RE: rack power question
Well, seeing as that most pad mounted transformers use mineral oil as a heat transfer agent (in applications up to and exceeding 230kv), I don't suspect it is of issue. However, we've all seen nice transformer fires. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Shore Sent: Tuesday, March 25, 2008 10:20 AM To: Dorn Hetzel Cc: nanog list Subject: Re: rack power question Dorn Hetzel wrote: Of course, my chemistry is a little rusty, so I'm not sure about the prospects for a non-toxic, non-flammable, non-conductive substance with workable fluid flow and heat transfer properties :) Mineral oil? I'm not sure about the non-flammable part though. Not all oils burn but I'm not sure if mineral oil is one of them. It is used for immersion cooling though. Justin
RE: rack power question
Surly we should be asking exactly is driving the demand for high density computing and in which market sectors and is this actually the best technical solution to solve them problem. I don't care if IBM, HP etc etc want to keep selling new shiny boxes each year because they are telling us we need them - do we really? ...? Perhaps not. But until projects like http://www.lesswatts.org/ show some major success stories, people will keep demanding big blade servers. Disagreed. Customers who don't run datacenters general don't understand the issues around high density computing, and most enterprises I deal with don't care about the cost. More and Faster is their vocabulary. If you move all the entreprise services onto virtual servers then you can free up space for colo/hosting services. We do quite a bit of VMWare and Xen, both our own and our customers. We have found power consumption still goes up, simply because there is always a backlog of the need of resources. In other words, it's almost if you build it they will come relates to CPU cycles as well. I have never seen a decrease in customer power consumption when they have virtualized. They still have more iron, with a lot more VM's. You can even still sell to bulk customers because few will complain that they have to deliver equipment to three dara centers, one two blocks west, and another three blocks north. X racks spread over 3 locations will work for everyone except people who need the physical proximity for clustering type applications. Send me those customers, because I haven't seen them. Especially the ones with lots of fiber channel and InfiniBand.
RE: Area Social Activity
That's all they paid? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Beck Sent: Thursday, February 14, 2008 11:31 AM To: Bill Nash Cc: North American Network Operators Group Subject: RE: Area Social Activity And to celebrate my first TransAtlantic IRU, I will buy the first ten people a drink. The commission is funding it.
RE: An Attempt at Economically Rational Pricing: Time Warner Trial
As long as the companies convince people that the cap is large enough to be essentially the same as unmetered then most people won't care and will take the savings. I don't agree. When we sold boatloads of dialup in the mid to late 90's, people did not like caps, no matter how high they were. We sold a product early on for $20/month which gave you 240 hours/month -- that was an average of 8 hours/day. However, most users never used more than 20 to 30 minutes a day -- but we often got told they were moving to other providers because they were 'unlimited.' So, we adapted. In any event, I've been watching this thread, and I'd have to say that going down the road of metered pricing will only cause other providers not to do this, and then market against TW. In fact, I'd bet on it. Am I the only one here who thinks that the major portion of the cost of having a customer is *not* the bandwidth they use?
RE: An Attempt at Economically Rational Pricing: Time Warner Trial
If we define customer to be an average user of the provided service, and bandwidth to be transit pipe cost, then no, bandwidth is not the major cost of their service. However, if you're advertising an 'unlimited' service and want to keep your promises, you can't plan your network around the average user -- there will be people who will want to hold you to your 'unlimited' promise. I don't agree again. The heavy usage customer would be included in your 'average customer base', just as they were in the dialup world. Yes, the average user was only for 20 to 30 minutes a day, but you certainly had users who logged in once a week, and some who stayed connected 24x7. In my experience in selling DSL, while what you count (bytes instead of minutes) has changed, the premise has not. If you also call 'bandwidth cost' to include all the infrastructure costs required to provide that unlimited service, then yes, bandwidth cost would be a pretty major part of that customer's cost. I dunno about that. You have to build a network either way, in any event. The incremental cost difference between building a network and building a bigger network is probably lost in the noise, somewhere around advertising, support, or your CEO going to Scores on the corporate card. Quickly scanning a reasonably sized MSO here in NJ, the numbers are that the operational cost of the network (what they call Techincal and Operating, which likely includes support) was around 42% of revenue. First, I'd bet their network is not full, or anywhere near full, and that to make their dark fiber do 10ge instead of oc48 or whatever it is they use would be tiny. I am not saying that having an unlimited product would not have an effect on their network, but the answer might be 'who cares.' (My point of view is Australia rather than the US, but I don't think 14Mbps of dedicated transit is $50/month even in the US). If it isn't, it will be. And I'd be happy to sell it.
RE: shameful-cabling gallery of infamy - does anybody know where it went?
Alright, this is all scary familiar and bringing back bad memories. Wooden modem racks, POPs in disued bathrooms, demarcs so stuffed with At one point, we had 200 pair installed into a two family house in rural NJ. The pop was in the basement, which had dirt floors. Or, the local phone company begging us to get lines in different CO's so that we wouldn't overload inter-office trunks and tandems. Or, the custom made racks to hold USR Sportster modems (which had to be removed from their enclosure) Or, Livingston PM3's that cost $17k for two PRIs Or, full BGP between AGIS and iMCI (note the 'i') on a 2501 Or, when you had a mail server (it was monolithic, remember) fail, and you told customers, they'd say, OK, I'll check my mail tomorrow Ah, the good old days.
RE: question on algorithm for radius based accouting
They should yield (approximately) the same result. But, to be pedantic, you haven't accounted for latency within the network. Somebody should be whipped, either for: 2) You, for making even this aged arch-pedant wince. :-) Ding! Seriously, can I also add that RADIUS interim accounting is almost essential in this scenario. Real world accounting and session boundaries mis-match badly making it almost mandatory to use interim accounting records to get an approximation of what the figures look like from a billing perspective. I'll also add watch out for missing records - I've found RADIUS to be the lossiest network protocol per foot of cabling that I've ever used. I can't say I've seen this. Having collected hundreds of millions of radius packets in my years (hell, we were running PM-2e's in 1996), and have written several accounting collectors, I can't say I agree. If you follow the specifications properly, unless you have issues with the transmitting device (read: BUG), RADIUS accounting has always been good to me. And, I've not seen the behavior you describe that requires interim.
RE: question on algorithm for radius based accouting
My question is: what's the best algorithm for constrcting broadband access record from radius accouting packets? Read the RFC. No, I am being serious. Record Accouting-on packet arriving time - record Accouting-Off packet's Acct-Session-Time and Acct-Delay-Time - The Log-off time is calculated as: Accouting-on time + ( Acct-Session-Time - Acct_delay-Time) Or, take the acct record from logoff, and: (time stop acct record rec'd) - (acct-delay-time) Either will work. However, it's somewhat more common to do what I suggest. Log-on time is calculated as: Accouting-off arriving time - ( Acct-Session-Time - Acct_delay-Time) Yes. Are the two methods have the same effect on calculating result? If radius packets were sent to two accouting systems simulataneusly, while the two system takes the different algorithm, will there be any difference between the result of accouting ? They should yield (approximately) the same result. But, to be pedantic, you haven't accounted for latency within the network.
RE: Why do we use facilities with EPO's?
In fact, an EPO system is a single point of failure... And, whether or not you need an EPO in your center is wholly up to you, and how you design your center. As mentioned at a recent seminar I went to: If you do not need to install non-plenum rated cable below a floor, and you require boxes under the floor to be secured, and you do not state NFPA 75 as your standard, then you do not need an EPO as defined by NEC 645. Only if you want exceptions granted in 645 (Information Technology Equipment), should you have to install an EPO. EPO = SPOF = bad. We all know this. If they can be avoided, why do we put up with them? Do we really want our colo in downtown San Francisco bad enough to take the risk of having a single point of failure? How can we, as engineers, ask questions about how many generators, how much fuel, and yet take for granted that there is one button on the wall that makes it all turn off? Is it simply that having colo in the middle of the city is so convenient that it overrides the increased cost and the reduced redundancy that are necessitated by that location? You forgot the default Single Point of Failure in anything.. HUMANS. Tuc/TBOH
IPv6 Training?
Does anyone know of any good IPv6 training resources (classroom, or self-guided)? Looking to send several 1st and 2nd tier guys, for some platform/vendor-agnostic training. Any clues? Thanks.. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: PGE on data centre cooling..
(beware, weekend engineering and number pulling here) If you have 250 fixtures, which are each (2) 4' T8 fluorescent bulbs, which would make for (500) 32 watt bulbs, that would be 16 kw, or at $0.13 cpkwhr, would be $1,497/month. But, don't forget, you'd have to cool the heat load generated by the bulbs. 250 fixtures would probably be around a 16 kft datacenter (perhaps smaller). 16 kft in todays datacenters would be about 1.5 mw of usage, between power consumption and HVAC. That'd be $140,400/month. Lighting would account for 1.0% or so. We use a combination of LED and CF (compact fluorescent) for lighting, which with reduced bulb changes (and the associated labor) because of longer live, and the significantly less energy usage, the savings do add up over time. I mean, it adds up in absolute dollars, but perhaps not relative. In our town, the fire folks do not require the emergency lighting to be battery-backed, so long as it is on generator and will not be off for more than 15 seconds. We use an Edison-base style LED fixture, something like http://www.superbrightleds.com/specs/E27-x24_narrow.htm It provides about 15 to 20 watts of equivalent incandescent light, using only 3 watts. Has a neat look too. http://www.nac.net/nac_mmu.jpg John(damn I've been in a DC with clear floor tiles...why didn't I think of this then?) How about the concept used in movie theatres? Line the walkways with white LEDs so that people can walk safely. Far less power, easy to run from small UPS, and use LED exit lights to keep the fire marshalls happy. Even mark the location of fire extinguishers in LEDs. Customers would be encourages to bring their own florescent panel lamps; rentals would be available for the forgetful.
RE: [funsec] Not so fast, broadband providers tell big users (fwd)
And on-demand DVR-type things which I believe will grow in popularity. Of course, most of those are overlays which the SPs themselves don't offer; when they wish to do so, it'll become an issue, IMHO. Which, by the way, is hitting main stream. Amazon Unbox. http://www.amazon.com/b/?node=16261631 Watch movies on demand on your Tivo in (almost) real time over your internet connection.
RE: GBLX issues?
this morning around 3 am, effecting 2 connections in that You mean 'affecting.' -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
re: passports for NANOG-39, Toronto
You may have heard that the US and Canada are going to start requiring passports for air travel between them beginning soon. That date is currently set as 8 Jan 2007, which is before February NANOG. MERIT has noted this on the web site, but a cursory check of my list archives didn't turn up mention of it (sorry if I overlooked it; the last couple of weeks have been hectic), so I figured I'd include the pointer: FYI, this date only applies to air or sea (which I imagine is the bulk of people going). However, for land crossings: http://travel.state.gov/travel/tips/regional/regional_1170.html The Intelligence Reform and Terrorism Prevention Act of 2004 requires that, by January 1, 2008, travelers to and from the Caribbean, Bermuda, Panama, Mexico and Canada have a passport or other secure, accepted document to enter or re-enter the United States. [...] The travel initiative requirements will be rolled out in phases. The proposed implementation timeline is as follows: December 31, 2006 - Passport required for all air and sea travel to or from Canada, Mexico, Central and South America, the Caribbean, and Bermuda. December 31, 2007 - Passport required for all land border crossings, as well as air and sea travel.
RE: Collocation Access
Is this some new trend or have I just gotten lucky in the past? Wouldn't someone like ATT be better served by giving their employees some company issued ID that they can submit to secure facilities? I know it wouldn't be government I am shocked that the ATT employee did not have an ATT ID. In our facilities, we require all visiting telcos to produce company identification, and between telcove/level 3, Verizon, MCI, and several others, we have never had an issue. I'd be a bit more suspicious that he didn't have ATT ID. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: Collocation Access
(They let me in eventually with a passport. But if they're going to trust a foreign-issued passport as photo id, it's not really that obvious to me why they wouldn't trust a foreign-issued driving licence. It's not like they can really tell whether either of them are forged.) What I've never understood is, that, how a gov't issue ID (for the purposes of allowing entry) is of any use whatsoever. It's not as if someone is doing a instand background check to know if the person is a criminal, or wanted, or whatever. It's trivial to forge a gov't ID. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: 200K prefixes - Weekly Routing Table Report
Maybe reboot all our routers at once or something? Who wants to go first...? Then again, maybe better not... philip -- I suspect if we do this, when things 'come back up', we'll be under 200k. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: WSJ: Big tech firms seeking power
On Fri, 16 Jun 2006, Matthew Crocker wrote: I wonder just how much power it takes to cool 450,000 servers. 450,000 servers * 100 Watts/Server = 45,000,000 watts / 3.413 watts/BTU = 13.1 Million BTU / 12000 BTU/Ton = 1100 Tons of cooling Error: you MULTIPLY 3.413 to go from watts to BTU, not divide. It's be more like 154,000,000 BTU, /12000 or 12,798 tons. Also at 100 watts, you are assuming Celerons with single hard drives. We see more like 120 to 240 depending on config. 100 would be low. A 30 Ton Liebert system runs about 80 amps @ 480 volts or 38400 watts, you'll need at least 40 or them to cool 1100 tons which is 1536 Kw * 24 hours * 7 days * 4.3 weeks = 1,110,000 KwH/month * $0.10/KwH = $111,000 /month in cooling. 80 amps @ 480 is 80 * 480 * 1.73, or 66 kw. However, they don't draw that much. A 30 ton unit, worst case (115 degrees outside across the condensor) will be about 50 kw, assuming you do not have humidification or reheats turned on. Second issue: you are assuming 100% cooling efficiency, or, in other words, that you'd have perfect airflow, perfect air return, etc. Never happens, especially when you have customers who are idiots. Third issue: you are assuming there is no heat loss or gain in the structure of the building. This could be very significant. Let's assume it's not. It's likely in an environment like this, you'd have more like 14000 tons. 14000 / 30 = 466 units, @ 50 kw/unit, 23,300,000 watts, / 1000 * 24 * 30.4375 (avg days in a month) = 17,020,000 kw-hrs, @ $0.12 (more likely with todays fuel prices unless you are in Kentucky) $2,042,400/month. Also, don't forget the original 450,000 servers at 100 watts (45 mw) would be $3,944,700/month in power. Also, 450,000 1U servers at 40/rack would be 11,250 racks, which at 10 sq-ft a rack would be 112,000 sq-ft of datacenter floor space (triple or, more likely, quadruple that for space for HVAC, generators, switchgear, UPSs, etc). That'd be 500,000 sq-ft at minimum. Total is $5,987,000/mon, but you haven't ROIed the millions in electrical gear (think big: this is about 68 megawatts; $250k/each for a 2 mw generator (you'd need 40, $10 mm), $50k/each for a 500 kva UPS (you'd need 80 $4mm), millions in panels, breakers, piping, copper wire (700% increase in copper pricing in the last 24 months, people), etc. Oh, and 466 liebert 30 ton HVAC's, probably $25 to $40k/ea installed ($11 million). Oh, and no one has installed it yet, and you haven't paid rent on the facility that will take 2 years to build with probably 100's of workers saleries. Take $6mm/month, divide by 450,000 servers, $13.33/month/server. Oh, and 68 Megawatts over 112k ft of floor space is 607 watts/ft. Thats about 6 times what most centers built in the last couple years are built at. But wait, there is more. Just a point of comparison -- Oyster Creek Nuclear Power generation plant, located here on the Jersey Shore, produces 636 megawatts. You'd take one-tenth of that capacity -- in a bulding that would sit on a 10 or 20 acre chunk of land. I put this into the 'unlikely' category. The substation alone to handle stepping 68 mwatts from transmission to 480v would be probably 4 acres. And, 68 megawatts of power at 480 volts 81,888 amps. A typicall 200,000 sq-ft multi-tenant office building has 1600 amps of service; this would be the equivalent of 50 buildings. Having fun yet? A 30 ton liebert takes about 30 sq-ft of floor space; 466 of them would be 13,980 sq-ft. If you use a drycooler system, they are about 100 sq-ft, and youd need 233 of them (60 ton DDNT940's), 23,300 sq-ft of roof space. Each of those weighs 2,640 pounds, for a total of 615,000 pounds, or 308 tons (of weight, not HVAC capacity). I won't even spend the CPU cycles figuring out how many gallons of glycol this would bem but probably a good guess would be about 50,000 gallons. That'd be about a quarter-million dollars in glycol. I'm tired now, time to climb back in my hole. In other words, don't get me started on the datacenter density issue. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: WSJ: Big tech firms seeking power
On Fri, 16 Jun 2006, Crist Clark wrote: Error: you MULTIPLY 3.413 to go from watts to BTU, not divide. It's be more like 154,000,000 BTU, /12000 or 12,798 tons. Well, the bigger problem here is that a watt is a measure of power (engergy/time) and a BTU is a unit of energy. There is no dimensionless conversion factor between the two. Huh? A Watt has no time constant. A watt is an amount of energy consumed at a moment (ie, a 60 watt light bulb), not an amount of energy over time (like a watt-hour; for instance, a 60 watt light bulb uses 60 watt-hours of power every hour, or 1.44 kwatt-hrs per day). There is a direct correlation between watts and btu's, and that is: watts * 3.413 = btu -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: WSJ: Big tech firms seeking power
When I made my posting, I didn't know the context was google in Oregon. I missed that somehow. Anyway, the dam referenced below: http://en.wikipedia.org/wiki/The_Dalles_Dam And the power generated from the region: http://en.wikipedia.org/wiki/Hydroelectric_dams_on_the_Columbia_River Seems like a good place to setup a datacenter. On Fri, 16 Jun 2006, Jeff Shultz wrote: David Lesher wrote: Speaking on Deep Background, the Press Secretary whispered: I wonder just how much power it takes to cool 450,000 servers. . KwH = $111,000 /month in cooling. I don't know the area; but gather it's hydro territory? How about water-source heat pumps? It's lots easier to cool 25C air into say 10-15C water than into 30C outside air. Open loop water source systems do have their issues [algae, etc] but can save a lot of power The Dalles, OR is on the Columbia River just upriver of Portland by 80 miles or so. It has a large dam spanning what used to be Celilo Falls in it's front yard. Hydro territory doesn't even begin to define it... :-) Eco-freak territory also doesn't begin to define it, so the idea of piping water off the Columbia and returning it even 1/2 degree warmer is a non-starter. I'm amazed they let them put up tall cooling towers in the historic, scenic Columbia River Gorge (sorry, old political battle flashback) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: WSJ: Big tech firms seeking power
No, that's wrong. $ units 2438 units, 71 prefixes, 32 nonlinear units You have: watt You want: btu conformability error 1 kg m^2 / s^3 1055.0559 kg m^2 / s^2 You have: watt hour You want: btu * 3.4121416 / 0.29307107 Agreed, my math should have said btu/hr, which is what any HVAC system is rated in -- how many btus in an hour it can remove. I apologize for the horrendous error, but all of the math stands. Just sed s/btu/btu\/hr/g (also, you can do from watt to btu/hr with the same 3.413 multiplier) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: WSJ: Big tech firms seeking power
On Fri, 16 Jun 2006, Crist Clark wrote: Error: you MULTIPLY 3.413 to go from watts to BTU, not divide. It's be more like 154,000,000 BTU, /12000 or 12,798 tons. Well, the bigger problem here is that a watt is a measure of power (engergy/time) and a BTU is a unit of energy. There is no dimensionless conversion factor between the two. Alright, I am sorry I missed that. It should read: Error: you MULTIPLY 3.413 to go from watts to BTU/hr, not divide. It's be more like 154,000,000 BTU/hr, /12000 or 12,798 tons. Sorry! Sheesh. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: WSJ: Big tech firms seeking power
What is the amount of energy coming out of a server as heat as opposed to what you put in as electricity? My guess would be pretty close to 100%, but is it really so? And I've also been told that you need approx 1/3 of the energy taken out thru cooling to cool it? So that would mean that to sustain a 100W server you really need approx 130-140W of power when cooling is included in the equation. Is this a correct assumption? Based upon my real-world experience, and talking to a few folks, it's very close to 100%. Most assume 100% for the practice of calculating cooling. However, for those who are very scientific, they try to tell you that some of the power is going into movement of hard drive heads, etc., which creates force on your racks, etc. A true, but irrelevant discussion, really, because it's likely an immeasurable amount. One could do the excercise of putting a computer in a well insulated box and measuring power in vs. rate of rise of temperature. Volunteers? :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: 2006.06.06 NANOG-NOTES CC1 ENUM LLC update
Tell you what -- I'd love to see this for every meeting, in some sore of official capacity. Reminds be of Stan's notes from the regional techs meetings.. On Thu, 8 Jun 2006, Patrick W. Gilmore wrote: On Jun 8, 2006, at 10:04 AM, Matthew Petach wrote: (sorry these are coming out delayed, I had to deal with an internal routing challenge for much of yesterday afternoon. --Matt) I think I speak for the whole list when we say you have absolutely NO reason to apologize, Matt. In fact, I think we'll nominate you for Most Useful Meeting Attendee. :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: data center space
On many of the public colo houses earnings calls, they told analysts that they are trying to keep contracts to one year so they can raise prices year over year, that power pricing is fluid and many facilities are being expanded both space and environmental, that most locations really are full or being held down by lack of cooling for existing dense rack space. Basically get ready to hold out your wallet. Is it that? Or, is it some of these companies no realising that charging $250 for a 20 amp outlet is less than their cost, even three years ago? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: Determine difference between 2 BGP feeds
More than likely, one provider is feeding too many routes -- some that I have run across tend to feed more specific internal routes (read: redistributing IGP into BGP) to customer BGP sessions. The two I've run across, after I yelled, they fixed. On Tue, 18 Apr 2006, Mike Walter wrote: Sounds to me like one of your providers is not feeding you the full internet routing table. Have you checked with them to see if they are providing you that? Mike Walter Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Tuc Ellentuch at T-B-O-H Sent: Tuesday, April 18, 2006 4:13 PM To: nanog@merit.edu Subject: Determine difference between 2 BGP feeds Hi, We receive a BGP feed from different providers on two different routers. While one seems to be a reasonable amount of feeds after reviewing the CIDR report, the other is anywhere from 3K to 10K more routes. Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Thanks, Tuc/TBOH -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Wiltel has gone pink.
Hello, You are aware Wiltel was acquired by Level(3) some time ago? Going to www.wiltel.com would tell you this. On Mon, 13 Mar 2006, Jo Rhett wrote: This morning we have started receive an abundance of spam from Wiltel customers, pointing boldly back to websites hosted in Wiltel space. OrgAbuseHandle: WAC18-ARIN OrgAbuseName: Wiltel Abuse Contact OrgAbusePhone: +1-918-547-2000 OrgAbuseEmail: [EMAIL PROTECTED] Messages to [EMAIL PROTECTED] are being rejected. This phone number goes to their conferencing group, which doesn't know what 'abuse' is, or even what an IP network is. I went through 4 levels of management, and was informed that they no longer had an abuse team -- that this was disbanded in a recent reorganization. In short, it would appear that Wiltel is now selling pink contracts. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Wiltel has gone pink.
I don't disagree. In my opinion, companies which neglect the updating of contact information should be beaten, perhaps with a large cue stick or a ball peen hammer. The reality of the situation is that issues can arise much more important than even the one described here (perhaps a large DOS attack), and finding the contact information can be difficult. All I was saying is that there were other means of finding the right person, and perhaps even informing them to update the contact information -- rather than using nanog as a sounding board. On Tue, 14 Mar 2006, Jo Rhett wrote: On Tue, Mar 14, 2006 at 06:56:30AM -0500, Alex Rubenstein wrote: You are aware Wiltel was acquired by Level(3) some time ago? Going to www.wiltel.com would tell you this. Then they need to update their contact information on the zones. Anyway, it turns out that they are using a spam filter on their abuse mailbox. They may or may not be pink, but they're certainly not smart. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: How do you (not how do I) calculate 95th percentile?
(I did this fast, and, who knows; I could be off my an order or two of magnitude) Most people are using 64 bit counters. This avoids the wrapping problem (assuming you don't have 100GE and poll more then once every 5 years :-)). 2^64 is 18,446,744,073,709,551,616 bytes. 100 GE (100,000,000,000 bits/sec) is 12,500,000,000 bytes/sec. It would take 1,475,739,525 seconds, or 46.79 years for a counter wrap. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: Level3 problems
Gary, I understand your statement, but I am sure the gentleman below does not. If you want a story to be done, so that the world can see how something like this can impact thousands of businesses, the best bet would be to help educate this guy so that he has something to write. Are, were you trying to scare him off from doing a story? Personally, I am quote fed up with the issues that the huge providers have and cause, yet never have anyone document it, find out about it, or do anything about it. I laud this guys effort for actually trying to do his job and expose something that needs to be exposed. I am now putting on my level-3 bullet proof jacket, and will be looking over my shoulder for the next 3 NANOGs. On Fri, 21 Oct 2005, Gary Hale wrote: Are you kidding? -gh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 21, 2005 11:03 AM To: nanog@merit.edu Subject: Re: Level3 problems I'm a reporter with InformationWeek magazine. I'm trying to get an idea of the significance of this morning's outage. Has Level 3 communicated with you about the cause of the outage? How greatly did the outage affect you or your customers? Was this an unusually large event? Thanks, [EMAIL PROTECTED] -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: SNMP Accounting Software
Most people who need this have written custom apps to do so -- myself included. There is nothing off the shelf that I cound find that fits the true need. On Tue, 11 Oct 2005, Drew Weaver wrote: We need some fairly complex SNMP accounting software (data center) style stuff that can monitor cisco equipment for bandwidth utilization and generate reports based on 95th percentile and also perhaps even their actual bandwidth usage (how many gigs of transfer they use per month, day, week.. etc) Does anyone know of anything good that does anything like this? It needs to be reliable? Can be open source, we're using MRTG to track utilization but we need something that really handles accounting for us. Thanks, -Drew -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: Cogent/Level 3 depeering
Customers don't want to pay for a stochastic set of relationships, they will pay for the Internet however. Perhaps we have lied to the them? The internet has always been a stochastic set of relationships -- some relationships of which are based upon two people getting drunk together at the right place, at the right time. Is anyone going to deny this? Further, the internet has always been a best-effort medium. We, as xSP's, have done our best to make the 'best' in 'best effort' as good as we can, to varying levels of success. The fact that the internet is hugely successful, and mostly reliable, is due to smart people and some level of luck. Not because someone peers with someone else. It wasn't designed this way. It's like paying for a telephone that could only call a subset of the Please, for the love of god, do not make analogies to the phone network. Call me crazy if you'd like, but I tend to think that peering on the Internet is too important... Do you think a thread which has made 100 posts on nanog, with people coming out of the woodwork who I haven't seen in years, is something that anyone things is not important? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Cogent/Level 3 depeering
Not to add fuel to the fire, but many IP contracts with my upstreams have a clause, which is very similar across vendors: VENDOR cannot guarantee the peering sessions between our ourselves and other companies and/or networks. There is no guarantee of end to end connectivity between you as a CUSTOMER and other non-VENDOR controlled networks. While it actually has meaning now, I am not sure you'd get a vendor to delete that from an agreement. On Wed, 5 Oct 2005, Matthew Crocker wrote: On Oct 5, 2005, at 2:47 PM, Douglas Dever wrote: On 10/5/05, Matthew Crocker [EMAIL PROTECTED] wrote: They did, and I'm not down. I see Level 3 via Sprint and GNAPs/CENT just fine. I didn't lose any connectivity to Level 3 at all. Bits moving down different pipes, not a big deal to me technically. The So, where's the problem, exactly? Um, I only have 2 routes to Level 3 when I should have 3 routes and I'm paying for 3 routes... fact remains that Cogent is not providing the service I'm paying them for and they need to get it fixed. Really? As you already pointed out, your packets are reaching their destination. So, they don't need to get anything fixed. Ok, I *pay* Cogent for 'Direct Internet Access' which is IP Transit service. I *cannot* get to part of the internet via Cogent right now. I also *pay* Sprint and GNAPS for 'Direct Internet Access' and I can get to all parts of the internet via their networks. I *used* to be triple redundant to *all* of the Internet but now I only have *two* connections to Level 3. My packets are reaching their destination because I'm smart enough to be multi-homed, that doesn't remove the responsibility of Cogent to do what I *pay them to do*. Cogent is *not* providing complete Internet access, I really don't care who's fault it is. What utter nonsense... *shakes head and walks away* Is it really that hard to understand? As a paying Cogent customer I expect to be able to get to the Internet through them. Isn't that the business they are in? -doug -- Matthew S. Crocker Vice President Crocker Communications, Inc. Internet Division PO BOX 710 Greenfield, MA 01302-0710 http://www.crocker.com -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Dep(3)(3)ring
Appears to be. XO's looking glass for BGP looking is broken (did it break today?), however, traceroute shows: 1 ge5-3-0d4.RAR2.NYC-NY.us.xo.net (65.106.2.1) 0 msec 4 msec 4 msec 2 * * * L3's looking glass: Show Level 3 (San Jose, CA) BGP routes for 207.155.252.78 No matching routes found for 207.155.252.78. Fun. On Wed, 28 Sep 2005, Richard A Steenbergen wrote: Since it hasn't hit nanog yet, I guess I'll go ahead and go ahead and be the first to point it out. It seems that Level 3 (3356) and XO (2828) are no longer carrying each other's routes. :) And just when I was about to release http://www.e-gerbil.net/ras/failure.jpg :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: Bell South or Telcove help needed in NOLA
I made the offer to DirectNIC directly (no pun), and now here publicly.. if anyone distressed folks in the New Orleans need any resources, please feel free to contact me. We will do whatever we can to accomodate any needs. On Thu, 1 Sep 2005, Hannigan, Martin wrote: If anyone who works for or has connections with Bell South or Telcove is reading this, tell us what it's going to take to get those OC3s back up and running. We will try to coordinate and make it happen. If I were DirectNIC, I'd be making arrangements to operate from a place other than New Orleans for the time being. -M -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Yahoo! -- A Phisher-friendly hosting domain?
Shouldn't someone be watching these, though? [EMAIL PROTECTED]:~# whois paypal.com [...] PAYPAL.COM.SV04.COM PAYPAL.COM.LIMITSPEED.NET PAYPAL.COM While I agree in concept that this is not how the internet runs, and I am not proposing a domain name police force be instituted, it seems to me that things like this are easily caught. Not to mention, the purpose of them is clear. On Wed, 31 Aug 2005, Fergie (Paul Ferguson) wrote: That's good, however, I regret that the issue had to be aired here because it didn't get attention it deserved through proper channels and elsewhere... - ferg -- Florian Weimer [EMAIL PROTECTED] wrote: But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com Registrars should as well, but this is not the way the Internet works. Sometimes, this is a good thing, sometimes, it's not. It seems that the A RR has been pulled around 2005-08-30 21:00 UTC, so this particular issue has already been resolved. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: MCI billing fraud ... again
Interesting. About 1 year ago (early 2004), in a one month period, we had every single MCI outstanding billing dispute resolved -- some even that were over 4 years old. It seemed to me that the dispute resolution people actually gave a hoot all of a sudden. And, some inside information I gleaned was that they were instructed by the higest levels to do so. Also, about 2 months ago, we had a random $90k charge on an account that usually bills a few thousand a month. This was quickly resolved (as in, already). Our rep was the channel used, and he was good about it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Hollis Sent: Thursday, July 21, 2005 6:32 PM To: 'nanog@merit.edu' Subject: MCI billing fraud ... again We're being hit up by MCI's billing fraud again. You'd think after the multiple settlements, the $4 billion accounting fraud and Ebbers' 25 year prison sentence that MCI would have learned something, but apparently not. Anyone have a definitive method of dealing with these clowns? Any contacts for someone skilled in getting MCI to FOAD? -Dan
Re: Vonage Selects TCS For VoIP E911 Service
GPS does not work through the fuselage of a aluminum airplane. I've tried. More than once. On Wed, 20 Jul 2005 [EMAIL PROTECTED] wrote: If a person is calling 911 from a plane in flight, are we really so concerned about which PSAP receieves the call?The last known fix would likely have been the point of origin in any case... If a picocell on board an airplane receives an E911 call, it shouldn't route it to any PSAP. The first responders in this situation are the flight attendants so it should ring the flight attendant's phone. By the way, if GPS works in the air for small aircraft pilots, then why wouldn't it work for cellphones? The last known fix should be 100% up to date and 100% useless. --Michael Dillon -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Vonage Selects TCS For VoIP E911 Service
Perhaps -- but how does it work inside? Are we relying/requiring the user to put up a GPS antenna? On Tue, 19 Jul 2005, Mikael Abrahamsson wrote: On Mon, 18 Jul 2005, Daniel Senie wrote: use the customer's billing address, attempt to determine location based on IP address or some other voodoo? It'll be interesting to see if they If you look at the webpage of telecomsystems (http://www.telecomsys.com) they state that their platform is GPS based. I see no other way of doing this reliably than to put some kind of GPS device into the VoIP unit. Article regarding indoor GPS and other locator service. http://www.gpsworld.com/gpsworld/article/articleDetail.jsp?id=3053 If you can put a locator into a cellphone, I see no reason why you cannot do the same in a VoIP unit. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Vonage Selects TCS For VoIP E911 Service
google 'dead reckoning'. The higher end nav systems and gyros, for specifically this reason. On Tue, 19 Jul 2005, Mikael Abrahamsson wrote: On Tue, 19 Jul 2005, Daniel Senie wrote: I suppose a downside is folks using the Vonage boxes outside the US via VPN will be traceable by Vonage and could get shut down, if Vonage wanted to enforce such. I think the ground based radio transmitters needed for indoor operation isn't around much outside the US. I was very surprised when I got a cellphone-based GPS navigator from AVIS last time I was in the US, and it started working inside the terminal building. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: ATT CDPD
AMPS, as I understand it, is required to be around until 1/1/2007, as mandated by tge FCC. Scheduled to die soon, if it hasn't already. I was a second-tier CDPD sub, via Earthlink, until about a year ago; they took a hit to move me to 1xRTT, because the underlying networks were scheduled to go down, in keeping with the general decommissioning of analog AMPS, during this calendar year, as I understand it. It was extended because of a couple of large PD's who needed more time to switch (or amortize their gear; take your pick). -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Recall: SORBs
On Wed, 6 Jul 2005, Sanfilippo, Ted wrote: Sanfilippo, Ted would like to recall the message, SORBs. What is scarier -- a) microsoft providing this feature b) someone with the ability to type conf t, router bgp, connected to the global internet, and thinking that recalling a message would work? /action crawls back into his hole -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: SORBs
Perhaps the networks are disconnected? Perhaps there is insufficient bandwidth between the cities to carry inter-city traffic? Sounds somewhat familiar to http://www.arin.net/policy/proposals/2004_5.html On Wed, 6 Jul 2005, Andre Oppermann wrote: Sanfilippo, Ted wrote: It belonged to some Canadian ISP, I believe it was a cable company. Regarding the aggregation/deaggregation mess. This is due to the fact that ARIN is rather strict with IP assignements and how we route internally. Because ARIN wants us to use 80% of our ip blocks, before we can request new assignments from them we have to dole out addresses in /22's to each city we have, in order to use them up appropriately. Its been a bit of a nightmare trying to meet ARIN's policies and also try to meet the Internet Communities policies. Believe me, I would much rather advertise a /16 prefix out to the Internet, rather then a /22. We have not been able to accommodate this unfortunately. Err... Why do you say you need to advertise a /22 for each city rather than the /16 for your entire network? What's inside your network and how you distribute your addresses there is not of concern for anyone outside of your network. Why don't you advertise the /16 via BGP and then let the IGP handle the /22 distribution to each city? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: SORBS deaggregation
Perhaps the networks are disconnected? Perhaps there is insufficient bandwidth between the cities to carry inter-city traffic? So, why would GRE not be a reasonable (temporary) solution here? If the islands are going to remain disconnected long term, why not get additional AS numbers? I don't believe the fact of having multiple ASNs solves this issue, I believe ARIN looks at allocated space per OrgID. I find blaming 250 extra routes WITH EXACTLY THE SAME PATH INFO on ARIN pretty unconvincing... Personally, I (or my routers) don't have a problem -- at least at the moment. You could always filter. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: NANOG Evolution
Perhaps using the ARIN model for this would be a good idea. IIRC, after someone in nominated, they are asked to fill out a small questionnaire. Things like Organization, Org URL, Why do you want to serve on the AC?, Describe how your professional goals and experience are relevant, Describe your technical (especially IP) and professional qualifications for filling an AC seat, etc. Also, an important question is: Please provide detailed biographical information to include all experience, activities, associations, and affiliations (national and international) relevant to serving on the AC. Describe positions held, and your specific duties, achievements, and levels of responsibility. Include the names of organizations served and dates of service. Realising the above is specific to the AC, I believe with simple modifications, these questions would serve the NANOG community well in letting us feel comfortable with the nominees. On Tue, 21 Jun 2005, Herb Leong wrote: Randy Bush wrote: # The candidates for the Steering Committee are: # Joe Abley # Randy Bush # Christopher Chin # Ron da Silva # Vince Fuller # Steve Gibbard # Dan Golding # Martin Hannigan # Dorian Kim # Mark Kosters # Jared Mauch # Chris Morrow # William B. Norton # Philip Smith # Josh Snowhorn # Dave Wodelet # Lixia Zhang # # could you annotate which of these candidates actually work # at an isp or large content provider? # # randy Better yet, what about links to resumes/backgrounds? /herb -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Email peering (Was: Economics of SPAM [Was: Micorsoft's Sender IDAuthentication......?]
There's no reason why one couldn't build a comparable model for mail, with the SMTP speciality service provider offering SMTP transit to a base of trusted customers. This comparatively small number of SMTP speciality provider would then maintain good relations (peerings) with the comparatively small number of major ISPs. Oh wait -- there are a variety of folks who are already specializing in doing that sort of thing -- it's just that most folks don't need to buy that sort of service (yet). While this could work, we are mixing a format and content type that is not security sensitive and is used to carry point to multipoint messages (forums?) and media (NNTP), with a format and content type that is highly sensitive, and is generally used to carry point-to-point communications which may contain things like personal or financial information (SMTP). I am not sure any level of security would make me feel good about passing my emails through a 'peering .. core' of SMTP relays. However, if we do go in this direction, I plan on firing up my old copies of BinkleyTerm. FIDO and NetMail may be a good place to start :) (Did I just date myself?) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Battery Maint in LEC equipment
In NJ, Verizon, MFS, and Telcove all install batteries. We put them on our UPS and Genset anyway, however. The corollary to this question: If your data center has an adequate DC plant, will the carriers insist on installing their own batteries and rectifiers? And how many of them have redundant supplies to take advantage of an A and B feed from you? In a new center we are currently building, Telcove has (happily) accepted our A- and B- feed DC power. They were almost happy, it seemed, to not have to worry about this. Typically, because they're the phone company, if you offer them DC, they'll insist on AC. If ou offer them AC, they'll want DC. And it seems that wherever you want the MPOE/drop they'll have some reason to install it as far away as possible. :-) That only happens when you let them think. We don't. We (more or less) say, put your stuff here, or don't sell to us. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Battery Maint in LEC equipment
In NJ, Verizon, MFS, and Telcove all install batteries. We put them on our UPS and Genset anyway, however. On Sun, 5 Jun 2005, W.D.McKinney wrote: -Original Message- From: Sean Donelan [mailto:[EMAIL PROTECTED] Sent: Sunday, June 5, 2005 04:02 AM To: 'David Lesher' Cc: 'nanog list' Subject: Re: Battery Maint in LEC equipment On Sat, 4 Jun 2005, David Lesher wrote: Have any NANOG'ers [NANOGites? NANOGees?] run into this? Again, this is LEC owned, LEC maintained, equipmentDo you provide generator power for such in your space? Generally, the ILECs were the only ones that did this. I've had multiple CLECs (Brooks, MFS, WilTel, etc) install fibermux cabinets, none of them provided any backup batteries by default. They used local building power, and we had to make sure they were connected to our backup generator. If you wanted to pay for it, some of the CLECs would add batteries. But it wasn't part of the base package. All the ATT pops usually have nice battery and gen sets. That's what I like. Dee -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: FCC To Require 911 for VoIP
No to nit picks, but do zip codes share the same boundaries as municipalities? How about an anycast address implement(ed|able) by every network provider that would return a zipcode? $ telnet 10.255.255.254 Connected 33709 Disconnected. $ Cheers, -- jra -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Verizon Offering Naked DSL in Northeast...
I personally still don't like the stability of SBC's PPPOE implementations and tunnels. I prefer Verizon's setup much more. I am not sure what Verizon you are talking about, but the Verizon in my area (aka Bell Atlantic, aka New Jersey Bell) (at least used to) have, for some reason, have a cat 5000 in between us and the DSLAM. We see about 27 or so PVC's for the whole state. Verizon refers to these PVC's as PVC's to each 'switch.' Conjecture is that there is some insane type of LANE and god knows what going on. You run PPPOE over this, and in some limited cases, it's stable. Sprint (aka United Telephone) in our area (northern NJ), IMHO, does things 'right', or at least best of all the players we've dealt with through the years. They provide a L2TP tunnel to you over an ATM-IP link, which the other end of is on a Redback SMS of sorts. You see all of your clients as PPPoEoL2TP. As hackery as it sounds, it works and is quite stable. Yes, many LECs under your feet is interesting. Within 100 miles of our office, we have more than I can even think of (Verizon-NJ Bell, Verizon-NYNEX, Verizon-PA, Verizon-GTE, Sprint/United, Warwick Valley Telephone, SBC-SNET, Citizens-Frontier, RCI-Frontier. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Qwest protests SBC-ATT merger as harmful to competition
That may be, but they are right. Do you think anyone will benefit from Verizon+MCI? After this merger, the incumbent ILEC in a huge market area will also own the only real CAP (remember Brooks and MFS?). Isn't it bizarre that it is possible that a regulated LEC will also own an unregulated CAP, which currently competes (vigorously, I might add) with the LEC? Do you think anyone will benefit from ATT+SBC? Both mergers stink to high heaven. And we can probably rest assured that the FCC does not have the consumers' best interest in mind. On Tue, 19 Apr 2005, Justin M. Streiner wrote: On Tue, 19 Apr 2005, Fergie (Paul Ferguson) wrote: One might wonder if Qwest is a little upset about being rebuffed by MCI in its efforts to merge the two companies. http://www.siliconvalley.com/mld/siliconvalley/11426726.htm Smells like sour grapes to me jms -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Qwest protests SBC-ATT merger as harmful to competition
But don't you think its a little bizaire how they know talk about this big and scarry monopoly after loosing bid for MCI themselve? Or do you really think we'd have been any better of if it was Qwest (another ILEC BTW) that bought MCI instead? The underlying question is: Who cares. As this point, consider them an ally. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Ameritrade warns 200,000 clients of lost data
A total of four backup tapes were found to be missing from a box that was damaged during shipping between two facilities, the company said. Three of the four tapes have been recovered at the shipper's facility. So, who else thinks that this is some sort of criminal negligence, puting that kind of sensitive information in such a risky position? I think that these conpanies (lexis nexis, ameritrade, whoever) should be held *criminally* liable for things like this. How long until something like the social security administration has an announcement like this? Or, Experian? Transunion? DB? On Tue, 19 Apr 2005, Fergie (Paul Ferguson) wrote: Gee, what a surprise -- another one: http://www.msnbc.msn.com/id/7561268/ Anyone wanna bet that tomorrow, this number will have grown after further examination...? - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Ameritrade warns 200,000 clients of lost data
And, to follow up to me previous: http://www.msnbc.msn.com/id/7549496 On Tue, 19 Apr 2005, Fergie (Paul Ferguson) wrote: Gee, what a surprise -- another one: http://www.msnbc.msn.com/id/7561268/ Anyone wanna bet that tomorrow, this number will have grown after further examination...? - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Verizon Offering Naked DSL in Northeast...
I love this part: Tom Tauke, a senior Verizon executive, said stand-alone DSL would eventually be expanded to all of Verizon's territory and be available to anyone, regardless of whether they are a current customer. He said technical issues limited the company to a partial rollout. What possible technical issue could exist that to don't have to wire the dslam to a pots splitter? Actually, even if they did wire it to a pots splitter, and there was no pots line present, it'd still work. On Mon, 18 Apr 2005, Fergie (Paul Ferguson) wrote: Wow -- I wish SBC would follow suit. :-/ http://apnews.myway.com/article/20050418/D89I0KP00.html -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Verizon wins MCI
But does anyone really know how big WorldCon is/was? First thing Verizon will have to do is fire the entire billing department and replace them with people/systems that can generate correct bills and send them to the correct customers. dripping with sarcasm Thats right! I forgot that Verizon was capable of billing correctly! /dripping with sarcasm -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
http://www.nanog.org/mtg-0501/coordination.html
Regarding http://www.nanog.org/mtg-0501/coordination.html -- can someone comment on who will from MERIT/NANOG will be present, and what the moderation will be? What is the intended agenda for this meeting? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: [OT] Re: Banned on NANOG
I am going out on a limb here, and leaving lurk mode on this issue. If I get banned, well, Randy and I can start our own mailing list. We're as about as grumpy as each other. I disagree with William entirely. Suspensions are idiotic, and only detract from the usefulness of the list. S:N is important, but so is being an human being. People are people; we are not robots. This list serves a specific purpose, as does anything in life. Sometimes people do things with stuff that is out of bounds with said stuff, but, again, people make mistakes. We're not in school, we don't need suspensions. We need to act like adults, use this list for it's intended purpose. If someone is a dodo for a message or two here or there, then, well, we tolerate it and move on, maybe someone on the list sends that person an email saying, Dude, your email was dopey, please stop. If the person continues to be a dodo, get rid of the problem. It's as simple as that. I think we all agree that RAS and Randy don't fall into the above category of having to be gotten ridden of. Again, it's all relative. So, go ahead and ask, But, that won't work, will it? My rebutt: It's how inet-access (people from 1993 to 2000 or so will know what this is) worked, and, well, except for the very occasional whack-job, it worked well. It was a useful list. The reason it died had nothing to do with S:N on that list; it had to do with the fact that the industry supporting that list more or less evaporated. Disagree with me, perhaps I didn't even make sense; perhaps that tells you about how much sleep I've gotten recently, or the insanity of this entire situation. On Thu, 2 Dec 2004, william(at)elan.net wrote: I think to be more fair it would be good if suspensions were not permanent but for period of time (with period doubling or tripling on subsequent suspensions if it happens). At least people will not be as upset when they are suspended and know its just a period for them to calm down and do more reading of nanog then posting... -- William Leibzon Elan Networks [EMAIL PROTECTED] -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: More thefts from CO/colo in New York
http://www.nytimes.com/2004/11/27/nyregion/27theft.html Apparently there is a black market for the cards. Yes, It's called eBay. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Energy consumption vs % utilization?
Hello, I've done quite a bit of studyin power usage and such in datacenters over the last year or so. I'm looking for information on energy consumption vs percent utilization. In other words if your datacenter consumes 720 MWh per month, yet on average your servers are 98% underutilized, you are wasting a lot of energy (a hot topic these days). Does anyone here have any real data on this? I've never done a study on power used vs. CPU utilization, but my guess is that the heat generated from a PC remains fairly constant -- in the grand scheme of things -- no matter what your utilization is. I say this, because, with a CPU being idle of 100% utilized, they still are grossly inefficient, on the order of less than 10% in all cases (ie, 1 watt in returns at least .9 watts of heat, no matter loading of the CPU). -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Energy consumption vs % utilization?
On Tue, 26 Oct 2004, Erik Haagsman wrote: It's more or less the truth though. I think the comment was outside of the scope of the original discussion. It seemed to me that: It is only waste is the P L statement is showing no profit. inferred that any business practice is OK, as long as your are profitable. It is that concept that I felt was insane. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Energy consumption vs % utilization?
I doubt that very much, or we wouldn't have variable speed fans. I've monitored CPU temperature when doing compilations; it goes up significantly. That suggests that the CPU is drawing more power at such times. I don't doubt what you are saying. However, I did say, in the grand scheme of things, meaning that the heat given off by the CPU, and change thereof, relative to the constant heat given off by the rotation of hard drives, the heat given off by the power supplies, etc., is still small. Of course, there's another implication -- if the CPU isn't using the power, the draw from the power line is less, which means that much less electricity is being used. An important point, but I still bet relatively small. It's going to be a busy weekend at the Rubenstein Lab (aka, my garage) this weekend; I'll post results to my findings. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Ivan and outages
I have some involvement with a telecom/internet company located in Grenada. This was sent to me in the last day or so. With reference to staff in Grenada, 4 out of 6 involved people are accounted for. The country as you are probably aware has lost over half it's buildings. Over 90% of the ones left are damaged. The electricity will not be restored to the island for an estimated 3-4 months and communications are currently only possible from cellphones in a couple of places. The office roof collapsed destroying the office and with the rain that followed, anything remaining un damaged was then drowned. (Technician) has collected all the hardware and is attempting to dry it out, however without electricity and with the current state of emergency, we can neither test it or fly it out of the country. Apparently, there country is under military control; no people allowed in our out. State of Disaster has been proclaimed. Also, it is being said that there is a general food shortage. On Sun, 12 Sep 2004, Eric Brunner-Williams in Portland Maine wrote: I'm looking for operational status information from Grenada, Jamaica, Grand Caymen, and Cuba. Anyone with clue drop me a note off-list, I will post a summary. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Looking for historical BGP announcement information
Hello, I am looking for a database that would have BGP inserts/withdrawals from mid 1999 time frame. Any help is appreciated. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Can a customer take IP's with them?
On Tue, 29 Jun 2004, Florian Weimer wrote: * Alex Rubenstein: b) customer is exercising the right not to renew the business agreement, and is leaving NAC voluntarily. The customer probably has a different opinion on this particular topic, doesn't he? No. This is a clear situation where the customer has canceled his service with us in writing. If there's a contract dispute, it actually makes a lot of sense to issue the order you quoted. There's no harm to you (or the Internet as a whole) because the customer just appears to be another multi-homed customer of yours, provided that the prefix that is involved reaches a certain size. OTOH, if you were allowed to reassign the IP address space while the dispute is being resolved, this could severely harm the customer's business. Of course, this setup can be just temporary. If you are ordered to permanently give up that particular prefix, then you'll have reason to complain. I can't address all of the points you raise, but I can say the following: a) NAC did not terminate the customers service in any respect. The customer chose, on his own, to terminate their service with us. This fact is undisputed. Also, NAC was willing to continue the customers service (we were not forcing them out the door). b) In regards to your passage, because the customer just appears to be another multi-homed customer of yours, this is a key point. The customer *WILL NOT* be a customer of NAC any longer once they physically leave. The key point here is that the customer has gotten a TRO, which allows them to take the IP address space that is allocated to NAC with them, and NOT HAVE ANY SERVICE FROM NAC. NAC WILL NOT BE ONE OF THE NETWORKS THAT THEY ARE MULTIHOMED TO. c) In regards to the tail-end of your mail, what you propose (the temporary reassignment of space to an ex-customer) is in (as I intepret ARIN policy) direct contradiction and violation of ARIN policy. If this policy were to stand, what prevents cable modem users, or dialup users, or webhosting customers, the right to ask to take their /32 with them? Regards,
(UPDATE) Can a Customer take their IP's with them? (Court says yes!)
* Alex Yuriev wrote: Judge grants the TRO. Defendant waves arms on nanog-l. Moral - When a legal system is involved, use the legal system, not the nanog-l. The former provides provides ample of opportunities to deal with the issues, while the later only provides ample of opportunities to do hand waving. I would like to make a few comments on this and other posts that have been made in response to my original post last night. First of all, there is no question that there is a contractual dispute between NAC and the Customer. There is a lengthy complaint filed by the Customer against NAC, alleging a variety of things. Next, the more important issue. While there is a dispute between NAC and the Customer, as mentioned above, I am *NOT LOOKING FOR COMMENTS ON THE ACTUAL LAWSUIT* from nanog-l. I am not waving my arms about the lawsuit, as Alex implies above. What I AM looking for is a commentary from the internet community, strictly relating to the fact that a judge has issued a TRO that forces an ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be able to use IP Space allocated to NAC. In other words, I am asking people to if they agree with my position, lawsuit or not, that non-portable IP's should not be portable between parties, especially by a state superior court ordered TRO. This issue has been misunderstood, in that there is belief by some that the Customer should be allowed some period of grace for renumbering. I want to remind people that this Customer has had ARIN allocations for over 15 months. Also, recall that Customer has terminated service with us, and we would still allow them to be a Customer of ours if they so choose. This fact is undisputed as evidenced by the filing of certain public documents. With the above being said, I solicit comments on the following certification: Those would like to make a certification on behalf of their business: http://www.nac.net/cert.pdf Those would like to make a certification on behalf of themselves: http://www.nac.net/pcert.pdf Forgetting the facts of the case, for the moment, I think we all agree with the terms of this certification. The above does not ask for anyone to form an opinion about the case. It asks Internet Operators, as a community, if portability of non portable space is bad. If you agree, I ask you to execute this certification as an amicus brief, and fax it to us at 973-590-5080. Thank you for your time on this matter, it is truly appreciated. Please do not take the above that I do not appreciate all the commentary. As I say above, my point is that I am not trying to have a trial in a public forum, but, more importantly, I am verifying that our opinion regarding IP portability is one that the community as a whole shares. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Can a Customer take their IP's with them? (Court says yes!)
The action is taking place in the Superior Court of State New Jersey. Please contact me offlist if you are interested in helping further. On Tue, 29 Jun 2004, Fergie (Paul Ferguson) wrote: BTW, in which state did this occur? Any additional pointers? Thanks, - ferg -- Alex Rubenstein [EMAIL PROTECTED] wrote: Please read -- this is lengthy, and important to the industry as a whole. We ask for, and solicit, comments, letters of support, etc., for our position. We are looking for people to take a position on this, and come forward, perhaps even to provide an affidavit or certification. Something along the lines of a 'friend of the court' brief, or even comments as to why we are wrong. [...] -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Can a Customer take their IP's with them? (Court says yes!)
I wonder why ARIN, or even more importantly, ICANN has not jumped all over this. Seems to me if IP space is not owned or something close to it by ICANN, they have lost a cornerstone of their power. We have been in contact with both ARIN and ICANN about this issue. We encourage all network operators and anyone else who has an interest in this issue to contact ARIN and ICANN, and urge them to do something about this. This is clearly an instance where their input is needed and required, and critical for maintaining the stability of the global internet. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Can a customer take IP's with them?
Should a customer be allowed to force a carrier to allow them to announce non-portable IP space as they see fit to any other carriers of their choosing when they are no longer buying service from the original carrier [that the space is assigned to]? According to ARIN regulations, the space does not belong to us but we have the right to assign or revoke the space to our customers as we see fit. In addition ARIN regulations specifically prohibit us from transferring or selling the IP space to another customer (even if we want to). NAC has a customer who is leaving NAC. As part of normal procedure (and also because the space provided to us by ARIN is non portable), the customer has been informed that the IP space used by the customer will not be available to be used by the customer subsequent to them leaving us. It should be mentioned that the following facts exist, and cannot be disputed: a) customer has obtained space directly from ARIN over a year ago, but has chosen not to renumber from space allocated from us. This was solely their choice, and we did not restrict this in any way. b) customer is exercising the right not to renew the business agreement, and is leaving NAC voluntarily. Thus, they are attempting to file for and obtain a temporary restraining order (TRO), and ask for the following: -- start -- NAC shall permit CUSTOMER to continue utilization through any carrier or carriers of CUSTOMER's choice of any IP addresses that were utilized by, through or on behalf of CUSTOMER under the current agreement during the term thereof (the Prior CUSTOMER Addresses) and shall not interfere in any way with the use of the Prior CUSTOMER Addresses, including, but not limited to: (i) by reassignment of IP address space to any customer; aggregation and/or BGP announcement modifications (ii) by directly or indirectly causing the occurrence of superseding or conflicting BGP Global Routing Table entries; filters and/or access lists, and/or (iii) by directly or indirectly causing reduced prioritization of access to and/or from the Prior CUSTOMER Addresses. NAC shall provide CUSTOMER with a LOA within 7 days of CUSTOMERS's written request for sale, NAC shall permit announcement of the Prior CUSTOMER Address to ANY carrier, IP transit, or IP peering network. -- end -- In other words, customer is asking a court to rule whether or not IP space should be portable, when an industry-supported organization (ARIN) has made policy that the space is in fact not portable. It can be further argued that the court could impose a TRO that would potentially negatively affect the operation of my network. NAC does not want to be forced to rely on a customer's ability to properly make complex routing updates that if done improperly could disrupt the entire NAC network. We believe there is a great danger to NAC that their routing mistakes could take down some or all of our network infrastructure. Another VERY important issue to bring up: If customer is granted the legal right to continue to use IP space that is registered to NAC by ARIN, NAC runs into the very serious problem of being liable for all of the Spam that could be generated by the customer and all of the RBLs that the carrier may be added to [that of course will effect all of NAC's customers] with no ability to revoke the IP space to protect itself. This has to potential to effect the NAC network in a catastrophic manner. I'd love any comments from anyone.
Re: Even you can be hacked
On Thu, 10 Jun 2004, Crist Clark wrote: Sean Donelan wrote: If you leave your lights on, the electric company will send you a bill. If the neighbor taps into your power lines after the meter...? That will be a criminal matter between you and your neighbour. If you leave your faucets running, the water company will send you a bill. If you leave your computer infected, ??? If you lose your credit card and someone runs up thousands of dollars in charges, the credit card company sends you a bill... But you can at most be held responsible for $50. Which is a 'feature' of most credit cards, irrelevant to criminal law. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: Cisco Router best for full BGP on a sub 5K bidget 7500 7200 or other vendor ?
The MSFC1 is a useless thing, and it is (more or less) impossible to get a full BGP route view. S1A-MSFC2 is minimum. On Sun, 25 Apr 2004, Alexander Hagen wrote: I bought a Riverstone Rs-3000 for BGP with a single upstream provider. Great Deal. Now I am back to the Cisco Question. I have two options within my budget: 1) Catalyst 6006 w/ CATALYST 6000 SUPERVISOR ENGINE 1-A, 2GE, PLUS MSFC PFC 2) CATALYST WS-X6248-RJ45, 48-PORT 10/100 FAST ETHERNET SWITCHING MODULE 3) DRAM UPGRADE to 256 on Supe Card.
Re: Overflow circuit
Heh. Probably one of the main reasons VoIP has proliferated like it has is because it works, and works well, over Sat. On Fri, 26 Mar 2004, Alexei Roudnev wrote: VoIP over satellite? I am very sceptical about it. Better, forget such idea.
Re: Level 3 statement concerning 2/23 events (nothing to see, move along)
And we, the general Internet public, tends to just accept this and forget about it. Why do we do this? On Tue, 24 Feb 2004, Sean Donelan wrote: http://news.com.com/2100-1038_3-5163931.html?tag=nefd_top A Level 3 spokesman would not confirm or deny that hardware was the source of the problem, nor would he elaborate on the nature of the issue. We are investigating the cause of the problem, which is fully resolved at this time, said Arthur Hodges, the spokesman. He declined to offer additional information. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Nortel Optera 5200's
I am looking for a folk or two who has operational experience on the above, and who can give me a couple pointers. Much appreciated. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Looking for power metering equipment...
Preamble: We run a colocation center. We sell power to customers. Question: We are looking for something that sits in the PDUs or branch circuit-breaker distribution load centers, that, on a branch-circuit by branch-circuit basis, can monitor amperage, and be queried by SNMP. Considering there are several hundreds of circuits to be monitored, cheap and featureless (all we need is amperage via SNMP) is fine. Looked at things like Square-D PowerLogin stuff, but thats very pricey, and does about 30x what we need. Pointers? URLs? Experiences? Thanks.
Re: GSR, 7600, Juniper M?, oh my!
On Wed, 7 Jan 2004, Neil J. McRae wrote: There still is the issue of cost though. GSR line cards are not cheap. Hence my point about them not being an access router :-) ... except, they are. 6 x DS3 cards are $750 on ebay; 4 x OC12 cards are $4k. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: GSR, 7600, Juniper M?, oh my!
not trying to defend the 7500 platform, it's obsolete all right. However, free is music to my ears. What about longer term maintenance issues? Is the 7500 not scheduled for EOL from Cisco 'soon' ? So, purchasing 7500 bits that might be dropped by 'normal' Cisco support in 1 year versus purchasing some other hardware that will be in support longer might pay out in the longer term? They recently refreshed the platform with RSP16, VIP8, and MX. It's still a viable platform for many medium size providers. I personally wouldn't use it for anything passing more than a couple hundred megs (at absolute most), but we have plenty of nodes like that. Actually, we've been seeing a trend where we are replacing 4700's with 7505/7's. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: GSR, 7600, Juniper M?, oh my!
close to what a new 7500 would cost. Anyway, on to the reason for my post. I've heard conflicting reports, is a 7206 faster at packet switching than a 7507? Some people tell me it is a better router, some people tell me it isn't. Does an apple taste better than an orange? 7206 is a fixed CPU config (hold: i know, NPE's are interchangeable, however, once you have an NPE-300 or whatever in there, thats all the CPU you are going to have in it). Another words, no matter how many PAs you shove into it, it's still a NPE-whatever driving the whole thing. On the 7500, you have RSPs and VIPs; the former performing routing protocol work, vty's, RIB's, etc., the latter doing actually packet forwarding. For instance, one of our 7507's, an RSP4 with 3 VIP2-50's, routing some ATM, DS3, ChDS3, FE, and doing some MPLS AToM: core2.sne# sho proc c CPU utilization for five seconds: 4%/2%; one minute: 12%; five minutes: 12% Most of the CPU utilization is Mr. BGP Scanner, our friend and yours. Notice the /2%, informing you that this thing is barely doing any packet forwarding. VIP-Slot0sh proc c CPU utilization for five seconds: 13%/12%; one minute: 14%; five minutes: 15% VIP-Slot1sh proc c CPU utilization for five seconds: 1%/1%; one minute: 1%; five minutes: 1% VIP-Slot4sh proc c CPU utilization for five seconds: 7%/4%; one minute: 5%; five minutes: 5% Obviously, we run dCEF, which puts the VIP's in the position of forwarding everything on their own, as evidenced by the CPU measurements. However, to answer your question, even a modestly configured 7507 with RSP4, and VIP2-50's will be substantially more capable than a 7206-NPE300. Things may change on the NPE-400 or G1, but I have no direct experience with that. PS. Regards to stability; we have SUBSTANTIAL improvements in IOS stability, especially in 12.3.5a mainline. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Anyone alive at ep.net
I think we can all agree, that we all still love you :) Ok for the NANOG folks. We found Christopher's request in the questionable spool, it was submitted less than 48 hours ago. The EP.NET turn time is listed at 96 hours. The gyrations on the EP.NET end are due to: - office relo - software upgrades (new OS) - spam mitigation processes His request will be processed in the normal window. There are still some issues w/ procmail/spamassasin tuning. --bill -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: GSR, 7600, Juniper M?, oh my!
7500s? In 2004? Throw those things in the trash where they belong. It's always amazing to me how many people will cling to obsolete things for years just because it is what they know. Even a Juniper M5 will do 16 OC3's with line rate filtering and forwarding. There are probably a dozen design considerations based on requirements you haven't described, but if you're doing primarily sonet, 7600 isn't really the way to go. I usually agree with RAS, but not this time. 7500's have a place; not everyone is looking for wire speed at 2499384 gigglebits. In our network, 7500's have made a home for the leaf-ends of DS3's in dial and DSL pops, handling 20 to 40 megs/sec with easy (ie, vip2-50's at 15% CPU). Also handle MPLS AToM with ease, PPPOE/A if needed (we choose to segregate that onto VXR's). 7500's also can handle many ChDS3's with ease. And, also, with RSP16/VIP8, lots of traffic can be handled. All at a substantially less price than even the cheapest used M5 you can find. 7507 + dual ps + rsp4 can be had for $1000 to $1500, and VIP2-50's can be had for $300. And then, you can use all the PA's you have laying around from your 7200's. Secondly, 6509 + OSM is actually a sweet solution, and provides way more LAN aggregation than any traditional 'router' can. Wire speed, too. (disclaimer: this is coming from someone who has all m5, m10, m20, and m40 core, with 6509's, 7500's and 7200's strewn all over his network. These are my opinions, and probably differ from people who are indentical to me).
Re: [RE: MPLS billing model]
we are still in the testing phases, but i believe that we are planning to use a port+traffic billing scheme, if/when we go live and start trying to sell it do you mean: $port + $traffic_through_port or: $port + $traffic_over_vpn_tunnel I ask this, because, it's very possible that the customer facing port could be a VLAN trunk, and that there would be a hub-and-spoke config to multiple leaf ports; other variations exist, as well. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: sitefinder technical discussions
Translation: In the interest in gaining more community review and comment, a discussion list has been setup to discuss factually-based technical issues and solutions surrounding the operational impact of wildcards in top-level domains on Internet applications. VeriSign technical people will participate in discussions that are within the scope for this mailing list. Verisign will discuss the technical impact of this issue on this list. However, we all agree there is no technical impact, since this works. Furthermore, by limiting this list to a technical conversation, we will completely ignore the political impact, and political correctness of these acts in any forum. Having been involved in the community internet for as long as I have, I want to wretch. I'd think Mark would be one of those, as well.
RE: Worst design decisions?
2. The BAT csu/dsu, a cheap T1 csu/dsu which used red LED's to indicate that all was well (or was it green to indicate an alarm?) As admitted by them, whatever cheap LED's they could by at Fry's on deep discount. No, I am not kidding. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: GLBX ICMP rate limiting (was RE: Tier-1 without their ownbackbone?)
NAC is not a global intercontinental super-duper backbone, but we do the same. It takes some education to the customers, but after they understand why, most are receptive. Especially when they get DOS'ed. On Thu, 28 Aug 2003 [EMAIL PROTECTED] wrote: On Wed, 27 Aug 2003, [EMAIL PROTECTED] wrote: We have a similarly sized connection to MFN/AboveNet, which I won't recommend at this time due to some very questionable null routing they're doing (propogating routes to destinations, then bitbucketing traffic sent to them) which is causing complaints from some of our customers and forcing us to make routing adjustments as the customers notice MFN/AboveNet has broken our connectivity to these destinations. We've noticed that one of our upstreams (Global Crossing) has introduced ICMP rate limiting 4/5 days ago. This means that any traceroutes/pings through them look awful (up to 60% apparent packet loss). After contacting their NOC, they said that the directive to install the ICMP rate limiting was from the Homeland Security folks and that they would not remove them or change the rate at which they limit in the foreseeable future. What are other transit providers doing about this or is it just GLBX? Cheers, Rich
Re: OT: Re: User negligence?
I think there is confusion here. The banks are making the claim, that, if you the user, has an infected PC, that is compromised by an 3lit3 h4x0r, and your password to your bank account is compromised, then the bank is not responsible. That is what you are saying, Sean? On Sun, 27 Jul 2003, Len Rose wrote: Sean, I humbly disagree. It is not user negligence, but rather neglgence on behalf of the entity's systems team, or perhaps the entity's failure to support their own systems team by hiring competent staff instead of relying on people who play office politik or look nice in a suit and tie. User's are not expected to be secure their machines, or even barely know more than how to use a handful of applications. In the bank's case hopefully they are supposed to be financial experts. One can also blame the entity for basing their operations on a joke operating system of course (tired argument). Not calling it a breach of security is simply.. ridiculous. It is a most flagrant breach of security if they can't even secure their own internal networks and systems. Host level security should be the easiest thing to accomplish given competent systems staff. The entity should have had a team in place that protected systems, disabled vulnerable services running on the joke operating system, and that stayed on top of any threat no matter what day of the week it happened to be. Nothing like berating the obvious. This is off topic and I'm not going to pursue this further on this list. Len Sean Donelan said: Unfortunately there are a lot, and growing number, of self-infected PCs on the net. As the banks point out, this is not a breach of the bank's security. Nor is it a breach of the ISP's security. The user infects his PC with a trojan and then the criminal uses the PC to transfer money from the user's account, with the user's own password. http://www.iol.co.za/index.php?click_id=13art_id=qw1059039360281B215set_id=1 The fact that hackers got access to bank customer's accounts was not due to inadequate security at the bank, but due to user negligence, an e-commerce company said on Thursday. [...] Consumers should be vigilant when opening emails. If they receive strange emails, or emails from people or companies they do not know, it is better not to open the mail - especially attachments. These intrusions were clearly not a result of any vulnerability in Absa's Internet security. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: UPS failure modes (was: fire at NAC)
(header trimmed) Hello, First off, we're all still alive here. Underlying root cause was a failure of a capacitor in the rectifier section. We're not sure what actually caused the failure of the failure of the capacitor, but it resulted in the internals of the capacitor being ejected from the UPS at such a high rate of speed, that it dented the front door of the UPS itself, and caused the door to jump the lock and swing open. I, personally, have never been a fan of Liebert UPS's. The electrical engineer that we use seems to share my assessment that Lieberts, at least Series 300's, are not built as well as the could be. I have no direct experience with MGE, but I recall several multi-hour outages in Jersey City Exodus, that I think had something to do with MGE systems. I don't recall if that was human error, or not. Another negative there, for me, is that they are French. We own about 8 or so Matrix 5000's; out of box failure rate is hovering at about 50%, and failure rate within first month of operation is about 75%. However, once they pass that barrier, they tend to work. Don't overload them, they tend to get cranky. We had one shoot flames, once, but that wasn't assosciated with an overload. My personal favorite: Exide/Powerware/Invensys 9315's. They just work. I have two of them, an 80 and a 500. The 80 has been installed for nearly 4 years, and has never, ever dropped the critical load unless instructed to. The 500 is a recent install, but seems to be doing just fine as well. From folks I've talked to (engineers and industry people), Powerware seems to be known as the UPS that just works. I've yet to talk to one person who had a powerware die on them. Myself included. On Thu, 29 May 2003, Dan Hollis wrote: On Thu, 29 May 2003, Gerald wrote: On Thu, 29 May 2003, Bill Woodcock wrote: I've seen two previous APCs (both Matrixes) fry batteries... The batteries balloon up, and get really hot, and are too big to extract from the chassis. I've also personally witnessed an APC do this. I'm not a fan of APC. They sent us a replacement APC but I still prefer the rack mount Tripp Lites we used at the last company I worked for. Anyone had experience with Belkin UPSes? Theyre much cheaper than APC, and seem to have a longer runtime. I wonder about the long term reliability though. Data points would be helpful. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-] -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: They all suck! Re: UPS failure modes (was: fire at NAC)
UPSes (and UPS batteries) do fail, sometimes in catastrophic ways. I would not design any critical system on the assumption that any particular component won't fail. High availability is about designing for failure. Sometimes there is a long time between failures, other times they occur early and often. The most annoying thing about UPSes is they fail at exactly the time they are needed most. Except, that: Even in instances where 'High availability' is designed, in the case where one of the units has a failure that causes a fire and FM200 dump, either the FM200 will still trigger an EPO, or the fire department will. So, the second 'high available' unit will generally not prevent you from dropping the critical load, but instead, will help you get back on line quicker. A much cheaper and easier to implement external maintenance make-before-break bypass will accomplish the same thing. I've heard many a story of the paralleling gear causing the problem in the first place, as well... -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: UPS failure modes (was: fire at NAC)
On Thu, 29 May 2003, Simon Lockhart wrote: On Thu May 29, 2003 at 04:29:13PM -0400, Alex Rubenstein wrote: From folks I've talked to (engineers and industry people), Powerware seems to be known as the UPS that just works. I've yet to talk to one person who had a powerware die on them. Myself included. We are a Powerware house. We had a large number of 3kVA and 6kVA units in our previous data centre (no-one would stump up the cash for a large unit so we had to buy them as we needed them). After about 5 years (very rough figure), we've now had 3 or 4 units fail, sometimes in the UPS, sometimes in the bypass unit. They all seem to be component failures (in the case of the bypass unit, a leg broke off a small capacitor). I don't think we've replaced any of the batteries in that time and they're still all holding charge well, even at full load. Perhaps I should have been clear. In my entire post, sed s/powerware/powerware 9315/g At our new site we have some 50kVA and 80kVA units that we inherited from the previous owners. One is already exhibiting the signs of a failing fan, but we have no idea what their history is before we moved in. Well, fans would fall under maintenance, no? Perhaps, also, someone is not changing filters, or whatnot. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: They all suck! Re: UPS failure modes (was: fire at NAC)
It's not crazy, it's just not reasonable. What I mean, of course, is that in a collocation model, where you have customers bringing in computers, it is not reasonable to mandate that they use DC power. You'd have no customers. Which, in turn, may be a benefit, since you wouldn't need the power system in the first place. On Thu, 29 May 2003, Dan Armstrong wrote: I agree, of course it is ludicrous to think otherwise. It has always bothered me that we rectify AC power to store it in batteries, then re-invert it to power AC servers only for them to rectify it again Dan. Tom (UnitedLayer) wrote: Or we could all take a page from the book of telecom, and run with DC systems. It'd be nice to be able to tell our customers: Oh hey, you can only use DC power supplies, so you'll need to change out all of the power supplies in your 1U's, Sun Boxes/etc Yes, I have run an installation of servers that were all DC, and it was neat, but hardwiring everything was not an exciting task. It was also hard to find people who were experienced with DC. Most sysadmins have never worked with DC, and the process of pulling a fuse, unscrewing some terminals/etc/etc before working on gear isn't always remembered. If only the equipment manufacturers would stop gauging on price for DC equipment/power supplies. Amen! You'd think there might actually be less components in the things :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: They all suck! Re: UPS failure modes (was: fire at NAC)
Similar to: http://www.baytech.net/cgi-private/product?catagory=F-RPC+SERIES
and isn't Liebert.
On Thu, 29 May 2003, Temkin, David wrote:
Here you go:
http://www.liebert.com/dynamic/displayproduct.asp?ID=1042cycles=60Hz
-Original Message-
From: Temkin, David
Sent: Thursday, May 29, 2003 7:49 PM
To: 'E.B. Dreger'; [EMAIL PROTECTED]
Subject: RE: They all suck! Re: UPS failure modes (was: fire at NAC)
Liebert makes one, actually. The model # escapes me, but we considered
using it for equipment that's single powered. (We have uber power
redundancy..)
-Original Message-
From: E.B. Dreger [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 7:38 PM
To: [EMAIL PROTECTED]
Subject: Re: They all suck! Re: UPS failure modes (was: fire at NAC)
SD Date: Thu, 29 May 2003 16:53:43 -0400 (EDT)
SD From: Sean Donelan
SD Yep, tieing together redundant systems with parelleling gears
SD turns two independent systems into one co-dependent system. In a
SD failure situation, you want to compartmentalize the failure.
SD Loosing half your systems may be better than loosing all your
SD systems.
Too bad a substantial amount of equipment doesn't allow for redundant
plugins. The ability to plug { servers | routers | whatever } into two
totally separate power feeds is nice.
Anyone for building a rackmount transfer switch for two inputs? Assuming it
didn't fail (!) -- would the economies of scale work for or against it
compared to big transfer switches? Between dealing with _much_ smaller
current levels and the opportunity for mass production, what are the chances
of something like this working?
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting,
e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~
Date: Mon, 21 May 2001 11:23:58 + (GMT)
From: A Trap [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT send
mail to [EMAIL PROTECTED], or you are likely to be blocked.
IMPORTANT:The information contained in this email and/or its attachments is
confidential. If you are not the intended recipient, please notify the
sender immediately by reply and immediately delete this message and all its
attachments. Any review, use, reproduction, disclosure or dissemination of
this message or any attachment by an unintended recipient is strictly
prohibited. Neither this message nor any attachment is intended as or
should be construed as an offer, solicitation or recommendation to buy or
sell any security or other financial instrument. Neither the sender, his or
her employer nor any of their respective affiliates makes any warranties as
to the completeness or accuracy of any of the information contained herein
or that this message or any of its attachments is free of viruses.
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: They all suck! Re: UPS failure modes (was: fire at NAC)
We have two MGE 150KVA UPSes at our Newton facility. When I designed the electrical system, I originally specified a make-before-break 208V 450A 3PH switch. What is the saying, the lawyer who represents himself has a fool for a client?? :) This would enable us to isolate our internal and customer load panels from the two UPSes and their respective static transfer switches and output transformers - so we would have completely redundant dynamic A/B switching. The ONLY vendor at any price I could find was for a switch made [... deletia ...] After our investigations, our conclusion that paralleling was a costly (pay for two UPS's, and essentially get one) and somewhat risky (it's been demonstrated that paralleling makes a failure worse rather than better at least some of the time) proposition. Plus, the added complexity of installation (phase rotation?) and operation (phase synch?) is a little too much for me. Instead, we choose to have totally seperate power systems. For 90% of the customers who don't care, and want a cheaper collocation cost, they are happy knowing they live on one UPS. For the guys who give a hoot, will pay money, and want it, we can bring them another circuit, from another UPS. There is no inter-reliance on the UPSs, and I feel more confident in the power I provide to the client. I think that it is clear, if you really want the most reliability you can ever obtain with sanity intact, and money is relatively not an object, you'd have two grid feeds to the building; two ATS's, one per grid feed; one generator per ATS; one UPS per ATS. Then, give each customer a power feed from both grid feeds. But no one, not you, not me, can do this and provide a $650/month rack with 20 amps of power, and stay in business. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: fire at NAC
Sheesh. Heh. We're still here. Part of a rectifier in a Liebert UPS let loose, causing a momentary fire. That is, until the FM200 quenched it. Since there seems to be interest, I will post the post-mortem to the list. On Wed, 28 May 2003, [EMAIL PROTECTED] wrote: Fire at nac.net http://www.nac.net Alex -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Anyone using Finisar OC-n GBICS?
http://www.finisar.com/product/product.php?product_id=165product_category_id=150 CWDM GBIC OC48 Transceiver with APD Receiver (FTR-1621) Seems nifty. Anyone using this? Also, me making my once-a-year request; anyone know of GBICs based on ITU-Grid frequencies that would work with Cisco 15216, for example? Thanks.. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: Cidera shuts down
Ditto -- if you peer with us somewhere, we'll get you a feed. On Wed, 26 Feb 2003, Ringdahl, Dwight (WebUseNet) wrote: Yes I just heard this from Doug too, if anyone need a quick fix for usenet feeds, email me directly. I'll set you up and help you til we can come up with a business solution. Dwight -Original Message- From: Jeffrey Wheat [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 5:05 PM To: [EMAIL PROTECTED] Subject: Cidera shuts down Just received this from Cidera: We regret to inform you that Cidera has discontinued its netnews and caching services effective immediately. We wished to provide you with more advanced notification of this termination of service, but unfortunately we were not able to do so. The current economic situation has been difficult for us and for our customers, and we wish all of you the best of luck and good fortune with your businesses. Everyone at Cidera feels it has been a privilege to serve you. I am now in need of obtaining a new source for news that is satellite based. Can anyone offer any suggestions and or recommendations? All information is appreciated! Regards, Jeff --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
fyi (fwd)
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- -- Forwarded message -- Date: Sat, 25 Jan 2003 01:50:34 -0500 From: Tim Yocum [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: fyi Might pass this along to nanog@ or anyone who cares to dig a bit deeper. I'm not subscribed to the list. Same packet structure, same length, different source port, always udp/1434. 0:48:25.375117 62.216.151.17.4322 unknown.Level3.net.ms-sql-m: [udp sum ok] udp 376 (ttl 117, id 52118, len 404) 0x 4500 0194 cb96 7511 ebef 3ed8 9711E...u.. 0x0010 d1f7 e4f1 10e2 059a 0180 9796 0401 0101 0x0020 0101 0101 0101 0101 0101 0101 0101 0101 0x0030 0101 0101 0101 0101 0101 0101 0101 0101 0x0040 0101 0101 0101 0101 0101 0101 0101 0101 0x0050 0101 0101 0101 0101 0101 0101 0101 0101 0x0060 0101 0101 0101 0101 0101 0101 0101 0101 0x0070 0101 0101 0101 0101 0101 0101 01dc c9b0 0x0080 42eb 0e01 0101 0101 0101 70ae 4201 70aeB.p.B.p. 0x0090 4290 9090 9090 9090 9068 dcc9 b042 b801Bh...B.. 0x00a0 0101 0131 c9b1 1850 e2fd 3501 0101 0550...1...P..5P 0x00b0 89e5 5168 2e64 6c6c 6865 6c33 3268 6b65..Qh.dllhel32hke 0x00c0 726e 5168 6f75 6e74 6869 636b 4368 4765rnQhounthickChGe 0x00d0 7454 66b9 6c6c 5168 3332 2e64 6877 7332tTf.llQh32.dhws2 0x00e0 5f66 b965 7451 6873 6f63 6b66 b974 6f51_f.etQhsockf.toQ 0x00f0 6873 656e 64be 1810 ae42 8d45 d450 ff16hsendB.E.P.. 0x0100 508d 45e0 508d 45f0 50ff 1650 be10 10aeP.E.P.E.P..P 0x0110 428b 1e8b 033d 558b ec51 7405 be1c 10aeB=U..Qt. 0x0120 42ff 16ff d031 c951 5150 81f1 0301 049bB1.QQP.. 0x0130 81f1 0101 0101 518d 45cc 508b 45c0 50ff..Q.E.P.E.P. 0x0140 166a 116a 026a 02ff d050 8d45 c450 8b45.j.j.j...P.E.P.E 0x0150 c050 ff16 89c6 09db 81f3 3c61 d9ff 8b45.Pa...E 0x0160 b48d 0c40 8d14 88c1 e204 01c2 c1e2 0829...@...) 0x0170 c28d 0490 01d8 8945 b46a 108d 45b0 5031...E.j..E.P1 0x0180 c951 6681 f178 0151 8d45 0350 8b45 ac50.Qf..x.Q.E.P.E.P 0x0190 ffd6 ebca
Re: Level3 routing issues?
This is definately a world-wide problem. Many networks are reporting all sorts of things. Nothing clear, except that it's all aimed at 1434. 01:28:33.331686 64.21.34.210.28295 238.192.142.61.1434: udp 376 [ttl 1] 01:28:33.331720 207.99.21.121.1917 226.39.19.228.1434: udp 376 [ttl 1] 01:28:33.331772 64.247.0.168.1379 239.194.46.210.1434: udp 376 [ttl 1] 01:28:33.331841 207.99.77.34.3894 227.154.8.29.1434: udp 376 [ttl 1] 01:28:33.331992 207.99.21.120.2558 231.16.91.78.1434: udp 376 [ttl 1] FYI: ms-sql-m1434/tcp #Microsoft-SQL-Monitor ms-sql-m1434/udp #Microsoft-SQL-Monitor On Sat, 25 Jan 2003, hc wrote: I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as well. -hc Joel Perez wrote: I am also seeing increased traffic on my network. It has gotten so bad for one of my edge routers that i cant telnet into it. But i am on Qwest and GBLX. -Original Message- From: Alex Rubenstein [mailto:[EMAIL PROTECTED]] Sent: Sat 1/25/2003 1:04 AM To: hc Cc: [EMAIL PROTECTED] Subject: Re: Level3 routing issues? I dunno about that. But, I am seeing, in the last couple hours, all kinds of new traffic. like, customers who never get attacked or anything, all of a sudden: http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html We are seeing this on ports all across out network -- nearly 1/2 our ports are in delta alarm right now. Anyone else? I will dig more to look at the traffic. On Sat, 25 Jan 2003, hc wrote: Anyone seeing routing problems with Level3 at this hour? I just witnessed tons of prefixes behind level3's network withdraw. Any information on what is happening (if you know) would be great. Thanks! -hc -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Level3 routing issues?
MS SQL, or SQL Monitor? On Sat, 25 Jan 2003, Blaine Kahle wrote: On Sat, Jan 25, 2003 at 02:05:42AM -0500, Kevin Welch wrote: I am seeing similar traffic loads on my network at this hour, one of our MS SQL servers seemed to be sending a large amount of traffic out to the Internet. Still looking into it but too similar for me to avoid sending an e-mail. Same symptoms here. After disabling MS SQL, which required a reboot as the process didn't want to shut down normally, the traffic stopped. I found 3 boxes on our network that were generating massive amounts of traffic, all of which run MS SQL. -- Blaine Kahle [EMAIL PROTECTED] 0x178AA0E0 -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
this attack is still strong here..
[EMAIL PROTECTED] show firewall filter proactive-filter
NameBytes Packets
mssql-drops 916252204 2267951
term NO-MSSQL {
from {
packet-length 404;
protocol udp;
destination-port 1434;
}
then {
count mssql-drops;
discard;
}
}
Re: Level3 routing issues?
On Sat, 25 Jan 2003, Stephen J. Wilcox wrote: Somebody remind me why Microsoft is still allowed to exist? Dunno, arent they negligent? In any other industry a fundemental flaw would be met with lawsuits, in the computer world tho people seem to get around for some reason. Steve Including the developers of SSHD, HTTPD, NAMED, CVS? How about Linus? Wanna call him up? I am no windows cheerleader, but to think this is something that happens only in windows-land is whack -- might as well put your head in the sand. Simple philosophy: Everything sucks at all times and all places. Routers, switches, hosts, OS's. We, as operators, have to do our best to deal. It's arguable you are as liable as anyone else, since this particular exploit is 'old news' and a patch has been available for it for some time. Also; everyone who just posted to this list made it abundantly clear that they don't have a firewall in front of at least one MS SQL server on their network. Should you really have port 1433/4 open to the world? Would you do this with a MySql server? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Level3 routing issues?
From what I have read and researched, it does. On Sat, 25 Jan 2003, Jack Bates wrote: From: Avleen Vig snip Let's not blame MS for admins who don't know how to secure their boxes :-) A patch was released mid-2002 and was also part of SQL Server SP3 Has it been verified that the mid-2002/SP3 patches work? I haven't heard anything difinitive on this yet. Jack Bates Network Engineer BrightNet Oklahoma -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
