Re: WorldNIC nameserver issues
Chris Owen wrote: On Oct 17, 2006, at 1:36 PM, David Ulevitch wrote: Anyone else seeing these failures? WorldNIC does a lot of authoritative DNS We've got several customer domains in the same boat. I can ping those addresses but they don't seem to be answering queries. I called'em a while ago, they were aware. it should be fixed by now, there would be a fair amount of residual borked traffic.
Re: a radical proposal (Re: protocols that don't meet the need...)
Edward B. DREGER wrote: > MA> Date: Wed, 15 Feb 2006 16:31:56 +0100 (CET) > MA> From: Mikael Abrahamsson > > MA> The current routing model doesn't scale. I don't want to sit 5 years from > MA> now needing a router that'll handle 8 million routes to get me through the > MA> next 5 years of route growth. > MA> > MA> PI space for multihoming and AS number growth is a bad thing for scaling > and > MA> economics, however you look at it. > ED> I'm going to suggest something horribly radical (or nostalgic, ED> depending how long one has been in the industry): inter-provider ED> cooperation. ED> ED> Let's examine _why_ the routing table might become large. Lots of ED> smaller players multihoming, yes? Say two million small businesses ED> multihome using SBC and Cox. Must we have two million global ASNs ED> and routes? ED> ED> Of course not. Let SBC and Cox obtain a _joint_ ASN and _joint_ ED> address space. Each provider announces the aggregate co-op space ED> via the joint ASN as a downstream. This makes a lot of sense. However, as one of those smaller players, who may be multihomed using SBC and Cox, as your example says, I can fairly say that I don't like renumbering very much, and sometimes one finds there is a good business case to be made to switch providers, In short, having an ASN is good for me, if not for the community at large, so how to balance that? Right now, gettin ONE upstream to issue a private asn can be like an amatuer dental extraction, imagine 2 that don't like each other, or more often are totally ambivalent with regards to the others concerns/cares/policies/proceedures, et al. One says xxx00, and the other xxx01, how am I supposed to sort this out? ED> This is very similar to a downstream using a private ASN to connect ED> to one upstream in two different locations. i.e., transit provider ED> uses the same ASN for all such customers, and certainly needn't ED> pollute the global table with longer prefixes. , okay, ED> We're dealing with _one_ routing policy: hand it to Cox, or hand it ED> to SBC. Why explode it into two million "different" policies? Are we? Or are we dealing with _one_ routing policy: handing it to Cox AND handing it to SBC, who mediates? Right now, it appears as if it would me, the end-user. I'm just not equipped for that. ED> Look at MPLS. It essentially hunts down congruent or similar ED> routing policies, slaps a tag on the packet, and routes based ED> that. Why not explore options that get it right and coalesce from ED> the get-go? ED> Note also that this is totally op-community. No new protocols ED> required. ED> It can be done today without forklifts. Agreed. Good idea. Nice idea, very appealing, really. I just don't know how it would play out in practice between two providers, who as we have seen over recent short history don't necessarily work and play well together. ED> I thought I proposed this at 35. Maybe that was one of the open mic ED> sessions where time ran out...> ED> ED> Eddy > --footer snipped
Re: P2P Darknets to eclipse bandwidth management?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer wrote: > * Stephen J. Wilcox: > > >>packet inspection will just evolve, thats the nature of this >>problem.. there are things you can find out from encrypted flows - >>what the endpoints and ports are, who the CA is. then you can look >>at the characteristics of the data. > > > These protocols typically don't use a PKI. You could look at public > keys, but you don't even have to distribute them in-band. > > What you can do is look at packet sizes and do timing analysis on > incoming and outgoing packets to a particular hosts. For example, it > is possible to use such techniques to detect an interactive SSH > connection to a particular host on your network which is used by an > attacker to control an SSH client which connects to some other host. > I don't know how this scales to tens of thousands of hosts, though. > > Apart from that, I do not really understand the concept of "bandwidth > management". Isn't this this just an euphemism for "content > management", to avoid the ugly "c" word? In my complete ignorance, I would think that this is part of it certainly, but would be mostly qos issues. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFDHd+50STXFHxUucwRAnECAJ9zU2jRyCVB/ViE6vyELChQKASlDACglOk9 4aP9ur2gJ+CpQCdaIqE+ZAk= =1BZ/ -END PGP SIGNATURE-
Re: Any issue with www.cisco.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerry Boudreaux wrote: > mtr shows the packet loss in the last hop for me: > > 14. sjck-dmzbb-gw1.cisco.com 0.0% >62 66.6 75.4 64.5 293.7 37.1 > 15. sjck-dmzdc-gw2.cisco.com 0.0% >62 62.5 65.4 59.2 155.4 13.1 > 16. www.cisco.com 14.8% >62 59.2 64.7 58.1 88.4 7.2 I'm seeing roughly ~25 percent packet loss, it varies. > > > At 1:21 PM -0500 9/3/05, Hyunseog Ryu wrote: > >>Last night I had a maintenance so I use www.cisco.com for testing the >>network connectivity. >>But it seems that I'm seeing about 20% packet loss from www.cisco.com. >>I did same test from various points including my home cable modem >>connection, which is not my company's network, >>but I'm getting same result. >> >>Are you guys seeing same thing or different result? >>Is there any issue with cisco.com network? >> >> >>Hyun > > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFDHcVp0STXFHxUucwRAlK1AJ422cHoynI5L6RmM7f5Mp1WQpaNxQCfWROA eQNHluTG2CMNAICbeInaZjk= =EldM -END PGP SIGNATURE-
Someone from Sprint security please contact me
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Off list? Thanks kindly. (Second NANOG list request for this). -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFC3OTw0STXFHxUucwRAtyAAJ4iwZepou65McfaQ7sIjsFqAJK2ngCdHW9R NPDDT5gUcIUuV3maRgCFrLM= =yw2W -END PGP SIGNATURE-
Someone at Sprint security please contact me.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 off list. Thanks kindly. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFC06pU0STXFHxUucwRArO7AJ9L3dUEs9iluwWFTUAl0EsIjNnKsQCdFcxJ 8b9r0X5LN0zMGW+Euw5PRtY= =c4xA -END PGP SIGNATURE-
Re: OT: NOC Display's
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Spencer Wood wrote: > This is kind of off topic, so please feel free to delete if you want > .. > > Anyway, in our NOC we current have two LCD projectors displaying outputs > from two different computers. On one of the display's, I would like to be > able to take 4 VGA outputs from 4 workstations, and display it on the > screen (aka: Hollywood square style). What is the native rez of your lcd projectors? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCoFId0STXFHxUucwRAlTbAJ9LRXnaf058CrUGB4zqA5U9k1IcBgCfaLK/ GTC6rh5wuZIoImUQpKO8zRs= =tw/B -END PGP SIGNATURE-
Re: what will all you who work for private isp's be doing in a few years?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe Loiacono wrote: | | | | | So imagine a residential area all pulling digital video over wireless. | Sound familiar? Ironically close to TV! (yet so different) You mean like VoIP over dsl ? Burning gigantic holes in the bandwidth to carry traffic that used to pass nicely through a line rated for 5khz of bandwidth? It always makes me chuckle. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCg6Ob0STXFHxUucwRAgAEAJwPixesr0E7vSUq/SK7lR8OwR7jtwCgluz6 grthAaniOFMtUdth33DfDBc= =tQsj -END PGP SIGNATURE-
Re: what will all you who work for private isp's be doing in a few years?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You mean those of us who ARE private isps? Probably doing what we are doing today, reacting to the enviroment. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCgl5b0STXFHxUucwRAjlIAJ4wxqmzrBbV8tqemqPwyQsqHnhY2wCgpbX4 JkKOd8KXsXzEYtNcXCcswO4= =1NC0 -END PGP SIGNATURE-
Re: Blocking port udp/tcp 1433/1434
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe Maimon wrote: | | Is there still justification for denying transit for ms-sql slammer ports? on my "at work" small network, slammer (or slammer like) traffic is still around 2% of inbound blocked traffic. (just a dead end off of asn 6467) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCgkBh0STXFHxUucwRAjQ6AJsFHzi9/bof9L7kM+6pFfybkzNMJwCffZ2+ 76QYWAivNlOOT7DREixKMgU= =HIV3 -END PGP SIGNATURE-
Re: Clearwire May Block VoIP Competitors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Bonomi wrote: |>From [EMAIL PROTECTED] Sat Mar 26 12:37:15 2005 |>Date: Sat, 26 Mar 2005 13:35:31 -0500 |>From: Eric Gauthier <[EMAIL PROTECTED]> |>To: "Fergie (Paul Ferguson)" <[EMAIL PROTECTED]> |>Cc: nanog@merit.edu |>Subject: Re: Clearwire May Block VoIP Competitors |> |> |> |>>http://www.advancedippipeline.com/news/159905772 |>> |> |>"...In what the company claims is an effort to preserve the performance |> of its pre-standard WiMAX network, Clearwire says it reserves the right |> to prohibit the use of a wide range of bandwidth-hungry applications, a |> list that apparently includes VoIP as well as the uploading or |> downloading of streaming video or audio, and high-traffic Web site |> hosting." |> |>Hrm... Isn't a VoIP call realtively low bandwidth? | | | "*ALL* things are relative." | |>I haven't studied |>this, but Vonage's site seems to imply that the maximum data rate is 90Kbps |>(http://www.vonage.com/help_knowledgeBase_article.php?article=190). I |>typically see speeds greater than this from my web browser... | | | There's a big difference. web browser activity is typically *very* bursty. | 'Average' data rate for a any single user is probably in the range of 1%-3% | of the burst peaks. | | VoIP, on the other hand, has an "average" utilization that approximates 50% | of the burst rate. In _both directions. | | I suspect that that latter factor is a fair part of the "problem". That | the cable company has allocated fairly limited bandwidth for the 'upstream' | direction (from the customer to the head-end). That that 'available' | bandwidth is *grossly* over-subscribed, on the "presumption" that traffic | in that direction would generally be "small", and "infrequent". When those | assupmtions get violated, _everything_ goes to h*ll. | | Not just for 'he who' commits the violation, but everybody else who is | sharing that over-subscribed link. Well, Since I run an ISP that is very small time, has (at this time) only a single T1 upstream, all my "subscribers" are wireless clients, I guess if I have more than 2 subscribers, I am over subscribed? Hardly seems fair. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCR+o80STXFHxUucwRAt6lAJ9/khqQ0iFFCwReKleCYvsPLePGzwCfZGbd Tg8q8nyPcYZQSpXSD9hajbA= =wZfh -END PGP SIGNATURE-
Re: Why do so few mail providers support Port 587?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thor Lancelot Simon wrote: | On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote: | |>Sendmail now includes Port 587, although some people disagree how |>its done. But Exchange and other mail servers are still difficult |>for system administrators to configure Port 587 (if it doesn't say |>click here for Port 587 during the Windows installer, its too |>complicated). | | | This is utterly silly. Running another full-access copy of the MTA | on a different port than 25 achieves precisely nothing -- Actually, it achives a number of things. First that comes to mind is to allow road-warriors to establish tls conections with the home mta by side-stepping hote and hotspot style mta proxies. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCE1/A0STXFHxUucwRAnzPAJ9dqTukhoF7fNpzZjTMAqRe7DunoQCaApJw h0/sB5P5205mmBp/+ZNfO4k= =G/2V -END PGP SIGNATURE-
Re: Choicepoint [was: Re: Break-In At SAIC Risks ID Theft]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fergie (Paul Ferguson) wrote: | | Yes, this _is_ much worse. :-/ | | Thinking out loud here, but one's imagination runs | wild at the prospect of how much it will take before | more credence is given to a serious top-to-bottom security | infrastructure revamp. | | And holding these firms $responsible_ ... Not likely. This is totally off-the-cuff noise, but I find it much more credible that there was no "criminal" break in at Choicepoint. This is Choicepoint pre-explaining how certain records got into "unauthorsied" hands. Choicepoint/Seisint is a pretty controversial outfit, and pretty much always has been. Just google for big-boss Hank Asher This whole outfit smells to high heaven. How this is germane to nanog, I'm not too sure. my .01 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCEl8P0STXFHxUucwRAskiAJ913AgOuhCxojOJI8WeCCWfeGbF3ACeL6sU +r8xJ56qhmiamYUpcqXkkRs= =KCvy -END PGP SIGNATURE-
