Re: Order of ASes in the BGP Path
On Tue, 30 Aug 2005, Abhishek Verma wrote: Since i smell some traces of sarcasm here. On 8/30/05, Randy Bush [EMAIL PROTECTED] wrote: I thank everyone who took time off their busy schedules and answered me on this. I now understand that people do look at the AS_PATH and the order of ASes is important for debugging, etc. and thank you for reading the rfc Randy, I respect your knowledge and wisdom and that of other people on this list here which is why i asked this question. Yes, i have gone through the RFC 1771 throughly and trust me it does not mention any other use of this Path attribute, except for the path length/loop detection. People on this list have a *lot* of experience and its these people who actually use this protocol. To me these were the best people to tell me if they indeed use it for other purposes also. from time to time people say 'but the rfc says...'. but theres a big place for precedent and common practice too. Steve
Re: Order of ASes in the BGP Path
As no one has asked yet, allow me.. what are you trying to do? Basically I was thinking on these lines. If i have an AS path {1 2} [3 4] { 5 } then is it possibleto pull the AS in the last segment and merge it with the first segment? This would give me {1 2 5} [3 4]. This way i dont need to carry two AS_SEQ segments in my path and i can manage with just one. However,there are some problems here: [1] I can never generate such an AS Path, given the way BGP works currently. [2] Merging ASes from different segments can mangle the sequence in which the ASes appear in the AS Path. I wanted to know if this was required and used by admins, and hence my original mail. Thanks everybody for all the help, Abhishek
Re: MPLS or Site2Site VPN
Technology aside (I would definitely prefer MPLS, simply because it may allow me to do more with VoIP quality, than unmanaged site-to- site VPNs), I have not been able to find MPLS providers with lesser costs than dedicated lines, for equivalent port speed. I have looked at MCI, SBC and Sprint, so far ... whom did you find more attractive than T1 providers? Stef On Aug 28, 2005, at 6:32 PM, Todd Reed wrote: I’m looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1’s due to cost, therefore I’m looking for alternatives. I know I can do site-to- site VPN, but I’ve also heard a lot about MPLS and from what I’ve read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I’m not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it. Thanks, Todd
Re: MPLS or Site2Site VPN
Todd Reed wrote: I’m looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1’s due to cost, therefore I’m looking for alternatives. I know I can do site-to-site VPN, but I’ve also heard a lot about MPLS and from what I’ve read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I’m not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it. Thanks, Todd Todd Masergy do a nice MPLS based service - you'll be transitting over T1's..and aren't cheap but are very good. If you have SDSL then you could look at running your own VPN (firewall to firewall or whatever) but you do loose the traffice QoS (esp in the internet fabric) you get with MPLS. A Packteer or similar would help but you still can't control what's happening over the internet which might affect VoIP or other sensitive applications. Habing said that I run a VoIP for a couple of users over a self managed VPN with leased line at one end and aDSL at the other with little problems, but that's all staying within 1 ISP's network and in the same country so YMMV. -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: MPLS or Site2Site VPN
What about doing the VPN onver the internet, with IPSec tunnels terminated in a hub and spoke model, i dont know price wise, but it would work fine. On 8/29/05, Todd Reed [EMAIL PROTECTED] wrote: I'm looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1's due to cost, therefore I'm looking for alternatives. I know I can do site-to-site VPN, but I've also heard a lot about MPLS and from what I've read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I'm not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it. Thanks, Todd
Re: Order of ASes in the BGP Path
### On Tue, 30 Aug 2005 11:02:18 +0100 (BST), Stephen J. Wilcox ### [EMAIL PROTECTED] casually decided to expound upon Abhishek ### Verma [EMAIL PROTECTED] the following thoughts about Re: ### Order of ASes in the BGP Path: SJW from time to time people say 'but the rfc says...'. but theres a big SJW place for precedent and common practice too. True... but the latest BGP draft series attempts to address BCP and updates on 1771. Typically, the answers sought in light of current BGP practices can be found in the draft. -- /*===[ Jake Khuon [EMAIL PROTECTED] ]==+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | --- | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S | +=*/
Re: MPLS or Site2Site VPN
but you do loose the traffice QoS (esp in the internet fabric) you get with MPLS. I'm curious... Does anyone, anywhere run QoS in the Internet fabric, with or without MPLS? I know that some companies (like the one I work for) do offer several levels of service in their MPLS core networks. But to my way of thinking, the Internet fabric is precisely the peering interconnections between networks whether at an exchange point or over a private peering connection. As far as I know, nobody uses QoS over these connections and nobody does MPLS peering over these connections. Am I wrong??? --Michael Dillon
Bellsouth.net Outage?
Does anyone know anything about supposed bellsouth.net outages in Southeast Florida and what it affects? I can't bring up the local link on PPPoE and they're not wanting to test or anything because of outages. I'm sending PADI active discovery initiates and getting no response. Usually when this happens, about yearly, they just come out and reset or replace a card in a Mini-Ram/Dslam right down the street. --- Alan Spicer ([EMAIL PROTECTED]) http://telecom.dyndns.biz/ +1 954 977 5245 +1 954 683 3426
Re: MPLS or Site2Site VPN
On Tue, 30 Aug 2005 15:07:09 BST, [EMAIL PROTECTED] said: peering connection. As far as I know, nobody uses QoS over these connections and nobody does MPLS peering over these connections. There is no network design concept so misguided that absolutely *nobody* is doing it. It's a virtual certainty that somebody out there is either trying to do QoS/MPLS, or thinks(*) they are doing it, in these scenarios. Whether anybody on this list will 'fess up to it is a different question... (*) You know the type - code it in the config file, think it's doing something, and blissfully ignoring the warning/error messages... ;) pgpMojgNe3NNy.pgp Description: PGP signature
Re: Bellsouth.net Outage?
On Tue, 30 Aug 2005, Alan Spicer wrote: Does anyone know anything about supposed bellsouth.net outages in Southeast Florida and what it affects? I can't bring up the local link on PPPoE and they're not wanting to test or anything because of outages. I'm sending PADI active discovery initiates and getting no response. Usually when this happens, about yearly, they just come out and reset or replace a card in a Mini-Ram/Dslam right down the street. If by Southeast FL, you mean the Miami area, Bell does have many remote terminal outages. They seem to have gotten dial tone restored in areas where DSL has not and apparently won't be for some time. If you're an ISP with DSL customers on BellSouth DSLAM provided DSL, you should be able to check on this by calling the DSG. Incidentally, I found yesterday that the DSG's toll free number is not reachable from Gainesville, FL. Initially, I thought it might be a problem with the PRI our office phone system uses, but I found my home phone could not get through either...(2 rings, then all circuits busy). My Cingular wireless phone (with a Gainesville local number) can get through, and utilizing our VOIP network, if I force the call to go out through a PRI in a city other than Gainesville, it also goes through. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Martial Law declared in New Orleans Was: RE: Katrina could inundate New Orleans
Breaking news..Apparently a 200 foot section of levee broke last night and is gradually burying the city. Martial Law has been declared in the area as well. Overnight Levee Break: http://www.theadvertiser.com/apps/pbcs.dll/article?AID=/20050830/NEWS05/50830005 Martial Law: http://jurist.law.pitt.edu/paperchase/2005/08/breaking-news-martial-law-declared-in.php -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations Infrastructure [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matthew Kaufman Sent: Monday, August 29, 2005 11:47 AM To: nanog@merit.edu Subject: RE: Katrina could inundate New Orleans Dave Stewart: Y'know... I do have to wonder whether Internet access is nearly as important as power and communications (traditional comms, such as the PTSN). Granted, it'll be interesting to see how things shake out - but I just can't buy that getting the Internet working should/will be a really high priority. Back when I was running ISPs, we had several county and city Emergency Operations Centers as customers... Either on T1 or frame relay for their primary service, or as their backup dial-on-demand ISDN provider. These connections were how the EOC got river gauge data for planning flood evacuations (at the time, no other source other than having the numbers read off from the state-level agency office over the phone if they weren't too busy), USGS earthquake epicenter (also available over EDIS) and shake map (Internet only) data, weather service radar and satellite images (backup was TV broadcasts, if still on the air), and in some counties, the only access to the hospital emergency room status tracking system used for multi-casualty incidents... While there's more private data networks online now, there's also more Internet-available data that the EOCs would like to have access to, I'm sure (I know that some cities are using Internet-connected webcams to do security monitoring, look at shorelines, etc.) In many incident scenarios (and a few actual incidents), the priority was that the radio system stayed up, then Internet access, *then* PSTN (and having cellphone access to people in the field to supplement the radio system was more important than landline calls to anywhere else). And power, of course, is easily generated locally, so not a big priority at all. Interestingly, almost none of the agencies told sales what the connection was going to be used for... Only when engineering made a followup inquiry would we learn that, yes, in an emergency, they'd like theirs fixed first please, and yes, they'd need first dibs on the backup power if we didn't have enough to run everything. Matthew Kaufman [EMAIL PROTECTED]
Re: Martial Law declared in New Orleans Was: RE: Katrina could inundate New Orleans
And the mayor says it will be 4-6 weeks before electricity is restored. http://www.cnn.com/2005/WEATHER/08/30/katrina.neworleans/index.html --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
NANOG as the Internet government?
http://www.networkworld.com/columnists/2005/082205johnson.html --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
This fall in LA
Greetings everyone - registration is now open for the fall NANOG meeting, to be held Oct. 23-25 in Los Angeles. This is our fourth back-to-back meeting with ARIN - a joint venture that's proven very successful at giving operators direct access to the all-important folks who hand out IP addresses and ASNs in North America. ARIN meets just after NANOG, from Oct. 26-28. NEW THIS FALL: an in-depth Getting Started With IPv6 workshop, to be held Sunday from 9am-4:30 p.m. Workshop info and registration is here: http://www.arin.net/ARIN-XVI/ipv6_workshop.html NANOG registration is here: https://www.merit.edu/nanog/registration.form.html See you in Los Angeles!
Re: NANOG as the Internet government?
http://www.networkworld.com/columnists/2005/082205johnson.html /* ARTICLE Did the Internet/IETF governance model work? In many respects, yes. Early on, the IETF produced key protocols at a much faster clip than other network standards bodies (such as the IEEE and the ITU). Although many IETF veterans strenuously object to calling the IETF a standards body, whatever you call it, the IETF did an outstanding job midwifing protocols and accelerating the 'Net's adoption. */ Agree and disagree. There are still many things that need to be ironed out within the IETF and so called standards. Let's take a look at some of the protocols that have been broken, remodified, rebroken (slight Bushism), patched, entirely rewritten into a new concept, RFC, etc. I think that a body similar to the IETF would do justice, but selection of who's on first, would have to be done on a voting basis or sorts. /* ARTICLE Does the model still work? I'm not sure. In my view, the biggest concerns facing the Internet today are regulatory and operational, rather than technical. For example, how do we encourage providers to respect each other's QoS tags? Is it acceptable for providers to censor traffic for competitive advantage? Should providers be required to devote some of their revenues toward services for the common good, such as universal Internet access? */ Model of what... Putting in an RFC, getting comments from everyone what's the saying? Too many indians not enough chiefs or Too many hands in the pot spoil the stew. Anyhow, I say this looking at broken protocols that are vulnerable to all sorts of mayhem and have been broken for years because it wouldn't be in the best interest to make things right and have everyone reconfigure their networks. Granted rebuilding a backbone NAP would be a horror story, everyone points to IPv6 as a solution and how grandiose it will be, yet IPv6 (The Secure IP!) has been broken too. Not only that how many large providers are willing to take a hit in the pockets getting everything running the way it should be run. Why should they when they could do some shoddy patchwork until the next big hit. I know I'm rambling on, but come on now NANOG'ers as the Internet government. Some of the people here are great teachers in their own right and over the years I've probably learned more from NANOG than I have from any book, RFC, professor, etc., but I also know there are plenty of crybabies, plenty of morons, and even some on the IETF who have snubbed the notion of fixing broken protocols. I say this on the basis of me contacting quite a few on the issues of BGP/SBGP, ICMP and how I could break it out of boredom. Response Shoo fly... You don't have any certs... or Hush... By you releasing horribly written papers with information you're going to cause mayhem. And other things along those lines. /* ARTICLE So what should we do? One answer is to call in the federal government. I'm not a huge fan of government regulation; it can be better than the alternatives, but regulation tends to slow down an industry's rate of innovation. Moreover, the Internet is international, so whose federal government would we turn to as the referee? Yet waiting for the free market to answer these questions doesn't seem to be working, either. */ Problems with selecting people from any company or government are agendas. Who is to say that someone could be trusted from say taking a nice little payout to hush up on a problem. Not making an accusation lest someone at Cisco want to bore me with the threat of a lawsuit, but who is to be certain that even if some body was selected, you wouldn't have to worry about the big boys in industry paying to tweak the Internet to their liking. What if say Cisco (who has this huge issue their trying their best to cover up), greased the pocket of those in this body to quash the notion of Cisco having broken routers. Aside from that, what standards would this body set? Ten Commandments of the Interweb i. Thou shall route thy competitors packets fairly ii. Thou shall not install network analyzers without international warrants iii.Thou shall not allow evil traffic to pass through ones routes iv. Thou shall give access to any authority figure with or without warrants v. Thou shall maintain route tables vi. Honor thy NEIGHBOR_AS vii.Honor thy Backbone viii. Thou shall not null route thy neighbor ix. Thou shall play fairly with VoIP carries even whenst thine own's ILEC/CLEC loss revenue x. Thou shall remember all routes and AS's /* ARTICLE Call it the International Association of Networking Service Providers (IANSP). */ What about Yet Another Acronym to Add in Some Dictionary That No One Will Respect in the Morning (YAAASDTNOWRM) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x97B43D89 It is much easier to suggest solutions when you
Re: MPLS or Site2Site VPN
(sorry for the continuing top-post) Speaking of Hub-and-Spokes, what about Frame Relay (from a single provider that covers all your states)? I imagine that it's probably run over their own backbone using MPLS anyway. On Tue, Aug 30, 2005 at 05:00:56AM +0300, Kim Onnel wrote: What about doing the VPN onver the internet, with IPSec tunnels terminated in a hub and spoke model, i dont know price wise, but it would work fine. On 8/29/05, Todd Reed [EMAIL PROTECTED] wrote: I'm looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1's due to cost, therefore I'm looking for alternatives. I know I can do site-to-site VPN, but I've also heard a lot about MPLS and from what I've read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I'm not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it. Thanks, Todd -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: NANOG as the Internet government?
On Tue, 30 Aug 2005 14:14:52 EDT, J. Oquendo said: Ten Commandments of the Interweb xi. Thou shalt forswear the abuse of content-free buzzwords. Sorry, it needed saying. Unfortunately for the geeks among us, there's no easy way to number from zero in Roman numerals ii. Thou shall not install network analyzers without international warrants Might be a bad idea. There's a *reason* why 18 USC 2511 has specific exemptions for network quality testing: http://www4.law.cornell.edu/uscode/18/2511.html iv. Thou shall give access to any authority figure with or without warrants So you'll give access to an authority figure *without* a warrant, even though this clashes with the intent, if not the letter, of (ii)? (Or was without warrants veiled reference to a National Security Letter? :) iii. Thou shall not allow evil traffic to pass through ones routes viii. Thou shall not null route thy neighbor And if the two of these come into conflict, what do you do? Moral absolutism may be nice, but it won't save you any on your car insurance or help you run a production network. If you're selling volume-charged transit, it gets even murkier This stuff is harder than it looks pgpkcK4o7SWY7.pgp Description: PGP signature
Re: NANOG as the Internet government?
On Tue, 30 Aug 2005, J. Oquendo wrote: /* ARTICLE Does the model still work? I'm not sure. In my view, the biggest concerns facing the Internet today are regulatory and operational, rather than technical. For example, how do we encourage providers to respect each other's QoS tags? Is it acceptable for providers to censor traffic for competitive advantage? Should providers be required to devote some of their revenues toward services for the common good, such as universal Internet access? */ Not only that how many large providers are willing to take a hit in the pockets getting everything running the way it should be run. Why should they when they could do some shoddy patchwork until the next big hit. It's more than just that. The article excerpt above mentions: For example, how do we encourage providers to respect each other's QoS tags? This part is *not* regulatory in nature; it's financial. QoS is still (even today) a lucrative market. Why would Tier-1 A care to carry packets from Tier-1 B at a higher priority than anyone else's, unless Tier-1 B paid more $$$ for the privilege? If regulation were to step into this market, you'd have the entire industry crying foul. The other way round, however: Is it acceptable for providers to censor traffic for competitive advantage? is indeed a regulatory issue. For the most part, Tier-1s and other providers high up the food chain don't filter because doing so is (1) too much of a load on switching hardware, (2) too much risk of violating peers' or downstreams' contracts, or (3) both. The issue of traffic filtering is much more prominent with the small-fries and leaf networks. These two rhetorical questions are pretty clear. Unfortunately, the dividing area between regulatory and non-regulatory issues is a deep gray, and it's much broader than most netizens realize. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: NANOG as the Internet government?
On Tue, 30 Aug 2005 14:14:52 -0400 (EDT) J. Oquendo [EMAIL PROTECTED] wrote: Ten Commandments of the Interweb I'm biased, but I think these are better and less contestable: 1. Thou shalt above all, maintain the integrity of the network. 2. Thou shalt have a long term strategic direction. 3. Thou shalt always opt for quality before expediency. 4. Thou shalt meet the requirements, exceed the expectations and anticipate the needs of users. 5. Thou shalt benefit from a successful implementation by careful project planning. 6. Thou shalt provide reliability, availability and serviceability. 7. Thou shalt maintain detailed, timely and accurate documentation. 8. Thou shalt commit to continuous training. 9. Thou shalt test in a test environment. 10. Thou shalt install and label cables properly. They're about 10 years old now and seem to still hold up pretty well. John
Phone networks struggle in Hurricane Katrina's wake
Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Phone networks struggle in Hurricane Katrina's wake
We just received word they were evacuating the folks out of the Superdome too, as that's now in 3 feet of water...and rising. Diane Turley Sr. Network Engineer Xspedius Communications Co. 636-625-7178 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fergie (Paul Ferguson) Sent: Tuesday, August 30, 2005 2:46 PM To: nanog@merit.edu Subject: Phone networks struggle in Hurricane Katrina's wake Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512 696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
And via Slashdot: [snip] In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Cell phone circuits filled up during 9/11 attacks and in the wake of hurricane Katrina very few victims can make contact with their families, despite the fact that they have all those mobile phones. The Red Cross is looking to deploy satellite equipment From the article: to restore communications in affected areas. Katrina made landfall in Louisiana early this morning with sustained winds of 145 mph, but veered just enough to the east to spare New Orleans a direct blow. Even so, flooding, power outages and heavy damage to structures were reported throughout the region. The Red Cross tomorrow expects to begin deploying a host of systems it will need, including satellite telephones, portable satellite dishes, specially equipped communications trucks, high- and low-band radio systems, and generator-powered wireless computer networks, said Jason Wiltrout, a Red Cross network engineer. [snip] http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: A useful oversimplification for network surveillance?
Howard C. Berkowitz wrote: I'm developing some guidance for ISP surveillance for infrastructure attacks, and my increasing impression is that for other than the expert level, there may be some useful simplifications of the applicability of tools. Remember that I am speaking of surveillance here, not the detailed analysis in a sinkhole. Perhaps this could be the basis of some security architecture presentations/tutorials at NANOG. Have a look at these two presentations, the first covers most of the items you listed, the second one, while more enterprise-oriented also applies to large SP management networks. Building an Early Warning System in a Service Provider Network http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.ppt http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.zip (PDF) Network flows and Security http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.ppt http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.pdf Nico. -- Nicolas FISCHBACH ([EMAIL PROTECTED]) http://www.securite.org/nico/ Senior Manager - IP Engineering/Security - COLT Telecom Securite.Org Team - http://www.securite.org/
Re: Phone networks struggle in Hurricane Katrina's wake
On 30-aug-2005, at 22:08, Fergie (Paul Ferguson) wrote: In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Simple: it's too expensive. Keep this in mind when trading in your POTS service for VoIP service over the internet. Discounting the local loop which is often the same in both cases, POTS is extremely reliable while VoIP over the public internet, well, isn't. But apparently people that switch to VoIP don't mind the reduced likelihood of being able to make calls during the next large scale emergency.
Re: Phone networks struggle in Hurricane Katrina's wake
Me? I personally never trade my POTS for VoIP... - ferg -- Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 30-aug-2005, at 22:08, Fergie (Paul Ferguson) wrote: In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Simple: it's too expensive. Keep this in mind when trading in your POTS service for VoIP service over the internet. Discounting the local loop which is often the same in both cases, POTS is extremely reliable while VoIP over the public internet, well, isn't. But apparently people that switch to VoIP don't mind the reduced likelihood of being able to make calls during the next large scale emergency.
Re: Phone networks struggle in Hurricane Katrina's wake
On 30-aug-2005, at 22:08, Fergie (Paul Ferguson) wrote: In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Simple: it's too expensive. Keep this in mind when trading in your POTS service for VoIP service over the internet. Discounting the local loop which is often the same in both cases, POTS is extremely reliable while VoIP over the public internet, well, isn't. But apparently people that switch to VoIP don't mind the reduced likelihood of being able to make calls during the next large scale emergency. Yes! I agree 100%. The key words in that above statement were cheap commoditized. The reason satellite phones work in big disaster areas (other than the fact that the entire infrastructure in the affected area is comprised of a solar powered satellite and a subscriber's hand set with a remote base station(s) somewhere else in the world) is simple; not everyone and their cousin has one to use. Why? Because they're too expensive! Cell phones have trained the public in to accepting lower levels of phone service. Low cost equals high market adaptation, and in most cases, lower QoS. -Jerry
Re: MPLS or Site2Site VPN
We are beginning to look into non-MPLS QoS enabled/aware Internet feeds. The desired product would give us some priority on some traffic with predictable end-to-end latency and jitter. I will post to the list when I get further along in the process if anyone has interest. The reason it appears MPLS won't work for us is that it introduces unnecessary complexity. Between running BGP to the cloud and the design complexity to accomodate the service...it is not worth it. TV - Original Message - From: [EMAIL PROTECTED] To: nanog@merit.edu Sent: Tuesday, August 30, 2005 9:07 AM Subject: Re: MPLS or Site2Site VPN but you do loose the traffice QoS (esp in the internet fabric) you get with MPLS. I'm curious... Does anyone, anywhere run QoS in the Internet fabric, with or without MPLS? I know that some companies (like the one I work for) do offer several levels of service in their MPLS core networks. But to my way of thinking, the Internet fabric is precisely the peering interconnections between networks whether at an exchange point or over a private peering connection. As far as I know, nobody uses QoS over these connections and nobody does MPLS peering over these connections. Am I wrong??? --Michael Dillon
Re: MPLS or Site2Site VPN
The reason it appears MPLS won't work for us is that it introduces unnecessary complexity. Between running BGP to the cloud and the design complexity to accomodate the service...it is not worth it. it also does not give the end-sites provider independence. randy
Donate [Was Re: Phone networks struggle in Hurricane Katrina's wake]
Apologies for the multiple posts, but I think this is important enough to warrant a follow-up. I send out a public challenge to each and every one of you reading this to make a donation to the American Red Cross, if for nothing else, think of it as a small effort to assist the Red Cross in their efforts to establish emergency communications in the region. Of course, the donation will go towards all assistance efforts in the wake of Katrina, so rationalize it however you will. :-) http://www.redcross.org/ Click and donate. - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: And via Slashdot: [snip] In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Cell phone circuits filled up during 9/11 attacks and in the wake of hurricane Katrina very few victims can make contact with their families, despite the fact that they have all those mobile phones. The Red Cross is looking to deploy satellite equipment From the article: to restore communications in affected areas. Katrina made landfall in Louisiana early this morning with sustained winds of 145 mph, but veered just enough to the east to spare New Orleans a direct blow. Even so, flooding, power outages and heavy damage to structures were reported throughout the region. The Red Cross tomorrow expects to begin deploying a host of systems it will need, including satellite telephones, portable satellite dishes, specially equipped communications trucks, high- and low-band radio systems, and generator-powered wireless computer networks, said Jason Wiltrout, a Red Cross network engineer. [snip] http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
now it's really serious in New Orleans
In an running on WWL TV right now, Mayor Ray Nagin says that a planned sandbag drop to stop the levee breach near pump #6 at the 17th St. Canal didn't happen and the pump has failed, so the probability is that the bowl will now be filled, meaning water will flood the majority of the city including the Garden District, French Quarter and CBD. If unabated the water will go to the level of Lake Pontchartrain, about 3 feet ASL, which means, for example, 9 feet of water on St Charles Street. The mayor called the missed opportunity a blunder and said this would unfold over the next 12-15 hours. Now it's time to really worry. fh
Re: Phone networks struggle in Hurricane Katrina's wake
In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Simple: it's too expensive. Keep this in mind when trading in your POTS service for VoIP service over the internet. Discounting the local loop which is often the same in both cases, POTS is extremely reliable while VoIP over the public internet, well, isn't. But apparently people that switch to VoIP don't mind the reduced likelihood of being able to make calls during the next large scale emergency. Yes! I agree 100%. The key words in that above statement were cheap commoditized. The reason satellite phones work in big disaster areas (other than the fact that the entire infrastructure in the affected area is comprised of a solar powered satellite and a subscriber's hand set with a remote base station(s) somewhere else in the world) is simple; not everyone and their cousin has one to use. Did I miss the memo announcing the Slashdot commentary section had been extended to the NANOG mailing list? It is one thing to expand on a story with useful insights, but this entire thread is just restating the obvious for the sake of hearing your own voice (or the digital equivalent thereof). If I wanted to read the uninformed reactions of random people to random news stories wondering why cell phone circuits fill up during natural disasters I would go to slashdot and click Read More This stuff doesn't even come close to being NANOG worthy, let alone on-topic or appropriate. Note: nothing personal to those being quoted. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Phone networks struggle in Hurricane Katrina's wake
I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. - ferg -- Richard A Steenbergen [EMAIL PROTECTED] wrote: Did I miss the memo announcing the Slashdot commentary section had been extended to the NANOG mailing list? It is one thing to expand on a story with useful insights, but this entire thread is just restating the obvious for the sake of hearing your own voice (or the digital equivalent thereof). If I wanted to read the uninformed reactions of random people to random news stories wondering why cell phone circuits fill up during natural disasters I would go to slashdot and click Read More This stuff doesn't even come close to being NANOG worthy, let alone on-topic or appropriate. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
- Original Message - From: Fergie (Paul Ferguson) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: nanog@merit.edu Sent: Tuesday, August 30, 2005 9:22 PM Subject: Re: Phone networks struggle in Hurricane Katrina's wake I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. operational material maybe? nah, i'm just a confused lurker, haven't seen any of it here for a while. -p --- paul galynin
Yahoo! -- A Phisher-friendly hosting domain?
This would probably be better posted to NSP-SEC, but since I'm not subscribed (and have tried at least once), I'll share it here. For what it's worth, I'm involved in several security and anti-malware, anti-botnet, etc. group efforts, and I personally think that this particlar situation has gained enough badness status as to warrant wider public disclosure. A colleague alerted me to this earlier today (with permission to reprint): [snip] My attention was drawn earlier today to yet another phishing site on Yahoo! - we're already finding extreme porn and other disreputable sites moving there now that their abuse dept has been dismantled and reassembled in Oregon, apparently with all staff-under-training. But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com when they are set up on their servers, if only for reasons of due diligence ... otherwise Bank of the West might possibly have grounds for a lawsuit against Yahoo! ? Have any banks ever threatened to litigate against ISPs? If ever there was an incident calling out to be made a test case ... [snip] Details can be found here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL31214 Also: [snip] The fact that very many phishers, 419s, and spamming pornographers are flocking to Yahoo is the result of changes that Yahoo have made to their abuse processing. Also, as they run ClamAV on all mail to their new abuse desk in Oregon, any reports to them that contain evidence of phishing incidents are automatically rejected by the ClamAV filtering - so it is difficult to know exactly HOW Yahoo! could have been expected to take action on these cases. (Yahoo! have been told about the situation by several respected individuals but from the reactions it seems that they do not care.) [snip] A more interesting link can be found here: http://www.spamhaus.org/sbl/listings.lasso?isp=yahoo.com This is somewhat disturbing. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
On Wed, Aug 31, 2005 at 01:22:13AM +, Fergie (Paul Ferguson) wrote: I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. North American Network Operations perhaps? Talking about the impact to networks is on-topic, talking about steps being taken to protect or restore networks is on-topic, talking about networking infrastructure as it relates to the public communications infrastructure is on-topic during an event like this. Replying to idiotic slashdot articles asking really stupid questions is not on topic. Telling the entire NANOG reader base that you like your POTS line and will never switch to VoIP is not on topic. Technically speaking a human tragedy isn't even on topic. Like I said, it might be different if there was some actual insight being provided here. If someone was talking about some specific data relating to the reliability of the infrastructure or otherwise something OPERATIONAL to talk about that would be one thing, but this is not operational, this is simply chatter. Chatter has its place, that is why people read Slashdot and watch the news, but replacing an operational mailing list with the slashdot commentary section and seeing what happens is not my or anyone else's idea of a good time. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Phone networks struggle in Hurricane Katrina's wake
I'll file that comment where it belongs -- in file 13. manners, paul If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. operational material maybe? nah, i'm just a confused lurker, haven't seen any of it here for a while. the steering committee has been discussing the idea of a nanog blog. of course it would be directed to operational content and not your daily pointer to some cartoon etc. but, in the spirit of an open group, we are very interested to hear what the community thinks of this. but please let's discuss it over on [EMAIL PROTECTED] HINT! randy
Re: Phone networks struggle in Hurricane Katrina's wake
You get high marks for your crumudgeon level. However, if I have to point it out and lead you to it like a child, then so be it. If I was mistaken in thinking that the referenced article: Red Cross looks to IT for post-Katrina recovery http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html ..would perhaps elicit some operational suggestions from the peanut gallery on how to perhaps assist in this effort, or prhaps contribute to the BellSouth issues, etc., then mea culpa. Sniping certainly accomplishes nothing. - ferg -- Richard A Steenbergen [EMAIL PROTECTED] wrote: On Wed, Aug 31, 2005 at 01:22:13AM +, Fergie (Paul Ferguson) wrote: I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. North American Network Operations perhaps? Talking about the impact to networks is on-topic, talking about steps being taken to protect or restore networks is on-topic, talking about networking infrastructure as it relates to the public communications infrastructure is on-topic during an event like this. Replying to idiotic slashdot articles asking really stupid questions is not on topic. Telling the entire NANOG reader base that you like your POTS line and will never switch to VoIP is not on topic. Technically speaking a human tragedy isn't even on topic. Like I said, it might be different if there was some actual insight being provided here. If someone was talking about some specific data relating to the reliability of the infrastructure or otherwise something OPERATIONAL to talk about that would be one thing, but this is not operational, this is simply chatter. Chatter has its place, that is why people read Slashdot and watch the news, but replacing an operational mailing list with the slashdot commentary section and seeing what happens is not my or anyone else's idea of a good time. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
Wrong Paul. - ferg p.s. I'm doing a blog already. I also run a few networks. It's all relative. Feel free to experiment at will! ;-) - ferg -- Randy Bush [EMAIL PROTECTED] wrote: I'll file that comment where it belongs -- in file 13. manners, paul If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. operational material maybe? nah, i'm just a confused lurker, haven't seen any of it here for a while. the steering committee has been discussing the idea of a nanog blog. of course it would be directed to operational content and not your daily pointer to some cartoon etc. but, in the spirit of an open group, we are very interested to hear what the community thinks of this. but please let's discuss it over on [EMAIL PROTECTED] HINT! randy -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
On Wed, 31 Aug 2005, Fergie (Paul Ferguson) wrote: I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. The danger here is that if real operational questions needed to be asked (like, my router is under water, can somebody help get my network back online? as a hypothetical example), they might get lost in the noise. At the same time, there is plenty of information out there that makes it easier to operate networks, and it is useful if that information gets shared. And, humans experiencing an unfolding disaster, or even watching from a distance, may be under a lot of stress, and asking them not to reach out to whatever communities they're part of is probably pretty futile. The key is striking the right balance, and that means the usual request to list members to please think before you post. So, for those of you who have infrastructure in the affected areas, is there anything the rest of us can do to help? -Steve
beware mailing list bounce automation
[ excuse ops post ] wondered why some queues were getting long. decided to actually look before running the mailing list bounce scrubber. a whole lot of [EMAIL PROTECTED] etc. beware. crank up them queues. exim hack is some variation on tulane.edu * F,12h,30m; G,24h,3h,1.5; F,30d,12h randy
Re: beware mailing list bounce automation
At 6:06 PM -1000 8/30/05, Randy Bush wrote: [ excuse ops post ] wondered why some queues were getting long. decided to actually look before running the mailing list bounce scrubber. a whole lot of [EMAIL PROTECTED] etc. beware. crank up them queues. exim hack is some variation on tulane.edu * F,12h,30m; G,24h,3h,1.5; F,30d,12h randy Yes, Please be nice to our neighbors in New Orleans. G
Re: Phone networks struggle in Hurricane Katrina's wake
On Tue, Aug 30, 2005 at 09:12:51PM -0400, Richard A Steenbergen wrote: In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Simple: it's too expensive. Keep this in mind when trading in your POTS service for VoIP service over the internet. Discounting the local loop which is often the same in both cases, POTS is extremely reliable while VoIP over the public internet, well, isn't. But apparently people that switch to VoIP don't mind the reduced likelihood of being able to make calls during the next large scale emergency. Yes! I agree 100%. The key words in that above statement were cheap commoditized. The reason satellite phones work in big disaster areas (other than the fact that the entire infrastructure in the affected area is comprised of a solar powered satellite and a subscriber's hand set with a remote base station(s) somewhere else in the world) is simple; not everyone and their cousin has one to use. Did I miss the memo announcing the Slashdot commentary section had been extended to the NANOG mailing list? It is one thing to expand on a story with useful insights, but this entire thread is just restating the obvious for the sake of hearing your own voice (or the digital equivalent thereof). If I wanted to read the uninformed reactions of random people to random news stories wondering why cell phone circuits fill up during natural disasters I would go to slashdot and click Read More This stuff doesn't even come close to being NANOG worthy, let alone on-topic or appropriate. Note: nothing personal to those being quoted. Richard, I couldn't agree with you more, I've been concidering unsubscribing from the day I subscribed. The reaction to your post was even worse then the messages themselves. Perhaps it is time to leave. Michael signature.asc Description: Digital signature
Re: now it's really serious in New Orleans
On Tue, 2005-08-30 at 18:07 -0700, Fred Heutte wrote: In an running on WWL TV right now, Mayor Ray Nagin says that a planned sandbag drop to stop the levee breach near pump #6 at the 17th St. Canal didn't happen and the pump has failed, so the probability is that the bowl will now be filled, meaning water will flood the majority of the city including the Garden District, French Quarter and CBD. If unabated the water will go to the level of Lake Pontchartrain, about 3 feet ASL, which means, for example, 9 feet of water on St Charles Street. The mayor called the missed opportunity a blunder and said this would unfold over the next 12-15 hours. Now it's time to really worry. fh While we're off topic, the Red Cross needs blood donations. It wont keep networks up, but hopefully it will keep people in need alive. For more information/ to locate the nearest Red Cross. Please visit https://www.givelife.org for the location of the nearest blood drive. -- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key At http://www.2mbit.com/~trelane/trelane.asc Key fingerprint = 4106 3338 1F17 1E6F 8FB2 8DFA 1331 7E25 C406 C8D2 signature.asc Description: This is a digitally signed message part
Re: Phone networks struggle in Hurricane Katrina's wake
On Wed, 31 Aug 2005, Fergie (Paul Ferguson) wrote: If I was mistaken in thinking that the referenced article: Red Cross looks to IT for post-Katrina recovery http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html ..would perhaps elicit some operational suggestions from the peanut gallery on how to perhaps assist in this effort, or prhaps contribute to the BellSouth issues, etc., then mea culpa. Slightly operational; I tried several times earlier today to donate to the Red Cross via their website. I was stymied by constant errors from their MS SQL Server backend. Its sad to think of how much in donations they've missed out on, by relying on some rinky-dink software. If anyone has operational contact with the redcross website engineering folks, you might want to let them know that its time to reboot the server. matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke