAIL PROTECTED]
 ferg's tech blog: http://fergdawg.blogspot.com/

Re: ATT CDPD

[Todd Vierling]

On Sun, 10 Jul 2005, Steven J. Sobol wrote:

> > Scheduled to die soon, if it hasn't already.  I was a second-tier CDPD
> > sub, via Earthlink, until about a year ago; they took a hit to move me
> > to 1xRTT,

> AT&T doesn't use CDMA... so they wouldn't be running 1xRTT. EDGE, perhaps?

Yes.  AT&T also announced plans to get into the next layer, UMTS, which uses
the concept of code division multiple access (CDMA), but isn't the same as
Quallcomm CDMA (IS-95/IS-2000/CDMA2000).  I don't know offhand which of the
GSM-core technologies are/will be deployed by them at this time, as they
aren't the carrier I currently use.

(To my knowledge, however, AT&T does offer GPRS, which is slow, but if using
at least two timeslots, still faster than IS-95 CDMA non-1X data.  8-)

-- 
-- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Re: E-Mail authentication fight looming: Microsoft pushing Sender ID

[Todd Vierling]

On Sun, 10 Jul 2005, Suresh Ramasubramanian wrote:

> > > The second issue with boycotting, is the false positives.
> >
> > No, the *point* of the boycott is the "false positives".  ISPs *will* react
> > when their general users find themselves unable to send e-mail because the
> > entire netspace of the offending ISP is blocked (boycotted).
>
> It depends, of course, on who is doing the spam filtering.
>
> I've seen several people I respect, doing good and sensible filtering
> that is as surgical as possible, but remarkably effective given that
> this filtering is applied at 800 lb gorilla sites.

Which is exactly what I said, too.  One particular gorilla has at least
started to enforce long-established RFC "standards" that most folks blindly
ignored out of laziness for years.

> I've also seen some people, with root and/or enable on remarkably
> large networks, who don't realize that good spam filtering is not just
> knowing the syntax for "access list 101 deny" or "vi /etc/mail/access,
> then makemap hash access.db < access"., and who I wouldn't trust to be
> [EMAIL PROTECTED], let alone on a production cluster of
> mailservers.

And this is the problem -- but then, such miserably inept admins are usually
also responsible for the *outflow*, and are thus working for a highly
intersecting set of ISPs that should be targeted for escalation, "collateral
damage", "false positive" blocking in order to get them to wake up and read
documentation for once

-- 
-- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Re: OMB: IPv6 by June 2008

[Rich Emmings]

According to IANA, (http://www.iana.org/assignments/ipv4-address-space) MIT 
& MERIT are the two .edu /8 holders on the list.  Stanford turned their /8 
in a while ago.



Many?


On Fri, 8 Jul 2005, Daniel Golding wrote:


Rubbish. Many of the organizations that hold legacy /8s are Universities. If
a .edu can pick up even a few million dollars from selling off a class A,
they will. After all, they could simply sell chunks.

Re: Yahoo and Cisco to submit e-mail ID spec to IETF

[Iljitsch van Beijnum]

On 11-jul-2005, at 14:22, Fergie (Paul Ferguson) wrote:


Discussions on DKIM will begin at the IETF meeting in Paris
scheduled to run between July 31 and August 5, Yahoo and
Cisco officials said.


Then there must be a draft submitted earlier today or before. Anyone  
know the title?

fuel tanks at 60 Hudson draw community concerns

[Steven M. Bellovin]

http://www.nytimes.com/2005/07/11/nyregion/11fuel.html?

Building's Extra Fuel Tanks Raise Concerns in TriBeCa

By JENNIFER MEDINA
Published: July 11, 2005

Saying that a dangerous amount of diesel fuel is stored in a 25-story building 
in TriBeCa, elected officials and residents called on Mayor Michael R. 
Bloomberg yesterday to rescind a variance that permits its storage.

The fuel, they warned, could lead to a major fire if there were a terrorist 
attack or other disaster.

The city's Department of Buildings granted a variance to the owners of the 
tower at 60 Hudson Street late last month, allowing the owners to store 80,000 
gallons of diesel fuel, much of it below - but some actually in - the building. 

...


--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Opentransit IPv6 route-server

[German Martinez]

Hello,
Just to let you know that our route-server is now IPv6 capable.

Feel free to provide any comments/suggestions:

telnet://route-server.opentransit.net

Thanks!
German


pgpIOHygDuUOp.pgp
Description: PGP signature

Re: Yahoo and Cisco to submit e-mail ID spec to IETF

[Fergie (Paul Ferguson)]

Okay:

"...two other methods for e-mail authentication have been
approved by the IESG for publication as "experimental" RFC's..."

Mea culpa,

- ferg


-- "william(at)elan.net" <[EMAIL PROTECTED]> wrote:

> p.s. Of course, this development comes on the heels of two
> other methods for e-mail authentication already published
> by the IETF as "experimental" RFC's: "Sender Policy Framework
> (SPF) for Authorizing Use of Domains in E-Mail" and Microsoft's
> "Sender ID: Authenticating E-Mail".

That is false information. They have not been published as "experimental" 
RFCs, only approved for publication. Publication may come later and yet
may not happen at all.

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or [EMAIL PROTECTED]
 ferg's tech blog: http://fergdawg.blogspot.com/

Re: Yahoo and Cisco to submit e-mail ID spec to IETF

[Suresh Ramasubramanian]

On 11/07/05, Fergie (Paul Ferguson) <[EMAIL PROTECTED]> wrote:
> 
> Yahoo and Cisco Monday plan to announce they will submit
> their e-mail authentication specification, DomainKeys
> Identified Mail (DKIM), to the IETF to be considered as
> an industry standard.
> 

http://www.mipassoc.org/mass/ as well

Re: Yahoo and Cisco to submit e-mail ID spec to IETF

[william(at)elan.net]

On Mon, 11 Jul 2005, Fergie (Paul Ferguson) wrote:


DKIM combines Yahoo's DomainKeys and Cisco's Internet
Identified Mail, two e-mail authentication technologies
developed separately, which the companies announced in
June they would combine with the intention of licensing
the resulting specification royalty-free throughout the
industry.


"Roaylty-free" does not mean it can be used by everyone.
 Microsoft also promised "royalty-free" use of SID, but it
 turned out that did not extend to majority of open source
 programs (with rare exception of sendmail).

 So don't assume that something like courier-mta or postfix or exim
 would necessarily be able to include support for DKIM spec.


p.s. Of course, this development comes on the heels of two
other methods for e-mail authentication already published
by the IETF as "experimental" RFC's: "Sender Policy Framework
(SPF) for Authorizing Use of Domains in E-Mail" and Microsoft's
"Sender ID: Authenticating E-Mail".


That is false information. They have not been published as "experimental" 
RFCs, only approved for publication. Publication may come later and yet

may not happen at all.

--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Yahoo and Cisco to submit e-mail ID spec to IETF

[Fergie (Paul Ferguson)]

More info:

[snip]

Yahoo and Cisco Monday plan to announce they will submit
their e-mail authentication specification, DomainKeys
Identified Mail (DKIM), to the IETF to be considered as
an industry standard.

Discussions on DKIM will begin at the IETF meeting in Paris
scheduled to run between July 31 and August 5, Yahoo and
Cisco officials said.

DKIM combines Yahoo's DomainKeys and Cisco's Internet
Identified Mail, two e-mail authentication technologies
developed separately, which the companies announced in
June they would combine with the intention of licensing
the resulting specification royalty-free throughout the
industry.

[snip]

http://www.networkworld.com/news/2005/071105-yahoo-cisco.html

- ferg

p.s. Of course, this development comes on the heels of two
other methods for e-mail authentication already published
by the IETF as "experimental" RFC's: "Sender Policy Framework
(SPF) for Authorizing Use of Domains in E-Mail" and Microsoft's
"Sender ID: Authenticating E-Mail".

http://news.com.com/Antispam+proposals+advance/2100-1032_3-5768498.html


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or [EMAIL PROTECTED]
 ferg's tech blog: http://fergdawg.blogspot.com/

Re: London incidents

[Scott W Brim]

On Mon, Jul 11, 2005 09:21:24AM -0400, Robert E. Seastrom allegedly wrote:
> Yes, but nobody ever wrote a song about the TOS bits in Internet
> Protocol (this song dates to 1980):
> 
> http://www.poppyfields.net/filks/00182.html

If anyone has the words to "Mine Eyes Have Seen the Glory of the
Architectural View", please let me know.

Re: FW: DNS .US outage

[Suresh Ramasubramanian]

On 11/07/05, Church, Chuck <[EMAIL PROTECTED]> wrote:
> One thing to note is that when you use dig or nslookup or whatever,
> it'll also be using some ephemeral port, so it'll work, even when the
> lookups from source port 53 wouldn't. Again, I haven't checked since
> that night to see if that's gone away, so it might be a moot point
> now.

Hold on now - dig or nslookup query the local resolver with that ephemeral port.

If this behavior you describe still exists on the resolver (query from
port 53 and not ephemeral ports) then you still wouldnt get a result

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: London incidents

[Robert E . Seastrom]

"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:

> In message <[EMAIL PROTECTED]>, "Robert E.Seastrom" writes:
>>Brad Knowles <[EMAIL PROTECTED]> writes:
>>
>>> There were lower levels of priority that you could also use,
>>> but "flash" was the top one that I heard about.
>>
>>The four buttons on the "1633" row of an AUTOVON telephone are labeled
>>P, I, F, and FO for Priority, Immediate, Flash, and Flash-Override.
>>The fifth (normal) level is of course routine, with no priority code
>>attached.
>
> And those levels appear as the TOS bits in RFC 791

Yes, but nobody ever wrote a song about the TOS bits in Internet
Protocol (this song dates to 1980):

http://www.poppyfields.net/filks/00182.html

---Rob

Re: London incidents

[Iljitsch van Beijnum]

On 11-jul-2005, at 13:31, [EMAIL PROTECTED] wrote:


A hospital using up "emergency mode" GSM capacity doesn't make much
sense to me.



This was just a guess on my part because the congestion
in this suburban area lasted well into the evening.


Could be lots of things. Maybe it was really the hospital, but then  
simply the people in the waiting area calling all over the place. Or  
maybe some completely unrelated problem with the cell network in your  
area.



When it gets
really bad the random access channel gets clogged and all mobile-
intiated communication, including SMS, is dead in the water.



I never had a problem sending or receiving SMS other than
the long delays. The people on the other end were near
Aldgate on the edge of central London so even there, SMS
was still functioning.


Follow the money... At several hundreds of your favorite currency  
unit per megabyte, I'm not surprised they manage to keep this service  
running.


Here in the Netherlands we had free airtime for a few hours at the  
beginning of the new year several times, and it was interesting to  
see what this did to the networks.

Re: London incidents

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, "Robert E.Seastrom" writes:
>
>
>Brad Knowles <[EMAIL PROTECTED]> writes:
>
>>  There were lower levels of priority that you could also use,
>> but "flash" was the top one that I heard about.
>
>The four buttons on the "1633" row of an AUTOVON telephone are labeled
>P, I, F, and FO for Priority, Immediate, Flash, and Flash-Override.
>The fifth (normal) level is of course routine, with no priority code
>attached.

And those levels appear as the TOS bits in RFC 791

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

FW: DNS .US outage

[Church, Chuck]

Guess I wasn't going crazy.  Forwarded to me by a read-only lister.
Might be worth trying if prob still exists for anyone. 


Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
[EMAIL PROTECTED]
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D


-Original Message-
From: Mark Moseley [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 08, 2005 7:17 PM
To: Church, Chuck
Subject: Re: DNS .US outage

Hi. I don't have 'write' access to the nanog group so I'm writing you
directly.

I saw the exact same behaviour. After some banging-head-against-wall
at 3am, I noticed that if I turned *off* "query-source * port 53" in
Bind (i.e. it was using port 53 as the source port for queries to make
firewalling easier), it magically started working again. Don't know if
you're using Bind or Windows DNS, but all I could tell is that when
Bind was configured to query *from* port 53, I couldn't get the .us
TLDs to answer me, but when using a random ephemeral port (of named's
choice), it worked just fine. I don't know if they are (or were,
haven't check since then) blocking queries with a source port of 53,
but whatever the case it worked for some reason. If this works for
you, please feel free to re-post to nanog (unless of course, the
outage has gone away and they've fixed their stuff over at the .us TLD
servers).

One thing to note is that when you use dig or nslookup or whatever,
it'll also be using some ephemeral port, so it'll work, even when the
lookups from source port 53 wouldn't. Again, I haven't checked since
that night to see if that's gone away, so it might be a moot point
now.


On 7/6/05, Church, Chuck <[EMAIL PROTECTED]> wrote:
>  
> Anyone else having issues with .US right now  (~12AM EST)?  NSlookup,
etc
> show various .us destinations as unknown domains...  
>   
> 
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation Team
> 1210 N. Parker Rd.
> Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> [EMAIL PROTECTED]
> PGP key:
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>

Re: London incidents

[Spencer Wood]

Most of the US Carriers have Priority
systems setup on the Cell Networks for Government Users.  You either
enter in a Prefix code on your phone, or your phone's SIM id is registered
as a priority user.  

Spencer


Spencer Wood, Network Manager
Ohio Department Of Transportation
1320 Arthur E. Adams Drive
Columbus, Ohio 43221 
E-Mail: [EMAIL PROTECTED]
Phone: 614.644.5422/Fax: 614.887.4021/Cell: 614.774.3123 
*






Sean Donelan <[EMAIL PROTECTED]>

Sent by: [EMAIL PROTECTED]
07/09/2005 07:05 PM




To
nanog@merit.edu


cc



Subject
Re: London incidents









On Thu, 7 Jul 2005, Gadi Evron wrote:
> I wonder, has anyone ever prepared a best practices paper of some
sort
> as to what can be expected in cases of big emergencies and mass
> hysteria, for networks?

Yes, there have been several studies and papers about what happens to
networks during public emergencies.  Look at the FCC NRIC (www.nric.org)
and the US National Academies of Science.

Unfortunately, in the USA at least, the government is fixated on trying
to force a particular "solution" instead of trying to understand
the
different problems.  Some people think pre-emption is the answer,
and have
hired numerous consultants to try to push it through any standards group
they can find.

Re: London incidents

[Robert E . Seastrom]

Brad Knowles <[EMAIL PROTECTED]> writes:

>   There were lower levels of priority that you could also use,
> but "flash" was the top one that I heard about.

The four buttons on the "1633" row of an AUTOVON telephone are labeled
P, I, F, and FO for Priority, Immediate, Flash, and Flash-Override.
The fifth (normal) level is of course routine, with no priority code
attached.

My understanding is that many (most?) phones could not issue the
higher priority levels.  Don't want some E-2 in a guard shack to
misdial a number and knock off a four-star who's speaking with the
Joint Chiefs.  :)

---Rob

Re: London incidents

[Michael . Dillon]

> A hospital using up "emergency mode" GSM capacity doesn't make much 
> sense to me. You're not supposed to use cell phones in many places in 
> hospitals, and the ones that I've seen have an ample supply of fixed 
> lines that are cheaper, more reliable and pose less risk of 
> interference with the equipment.

This was just a guess on my part because the congestion
in this suburban area lasted well into the evening. The
only time I was able to make phonecalls on my mobile was
when I took a bus out of the area. I planned to travel 
away from the city to get away from mobile congestion
but the phone started working again before I had gotten
any further from the centre. However I had moved a km or
two from the hospital. Later, I returned home and lost the
ability to use the mobile even as late as 11:30 p.m.

> It's probably just congestion. Cellular networks don't come close to 
> being able to absorb the burstiness of the (potential) usage patterns 
> in situations like this.

This, I understand. But it doesn't explain why this area
would have suffered such a prolonged problem.

> When it gets 
> really bad the random access channel gets clogged and all mobile- 
> intiated communication, including SMS, is dead in the water.

I never had a problem sending or receiving SMS other than
the long delays. The people on the other end were near
Aldgate on the edge of central London so even there, SMS
was still functioning.

It was an interesting experience which seems to show that
it is better to have several completely different communications
channels to choose from. In my case I had lost landline and
DSL Internet access due to moving house, and I lost mobile 
voice access due to congestion. But SMS still functioned.
I haven't heard of any Internet outages caused by the attacks
although everyone who has travelled on the tube knows that there
are lots of cables in the tunnels. Presumably, there are so
many tunnels with cables that breaks in three places are easily
covered by protection switching.

--Michael Dillon

RE: London incidents

[Neil J. McRae]

> Some of the problems on the mobile networks were the result 
> of a protocol to reserve mobile capabilities for the 
> emergency services. The police have the authority to switch 
> cells to emergency service and then people with specially 
> registered SIM cards in their mobile can take priority. 
> Presumably, some amount of capacity is also held in reserve 
> for these people as well.

Requests from the police on specific SIM numbers on certain 
mobile networks whilst others applied such that you got no 
access to a cell site, others deployed a limit on normal SIM 
cards to limit the access down by 50% so that there was some 
level of service. 

Regards,
Neil.

Re: London incidents

[Iljitsch van Beijnum]

On 11-jul-2005, at 11:40, [EMAIL PROTECTED] wrote:


I had moved the weekend before and my landline was not
yet installed. Also, I live near a large hospital. I noticed
that my mobile didn't function at all even late on Thursday
unless I left home and travelled a kilometer or two from
the hospital. Presumably, the cells in this suburban
location had also been switched to emergency service.


A hospital using up "emergency mode" GSM capacity doesn't make much  
sense to me. You're not supposed to use cell phones in many places in  
hospitals, and the ones that I've seen have an ample supply of fixed  
lines that are cheaper, more reliable and pose less risk of  
interference with the equipment.


It's probably just congestion. Cellular networks don't come close to  
being able to absorb the burstiness of the (potential) usage patterns  
in situations like this. (The bean counters don't like cell towers  
that are idle 99% of the time.) When all the time slots on all the  
sites in range are filled up you can't get through with voice or  
data, but SMS which just uses signalling still works. When it gets  
really bad the random access channel gets clogged and all mobile- 
intiated communication, including SMS, is dead in the water.


(The random access channel is the one not under control of the  
network: handsets use it to signal their desire to communicate. As  
such, it is very prone to collisions and congestion collapse under  
heavy loads.)

RE: London incidents

[Brad Knowles]

At 10:40 AM +0100 2005-07-11, [EMAIL PROTECTED] wrote:


 Some of the problems on the mobile networks were the
 result of a protocol to reserve mobile capabilities for
 the emergency services. The police have the authority to
 switch cells to emergency service and then people with
 specially registered SIM cards in their mobile can
 take priority. Presumably, some amount of capacity is
 also held in reserve for these people as well.


	Yes, a certain amount of capacity can be placed on reserve for 
the holders of priority access SIMs.  You only get those issued to 
you by the government.  This can include critical emergency services 
personnel, selected government officials, important members of the 
financial services community, etc



	I don't know the specifics of how much capacity is reserved, but 
this sort of thing has been done on telecommunications networks for a 
long time.  Back before cell phones existed, you could have "flash" 
traffic on the DDN or even the PSTN, and when placing a flash call 
the phone system would disconnect anyone that stood in your way of 
getting the connection you wanted.


	You had to be using special telephone equipment, or connected to 
a special operator with the right equipment, and you had damn well 
better be sure that your call was worthy of knocking anyone else off 
the network, but the capability was there.  Even the President would 
normally make his calls at lower than "flash" priority.


	There were lower levels of priority that you could also use, but 
"flash" was the top one that I heard about.



 I had moved the weekend before and my landline was not
 yet installed. Also, I live near a large hospital. I noticed
 that my mobile didn't function at all even late on Thursday
 unless I left home and travelled a kilometer or two from
 the hospital. Presumably, the cells in this suburban
 location had also been switched to emergency service.


	Could be, but I'd be willing to bet it was more a matter of the 
cell just being overloaded.  Traffic reservation for priority access 
SIMs is only going to take a small amount of the bandwidth available. 
The problem is that even normal heavy traffic can overload a cell, 
and what was seen during the time you're talking about was anything 
but "normal heavy".


--
Brad Knowles, <[EMAIL PROTECTED]>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755

  SAGE member since 1995.  See  for more info.

RE: London incidents

[Michael . Dillon]

> Mobile networks in particular have been put under
> pressure as people use their phones to contact friends
> and family following the explosions.

Luckily, I was 10 minutes late leaving home otherwise
I could very well have been on that first train which
was attacked near Aldgate. When the Central Line shut
down, I tried to get a bus, and when all the bus
service into central London was shut down I gave up
and started walking home. I suspected that the rumours
of terrorist attack were true.

All this while I was trying unsuccessfully to use my
mobile to ring the office. Finally, I decided to try
sending a text message and this worked. Text messages
normally are delivered virtually instantaneously and
there is a time stamp indicating when the message was
sent. During the morning and early afternoon of 
Thursday, I was receiving text messages that had been
sent between 20 minutes and one hour previous.

Some of the problems on the mobile networks were the
result of a protocol to reserve mobile capabilities for
the emergency services. The police have the authority to
switch cells to emergency service and then people with
specially registered SIM cards in their mobile can
take priority. Presumably, some amount of capacity is
also held in reserve for these people as well.

I had moved the weekend before and my landline was not
yet installed. Also, I live near a large hospital. I noticed
that my mobile didn't function at all even late on Thursday
unless I left home and travelled a kilometer or two from
the hospital. Presumably, the cells in this suburban
location had also been switched to emergency service.

--Michael Dillon
 

Anyone alive at Sprint Abuse?

[Mike Lyon]

Is there anyone on this list from Sprint Abuse or does anyone have a
human contact over there? One of their customers is port scanning one
of my customers (who also happens to be a Sprint customer...) and
e-mails to [EMAIL PROTECTED] have gone unanswered. Anyhelp would be
appreciated.

Thanks,
Mike Lyon