Re: Oregon storms affect trans-pacific traffic
On Tue, 4 Dec 2007, Lynda wrote: Mark Newton wrote: On 05/12/2007, at 9:29 AM, John Savageau wrote: If there is anything we at One Wilshire can do to assist any network ... SCCN have carried out a temporary repair, and services are now restored (ours are, in any case -- Two of our six unprotected STM-4's on SCCN were affected by this, but they're now back) Sounds like things are pretty bad at Portland, Oregon. Repair took over 24 hours because flooding prevented the splicing crews from getting to the worksite. Ouch. Normally I'd be quiet, but realize that not all news travels, even when it's bad. I don't know whether it's been restored, but last I heard, traffic on I-5 between Portland and Seattle was completely cut off, and traffic was being routed through Yakima (making a 3 hour trip into a 7 hour trip). Oregon is very hard hit. Here's the Washington map; it's bad enough here. http://www.wsdot.wa.gov/traffic/ http://www.wsdot.wa.gov/traffic/trafficalerts/ Lynda - things are grim on the oregon coast: http://www.tripcheck.com/ Lincoln City camaras are off line, but Florence and Newport give you some idea... - Lucy
Re: Oregon storms affect trans-pacific traffic
Mark Newton wrote: On 05/12/2007, at 9:29 AM, John Savageau wrote: If there is anything we at One Wilshire can do to assist any network ... SCCN have carried out a temporary repair, and services are now restored (ours are, in any case -- Two of our six unprotected STM-4's on SCCN were affected by this, but they're now back) Sounds like things are pretty bad at Portland, Oregon. Repair took over 24 hours because flooding prevented the splicing crews from getting to the worksite. Ouch. Normally I'd be quiet, but realize that not all news travels, even when it's bad. I don't know whether it's been restored, but last I heard, traffic on I-5 between Portland and Seattle was completely cut off, and traffic was being routed through Yakima (making a 3 hour trip into a 7 hour trip). Oregon is very hard hit. Here's the Washington map; it's bad enough here. http://www.wsdot.wa.gov/traffic/ http://www.wsdot.wa.gov/traffic/trafficalerts/
Re: Oregon storms affect trans-pacific traffic
On 05/12/2007, at 9:29 AM, John Savageau wrote: If there is anything we at One Wilshire can do to assist any network in dealing with this, or recovering from the storm - let us know. We can probably facilitate some emergency cross connections or if you are connected to our IXP (Any2) nail up sessions for those carriers present within One Wilshire within a few hours. SCCN have carried out a temporary repair, and services are now restored (ours are, in any case -- Two of our six unprotected STM-4's on SCCN were affected by this, but they're now back) There'll likely be some further outages down the track while the temporary repair is made permanent. But at least the emergency has been mitigated. Sounds like things are pretty bad at Portland, Oregon. Repair took over 24 hours because flooding prevented the splicing crews from getting to the worksite. Ouch. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
RE: Oregon storms affect trans-pacific traffic
If there is anything we at One Wilshire can do to assist any network in dealing with this, or recovering from the storm - let us know. We can probably facilitate some emergency cross connections or if you are connected to our IXP (Any2) nail up sessions for those carriers present within One Wilshire within a few hours. John Savageau Managing Director CRG West, One Wilshire Los Angeles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven Haigh Sent: Tuesday, December 04, 2007 2:33 PM To: NANOG List Subject: Re: Oregon storms affect trans-pacific traffic On Tue, Dec 04, 2007 at 01:51:13PM -0500, Sean Donelan wrote: > http://www.theaustralian.news.com.au/story/0,25197,22869272-15306,00.htm l > > Southern Cross Cable operations vice president, Dean Veverka, has confirmed > that hurricane-strength storms and flooding have wiped out the carrier's > Oregon cable route and halved its bandwidth between Australian and the US. > Southern Cross's customers in Australia include iiNet, Internode and AAPT. This has hit us too. It's a major PITA and seems to have been handled pretty badly by at least one T1 carrier. We've seen much of the net unreachable due to flapping BGP sessions causing route dampening on a lot of address space in Australia. Hopefully it'll be repaired soon! -- Steven Haigh Email: [EMAIL PROTECTED] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 "I said it was an upgrade. I didn't say it was better."
Re: Oregon storms affect trans-pacific traffic
On Tue, Dec 04, 2007 at 01:51:13PM -0500, Sean Donelan wrote: > http://www.theaustralian.news.com.au/story/0,25197,22869272-15306,00.html > > Southern Cross Cable operations vice president, Dean Veverka, has confirmed > that hurricane-strength storms and flooding have wiped out the carrier's > Oregon cable route and halved its bandwidth between Australian and the US. > Southern Cross's customers in Australia include iiNet, Internode and AAPT. This has hit us too. It's a major PITA and seems to have been handled pretty badly by at least one T1 carrier. We've seen much of the net unreachable due to flapping BGP sessions causing route dampening on a lot of address space in Australia. Hopefully it'll be repaired soon! -- Steven Haigh Email: [EMAIL PROTECTED] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 "I said it was an upgrade. I didn't say it was better."
Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd)
Duane should have data on the wpad.{com|net|org} usage.
On Tue, Dec 04, 2007, Gadi Evron wrote:
>
> I was told I should care about smaller entities that ccTLDs on this, so
> here is a forward to NANOG of a discussion on DNS-operations.
Adrian
Re: IPv4 BGP Table Reduction Analysis - Prefixes Filter by RIRs Minimum Allocations Boundaries
Andy and fellows, Sun, 2 Dec 2007 09:59:19 -0500, Andy Davidson <[EMAIL PROTECTED]> escreveu: > Do you still have the lab setup ? Could you work out what happens to > the routing table and traffic routing if you permit one deaggregation > per rir prefix ? I.e. This /19 is permitted to become two /20s, but > it is not permitted to become four /21. My desire would be to see > the resolved routing table look almost as trim as your 40% saving, > but a significant amount of traffic routed as intended by the > originating network. I am travelling now (IETF meeting), but I think that when I come back the lab can easily be setup again reloading the same BGP data or from a different date. You proposed basically a filter change in the setup. The only job for that is to edit the prefix list and run again the analyses. May be we can discuss more about that before running the test. > > Lastly, perhaps another comment for your recommendations and > conclusions section could be that traffic is hurt most in this model > for networks who deaggregate most. Lets encourage people who read > this document to infer that aggregating their prefixes would improve > their reach in the post 250k routing table world. > I agree with you. Thanks for your feedback. Regards, Eduardo Ascenço Reis <[EMAIL PROTECTED]>
Re: IPv4 BGP Table Reduction Analysis - Prefixes Filter by RIRs Minimum Allocations Boundaries
Hi Valdis and fellow, Sun, 02 Dec 2007 15:19:14 -0500, [EMAIL PROTECTED] escreveu: > Eduardo - if you still have the lab setup and netflow/whatever data, is there > any way to tell if any of those 30% routes affected are in any way "high > traffic" sites? This is a great suggestion. Does any of you now a public flow database (similar to Oregon archive) that can be used for that ? It would be nice to analyse each estimated affected prefix against real traffic data (netflow aggregated per prefix). I only have access to netflow data from one AS from Brazil that for sure is not representative for others ASes outside Brazil. Any idea ? Eduardo Ascenço Reis <[EMAIL PROTECTED]>
ATIS releases standard outage classification
http://www.atis.org/PRESS/pressreleases2007/120307.htm In accordance with the Standard Outage Classification, telecommunication companies can now use common terminology and reporting structures to collect and report data used for identifying causes of outages. If you are not an ATIS member, a copy of the standard is $68. Nevertheless, I suspect media relation professionals for the companies will probably continue to use other euphemisms when discussing SNAFUs with the press.
Oregon storms affect trans-pacific traffic
http://www.theaustralian.news.com.au/story/0,25197,22869272-15306,00.html Southern Cross Cable operations vice president, Dean Veverka, has confirmed that hurricane-strength storms and flooding have wiped out the carrier's Oregon cable route and halved its bandwidth between Australian and the US. Southern Cross's customers in Australia include iiNet, Internode and AAPT.
Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure (fwd)
I was told I should care about smaller entities that ccTLDs on this, so here is a forward to NANOG of a discussion on DNS-operations. -- Forwarded message -- Date: Tue, 4 Dec 2007 00:56:51 -0600 (CST) From: Gadi Evron <[EMAIL PROTECTED]> To: Rickard Dahlstrand <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: [dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure On Tue, 4 Dec 2007, Rickard Dahlstrand wrote: Gadi Evron wrote: http://www.microsoft.com/technet/security/advisory/945713.mspx A malicious user could host a WPAD server, potentially establishing it as a proxy server to conduct man-in-the-middle attacks against customers whose domains are registered as a subdomain to a second-level domain (SLD). For customers with a primary DNS suffix configured, the DNS resolver in Windows will attempt to resolve an unqualified .wpad. hostname using each sub-domain in the DNS suffix until a second-level domain is reached. For example, if the DNS suffix is corp.contoso.co.us and an attempt is made to resolve an unqualified hostname of wpad, the DNS resolver will try wpad.corp.contoso.co.us. If that is not found, it will try, via DNS devolution, to resolve wpad.contoso.co.us. If that is not found, it will try to resolve wpad.co.us, which is outside of the contoso.co.us domain. Most of the wpad.tld domains are already reserved like this one http://wpad.com/ It's amazing that when they fixed it for .com etc. a while back they missed that there where two-level tld-domains. Rickard. http://www.microsoft.com/technet/security/bulletin/fq99-054.mspx - What's the problem with the search algorithm? When IE 5 starts, it will begin searching for a WPAD server, if it is configured to use WPAD. It starts the search by adding the hostname "WPAD" to current fully-qualified domain name. For instance, a client in a.b.Microsoft.com would search for a WPAD server at wpad.a.b.microsoft.com. If it could not locate one, it would remove the bottom-most domain and try again; for instance, it would try wpad.b.microsoft.com next. IE 5 would stop searching when it found a WPAD server or reached the third-level domain, wpad.microsoft.com. The algorithm stops at the third level in order to not search outside of the current network. However, for international sites, this is not sufficient, because third-level domains can be outside the current network. For example, if the network at xyz.com.au did not have a WPAD server, the search algorithm eventually would reach wpad.com.au, which is an external network name. If the owner of wpad.com.au set up a WPAD server, he or she could provide chosen proxy server configuration settings to the clients at xyz.com.au. For that matter, any network in com.au that didn't have its own WPAD server but did have WPAD enabled in its web clients also would also resolve to wpad.com.au. - From the FAQ for the 1999 fix... It is quite possible, and we can assume (until someone tells us they know), that they fixed it for ccTLDs as well, and then re-introduced the flaw somehow. Also: http://www.wlug.org.nz/WPAD - (BeauButler?: I have registered wpad.co.nz, and do not intend to be 'really nasty'. I am collecting the 404 logs with the intention to produce some nice charts, hoever. Also, the wpad organisational-boundaries bug appears to have resurfaced in Internet Explorer 7!!) - Beau Bulter is the guy who got all the press by talking about this at kiwicon last week: https://kiwicon.org/presentations#oddy This is the story that got Microsoft's attention: http://www.theage.com.au/news/technology/flaw-leaves-microsoft-looking-like-a-turkey/2007/11/23/1195975914416.html Which is where Beau says there are ~160,000 exploitable machines in NZ alone. He would *supposedly* know since he has the wpad.co.nz domain. Whether it is a major issue or not, misconfigurations happens, heck, shit happens. I'd think we should watch for this and get that domain registered/monitored at different ccTLDs. Gadi.
