Re: This may be stupid but..
Okay, I was kinda waiting a single alternative opinion of recruiters, but since I haven't seen one, I will offer one. True, most recruiters, like the middle part of any bell curve, tend to be...average. And as usual, with sweeping generalizations, you could be missing out on something. In fact, as I understand it, recruiting is one of the first steps of paying dues when walking up the HR ladder. There is certainly an echelon of well connected, knowledgable and trusted recruiters that place high quality candidates into the right jobs at the best companies. In fact, I know a few recruiters that used to be engineers. They tend to work with people that can demand a certain minimum salary, have years of industry experience and are currently employed. Recruiters are just as sick of misrepresented technical folks that don't have a clue wasting their time trying to tap jobs. Their creditabilty is on the line with every placement. Again, as with most things, there tends to be two ends to the spectrum. Best Regards, Andy Walden -- PGP Key Available at http://www.tigerteam.net/andy/pgp On Sun, 9 Nov 2003, Eric Brunner-Williams in Portland Maine wrote: recruiters will make sure that you only see resumes with some acronym begining with CC, and/or MS. this is not useful if you are not attempting to staff to replicate those notions of what an *sp that uses nanog needs. two of my best hires (at sri, .5k hosts, circa 1987) were simply trainable. an english major (f) from reed, and a cs major (m) from a school that taught cobol as a modern language -- i hired him for his night job skills, managing an auto body shop, managing ordinary joes holding tools. i'm recruiter-proof. i'm not sure i'd want anyone who wasn't. eric
Re: China Telecom filtering nameservers
On Wed, 22 Oct 2003, Tom (UnitedLayer) wrote: On Wed, 22 Oct 2003, John Kristoff wrote: This has been seen elsewhere too and contacting someone at chinanet has been difficult. I actually found two helpful individuals via posting to this list. They both spoke english, and helped me out in finding out what was going on. China telecom has some US POPs, so they do have people in the US even. If I'm not mistaken, I think I even saw an office the other day on Herndon Parkway... Best Regards, Andy Walden -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Extreme BlackDiamond
On Mon, 13 Oct 2003, Mikael Abrahamsson wrote: On Mon, 13 Oct 2003, Shazad - eServers wrote: How are these for CORE SWITCHES (distribution) compared to BigIron and the CISCO 6509? From what I have heard and reports they are very solid switches. Some things to know about them: They use CPU to route ICMP just like all Extreme equipment (makes it harder to diagnose network trouble using ICMP). Actually, as far as I know, all switches and routers use the CPU to process ICMP. It is a control protocol and the safest option is to ensure the vendor has implemented some sort of CPU rate-limiting so it can't be overwhelmed. They're very quick and stable when it comes to forwarding traffic that has a normal pattern, but they do not perform well when it comes to handling stuff like DoS attacks that generates packets that are not in its ipfdb. The last months virus attacks have not been fun to us (both the ICMP and the scanning from infected customers and our aggregates being scanned from infected internet hosts). This is the kicker and real question: does it require the CPU to forward regular traffic? I believe the answer is yes, the Extreme is a flow-based architecture and the first packet of each unique flow (however it is defined) will need to be processed by the CPU. This is why the problems described above occur. The alternative is a packet-based architecure and does not rely on the CPU for forwarding. It doesn't take a lot of packets to overwhelm any CPU. They do everything in hardware when it comes to access lists, QoS etc. Either it does it in ASIC without performance impact or not at all. Assuming the CPU doesn't have to process the first packet before it reaches the ACL, QoS policy, etc.. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: williams spamhaus blacklist
On Wed, 24 Sep 2003, Leo Bicknell wrote: Osama and his followers told us for years they didn't like what we were doing, and then escalated by flying a plane into a building to get our attention. That must have been ok by the same logic. Godwin's Law should probably be extended to September 11 references. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Cheap temperature sensors
At 06:29 AM 9/23/2003, you wrote: I hate to point this out but this sounds spammy as hell, and while I've been on this list a very short time, very very big alarm bells went off when I read it. Well, if you had been on the list a little longer you would have realized that this is something that comes up on a regular basis and that someone has finally found an affordable solution helps a lot of people out. In fact, your reply was borderline creepy...maybe you need a different hobby then stalking spammers. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Verisign Responds
On Tue, 23 Sep 2003 [EMAIL PROTECTED] wrote: On Tue, 23 Sep 2003 [EMAIL PROTECTED] wrote: On Tue, 23 Sep 2003 [EMAIL PROTECTED] wrote: On Mon, 22 Sep 2003, Dave Stewart wrote: Courts are likely to support the position that Verisign has control of .net and .com and can do pretty much anything they want with it. ISC has made root-delegation-only the default behaviour in the new bind, how about drafting up an RFC making it an absolute default requirement for all DNS? That would be making a fundamental change to the DNS to make wildcards illegal anywhere. Is that what you want? no it wouldnt. it would ust make wildcards illegal in top level domains, not subdomains. really? and how would that work? (read be enforced...) Well yes thats part of the problem. It looks like verisign doesnt care what anyone (ICANN, IAB, operators) thinks. But if we can mandate via RFC it for dns software (servers, resolvers) etc. Then we go a ways to removing verisign from the equation. Verisign can do what they like, everyone will just ignore their hijacking. lets try this again... why should a valid DNS protocol element be made illegal in some parts of the tree and not others? if its bad one place, why is it ok other places? --bill Because of who is affected by the element. At the TLD level, many are affected, at the domain level, then its a much smaller subset. Ultimately, as Randy has already said, it is a business and social problem. From a business standpoint, why should an organization be forced to use its own resources to work around Verisign's plan to put more money in its own packet. From a social aspect, since Verisign has grown to be one of the most hated (a decidedly non-business adjective) and distrusted organizations existing. It pisses people off that they have found an unfair advantage to use resources in bad faith, to generate revenue from people's typos and ignorance. It smacks of being unethical, underhanded, illegal, and generally the opposite of generating revenue by providing a quality service to your loyal customers. The technical hacks are a testament to our culture and provide instance gratification while the slower moving social and business issues are worked it. They help to gratify the emotional need to generally do the right thing. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: When is Verisign's registry contract up for renewal
On Sun, 21 Sep 2003, Paul Vixie wrote: This sort of not-for-profit is exactly what I proposed when the VeriSign discussion started. A non-technical response to a non-technical problem. Since my inital email, I've recruited a few other NANOG folks and put up a website: www.alt-servers.org. what a BAD idea. worse than anything else on the table or in existence today. Splitting the root you mean? I'm not sure there was enough info on that site to come to any other conclusion, but I wanted to make sure. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Providers removing blocks on port 135?
On Sat, 20 Sep 2003, Margie wrote: My guess is that you haven't heard of the current issue with various servers running SMTP AUTH. These MTAs are secure by normal mechanisms, but are being made to relay spam anyway. Would this be a reference to the qmail-smtp-auth patch that recently was discovered, that if misconfigured, could allow incorrect relays? If so, I would say that this was an isolated incident for a single patch for a specific MTA and only when it was misconfigured. I'm not sure I would describe that as secure by normal mechanisms nor quite the epidemic it was the first week or two. I'm not necessarily making a statement one way or the other on port 25 filtering, but SMTP Auth, when properly configured and protected against brute force attacks is certainly a useful thing. YMMV of course. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: IP issues with .com/.net change?
On Wed, 17 Sep 2003, Alex Kamantauskas wrote: Not really operational content, but I was wondering if there was an intellectual property issue with the Verisign .com/.net redirect? For instance, http://searchthewebwithgoogle.com/ brings you to a Verisign search engine. Or, even better, http://getyourdomainnameatregister.com/ will bring you to a Verisign website. This is the best point of attack I believe. A quick review of the WIPO domain decision archive: http://listbox.wipo.int/domain-updates shows that domains registered in bad faith, for example wwwcdw.com, are usually ruled against. If the individual domain holders take issue with their own domains, both through WIPO, and what I feel will ultimately need to happen for this madness to stop, the courts, then Verisign can be stopped. Millions of domains registed in bad faith. http://wwwford.net/ http://worldnetatt.net http://wwwlightreading.net http://wwwcnn.net andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Max TNT ping thing
Drew, I believe this was the last message about it. Basically, put on all of your filters on all interfaces for both worms, play with the cache as indicated below and make sure you are running later code. At least 9.0.0.9 if I recall if not TAOS 10+. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp On Sat, 30 Aug 2003, Edward Murphy wrote: Geo. said: Tonight we either made to double checked the following parameters and the problem seems to have cleared up: iproute-cache-enable = yes ipport-cache-enable = yes suppress-host-routes = no iproute-cache-size = 1500 ignore-icmp-redirects = yes icmp-reply-directed-bcast = no send-icmp-dest-unreachable = no tcp-syn-flood-protect = yes I just checked and we had: iproute-cache-size = 50 send-icmp-dest-unreachable = yes tcp-syn-flood-protect = no and our box has been staying up just fine. I just modified the last two in order to see if that does anything different. the iproute-cache-size of 50 I decided to leave alone because I figure that depends on how much memory you have and I don't know how your box compares to ours in that respect.
Re: OT: converting 100MB to OC-3 POS
On Tue, 9 Sep 2003, Gil Levi wrote: Can anyone help me convert a 100MB Ethernet interface to an OC-3 POS interface in a small cheap box ? Depends on what you mean by cheap? Ethernet-POS isn't a conversion per say, but it could be switched or routed. The more expensive part will probably be the POS interface. An RS 1000 would work. Maybe a 7300 also, but it would cost twice as much I think. http://www.riverstonenet.com/products/router_rs1000.shtml andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Cross-country shipping of large network/computer gear?
On 27 Aug 2003, Robert E. Seastrom wrote: FedEx Heavy = pay a surcharge for heavy boxes, get it moved by a 120 pound delivery person with a handtruck rather than a pallet jack or other appropriate freight handling equipment... and dropped off the truck. My experience is a 40% damage rate when shipping Cisco 7507 and 7513 routers via FedEx Heavy. Here are some pictures from back when I was at AboveNet: http://www.seastrom.com/fedex/ That's it Rob, let it all out. ;) I can certainly empathize, as I have have my bad experiences with Fedex as well. We also use Emery on a regular basis for the big things also. The bottom line is, like vendors, all shippers can suck at times...it really is luck of the draw if some guy along the line decides that he is going to not care about your gear at some point while he is handling it. Accidents happen as well... C'est la vie..what can you do. Counter to counter I find is most effective, but as mentioned earlier, does require some effort on the sender's part. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Cross-country shipping of large network/computer gear?
On 27 Aug 2003, Robert E. Seastrom wrote: Andy Walden [EMAIL PROTECTED] writes: Yes, but my point is that you can stack the deck in your favor by using a company that uses appropriate material handling devices to move every package if you are shipping packages that are heavy enough that moving them with a handtruck or by hand is possible-but-unwise. I can agree in principal, so long as we can designate a company that will execute proper company policy and do so *every* time. Unfortunately, for the purpose of the general well-being of our gear, we arrive back at generally blue collar, none-the-less, well paid, package handlers that individually define preferences for how they feel like doing it that day. C'est la vie..what can you do. Counter to counter I find is most effective, but as mentioned earlier, does require some effort on the sender's part. Do you really mean counter to counter, or do you mean Real Air Freight (like going to the United Air Cargo facility behind Gate Gourmet in the same strip as FedEx out at IAD)? Real Air Freight (tm) rocks my world. Going into the terminal to baggage claim and trying to find someone to help you find your package is annoying. Granted, it's been awhile since I have shipped counter to counter since I joined the dark side (vendor side), it probably was before 9/11, and things may be different now. Please forgive any outdated experiences represented. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Cross-country shipping of large network/computer gear?
On Wed, 27 Aug 2003, Leo Bicknell wrote: I'm not sure if any of them are here, or if they would make their info known...but I'm sure vendors have some good data. I know Cisco's online ordering tool has about a bazillion (and yes, that's the right term) shippers, and I'm sure they track the number of problems reported. No doubt other vendors do as well. Certainly, with 4.7 BILLION in revnue last quarter (http://biz.yahoo.com/bw/030805/55780_1.html), they must have significant relationships with specific shippers to generate real data. The only objection I can think of is if you are a shipper doing *that much* business with a single company, how much extra care are you going to give boxes with some guy connecting a circuit on the front of them? How much care are you going to give everyone else? It still comes down to human nature and the luck of thd draw unless you are a major part of the shippers revenues and this has been driven into your head? andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Cross-country shipping of large network/computer gear?
On Wed, 27 Aug 2003, Ray Wong wrote: On Wed, Aug 27, 2003 at 08:31:58PM -0500, Andy Walden wrote: On 27 Aug 2003, Robert E. Seastrom wrote: Yes, but my point is that you can stack the deck in your favor by using a company that uses appropriate material handling devices to move every package if you are shipping packages that are heavy enough that moving them with a handtruck or by hand is possible-but-unwise. I can agree in principal, so long as we can designate a company that will execute proper company policy and do so *every* time. Unfortunately, for So your position is that the the existence of exceptions defines the probability and severity of damage? That 1% and 40% damage rates are in fact the same? $10 and $10,000? Just out of curiosity, What makes them less likely? I still think anyone driving a pallet for a living (or running a network for that matter;) could have very well had a binger the night before and still feeling the effects. the purpose of the general well-being of our gear, we arrive back at generally blue collar, none-the-less, well paid, package handlers that individually define preferences for how they feel like doing it that day. I still fail to see why I would choose an organiztion with handles hundreds of times more packages, most weighing less and being less breakable than mine, over one with the specialized equipment to move it. An air cargo carrier with heavy-cargo equipment is still less likely to drop a pallet off a pallet jack than an express shipper with a handtruck. That their respective employees are equally lackadaisical doesn't mean all other factors have been equalized. Cargo/freight carriers, in general, are also aware that nearly all their cargo is of declared value, that the fragility warnings are more likely correct, and, perhaps most important, that the customers are far more likely to be filing damage claims against them. Fedex, et al, know that most of THEIR packages are paper and other sturdy items, and that their customers are much less likely to notice/claim damages. What insight do you have into each shipper's package types and the insurance liability? It's somewhat like card counting in blackjack. The odds are still quite poor, but that n% shift can make the difference of coming out of the casino money ahead or behind. Maybe, but make sure you are correct when you place you bet. Of course, good packing is critical either way. If you're going freight, palletize the items with proper/extra padding/packing material, stick some damage (shock and tipping) indicators on each side, and tuck an INSPECTION CHECKLIST for whomever is on the receiving end (not they won't have their own copy, just sends a sign to anyone handling it that someone's going to look when it arrives). If you're still determined to use a shipper, pack and pad it well, then pack that box into another padded/packed box. If you're desperate to get it moved ASAP, see if you can find a college intern you can pay to drive it. You'll want your own people to load it in and out of the car/van, but it'll be cheap and probably less risky than relying on the odds with a shipper. 100% agreed. We are talking about bringing the entire process under your control in this case. Not always an option, but it certainly let's us feel better if the option is available. Unfortunately, in the real world, this isn't always an option. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Max TNT ping thing
On Tue, 26 Aug 2003, Geo. wrote: Someone on this list had mentioned a network card for the Max TNT that made it immune to the nachia worm ping issue. Is that the 4 port (3 ethernet, 1 fast ether) card or the single port card with the dongle thing or something else? It turns out this was a bogus solution. Since the load was lower afterwards, my tech thought it had been fixed. We tried limiting the size of the route cache as someone had recommended, as well as applying all of the filters without relief. This morning I had them just disable the route cache to see what happens. I will post the results. We did end up buying a support contract from Lucent after they said they had a fix and would tell us what it was after we paid them. They just supplied the filter. At this point, they have exactly zero clue as to what to do next. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
RE: TNT issues workaround
On Mon, 25 Aug 2003, Ejay Hire wrote: In response to this, I'd like to comment on Lucent's excellent response to this issue. Never before have I seen such an effective application of hear-no-evil, see-no-evil, and speak-no-evil. While other vendors were wasting our time sending out notifications of bugs / vulnerabilities with workarounds / fixes, Lucent's response was much more efficient and eloquent. We had a slightly different twist on ours - There is a known issue, and it can be fixed with a configuration change. For $20K we will tell you what it is. That kind of support demands repeat business. I certainly understand the value of a support contract and generally believe in them. I would have expected more common curtesy after the millions we had spent on these products though. At any rate, we applied the greatly appreciate filters supplied on this list and we also determined that we only had issues with certain TNTs, ones with the 4-port Ethernet card. We replaced these cards with the 5-port cards, and all of the issues with away. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Microsoft distributes free CDs in Japan to patch Windows
On Mon, 25 Aug 2003, Henry Linneweh wrote: Microsoft has a task scheduler that people should learn to use to remind them to check update to make sure their patches are current, it is located in the control panel and labled Scheduled Tasks and has an Add Scheduled Tasks icon to add update, FYI As I read that, I wondered why it is that I haven't patched any of my windows systems if it was just as simple as reminding myself to do so. It occurred to me that I just simply don't trust Microsoft to properly patch my systems. I keep all things Windows behind firewalls of different types at all times. So far it has proved to be an effective solution. I don't trust Microsoft to get the patch right, not arbitrarily delete my data, or change my machine in some unexpected fashion that I will not approve of. Granted, I, nor are most people on this list, the average Joe PC user, but I can't imagine I'm alone. There are deeper fundemental problems here. Software quality and security has been thoroughly beat to death, but will not improve in the near future. The trust issue that I just mentioned is another. These problems and dependence on a single corporate closed source entity will get people killed if they haven't already. These issues put our country at risk. I was none to plussed to see the monitors as my wife delivered our first were all windows based. Windows in the finacial industry http://www.theinquirer.net/?article=11130 Windows in the NAVY http://www.gcn.com/archives/gcn/1998/july13/cov2.htm Windows in healthcare http://www.microsoft.com/resources/casestudies/CaseStudy.asp?CaseStudyID=13105 It all scares the hell out of me. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Weird network problems
Is anyone out there tracking down some weird network behavior yesterday and today? I'm not talking about ping traffic from the worm or anything like that, I'm seeing TNT MAX boxes go unpingable, arp broadcast storms, one way traffic blocks on T1's between cisco routers, stuff that I have not been able to explain yet. I'm seeing the exact same issues with the TNTs and am in the process of trying to track down exactly what is causing it. So far no pattern has emerged. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: TNTs Rebooting, was RE: Weird network problems
On Wed, 20 Aug 2003, Ejay Hire wrote: In a word, Yes. We've got two TNT's that have been rock-solid for over a year that have rebooted 6 times in two days. Any help at all would be most appreciated. Has anyone opened a ticket with Lucent about this? My initial feeling is some traffic pattern, possibly a side affect of the recent instability, could be causing it. Thanks. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: High Speed IP-Sec
On Mon, 9 Jun 2003, Leo Bicknell wrote: I'm looking for a high speed (300-1000Mbps) IPSec solution. I need http://www.cipheroptics.com/ Gig-in/Gig-out - Wirespeed - reasonably priced last I asked. I can give you my contact if your interested. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Question concerning authoritative bodies.
On Tue, 11 Mar 2003 [EMAIL PROTECTED] wrote: On Tue, 11 Mar 2003, Ron da Silva wrote: Hmm...I would argue that every operator needs to run their own DNSBL. If you only DNSBL IPs after you receive spam from them, you have to get spammed by every IP before it's blocked. Why not reject mail from IPs that have spammed others before they spam you and your customers? Though I expect this is different in Ron's case since in a single day he gets enough spam to be equivlent to every IP address once. :) So whats an extra day right.. Now if AOL would allow their DNSBL to be mirrored... andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Remote email access
On 4 Feb 2003, John R. Levine wrote: It would be nice if we could use SMTP-AUTH on port 25, but the spammers ruined that for us around the same time they ruined courtesy relay. How did they ruin SMTP Auth? Thanks. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Looking for a piece of gear to do...
Riverstone 1000 could do this at a reasonable cost. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp On Thu, 21 Nov 2002, Alex Rubenstein wrote: Hi. I am looking for a very simple piece of gear that will do the following: Fast-E |thing|---ATM OC3--|thing| Fast-E I am not looking for a discussion on how this, me, or ATM is bad. It's just a solution I need. Anyway, I am looking for 'thing' to be a simple device. Perhaps it would have more than one FE port, and you'd map PVC's to ports, or whatever. The key is that this totally transparent, and able to pass 802.1q vlan tags. It'd be used in a point-to-point topology only. Any clues would be great. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: IP renumbering timeframe
On Fri, 31 May 2002, Tony Hain wrote: What is the point of an ASN if all you are multi-homing is a single subnet? Tony, I'm missing the correlation between the amount of address space announced and multihoming. (Beyond the prefix being too long and potentially filtered). Care to elaborate? andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: BGP and aggregation
On Sun, 12 May 2002, Stephen Griffin wrote: In the referenced message, Andy Walden said: Conditional Router Advertisement: http://www.american.com/warp/public/459/cond_adv.pdf As it sounds like he's using a single AS, the above may not be a fix, since a partitioned AS is still a failure condition. Why? If you announce one prefix via one circuit and announce a different prefix via a different with the same source AS, I don't see a problem since traffic will continue to reach its intended destination. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: BGP and aggregation
On Sun, 12 May 2002, Stephen Griffin wrote: BGP will discard any prefix with its own AS in the path, for loop prevention. Hence, one half of the AS would still be unable to reach the other half. This is why a partitioned AS is a failure condition. A tunnel is a means to keep the AS nonpartitioned. There are other ways to treat the symptoms, but they aren't particularly good, imho. True. This also assumes that we aren't talking about vanilla access here or perhaps you don't have local servers. This could also be fixed with a floating static I suppose as well. At any rate, it depends on your setup I suppose. Connecting remote offices != Bad, Vanilla access = probably tolerable. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: BGP and aggregation
Conditional Router Advertisement: http://www.american.com/warp/public/459/cond_adv.pdf andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp On Sat, 11 May 2002, Ralph Doncaster wrote: I have transit in 2 cities. I have a circuit connecting the 2 cities as well. So far I've been using non-contiguous IPs, so there's been no opportunity for aggregation. Having just received my /20 from ARIN, I'm trying to plan my network. Lets say I split the /20 into 2 /21's, one for each city. I'd like to announce the aggregate /20 instead of 2 /21's, as long as the circuit connecting the 2 cities is working. If the circuit goes down I want each city to announce the local /21. Is this possible? (using either a Cisco router or Zebra) Ralph Doncaster principal, IStop.com div. of Doncaster Consulting Inc.
Re: Help with bad announcement from UUnet
On Fri, 29 Mar 2002, Sabri Berisha wrote: On Fri, 29 Mar 2002, Anne Marcel Roorda wrote: Having a support model in which anyone can call any NOC about a problem they're having does not scale very well. What would work better/faster? my-noc - b0rken-noc or my-noc - my-upstream-noc - b0rken-noc-upstream-noc - b0rken-noc Work better for who? For you? Sure. For a any provider that needs to provide quality services to its customers and follow processes to do so, not a chance. The Big Picture is key here. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Re: Help with bad announcement from UUnet
On Fri, 29 Mar 2002, Leo Bicknell wrote: Note that in both cases, b0rken-noc takes a single call, so their load is unchanged. The second case adds a call to both my-upstream-noc, and b0rken-noc-upstream-noc. It would seem going direct would put a lower load on NOC's in general, which presumably would let them spend more time on problems and provide better service. Where is the limit though? Once I open things up to non customers, and let any random person call me, without any sort of filters or controls, what keeps my best guys from troubleshooting someone's mistyped SMTP server in their mail client? Processes are put in place to scale and when they are disregarded, things generally end up worse in the long run. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp