Re: cost of dual-stack vs cost of v6-only [Re: IPv6 on SOHO routers?]
--- On Thu, 3/13/08, Leo Bicknell <[EMAIL PROTECTED]> wrote: > Now think hard about a prediction we'll still be > running IPv4 in 20 > years. A two decade transition period just does not fit > this industry's > history. To be fair, I've encourntered an awful lot of SNA which is still out there, so you might be surprised how long things linger. But your point is well taken - once IPv4 stops being the primary internetworking protocol, it'll be reduced to special cases pretty quickly. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Cost per prefix [was: request for help w/ ATT and terminology]
Wouldn't a reasonable approach be to take the sum of a 6500/msfc2 and a 2851, and assume that the routing computation could be offloaded? The difficulty I have with this discussion is that the cost per prefix is zero until you need to change eigenstate, where there's a big cost, and then it goes back to zero again. Because this isn't really all that new a problem, most vendors try not to make devices which have no headroom at all - so kit in the lower category seems to be qualitatively different. -David Joe Greco wrote: >> On Mon, 21 Jan 2008, Joe Greco wrote: >> > Given that the 3750 is not acceptable, then what exactly would you propose >> > for a 48 port multigigabit router, capable of wirespeed, that does /not/ >> > hold a 300K+ prefix table? All we need is a model number and a price, and >> > then we can substitute it into the pricing questions previously posed. >> > >> > If you disagree that the 7600/3bxl is a good choice for the fully-capable >> > router, feel free to change that too. I don't really care, I just want to >> > see the cost difference between DFZ-capable and non-DFZ-capable on stuff >> > that have similar features in other ways. >> >> If using the 7600/3bxl as the cost basis of "the upgrade", you might as >> well compare it to the 6500/7600/sup2 or sup3b. Either of these would >> likely be what people buying the 3bxls are upgrading from, in some cases >> just because of DFZ growth/bloat, in others, to get additional features >> (IPv6). > I see a minor problem with that in that if I don't actually need a chassis > as large as the 6500/sup2, there's a bit of a hefty jump to get to that > platform from potentially reasonable lesser platforms. If you're upgrading, > though, it's essentially a discard of the sup2 (because you lose access to > the chassis), so it may be fair to count the entire cost of the sup720-3bxl. > Punching in 720-3bxl to Froogle comes up with $29K. Since there are other > costs that may be associated with the upgrade (daughterboards, incompatible > line cards, etc), let's just pretend $30K is a reasonable figure, unless > someone else has Figures To Share. > ... JG > -- > Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net > "We call it the 'one bite at the apple' rule. Give me one chance [and] then I > won't contact you again." - Direct Marketing Ass'n position on e-mail > spam(CNN) > With 24 million small businesses in the US alone, that's way too many apples. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [DCHPv6] was Re: v6 subnet size for DSL & leased line customers
I have a modest proposal for providing the functionality of DHCPv4 in IPv6 autoconf: How about using the mechanism in RFC 5075 to specify all of these variables as RA flags? And as long as the variables also get defined as DHCPv6 fields, perhaps we could plan on having prefix delegation include these options, which the requesting router could then turn around and include in the RAs sent out on the link toward the customer. Am I missing something? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com --- On Thu, 12/27/07, James R. Cutler <[EMAIL PROTECTED]> wrote: > From: James R. Cutler <[EMAIL PROTECTED]> > Subject: [DCHPv6] was Re: v6 subnet size for DSL & leased line customers > To: "North American Network Operators Group" > Date: Thursday, December 27, 2007, 9:37 PM > And, besides the list forwarded below, > Designated printers, > Preferred DNS Servers, > and, maybe, more. > > Even in a large enterprise, the ratio of > "routers" to DHCP servers > makes control of many end system parameters via DHCP a > management win > compared to configuration of "routers" with this > "non-network core" > data. (In case I was to abstruse, It is cheaper to > maintain end > system parameters in a smaller number of DHCP servers than > in a > larger number of "routers".) > > This is completely separate from the fact that many > experienced > router engineers are smart enough configure routers with > NTP server > addresses in preference to DNS names, and likewise for many > other > parameters. > > The end system population has requirements which respond > much more > dynamically to business requirements than do router > configurations, > which respond mostly to wiring configurations which are, by > > comparison, static. The statement that DHCP is not needed > for IPv6 > packet routing may well be exactly accurate. The absence > of good > DHCP support in IPv6 has costly consequences for enterprise > > management, of which IP routing is a small part. > > You have seen this before from me: Consider the > Customer/Business > Management viewpoint, not just that of routing packets > around between > boxes. Pull your head out of your patch panel and look at > all the > business requirements. If you can show me a more cost > effective way > to distribute all the parameters mentioned here to all end > systems, > I'll support it. In the meantime, don't use > religious arguments to > prevent me from using whatever is appropriate to manage my > business. > I'll even use NAT boxes, if there is no equivalently > affordable > stateful firewall box! > > Cutler > > Begin forwarded message: > > > From: Leo Bicknell <[EMAIL PROTECTED]> > > Date: December 27, 2007 7:33:08 PM EST > > To: North American Network Operators Group > > > Subject: Re: v6 subnet size for DSL & leased line > customers > > > > In a message written on Thu, Dec 27, 2007 at > 10:57:59PM +0100, > > Iljitsch van Beijnum wrote: > >> It is wih IPv6: you just connect the ethernet > cable and the RAs take > >> care of the rest. _You_ _really_ _don't_ > _need_ _DHCP_ _for_ _IPv6_. > >> If you need extreme control then manual > configuration will give you > >> that, which may be appropriate in some cases, such > as servers. > > > > Really. I didn't know RA's could: > > > > - Configure NTP servers for me. > > - Tell me where to netboot from. > > - Enter dynamic DNS entries in the DNS tree for me. > > - Tell me my domain name. > > - Tell me the VLAN to use for IP Telephony. > > > > Those are things I use on a regular basis I'd > really rather not > > manually configure. > > > > -- > >Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 > > PGP keys at http://www.ufp.org/~bicknell/ > > Read TMBG List - [EMAIL PROTECTED], > www.tmbg.org > > James R. Cutler > [EMAIL PROTECTED] Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: v6 subnet size for DSL & leased line customers
-- On Sun, 12/23/07, Chris Adams <[EMAIL PROTECTED]> wrote: > From: Chris Adams <[EMAIL PROTECTED]> > Subject: Re: v6 subnet size for DSL & leased line customers > To: nanog@merit.edu > Date: Sunday, December 23, 2007, 2:21 PM > Once upon a time, Florian Weimer <[EMAIL PROTECTED]> > said: > > >> Right now, we might say "wow, 256 > subnets for a single end-user... > > >> hogwash!" and in years to come, > "wow, only 256 subnets... what were we > > >> thinking!?" > > > > > > Well, what's the likelihood of the "only > 256 subnets" problem? > > > > There's a tendency to move away from (simulated) > shared media networks. > > "One host per subnet" might become the norm. > > So each host will end up with a /64? > > How exactly are end-users expected to manage this? Having > a subnet for > the kitchen appliances and a subnet for the home theater, > both of which > can talk to the subnet for the home computer(s), but not to > each other, > will be far beyond the abilities of the average home user. As I see it, one of the big benefits IPv4 provided was logical addresssing in an easy-to-understand and easy-to-aggregate manner, with small layer-2 networks divided by routers. What we've gone to with IPv6 is a gigantic layer-2 network (the flat autoconfiguration space). I think we got here when "site-local" went away - we've effectively redefined link-local to mean "site-local," while using globally unique addressing. Personally, I don't relish the idea of millions of hosts participating in spanning-tree, so I'd rather see us move back toward the direction of using layer-3 addresses to break up layer-2 islands. How about this for a modest proposal for a capability: Allow autoconfigured generation of IPv6 interface addresses to use this format: (one byte VLAN ID) (48 bit MAC address) instead of: (24 bit half-mac) (FFFE) (24 bit half-MAC) This would allow a CPE router to serve as the gateway for up to 64K VLANs, and wouldn't waste a byte in the middle of the address space. How about it? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
neighborhood densities (was: Internet Access in Japan, was: something else)
--- On Tue, 10/23/07, Leo Bicknell <[EMAIL PROTECTED]> wrote: > While I'm sure you can find some row houses in > $big_city that have > old copper I find it hard to believe that "pre WWII > wire" is holding > us back. Wasn't it Sprint back in like 1982 or 1984 > made a big > deal about their entire long haul network being converted > to fiber? You can also find them in $Medium_City - Washington DC has all kinds of old copper(aside: I just removed 4 old, unused 66 blocks from my home - I have no idea what the previous owners did with all that...). As a reference data point, consider the number of houses with aluminum electrical wiring - there is a brisk business for electricians in replacing that, and those houses were unlikely to have high-quality phone wires laid to them. Also, I've dealt with a whole lot of tall buildings in some large cities where the conduits are quite full, such that technicans routinely reuse currently-in-use pairs. > What percentage of US high rises have fiber to the basement > and > high speed Internet offered to residents? Shouldn't > NYC be on par > with Tokyo by this point? Chicago? Miami? See above conduit issues. There are certainly opportunities for a canny provider, but the difficulty is figuring out how to get customers to shop on quantity rather than on price, because reusing the existing build will almost always be cheaper than doing an overbuild. The incumbent doesn't have much incentive - they're already capturing the money there, and a challenger would need to be both better and cheaper. That's possible, but not easy. > > Doesn't the same model work for low rise apartments, > the kind found > in suburbia all across the US? Why don't any of them > have building > provided services, rather relying on cable modems for ADSL > all the way > back to the CO? If the number of prospective customers per fiber termination is lower than the density required to make a profit on the service anytime soon, there is little incentive to do an overbuild. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Easy and hard multihoming (was: Re: Upstreams blocking /24s)
--- [EMAIL PROTECTED] wrote: > So if one of > the Tier I's decides not to accept my public /29 > then the millions of > singlehomed subscribers go with it. Yep. During normal operation, someone would be announcing the aggregate out of which your /29 is carved, and that provider should be someone you're paying to carry the more-specific. Traffic will get to you in that case. If your circuit to that provider goes down, then the other customers of your other provider will be able to reach you, but the peers and suppliers of your other provider would likely not. The easiest way to multihome in a way which mostly works (tm) is to get an ASN and self-originate a prefix which is /24 or larger. As of right now, multihoming is a justification for a /24 and an ASN, so multihoming in a different way should be something which is done for a specific reason, or to solve a particular problem. Yes, yes, there are multiple other ways to do this, but their failure modes might not be as easy for your providers to help you troubleshoot as BGP is. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/
Re: What's the real issue here?
--- NetSecGuy <[EMAIL PROTECTED]> wrote: > > :~> whois 97.81.31.19 > Unknown AS number or IP network. Please upgrade this > program. > > Is this a function of whois hardcoded to no do > lookups for this > address space? I can't seem to find any info about > the range, beyond > "registered but unallocated". I figured whois > would at least return > something about it not being allocated. > > Is this hijacked space? Sounds like you have a bad whois client. The web whois at arin.net shows that it's allocated to Charter. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase. http://farechase.yahoo.com/
Re: An Internet IPv6 Transition Plan
--- David Freedman <[EMAIL PROTECTED]> wrote: > I dont feel this sort of behaviour is helpful, I can > understand asking > for licensing fees for L2VPN/L3VPN technologies > since these are products > that service providers can levvy a reasonable charge > for, but to charge > for IPv6 routing capability alone, at the time where > the discussion of > which has never been so serious, leaves a bit of a > bad taste in one's mouth. Not all equipment vendors do this, and this could be used as a discriminator between them when selecting new equipment (or could be a spur toward considering different platforms when upgrading). -David Barak David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
IPv6 & DNS
--- Barrett Lyon <[EMAIL PROTECTED]> wrote: > I don't see any v6 glue there... Rather than having > conversations > about transition to IPv6, maybe we should be sure it > works natively > first? It's rather ironic to think that for v6 DNS > to work an > incumbent legacy protocol is still required. Consider that Windows XP (and server 2k3) will not, under any circumstance, send a DNS request over IPv6, and yet they were widely considered "IPv6 compliant." Consider also how long it took to get a working way of telling autoconfigured hosts about which DNS servers to use (without manually entering 128-bit addresses). To me, the above show that the bulk of the actual deployments were in dual-stack or tunnel environments, and greenfield implementations were few and far between. There's a surprising amount of unexplored "here be dragons" territory in IPv6, given how long some very smart people have been working on it. -David Barak David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. http://mobile.yahoo.com/go?refer=1GNXIC
datacenter blinky
--- John Kinsella <[EMAIL PROTECTED]> wrote: > I sorta wonder why the default is lights on, > actually...I used to always > love walking into dark datacenters and seeing the > banks of GSRs (always > thought they had good Blink) and friends happily > blinking away. > > What we really need is a datacenter with lit floor > tiles. ;) Perhaps pressure-activated floor-tile lights so that every tech can recreate the "Billy Jean" video... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
AUP enforcement diligence
--- Sean Donelan <[EMAIL PROTECTED]> wrote: > How many people thank the police officer for > stopping them and giving > them a ticket for violating traffic rules? > I do, but perhaps I'm uncommon in this regard. Your larger point, however, is completely valid: there is a relatively normal desire to have rules enforced on other people with more zeal than one would choose for oneself. Perhaps more transparency is a tonic for this? If ToS and the AUP are more clearly written and enforced as consistently as possible, I would expect customers to be less horked off by AUP/ToS shutdowns. It does surprise me that no enterprising person/group has turned this into a salable feature: "we're the network which shuts down spammers/infected/baddies." I could imagine that there would be customers who would rather give their business to providers who are more active in this regard than less, and that would be a way for a service provider to differentiate themself from the rest of the pack. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=list&sid=396546091
rDNS naming
--- Rich Kulawiec <[EMAIL PROTECTED]> wrote: > (e.g. the Verizon > FIOS deployment, if I > may use hostnames of the form *.fios.verizon.net as > a guide, is going > well in NYC, Dallas, DC, Tampa, Philly, LA, Boston > and Newark, but lags > behind in Seattle, Pittsburgh, Buffalo and > Syracuse.) One thing to watch out for in interpreting rDNS is that it can be deceptive. As of about two weeks ago (last time I checked), Verizon didn't offer FiOS in DC at all. What you're seeing is probably some of the newer suburbs in Virginia (possibly Maryland too) which are vaguely near DC. $.02 -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail
Re: Q on what IGP routing protocol to use for supplying only gateway address
--- "william(at)elan.net" <[EMAIL PROTECTED]> wrote: > Any suggestion as to what IGP protocol is best for > this scenario? > Are you sure you need an IGP at all? Is it possible that HSRP or GLBP could fit your needs? -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
renumbering & IPv6
--- David Conrad <[EMAIL PROTECTED]> wrote: > I have been told on numerous occasions that one of > the reasons IPv6 > has not seen significant deployment is because > enterprises do not > want to obtain their address space from their > service provider due to > (among other reasons) the cost of renumbering. The reasons I have been told by enterprises regarding lack of IPv6 deployment boil down to 1) lack of business driver (i.e. does it make money?) and 2) many/most medium-large enterprises neither qualify for PI addressing nor would be able to multihome using PA addressing. Issue #2 is being worked on now, but until a policy is securely in place, an enterprise adopting IPv6 is giving up capabilities they have today with IPv4. > Are you indicating you believe that renumbering is > not an issue? Renumbering is not THE issue. Renumbering sucks. However, there are policies in place to make it so that renumbering doesn't have to happen too much. Also, once renumbering is at the "really unpleasant" point, that's when an organization generally qualifies for PI space. Renumbering IP space is no different than renumbering postal addresses - the time spent to do so varies directly with the size of the organization, but it doesn't have to be done often. BTW, the telephone analogy folks have been missing here is that of the 8xx system, where the numbers themselves are leased due to intrinsic value, and then redirected to a different inbound trunk/call center/whatever. The 8xx system is the one which maps to domain names, not the standard land-line system. Note that 8xx numbers are not purchased, they are leased, as they consume resources - if 1-800-FLOWERS didn't pay their bill for a while, their whole business would vanish. Perhaps a customer who wanted to make IP addresses "portable" would pay a fee to the ISP whose addresses they are, and maintain redirection equipment to the "real" IPs... And perhaps the price of doing so would actually be higher than just keeping a T1 to that first provider... -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: key change for TCP-MD5
--- Ross Callon <[EMAIL PROTECTED]> wrote: > Another potential attack is an attempt to insert > information > into a BGP session, such as to introduce bogus > routes, or > to even become a "man in the middle" of a BGP > session. One > issue that worries me about this is that if this > allows routing to > be compromised, then I can figure out how to make > money off > of this (and if I can think of it, someone even > nastier will probably > also think of this). Of course this would be much > more difficult to > pull off, and might require viewing packets between > routers to pull > off, but if pulled off and not quickly detected > could be unfortunate. But it's safe to say that it would be a lot easier to crack a router itself than to unobtrusively insert useful false information, or if the ISP's routers are sufficiently hardened, it would be easier to crack a customer (or peer)'s router, and use that for the injection. The same mechanisa which can detect bogus prefixes from a peer/customer can detect them from a hijacked session. The cost/benefit ratio is better for securing the routers themselves. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: shim6 @ NANOG (forwarded note from John Payne)
--- Tony Li <[EMAIL PROTECTED]> wrote: > Consider that the IETF > *could* conceivably > require every compliant v6 implementation to include > it. God Forbid. I somehow don't want my core routers deciding to speak shim6... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Shim6 vs PI addressing
--- Jared Mauch <[EMAIL PROTECTED]> wrote: > I think you're missing that some people do odd > things with their IPs as well, like have one ASN and > 35 > different sites where they connect to their upstream > Tier69.net > all with the same ASN. This means that their 35 > offices/sites > will each need a /32, not one per the entire asn in > the table. No, that's an argument for a /32 and a bunch of /48 allocations heard by a single provider, who's getting paid to carry them, but are not advertised to the rest of the Internet. > And they may use different carriers in different > cities. Obviously this doesn't fit the definition > that some have > of "autonomous system", as these are 35 different > discrete networks > that share a globally unique identifier of sorts. Well, wait a minute - what would these people do TODAY? Some build tunnel backbones, some use one ASN per city, some do "allowas-in" or other things of that nature. I would venture to say that most medium to large enterprises don't use straight-Internet with no VPN of any kind to support their enterprise backbones anymore, simply for security reasons. My argument still stands - if having an ASN is equated with having a routable netblock, then each of those cases results in the enterprise being able to pass packets, and only the "one ASN per city" approach requires multiple netblocks. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: shim6 @ NANOG (forwarded note from John Payne)
--- [EMAIL PROTECTED] wrote: > > Resounding YES - I specifically DON'T want > end-hosts > > to be able to make these decisions, but need to be > > able to multihome. > > When I see comments like this I wonder whether > people > understand what shim6 is all about. First of all, > these > aren't YOUR hosts. They belong to somebody else. If > you > are an access provider then these hosts belong to a > customer > that is paying you to carry packets. This customer > also > pays another ISP for the same service and the hosts > are making decisions about whether to use your > service > or your competitors. > > If you are a hosting provider, then these hosts, > owned > by a third party, are making decisions about whether > to > send you packets through one or another AS. > > Is there something inherently wrong with independent > organizations deciding where to send their packets? That's not the case I'm discussing - I'm talking about the multihomed enterprise. From an access provider point of view, Shim6 is no worse/better than the various TE-fu devices which end customers use - it makes predicting load a bit more difficult, but it's just bits to be passed. From an enterprise POV I want two or three decision points which I need to monitor and manage, not 10,000. > P.S. I don't believe that shim6 will ever succeed. Neither do I. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Shim6 vs PI addressing
--- Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: > But the most important thing we should remember is > that currently, > routing table growth is artificially limited by > relatively strict > requirements for getting a /24 or larger. With IPv6 > this goes away, > and we don't know how many people will want to > multihome then. So why not approach Shim6 as something for basement multihomers rather than enterprises? Honestly, the cost of the second connection is the limiting factor in most decisions not to multihome today, not the difficulty of getting BGP, an ASN, or a /24 from a provider... For your "I have a cablemodem AND a DSL" folks, Shim6 sounds like exactly what they need. However, once you start talking about enterprise-wide policies, etc, Shim6 starts to look like a really heavy hammer. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Shim6 vs PI addressing
--- Joe Abley <[EMAIL PROTECTED]> wrote: > > > On 1-Mar-2006, at 11:22, David Barak wrote: > > As far as I can tell, the whole reason for these > > discussions is the insistence on the strict > > PA-addressing model, with no ability to advertise > PA > > space to other providers. > > The whole reason for the strict PA-addressing model > is concern over > whether open-slather on PI address space will result > in an Internet > that will scale. Is it easier to scale N routers, or scale 1*N hosts? If we simply moved to an "everyone with an ASN gets a /32" model, we'd have about 30,000 /32s. It would be a really long time before we had as many routes in the table as we do today, let alone the umpteen-bazillion routes which scare everyone so badly. > > > Joe > > (Failing miserably to keep quiet. Must try harder.) (don't worry - you have content in these posts. content is always welcome...) David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: shim6 @ NANOG (forwarded note from John Payne)
--- Joe Abley <[EMAIL PROTECTED]> wrote: > > I'm just one guy, one ASN, and one content/hosting > network. But I > > can tell you that to switch to using shim6 instead > of BGP speaking > > would be a complete overhaul of how we do things. > > You are not alone in fearing change. It isn't fearing change to ask the question "it's not broken today, why should I fix it?" > This is the kind of feedback that the shim6 > architects need. There is > talk at present of whether the protocol needs to be > able to > accommodate a site-policy middlebox function to > enforce site policy > in the event that host behaviour needs to be > controlled. The scope of > that policy mediation function depends strongly on > people like you > saying "at a high level, this is the kind of > decision I am not happy > with the hosts making". Resounding YES - I specifically DON'T want end-hosts to be able to make these decisions, but need to be able to multihome. > > We deal with long lived TCP sessions (hours/days). > I don't see how > > routing updates can happen that won't result in a > disconnect/ > > reconnect, which isn't acceptable. > > One of the primary objectives of shim6 is to provide > session > survivability over re-homing events. Since routing > protocols are not > used to manage re-homing, the speed at which a > session can recover > from a topological event depends on the operation of > the shim6 > protocol between client and server. > > It seems reasonable to say that in some cases shim6 > re-homing > transitions will be faster than the equivalent > routing transition in > v4; in other cases it will be shorter. Depends on > the network, and > how enthusiastically you flap, perhaps. A - X - Y - B \ | \ | / W - Z A and B are hosts, W-Z are ISPs On what basis would you say that in the event of a network outage in Y, communication between A and B will be faster than the routing transition? > > The experience of people who provide services > involving long-held TCP > sessions is exactly the kind of thing that the shim6 > architects need > to hear about. > > > We have peering arrangements with about 120 ASNs. > How do we mix BGP > > IPv6 peering and Shim6 for transit? > > You advertise all your PA netblocks to all your > peers. And maintain 120 different context tables on each host? ouch. I'm guessing that server vendors are going to be quite happy with this. > You avoid it completely, and use PA space in every > POP. You can still > announce PA space from other POPs to peers, if you > want to retain > your tunnels. Wait a second - doesn't that deaggregation bring back the "lots of small routes" business which the whole v6 hierarchical addressing model was supposed to fix? If we're in the world of deaggregates anyway, why not just ditch the addressing model instead of accepting its limitations in this way? -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: shim6 @ NANOG (forwarded note from John Payne)
--- Joe Abley <[EMAIL PROTECTED]> wrote: > How about some actual technical complaints about > shim6? The jerking > knees become tedious to watch, after a while. Okay, if I'm an enterprise with 6 ISPs but don't qualify for PI space, I'll need to get PA space from all of them, for Shim6 to work, right? Then each server on my network is going to need to maintain state for 6 different contexts for each of the various external customers who attempt to reach them. Assuming that I have busy servers, that's a whole lot of state. It's cheaper and easier to upgrade or modify N routers than the M servers behind them, given that M is certainly greater than N, and in many cases in multiple orders of magnitude greater. Also, the current drafts don't support middleboxes, which a huge number of enterprises use - in fact the drafts specifically preclude their existence, which renders this a complete non-starter for most of my clients. My single biggest issue here however is the complexity: given that today's architecture can deliver relatively simple and robust multihoming to enterprises, and rerouting DOES work today for persistent sessions (albeit imperfectly), what is the benefit to be gained from doing something this hard? As far as I can tell, the whole reason for these discussions is the insistence on the strict PA-addressing model, with no ability to advertise PA space to other providers. I think that we could spend our time better in coming up with a different approach to addressing hierarchy instead. Besides, /48s are cheap now, but if every enterprise gets multiple /48s from multiple providers, they might become dear more quickly than is desired. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: shim6 @ NANOG
--- Joe Abley <[EMAIL PROTECTED]> wrote: > > > On 28-Feb-2006, at 11:09, Kevin Day wrote: > > > Some problems/issues that are solved by current > IPv4 TE practices > > that we are currently using, that we can't do > easily in Shim6: > > Just to be clear, are you speaking from the > perspective of an access > provider, or of an enterprise? It's good to clarify that those are quite different requirement sets. One thing which Shim6 does not provide easily is the ability for an enterprise to have policy decisions made in a very limited number of places - for instance, a customer has two Internet pipes to two different providers to their DMZ. Right now, that means that BGP gets spoken by two routers (maybe four at most), and all external policy decisions happen there. By moving the decision-making to the hosts, it's possible to have different decisions being made on each of the 85 webservers being served by those two Internet pipes. "But each of the servers is optimizing the path for its own traffic" Correct, but what if there are other policy goals? I.e. "don't use pipe 2 unless pipe 1 is full/down, because it's more expensive" "only send low-jitter traffic to pipe-2" Whatever mechanism is selected, it needs to support an intermediate-system-based routing decision algorithm, not just an end-system-based approach. -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Two Tiered Internet
--- [EMAIL PROTECTED] wrote: > Simple. You give the consumer the ability to fiddle > with > the QoS settings on the provider's edge router > interface. > After all, they are paying for the access link. eeek! I assume you mean "tell the customer what DSCP/whatever settings you honor, and let them do the marking" right? The thought of letting customers actually make changes to my edge routers would keep me up at night... -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Two Tiered Internet
--- Joe McGuckin <[EMAIL PROTECTED]> wrote: > What good is 6Mbit DSL from my ISP (say, SBC for > example) if only a small > portion of the net (sites that pay for non-degraded > access) loads at a > reasonable speed and everything else sucks? There are two possible ways of having a tiered system - one is to degrade competitors/those who don't pay, and the other is to offer a premium service to those who do pay. Would your perception of those two scenarios be identical? -David -Fully RFC 1925 Compliant- (speaking only for myself, btw...) David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: BGP Security and PKI Hierarchies
--- Joe Abley <[EMAIL PROTECTED]> wrote: > On 29-Nov-2005, at 09:30, David Barak wrote: > > I have > > yet to find an organization which is concerned about > > getting new PI space which would have a problem paying > > that amount per year. They may exist, > > They definitely exist. Okay, I'll take your word for it - although given the other costs implied in an organization which has sufficiently robust connectivity to make PA space problematic, I'm a bit surprised. Perhaps these are non-profits? Even then, I would expect that $1200 per year is still much lower than the circuit costs... Maybe my imagination just isn't good enough: could you toss me an example-type of organization where that would be problematic? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Re: BGP Security and PKI Hierarchies
--- Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > > On Tue, Nov 29, 2005 at 10:21:53AM +, > [EMAIL PROTECTED] wrote: > > > > It's hard to imagine an organization who can > afford to run > > a network using BGP to announce a class C block > and not > > be able to afford $1250 per year. > > Sounds like a failure of imagination to me. The statement Michael forgot was "using PI space" - lots of "Bob's bait & tackle shop" types of operations use BGP to announce a /24 to two providers. I have yet to find an organization which is concerned about getting new PI space which would have a problem paying that amount per year. They may exist, but they're certainly not the majority of the groups looking for PI IP. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: [NANOG]Cogent issues
--- Brian Kerr <[EMAIL PROTECTED]> wrote: > > On 11/17/05, Eric Gauthier <[EMAIL PROTECTED]> wrote: > > > > Heya, > > > > > Just to make analysis easier: Which prefixes > should be missing? > > There seem to be larger problems, > > http://www.cogent.com returns: > > Error 404 Not found I think you mean http://www.cogentco.com It's up. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
Re: What do we mean when we say "competition?"
--- Owen DeLong <[EMAIL PROTECTED]> wrote: > > > Windows 98 price (in 1997) -> $209 > > Office 97 Standard (in 1997) -> $689 > > Windows XP price (now) -> $199. > > Office 2003 (now) -> $399. > > > > Want to try that again? > > > Yes... Here's some more accurate data: > > Windows 3.1 price $49 > Windows 3.1.1 price $99 > Windows 95 (Personal) price $59 > Windows 98 (Personal) price $99 > Windows ME (Home) price $99 > Windows NT WS price $99 > Windows 2000 Pro price $299 > Windows XP Pro Price $399 > > If you're going to use list prices, use list prices > all the way through. > The above represent, to the best of my knowledge, M$ > retail pricing for > the lowest level of their "client" version of their > OS available at > the time. You're mistaken. http://www.theosfiles.com/os_windows/ospg_w98.htm http://www.microsoft.com/products/info/product.aspx?view=22&pcid=a9d2c448-eb05-4a2b-a062-9c711c533e0c&type=ovr http://www.theosfiles.com/os_windows/ospg_wxp_pro.htm So it goes from 209 to either 199 or 299 depending on whether you want "home" or "pro." That's hardly an egregious markup for a better OS, several years later. > > I confess I haven't followed pricing on M$ Office, > but, I'm willing to > bet that an apples-to-apples comparison would reveal > similar results. http://www.computerwriter.com/archives/1997/cw230197.htm#prices http://www.microsoft.com/office/editions/howtobuy/compare.mspx I was doing a similar apples-to-apples comparison. Look, just accept that not all data points will line up with your assertions - find some others instead. If there are so many, then there have to be better examples than these. > Finally, the price of the client software is > actually not the primary > problem with M$ monopolistic pricing. It is the > back-end software > where they really are raising the prices. Compare > NT Server to > 2K or XP Server or Advanced Server. XP AS is nearly > double 2000 AS > last time I looked. Microsoft hardly has a monopoly on servers. If their prices are too high, use something else. > > The argument regarding ILECs is reversed. I > > appreciate the citation of Standard Oil, but it is > a > > fallacy to think that there is a one-to-one > mapping > > between SO and any/all of the ILECs. > > > True. What is the point? Standard Oil is a strawman argument. The ILECs are dissimilar in nature and behavior from Standard Oil. An assertion otherwise requires evidence. > > > Assertions that "monopolies do X and they're bad, > and > > we know that Y will eventually do bad because > they're > > a monopoly" are circular. > > > Statements like "In the past, monopolies have done > X, and, the > results of X are bad. Since Y is a monopoly, we can > expect them to do > X as well, with similar negative results." are not > circular. They > are attempting to learn from history rather than > repeat it. "History doesn't repeat itself. Historians do." -unknown (to me at least) Don't fight the last war, and especially don't fight it in a way which will impede future innovation. > Since the market is risky to deploy LMI once, you > will have a hard > time that the market exists to pay for multiple > copies of a given > LMI in order to support competition. If there's money in it, then someone will fill the need. I still haven't seen the justification for treating layer-1 last mile differently from layer-2 last-mile, or for that matter layer-3 last mile. Why shouldn't the city just say "everyone hop on our citywide IP network, and then everyone can compete at higher layers of the stack?" David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: What do we mean when we say "competition?"
--- JC Dill <[EMAIL PROTECTED]> wrote: > > David Barak wrote: > > > > --- Owen DeLong <[EMAIL PROTECTED]> wrote: > > > >> Is that still true if the "adequate" service is > >> being provided at a price which is two to three > >> times what it should be costing and the provider > is > >> enjoying the ability to do this because nobody > >> else is in the market space? > > > > I'm confused. Earlier in this thread you were > arguing > > that the current providers were keeping priced > > artificially LOW. > > They are keeping prices artificially low now, to > drive out the > competition. They will raise prices once they have > no competition, as > monopoly companies always have done in the past. > > Standard free market behavior is for a large company > to cut prices (when > they can, when they have income from some other > source to afford this > tactic) to drive the competition out of business. > Then once they have a > monopoly to raise prices (and thus profits). Check > out the price for > Microsoft software over the years. As their > products each became a de > facto monopoly in their market the prices went WAY > up. Windows 98 price (in 1997) -> $209 Office 97 Standard (in 1997) -> $689 Windows XP price (now) -> $199. Office 2003 (now) -> $399. Want to try that again? The problems most people have with microsoft's monopoly status have nothing whatsoever to do with the price of the software which forms the basis of their monopoly (windows + office), but rather their willingness to use the profits from them to subsidize other losing ventures to drive out other competitors. The argument regarding ILECs is reversed. I appreciate the citation of Standard Oil, but it is a fallacy to think that there is a one-to-one mapping between SO and any/all of the ILECs. Assertions that "monopolies do X and they're bad, and we know that Y will eventually do bad because they're a monopoly" are circular. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
RE: What do we mean when we say "competition?"
--- Owen DeLong <[EMAIL PROTECTED]> wrote:
> Is that still true if the "adequate" service is
being provided at > a price which is two to three
times what it should be costing and > the provider is
enjoying the ability to do this because nobody
> else is in the market space?
I'm confused. Earlier in this thread you were arguing
that the current providers were keeping priced
artificially LOW.
> After 25 years, we're finally starting to see the
> beginnings of recognition of that in American
telecommunications
> services. Generally speaking, I don't think the
market is well
> served by having to wait that long.
Are you saying that US market is 25 years behind other
countries in anything? There is greater hi-speed
penetration in some non-US markets with dramatically
different demographics (mostly much higher density),
and few businesses here have seen a compelling reason
to move to IPv6, but what exactly is so lacking?
> So, do you really think that if SBC had the same
terms for
> access to the MDF<->MPOE leg that any competitor had
this would
> not actually change or would get worse? I don't.
The example the above quote referred to was about SBC
not meeting the services of some individuals in CA,
but who don't have access to a CLEC. It's fairly
disingenuous to say that the MDF <-> MPOE leg is the
problem there, because that is actually the regulated
portion of SBC (in-region ILEC activities are heavily
regulated, and a great deal of emphasis at SBC is
placed on compliance with regulations): if no CLECs
have stepped up to provide service to those customers,
that's probably because they don't think it's
profitable to do so.
> OTOH, if the shared LMI was operated by a neutral
third party
> and leased to SBC and any other competitor at the
same price for
> the same component, that would resolve most of what
is
> bothering me about the current system. It would
allow me
> to buy phone service without giving money to SBC.
Today,
> I can't do that unless I go to VOIP over WISP which
has its
> own set of tradeoffs.
Depends on the town, doesn't it? In DC, there are
three phone providers who run their own last-mile to
(some) homes. Nobody other than Verizon will come to
my house, but Cavalier and RCN both go to condo
buildings nearby. In addition, lots of people here
have VoIP over cableco (mostly Comcast), and even more
have no land line at all.
Anecdote: A co-worker is getting Verizon FTTH, and
they have to dig about a 3/4 mile trench to his house
(he's rural). He's not being charged for the
installation, even though it'll be several years
before it pays for itself. It's hard to see that as
an example of a {big | evil} monopoly which is hurting
consumers.
Regarding your proposal, are there other utilities
which are subject to the same rule (that the
infrastructure can be repurchased by the city at the
city's convenience)?
Another thing to consider is the definition of "LMI" -
specifically, what do you mean by "last mile?" Do you
mean from the house to the street (think sewer), or
from the house to a junction box on the corner (think
power), or from the house to a central office
somewhere, or some other distance?
Also, what about provisions for point-to-point layer-1
service? Under your proposal, cities may become
responsible for providing this themselves - is that
what you intend?
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
__
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
Re: What do we mean when we say "competition?"
>--- Owen DeLong <[EMAIL PROTECTED]> wrote: >> --On November 15, 2005 7:25:54 AM -0800 David Barak >> <[EMAIL PROTECTED]> >> wrote: >>> --- Matthew Crocker <[EMAIL PROTECTED]> wrote: > I think what is really represented there is that > because > they own an existing network that was built with > public > subsidy and future entrants have no such access to > public > subsidy to build their own network, ... Sean's post correctly identified the problem with this assertion, so I won't > The government should recognize that the existing > build > has actually been paid for mostly by public subsidy > anyway > and as such, should require the ILECs to split into > two > separate divisions. You mean the existing FIBER build was mostly paid by public subsidy? Do you have a reference for that? > One division would be a > wholesale > only infrastructure delivery company that would > maintain > the physical infrastructure. As part of this, > ownership > of the physical infrastructure in place would be > transferred to an appropriate local civil body > (city, > county, district, etc.) and said body should have an > initial 5 year contract with the infrastructure > portion > of the ILEC to provide existing services on a > provider- > neutral basis (same price to all ILECs, Clecs, > etc.). > > At the end of that 5 year contract, the maintenance > of > the infrastructure should be up for bid, and, if the > existing ILEC infrastructure portion can't win the > bid, > they are out of luck. I don't know how familiar you are with what the government contracting process is like, but the word "unpleasant" comes to mind: it's long, hard, and cumbersome. Your model would substantially increase the amount of government contracting required, so you would need to be able to show a benefit to society of corresponding magnitude. > Right, but, faced with potential competition, they > are > notorious for temporarily lowering prices well below > sustainable levels in order to eliminate said > competition. Are you alleging that the ILECs/RBOCs are providing services below cost? If so, call a regulator. If not, while the profits may be lower than desired by the ILEC/RBOC, it's certainlly "sustainable" > The '96 telecom act did nothing to take the > last > mile infrastructure out of the hands of the existing > ILEC. You are correct. However, the '96 telecom act did give lots of other companies the OPPORTUNITY to build their own last mile access. Your proposal actually drives toward a more monopolistic, regulated environment. > However, for any given last-mile buildout, the > people should retain title to the infrastructure(s) > and management should be by a carrier-neutral party > under contract to the people. (yes, practically > speaking, s/people/government/, but, I use the > term people to remind us that the government is > supposed to be acting as our proxy for such things). > If a company wants to deploy new infrastructure, they > should have equal access to right-of-way to deploy it. > However, such access should include a mechanism for > transfer of ownership (with appropriate compensation) > of said infrastructure to the people for carrier > neutrality after some fixed period of time at > the option of the people. So Verizon should be prohibited from building out FTTH? I assume that your approach of "the Government owns all layer 1" would also include 802.11, GSM, CDMA, and all other network types, right? If not, why not? > Now, the ILEC can continue to provide > service at the same price, but, they no longer have > a cost-basis advantage or the ability to delay, > defer, interfere with CLEC installs on the same > infrastructure. Any interference is currently unlawful, and all of the companies regulated under sections 271 and 272 have extensive procedures in place to prevent it. If you've got specific complaints about a specific company, you should be talking to a regulator. So, to summarize - far less than "all" of the ILEC/RBOC infrastructure was "paid for with public funds." (as opposed to user fees), you'd argue for far greater government participation in the marketplace, and the removal of any competition for layer 0/1 services, in favor of competition at layers 2 and higher. Why is that good again? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: What do we mean when we say "competition?"
--- Matthew Crocker <[EMAIL PROTECTED]> wrote: > That is the exact problem with a [mon|du]opoly. The > incumbents drive > the price so low (because they own the network) that > it drives out an > potential competition. So you're complaining that the problem with lack of competition is that the prices are too LOW? As a consumer, I'm thrilled with low price, and would only change providers for a well-defined benefit or a lower price. > > We don't need 8 fiber networks overlaid to every > home in the US to > provide competition. We need a single high quality > wholesale only > fiber network which is open to use by all carriers. > I don't want > 200' telephone poles down my street with 10 rows of > fiber. It doesn't > make sense. So should the government charter such a build? My understanding is that Verizon and SBC (maybe others, but I don't know about them) are currently working on doing a FTTH build at this time. Presumably, as they're private companies doing it, they'd like to be able to be the ones that obtain the primary benefit. Do you think that a municipal build/new monopoly build as you describe would be cheaper or better than what SBC or Verizon are doing? If so, you should be able to convince some cities of the math. > Again, because of the monopoly held by the > incumbents keeping the > price low enough that you can't afford to build your > own infrastructure. This is such an astounding comment that it needed to be singled out: most of the complaints about monopolies are that they artifically RAISE prices. > > We don't need competition in the infrastructure > business, we need > competition in the bandwidth business. That can > only happen if the > infrastructure is regulated, open and wholesale > only. The RBOCs > should be split up into a wholesale *only* division > (owns the poles, > wires, buildings,switches) and a services *retail* > division (owns the > dialtone, bandwidth, customers ). The wholesale > division should > sell service to the retail division at a regulated > TELRIC based price > which will allow the wholesale division to make > enough money to build/ > maintain the best infrastructure in the world. Any > competitive > service provider can buy the same services at the > same price as RBOC > Retail. Regulated such that wholesale profit can't > subsidize retail > services. In high density areas there may be > alternate > infrastructure providers that can sell to CSPs and > in rural america > there will be one infrastructure provider and many > CSPs Aren't you pretty much describing the '96 telecom act? The result has been the glut of inter-city fiber, and a dearth of advanced access services at the rural/suburban edge. Saying "we don't need competition in infrastructure, only in bandwidth" ignores the fact that infrastructure upgrades are required to support increased bandwidth. In addition, why treat L0/1 infrastructure in a different way than L2/3 infrastructure? > > This IS the market at work. If you want it to be > > different, what you want is more, not less > regulation. > > That may or may not be a good thing, but let's > just > > be very clear about it. > > More regulation of the physical infrastructure (the > expensive piece) > and less regulation of the bits to foster > competitive solutions and > bring along new innovations. The future > innovations are not going > to revolve around new types of fiber. They will > revolve around what > can be done with high bandwidth to everyone. First, I wouldn't be so sure to rule out new improvements in fiber or other physical transmission media as important - as an example, I think the widespread adoption of 802.11 has been part of a huge shift in the way people use the Internet. That said, I agree that the biggest innovations are likely to be applications, not media. So let me take the devil's advocate position: why should prices be raised so that multiple ISPs can get a layer-2/3 connection to customers without having their own layer-1 infrastructure? Is there some service which is provided which wouldn't be cheaper/simpler to mandate that the incumbent provide? The content providers and innovators you mention should be able to work with the customers of any ISP, right? I guess what I'm saying is that "competition" is a virtue only when it leads to either improved or cheaper service. Do you think that there are improvements to service that alternative providers could make which justify the cost of the regulation you describe? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
What do we mean when we say "competition?" (was: Re: [Latest draft of Internet regulation bill])
--- Owen DeLong <[EMAIL PROTECTED]> wrote:
> True
> competition requires the ability
> for multiple providers to enter into the market,
> including the creation
> of new providers to seize opportunities being
> ignored by the existing ones.
Technically, lots of other providers CAN enter the
market - it's just very expensive to do so. If there
are customers who are not receiving service from one
of the incumbent providers, a third party is certainly
welcome to {dig a trench | build wireless towers | buy
lots of well-trained pigeons for RFC 1419 access} and
offer the services to the ignored customers.
The problem is that the capital expenditures required
in doing so are very, very high, and most companies
don't see the profit in doing so.
> If two companies can act as gatekeeper for the
> entire market in a given
> area, that is not an environment where market forces
> carry much meaning.
Actually, here's where I'd disagree: market forces are
exactly the thing which is keeping other providers
OUT. It's too expensive for them to buy their way
into these areas, and during all of the time when
access was mandated to be (relatively) cheap by law,
very few third parties actually built their own
infrastructure all the way to homes. There are some
competitive cable plants in some cities (I remember
Starpower/RCN doing this in DC), but I'm not aware of
any residential phone providers who built all the way
out to houses exclusively on their own infrastructure.
This IS the market at work. If you want it to be
different, what you want is more, not less regulation.
That may or may not be a good thing, but let's just
be very clear about it.
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
__
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
Re: SBC/AT&T + Verizon/MCI Peering Restrictions
--- Randy Bush <[EMAIL PROTECTED]> wrote: > if i am a paying sbc or other foopoloy dsl customer > and i go > to <http://content.provider>, why should > content.provider pay > to give the sbc paying customer what they're already > charged > for? There is one scenario where the content.provider is paying the carrier as well - when the content.provider is a direct customer of the carrier, rather than being either a SFI-peer or a customer of an SFI-peer. This of course goes back to the question of depeering/transit/etc which we beat to death a couple of weeks ago - many carriers want to get paid both by the sources and sinks of traffic (it's certainly an understandable, if unlikely, desire). I would just like to point out for the record that none of the recent depeering battles have involved any RBOCs... -David Barak __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: IPv6 daydreams
--- David Conrad <[EMAIL PROTECTED]> wrote: > On Oct 17, 2005, at 10:39 PM, Paul Jakma wrote: > >> Wrong issue. What I'm unhappy about is not the > size of the > >> address - you'll notice that I didn't say "make > the whole address > >> space smaller." What I'm unhappy about is the > exceedingly sparse > >> allocation policies > > You can allocate to 100% density on the network > identifier if you > > want, right down to /64. > > I believe the complaint isn't about what _can be_ > done, rather what > _is being_ done. Yes and yes. I am certainly complaining about what *is* being done. See below for my bigger issue. > > > The host identifier simply is indivisible, and > just happens to be > > 64bit. > > I've always wondered why they made a single > "address" field if the > IPv6 architects really wanted a hard separation > between the host > identifier and the network identifer. Making the > "address" a > contiguous set of bits seems to imply that the > components of the > "address" can be variable length. Now we're cooking with gas: what we've learned from MAC addresses is that it's really nice to have a world-unique address which only has local significance. The /64 "host identifier" is a misnomer: there are folks who use /127s and /126s for point-to-point links, and there are all sorts of variable length masks in use today. The whole reason for a /64 to be associated with a host is to have enough room to encode MAC addresses. I ask again - why exactly do we want to do this? Layer-2 works just fine as a locally-significant host identifier, and keeping that out of layer-3 keeps everything considerably simpler. -David Barak- -Fully RFC 1925 Compliant- __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Re: IPv6 daydreams
--- Mark Smith <[EMAIL PROTECTED]> wrote: > Why have people, who are unhappy about /64s for > IPv6, been happy enough > to accept 48 bit addresses on their LANs for at > least 15 years? Why > aren't people complaining today about the overheads > of 48 bit MAC > addresses on their 1 or 10Gbps point-to-point links, > when none of those > bits are actually necessary to identify "the other > end" ? Maybe because > they have unconsciously got used to the convenience, > and, if they've > thought about it, realise that the byte > overhead/cost of that > convenience is not worth worrying about, because > there are far higher > costs elsewhere in the network (including > administration of it) that > could be reduced. Wrong issue. What I'm unhappy about is not the size of the address - you'll notice that I didn't say "make the whole address space smaller." What I'm unhappy about is the exceedingly sparse allocation policies which mean that any enduser allocation represents a ridiculously large number of possible hosts. The only possible advantage I could see from this is the protection against random scanning finding a user - but new and fun worms will use whatever mechanism the hosts use to find each other: I guarantee that the "find a printer" function won't rely on a sequential probe of all of the possible host addresses in a /64 either... Also, the 64-bit addressing scheme is sized to include the MAC address, right? Why would encoding L2 data into L3 be a good thing? The conceptual problem that I have had with v6 from the beginning is that it's not trying to optimize a single layer, it's really trying to merge several layers into one protocol. Ugh. -David Barak- -Fully RFC 1925 Compliant- David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
IPv6 daydreams
--- Randy Bush <[EMAIL PROTECTED]> wrote: > so, if we had a free hand and ignored the dogmas, > what would we > change about the v6 architecture to make it really > deployable > and scalable and have compatibility with and a > transition path > from v4 without massive kludging, complexity, and > long term > cost? Okay, I'll bite - If I were king, here's what I'd want to see: I'd change the allocation approach: rather than give every customer a /64, which represents an IPv4 universe full of IPv4 universes, I'd think that any customer can make do with a single IPv4-size universe, and make the default end-customer allocation a /96. ISPs could still get gigantic prefixes (like a /23 or something), to make sure that an ISP would never need more than one prefix. I'd move us to the 1-prefix-per-ASN approach as much as possible - reserve a single /16 for multihoming end-sites, and let that be a swamp. There are under 32K multihomed ASNs in use now, and while demand is growing, if we can keep organizations to one prefix each, the routing table stays pretty darn small. Designate a /96 as "private" space for use on devices which don't connect to the Internetv6. To qualify for an "ISP" allocation, an entity would have to agree to route the swamp space, and not route the "private" space. And as long as I'm dreaming, I'd like a pony... -David Barak- -Fully RFC 1925 Compliant- __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs
Re: Cogent/Level 3 depeering
--- "Patrick W. Gilmore" <[EMAIL PROTECTED]> wrote: > It is strange that people have to be reminded no > network has the > "right" to use any other network's resources without > permission. > Most people realize this in one direction. For > instance, the "tier > ones" love to point out Cogent has no "right" to > peer with Level 3. > Absolutely correct. > > What some people seem to forget is that Level 3 has > no right to force > Cogent to buy transit to get to Level 3. This is where you lost me: if there is no obligation for an SFI between them, then each player absolutely can force the other to buy transit to reach them. The way it plays out is this: whichever player's customers are more upset about the inability to reach the other will force that player to blink and either buy transit or make some other arrangement. The term "peering" is useful to describe SFI, because there is an implied equivalence between the players: i.e. it would hurt them both equally to partition. As was said by someone earlier, if it is more valuable to one party than the other, the business relationship is skewed, and ripe for a conversion to a settlement-based interconnection. > P.S. Does anyone else get that Baby Bell feeling > whenever someone > talks about being a "Tier One"? > heh. I'm certain we're about to see the Nth iteration of the "who's a Tier One Provider" discussion, and I'll repeat: there are two contexts for "tier one" - marketing and routing. In marketing, everyone with a big, national network is a tier-one. In routing, definitions differ, and whatever definition is used, it's a smaller set than the marketing bunch... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! for Good Donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/
Re: [eng/rtg] changing loopbacks
--- Austin <[EMAIL PROTECTED]> wrote: > > It's worth noting that C's don't need actual IP > address space assigned to > the router-id for OSPF. It's just an arbitrary > value; it's probably better > karma to set it to whatever you want (maybe > something that doesn't look > like an IP address). > > RFC 2328: > > Router ID > A 32-bit number assigned to each router > running the OSPF > protocol. This number uniquely > identifies the router within > an Autonomous System. eek! There are a couple of downsides to having the router-ID divorced from a physical address: 1) you get an additional number which you have to have to track to ensure uniqueness. 2) you lose the benefit of being able to double check reachability (ping/ssh to router ID) 3) RFC 1403 says that the BGP router identifier must be the same as the OSPF router ID, and do you really want your BGP to reflect an unreachable ID? I've had a customer who used unreachable router IDs, and it made their NOC work quite a bit harder than they otherwise would have had to... -David __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: Multi-6 [WAS: OT - Vint Cerf joins Google]
--- Mikael Abrahamsson <[EMAIL PROTECTED]> wrote: > The "shimming" model is a way to solve this by the > endsystems knowing > about multihoming, instead of the network. I > personally think this is a > better idea and scales much better. Let's have the > network moving packets > as its primary goal, not solving "how do I reach > this prefix" equations. Waitaminute - isn't the whole *purpose* of layer 3 that the network makes these routing decisions? If there are N routers in an ISP, I would expect the ISP to connect to X endsystems, where 10N < X < 1000N. How does knowing about X endsystems scale better than knowing about N intermediate systems? Am I missing something here? David Barak http://www.listentothefranchise.com __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: New N.Y. Law Targets Hidden Net LD Tolls
--- Robert Bonomi <[EMAIL PROTECTED]> wrote: > > A typical call to a dial-up ISP is what, a few > hours? > > Multiple times per month? Accidentally using a > > non-local ISP number can result in a bill in the > > hundreds of dollars pretty easily (also no pizza). > > All true, but *WHY* is that 'accidentally dialing a > non-local ISP number' > the *ISP's* fault?? Who said anything about fault? This is merely a recognition on the part of Government that consumers might make a costly mistake. The Government decided to tell ISPs to give the consumers an extra notice to try to prevent that. Not unreasonable at all (although personally, I like the TX-style "all your long distance are 11D, else 10D" approach). Simple consumer protection, similar to the requirement to publish both per item and per measured unit pricing on foodstuffs...< /offtopic> -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: New N.Y. Law Targets Hidden Net LD Tolls
--- Sean Donelan <[EMAIL PROTECTED]> wrote: > I assume the NY AG will also be targeting > enforcement of Domino's Pizza > because they have lots of phone numbers and > consumers may unknowingly dial > a phone number to order a pizza which may be a toll > call in their area. A typical call to Domino's lasts < 2 minutes, and if it's not actually a local call, you're almost certainly not in the delivery area (and would get redirected to the correct store). Accidentally dialing a nonlocal Domino's results in a $.10 bill (and no pizza). A typical call to a dial-up ISP is what, a few hours? Multiple times per month? Accidentally using a non-local ISP number can result in a bill in the hundreds of dollars pretty easily (also no pizza). -David David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
RE: Cisco IOS Exploit Cover Up
--- Scott Morris <[EMAIL PROTECTED]> wrote: > > And quite honestly, we can probably be pretty safe > in assuming they will not > be running IPv6 (current exploit) or SNMP (older > exploits) or BGP (other > exploits) or SSH (even other exploits) on that box. > :) (the 1601 or the > 2500's) Let's see - RIP, Telnet, and SNMP are the only services listening on the box, and those are ACLed off at the serial interface. I'd LOVE to run SSH, but my image is not kind, nor is the size of the flash... > Not everyone has to worry about these things. Place > and time. Agreed - I just wanted to give a concrete example of this stuff in the wild. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Cisco IOS Exploit Cover Up
--- John Forrister <[EMAIL PROTECTED]> wrote: > Indeed - Cisco's hardware, especially the older, > smaller boxes, tended > to be really solid once you got them running. I was > just pondering a > few minutes ago on how many 2500's I configured & > installed in 1996 & 1997 > are still running today, on code that's no longer > supported by > Cisco, and which are incapable of taking enough > flash to load a newer image. As a definite example, A client of mine has a 1601 sitting on the end of a T1 running 11.3... They're not interested in spending any money on an upgrade, as the box is doing exactly what they want: running RIP internally, and taking Ethernet-in and Serial-out. -David __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Vonage Selects TCS For VoIP E911 Service
--- Brad Knowles <[EMAIL PROTECTED]> wrote: > If the time since last fix is several hours, then > the person > might now be on a plane using a picocell or > broadband wireless > network connection that is not position-enhanced, > and using the > position information for routing to the presumed > correct E911 system > may be inappropriate. If a person is calling 911 from a plane in flight, are we really so concerned about which PSAP receieves the call?The last known fix would likely have been the point of origin in any case... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
SORBS & deaggregation
--- Alex Rubenstein <[EMAIL PROTECTED]> wrote: > > > Perhaps the networks are disconnected? Perhaps there > is insufficient > bandwidth between the cities to carry inter-city > traffic? So, why would GRE not be a reasonable (temporary) solution here? If the islands are going to remain disconnected long term, why not get additional AS numbers? I find blaming > 250 extra routes WITH EXACTLY THE SAME PATH INFO on ARIN pretty unconvincing... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Outage queries and notices (was Re: GBLX congestion in Dallas area )
--- "Jay R. Ashworth" <[EMAIL PROTECTED]> wrote: > It's not the *best* solution, but it's probably the > least worst. > "Least worst" could describe pretty much everything about how we do networking today, so count me in the chorus of folks who consider outages completely on-topic. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Discover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html
[OT] Re: what will all you who work for private isp's be doing in a few years?
--- Matthew Crocker <[EMAIL PROTECTED]> wrote: > > > On May 12, 2005, at 4:23 PM, Jeff Rosowski wrote: > > > > > > >> | So imagine a residential area all pulling > digital video over > >> wireless. > >> | Sound familiar? Ironically close to TV! (yet so > different) > >> > >> You mean like VoIP over dsl ? > >> > > > > I'm looking to setup DSL over VoIP over DSL next. > > > > > I'm going for v.90 over VoIP over DSL. Hopefully > I'll be able to get > a 28.8k connection over my DSL line ;) One of the vendors from a previous NANOG (IIRC, it was Pluris, but don't quote me) had a shirt extolling the benefits of IP over MPLS over ATM over X.25 over Frame-Relay over MPLS over PPP over Ethernet over HDLC over SONET. everything old is new again :) David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
competitive network overbuilds
--- "Sam Hayes Merritt, III" <[EMAIL PROTECTED]> wrote: > You are always free to obtain a franchise and run > your own coax. Just > because the incumbent cable company does not allow > every tom dick and > harry ISP to use their copper doesn't mean you can't > provide the same > service. It should be noted that the same statement applies to DSL, FTTH, or RFC-1419 service as well: anyone who wants to CAN do an overbuild, and in fact that would probably be the best for customers in the long-run. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
Re: On the record - debunking technical fallacies
--- Dean Anderson <[EMAIL PROTECTED]> wrote: > On Tue, 3 May 2005, David Barak wrote: > > > Dean has weighed in on topics such as router > architecture and the > > ubiquitousness of packet-based-load-balancing in > backbone networks, and > > been thoroughly wrong. > > I never said that PPLB is ubiquitous (widely > used--for those not so used > to big words). I said that it is possible to see > it. And that if you see > it, it will not work with anycast TCP DNS. Please forgive my misunderstanding. However, if PPLB is NOT widely used, why would you particularly care about its effects? Avian Carriers are not widely used either, and I don't much care about their effect on RTT... > Second, the router architecture issue about whether > PPLB was possible on > certain routers. It is possible on a great number of > routers. But there > are some details I missed. Here I disagree: you made statements about the default behavior of Cisco and Juniper routers which reflected an incorrect understanding of the actual workings and deployed configurations of same. My argument that strenuous assertions of incorrect facts weakens credibility holds. > Please don't put (wrong) words in my mouth, and then > say I'm wrong. I apologize if I misquote or distort in any way, it is certainly not my intent. Any search of my previous postings to NANOG would show that I attempt to be accurate in representing and commenting on others' opinions. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: On the record - debunking technical fallacies
--- Dean Anderson <[EMAIL PROTECTED]> wrote: > > On Tue, 3 May 2005 [EMAIL PROTECTED] wrote: > > I believe it is still necessary (and a good thing) > to > > post messages on the record that debunk technical > fallacies. > > Thats right. That's why I debunk them. The lying > children call me names. > They really hate it when you debunk their fallacies. I personally evaluate individual posters with the following in mind: the more an individual has been willing to publicly assert things which I know to not be true, the less credit I give that individual's opinions with regard to things about which I am not an expert. The converse is true as well. Dean has weighed in on topics such as router architecture and the ubiquitousness of packet-based-load-balancing in backbone networks, and been thoroughly wrong. Lots of people demonstrated his wrongness in these things, so I feel no need to recap. I have no connection to ISC, and have no personal axe to grind. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
SONET
--- [EMAIL PROTECTED] wrote: > (Anybody here *NOT* seen cases where the 2 fibers > leave the building on opposite > sides, go down different streets - and rejoin 2 > miles down the way because > there's only one convenient bridge/tunnel/etc over > the river, or similar?) > confirming anecdote: Remember the Baltimore tunnel fire? The protect ring was in the conduit on one side, and the working was on the other... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: AS prepending
--- Philip Lavine <[EMAIL PROTECTED]> wrote: > > Update 2: > > More info. When I have tested the failover by > pulling > the plug on the preferred ISP, I do not see my > network > in looking glass. Secondly, the backup provider has > told me the the route is not in the (rib). > > Philip Have you verified that you're advertising the routes to them? In Cisco-speak, does sh ip bgp nei x.x.x.x adv return what you're expecting? Also, assuming that your backup ISP is either directly connected to (or one transit hop away from) your primary ISP, 3 prepends is too many for what you want. Try 1 prepend first. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest
Re: Vonage Hits ISP Resistance
--- "Jay R. Ashworth" <[EMAIL PROTECTED]> wrote: > Actually, and I think the distinction is pertinent > to this discussion, > if the car has no seatbelts, you can drive it just > fine -- as long as > it came that way. You can't *sell* a car without > seatbelts, anymore. That may be the rule in Florida, but in DC, MD, and UT (the states in which I've lived in the past 2 decades), you can be be ticketed if you are driving a car and not wearing a seatbelt. To make this a little bit more relevant to our VoIP/911 discussion, would we allow a startup car company to sell something which looked like a seatbelt, but was not crash rated above 5 mph? No, of course we wouldn't. Would that be anticompetitive? No, it just means that to be a startup car company, you have to meet the same safety standards as the existing car companies. If we want to take the analogy away from something which is a direct safety issue, the exact same argument applies to emissions standards. They're "standard" for a reason: they apply to everyone, and every car maker must comply. (SUVs are classified as trucks, and comply with the truck rules). Why would these arguments not apply to VoIP? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest
Re: potpourri (Re: Clearwire May Block VoIP Competitors )
--- Adi Linden <[EMAIL PROTECTED]> wrote: > If VoIP companies are regulated into providing 911 > service, minimum > availability standards, etc is one thing. Forcing > anyone that might be > transporting VoIP into becoming a Telco is quite > another... I agree - the former is exactly the direction I think we should go. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Personals - Better first dates. More second dates. http://personals.yahoo.com
Re: potpourri (Re: Clearwire May Block VoIP Competitors )
--- Owen DeLong <[EMAIL PROTECTED]> wrote: > I can't speak for Paul, but, I propose that the > government stop telling > me what I do or don't need, and what risks are or > are not acceptable for > my family and allow me to make those choices for > myself. This belief == libertarianism, no? I take it you'd rather inspect your own food processing plants, and not have a licensing system in place for elctrical work (et. al.)? Personally, I'm quite glad for government regulations regarding food safety, home inspection, and lots of other things which are safety related. There are other restrictions which I'm not thrilled about, but I have yet to hear a compelling reason (which does not inherently boil down to a libertarian argument) to stop requiring that anything which defines itself as a phone-based voice service should have a working 911 connection. The VoIP companies currently call themselves "phone" companies, and by doing so, IMO, they open themselves to this level of regulation. >If I want 911 > service, then, I should subscribe to at least one > telephony service which > provides it, and, which charges me for it. If I am > willing to risk life > without reliable 911 service, then, that should be > my choice, and, I should > be able to choose voice carriers which do not > provide 911 service and I > should not have to pay for it. Should you be able to subscribe to the fire department? How about the police? That's how it used to be, but that model didn't work nearly as well as universal coverage paid by taxes does. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest
Re: potpourri (Re: Clearwire May Block VoIP Competitors )
--- Paul Vixie <[EMAIL PROTECTED]> wrote: > sure as hell, we'll see laws requiring every home to > have a telephone, to > have that telephone in the kitchen or other main > room of the home, and to > be clearly marked. then the POTS tithe comes back, > it'll be with vengeance. So given that you see this as likely, and by your tone, I'm guessing that you're not in favor of this outcome, what do you propose? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: potpourri (Re: Clearwire May Block VoIP Competitors )
--- Paul Vixie <[EMAIL PROTECTED]> wrote: > > [EMAIL PROTECTED] (David Barak) writes: > > > anecdote: one of my good friends uses Vonage, and > my wife complained to > > me yesterday that she has a very hard time > understanding their phone > > conversations anymore. She correctly identified > the change in quality as > > originating from the VoPI. > > as long as she's getting what she's paying for, or > getting the cost savings > that go along with the drop in quality, and is happy > with the savings, then > this isn't a bug. Well, here's the catch - it wasn't the VoIP subscriber who was complaining, it was the PSTN subscriber. The experience left her with the opinion that VoIP = bad quality voice. I suspect you'll see a lot of this... > > unfortunately a lot of companies who use voip or > other forms of "statistical > overcommit" want to pocket the savings and don't > want to disclose the service > limitations. that gives the whole field an > undeserved bad smell. agreed. > > > Please correct me if I'm mistaken, but your > implication seems to be "damn > > the 911, full steam ahead." That's great for > optional voice (calls to > > Panama) but not so good for non-optional voice (to > the fire dept). > > i'm not especially tolerant of governments telling > me how safe i have to be. > if i want a 911-free phone in my house then the most > the gov't should be > allowed to require is that i put a warning label on > my front door and on > anthing inside my house that looks like a phone. occam's razor? We have government regulations regarding things which look like (and function similarly to) light switches, no? We have government regulations regarding the nature of water and sewer pipes, why not regulations regarding the nature of data pipes? > most american PBX's don't have 911 as a dialplan. > you have to dial 9-911. We work on different PBXes. The ones on which I work are specifically configured to respond to 911 OR 9-911 to avoid a problem. Would YOU want to have been the person who didn't enable one of those options, and thus delayed response time? < snip regarding corporate bad behavior in configuring PBXes> > geez, where's the FCC when you need 'em, huh? actually, yes - I see this as a public safety issue, not a freedom issue. It is in the public's interest for 911 to work the way we expect it to, everywhere. > i think the selective enforcement here is sickening, > and that if old money > telcos can't compete without asset protection, they > should file for chapter > 11 rather than muscling newcomer costs up by calling > these things "phone" and > then circling their wagons around the NANP. But VoIP companies calling their product a "communications service" and saying that they're exempt from 911 regulation, and at the same time beating up the ISPs for deprioritizing their traffic based on the same 911 access is completely fine, huh? Voice is an application, but a gov't regulated one. In this regard it is fundamentally different from email or ftp. > but > that's not going to happen, > so i predict that the internet will do what it > always does-- work around the > problem. so, domain names and personal computers > rather than "phone numbers" > and things-that-look-like-phones. > and when 20% or 50% of the homes in a region lack > this service because the > people who live in those homes don't want to pay a > POTS tithe, we'll see > some interesting legislation come down, and you can > quote me on that. Yes, I'm certain we will. The legislation will likely be due to a particularly bad fire during a power outage or some other event which makes national news. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Personals - Better first dates. More second dates. http://personals.yahoo.com
Re: potpourri (Re: Clearwire May Block VoIP Competitors )
--- Paul Vixie <[EMAIL PROTECTED]> wrote:
> > Toll-quality voice requires ...
>
> ...all kinds of things that nobody outside the POTS
> empire actually
> cares about. folks just want to talk. cell-quality
> voice is fine.
> (just ask anybody in panama who has relatives in the
> USA!)
anecdote: one of my good friends uses Vonage, and my
wife complained to me yesterday that she has a very
hard time understanding their phone conversations
anymore. She correctly identified the change in
quality as originating from the VoPI.
> sadly, to get "voice over ip" (note, it's not
> telephony over ip, it's
> voice over ip),
The difference between the two is readily apparent to
businesses: VoIP::POTS as "ToIP"::PBX/Centrex
>we're going to have to integrate it
> into our computers.
> ("dammit, i need a decent quality USB headset for
> less than USD $300!")
> because as long as something looks-like-a-phone, the
> POTS empire can use
> the NANP (or local equivilent) and 911 regulations
> (or local equivilent)
> to prevent newer more efficient carriers from making
> money from "voice".
Please correct me if I'm mistaken, but your
implication seems to be "damn the 911, full steam
ahead." That's great for optional voice (calls to
Panama) but not so good for non-optional voice (to the
fire dept).
>
> the solution of course is to use computers rather
> than "phones" and to
> use domain names rather than "phone numbers".
fine by me - such a service would never be confused
with POTS, and no one sensible would treat it as a
reliable/robust service.
> > ..., the public Internet has substantial jitter
> and high
> > coast-to-coast latency, ...
>
> just thinking out loud here, but which "coasts" do
> we mean when we talk
> about the "public internet"? my first thought was
> lisbon-to-sakhalin,
> rather than seattle-to-miami.
>
> given that the public internet isn't even centered
> in let alone predominated
> by north america any more,
How do you measure this? According to Telegeography,
London has been the city with the most international
connections for about the past 5 or 6 years, but New
York (& environs) still had the highest aggregate
international bandwidth during that time. I would
certainly say that North America is a disproportionate
source and sink of traffic relative to population.
> and that some of the best
> (and/or loudest) speakers
> at nanog (both on the mailing list and in person)
> are from outside north
> america, it seems to me that the "reform party"
> should be thinking of a new
> name. i'll happily turn ANOG.$CNO and/or
> WORLDNOG.$CNO over to any elected
> board who becomes merit's successor-in-interest over
> "nanog governance"...
Well, North America does have its own issues, and
there should be a venue for that. (side note: I'm far
more likely to have my employer send me to Seattle
than to Tokyo...)
> (if you didn't know about the nanog-futures@ mailing
> list, go find out, plz.)
>
Thanks for the plug :)
> > OTOH, if you're going across a network with decent
> QoS or within the same
> > general area of the country, you can afford a
> larger transmit buffer without
> > risking the "walkie talkie" effect.
>
> all it has to be is as good as a cell phone.
Requirements differ. To paraphrase Randy, "I
encourage my competitors to use this voice quality
standard."
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
__
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
Re: T1 vs. T2 [WAS: Apology: [Tier-2 reachability and multihoming]]
--- John Dupuy <[EMAIL PROTECTED]> wrote: > But by the technical description of a "transit free > zone", then 701 is not > tier one, since I have encountered scenarios where > many AS are transversed > between 701 and other networks, not just a peer of a > peer. Unless, by > "transit free zone" you mean "transit trading" where > large providers permit > each other to transit for free. (Which gets back to > my 'who hurts more' > discussion.) > Transit = being someone's customer Peering = permitting your customers to go to your peer's customers or the peer's network, but not the peer's peers, without exchange of money. Any other relationship != peering for my purposes (although lots of subtly different relationships exist, the largest networks tend to take a view which is not too dissimilar to the one shown above) Are you implying that 701 is paying someone to carry their prefixes? While I'm not the peering coordinator for 701, I would find that improbable. I would expect that money would flow the other direction (and thus 701 would become a more valuable peer for other networks). > I'm willing to be wrong. If any of the large > providers on the list will say > that their network does not transit beyond the > customer of a peer; and they > still maintain full connectivity, I will gladly be > corrected. oodles and oodles of people can say this (and already have). A paying customer of mine can readvertise (with a non-munged AS_PATH) any of my prefixes which they want, and thus provide transit for other people to reach me. That does not change the fact that I'm not paying for transit. So in short, I would say that T1 vs T2 etc is a "follow the money": T1 => doesn't pay anyone else to carry their prefixes, and runs a default-free network. T2 => pays one or more T1 providers to carry their prefixes, may or may not run a default-free network. T3 => leaf node, pays one or more T1/T2 providers to carry their traffic, probably uses default route. YMMV, blah blah blah David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/
Re: Attractive Nuisance, was Re: 72/8 friendly reminder
--- Mike Leber <[EMAIL PROTECTED]> wrote: Well, there has been some movement - Cisco has changed their policy, as noted here: http://www.merit.edu/mail.archives/nanog/2005-02/msg00354.html Now if we can just get everyone else to play along... David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
--- William Allen Simpson <[EMAIL PROTECTED]> wrote: > I'm assuming that you really operate an ISP in Utah. > And that you are > willing to spend some time in jail at various times, > have $10,000 or so > for bail, and a few $100,000 for attorney fees -- > none of which you'll > get back even should you win. wouldn't it be cheaper and easier to simply get a lawyer and an engineer in the same room and brainstorm until you came up with something which pretty-much-worked(tm) and was at least arguably compliant with the law? There have been a couple of ideas bandied about on this list which are arguably compliant and technically simple. > > I've spent time in jail on principle. I'm glad to > see others are still > willing to stand up and be counted! This isn't a principle for which I'd gladly go to jail.All I'm saying is that it isn't the doom&gloom you're portraying - Utah politicians being difficult doesn't mean the end of free speech forever. Why not wait and see what happens? -David Barak need Geek-rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
--- William Allen Simpson <[EMAIL PROTECTED]> wrote: > So, Utah law _already_ means no links to Planned > Parenthood et alia. > Planned Parenthood is quite alive and well in Utah. Contraceptives are freely advertised on TV and given out on campus at the U of U. All of the other stuff you're seeing is either: 1) unenforcable old blue laws similar to how Native Americans need to be escorted by police in Massachussetts (i.e. they never got around to fixing old bad law, but noone cares anymore) 2) political posturing by elected officials (also relatively common in other parts of the world. c.f. US Congress, both parties) 3) Something which, while it COULD be extended to mean something ridiculous, will NOT be. For crying out loud - this is UTAH, not the moon: the people there are just like people everywhere. Yeah, they tend to be a bit more socially conservative than the libertarian-leaning NANOG membership is used to, but it's not like they've got 2 heads and three arms - if you prick them, they'll bleed... so while I agree that this is a goofy law which was poorly written - there IS a demand for this type of service, and we'll see how it plays out. -David Barak need Geek Rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
--- Daniel Senie <[EMAIL PROTECTED]> wrote: > Anyone want to publish a definitive list of IP > addresses for Utah? A week > of null-routing all such traffic by many web sites > would, I think, would be > a measured response to idiot legislators. It could > be "give Utah the Finger > Day" or some such. Wouldn't you then be guilty of doing the exact thing which the legislature is doing? Besides any discussion regarding collusion or anticompetitive behavior, how does this type of action improve free speech? Personally, I WANT everyone in Utah to get to my content. -David Barak need Geek Rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
--- William Allen Simpson <[EMAIL PROTECTED]> wrote: > Why other businesses? For example, no drug > companies or pharmacies > can have their businesses in Utah; they sell > contraceptives, and > generate information too sensitive for the tender > eyes of minors. This is not correct - on network TV in utah, and on the "family-friendly" cableco feed, you can see the various prophylactic manufacturers' ads. Many of the statements I've seen here are very "doom and gloom" about Utah - honestly, folks, it's not THAT bad. -David Barak need geek rock? Try The Franchise! http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Utah governor signs Net-porn bill
--- Rachael Treu <[EMAIL PROTECTED]> wrote: > > I'm unclear as to how this level of regulation can > be applied to the > rolling fields of porn and not swiftly expanded to > accommodate other > categories of information deemed to be > objectionable. (I haven't > yet read the complete bill, but will be interested > to see how clearly > codified the parameters for branding content as > "adult" are.) > Disclaimer: I lived in and around Salt Lake City for 10 years, no I'm not Mormon, and I have always thought that Utah is the best place in the world to get a flat tire, becuase everyone will fall all overthemselves to help you. That said, I've seen this kind of thing from Utah politicians before - they were some of the driving factors behind the "V-Chip" and in mandating that cablecos offered a service which was "all the channels except those which regularly show adult content", which, believe it or not, was not common when they offered it. I would be VERY surprised if they also added any (non-pr0n) other topics to this block-list. There is a strong distinction made in UT between pr0n and everything else: no one ever tried to expand the concept wrt the cablecos to any of the other objectionable things they may show. I remember when "The Last Temptation of Christ" showed in a movie theatre there, so they're not so bad as it may at first seem. > > How, exactly, *did* this pass, anyway? > that's EASY: there is hyperconcern for the welfare of children in Utah, and they've had some success in restricting other public displays of adult activities (believe it or not, there used to be strip clubs within 4 blocks of the mormon temple there - the city council rezoned, and they moved 3 miles downroad). David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com NEW ALBUM, "The Sound and the Furry" available at http://www.cdbaby.com/thefranchise __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Vonage service suffers outage
--- "Jay R. Ashworth" <[EMAIL PROTECTED]> wrote: > > On Mon, Mar 07, 2005 at 04:03:11PM -, Neil J. > McRae wrote: > > > Companies like Vonage are signing up subscribers > because they > > > provide real phone service connecting you to > copperline > > > subscribers on the real phone network. That is > their business > > > model. Verizon could sell exactly the same sort > of service to > > > subscribers in California leveraging the > Internet last mile > > > in exactly the same way as Vonage. > > > Vonage and Verizon are just phone companies, not > VoIP companies. > > > > Michael - you've been drinking way to much coffee > today. > > Naw; Michael has it exactly right, and more power to > him. I think the final nail in this coffin is the Vonage banner ad/masthead which describes them as "the broadband phone company." If they're going to claim to be a phone company, it's reasonable that phone company regulations regarding 911, outage reporting, etc should all apply to them. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com NEW ALBUM, "The Sound and the Furry" available at http://www.cdbaby.com/thefranchise __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
--- "Chris A. Epler" <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jared Mauch wrote: > > | I'm not saying this to trash cisco, many people > there know that, > | but the important thing is insuring that the > global internet isn't > | further harmed, and as more allocations are done > the harm becomes > | greater and it hurts every single person in this > industry, providers > | and vendors alike. > > k, bit my tongue as much as I could... But I gotta > vent ;-P > > So, Cisco provides this 'AutoSecure' function and > everyone jumps all > over the static bogon list. Why? Hello? The basic > idea here is that > it gets you decent out of the box setup defaults > which you tailor after > running it, right? (NOTE: I haven't actually hit > the AUTOSECURE button > yet, just read a little about it) > Well, the problem is that the autosecure feature introduces a static element (address filtering) into a dynamic world (routing), in a way which is generally considered "set and forget." The target audience for autosecure is people who don't have their own security people on staff, thus ensuring that the filters will get out of date, and cause mysterious reachability issues (mysterious, that is, because no one will think of looking for the problem in the router...) > Whats so bad about decent secure defaults? I just > see it as a shortcut > to getting a router online, not a solution to > security. Getting a router online is giving it an IP address. Translate from geek to English: when someone who is not-so-technical hears "autosecure" the end result is something like "automatic transmission" - i.e. something which doesn't need to be played with except once every few years. > If you're > implementing a new router and setting up Bogon > filters The argument is that autosecure SHOULDN'T set up bogon filters. > you should > already know that they'll need to be updated > regularly and should > replace the access list with a refreshed one using > the autosecure > configuration as a TEMPLATE that you work off of. > If you don't know > this, then you shouldn't be in charge of said > router. Am I missing > something here??? The primary audience for the autosecure feature is people who really don't quite get routers. No, they don't have any business with enable, but do they have it? yes. = David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
--- Suresh Ramasubramanian <[EMAIL PROTECTED]> wrote: > David Barak <[EMAIL PROTECTED]> wrote: > > > > While it says that bogon filters change, and > provides > > a URL to check it, what percentage of folks who > would > > use a feature like "autosecure" would ever update > > their filters? > > > > What do they do to update that bogon list anyway - > push a new IOS image? > That's a mighty fine question: the link I referenced is the most recent I was able to find, and its list of bogons is thoroughly out-of-date. In the interest of long-term reachability, I would call on Cisco to remove the IANA-UNASSIGNED blocks from the autosecure filters. This will only get worse: consider how bad the GWF problem is now with the antivirus-response-spam... = David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
--- "Richard J. Sears" <[EMAIL PROTECTED]> wrote: > > Yes - the space in question was allocated last > January - it looks like > not everyone has updated their bogon access lists to > remove this space > from the bogon list. I think that Cisco's Autosecure feature is part of the problem here: http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_feature_guide09186a008017d101.html While it says that bogon filters change, and provides a URL to check it, what percentage of folks who would use a feature like "autosecure" would ever update their filters? sigh. = David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
Re: IBGP Question --- Router Reflector or iBGP Mesh
--- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > Are you sure? RR should just distribute routes. > > RR do not make any route decisions, and (btw) iBGP > do not make route > decisions - they are mostly based on IGP routing. > All iBGP + RR are doing > is: > - tie external routes to internal IP; > - distribute this information using iBGP mesh, RR's > etc. > - receive this information and set up routing using > internal IP (which are > routed by IGP protocls). > > End routers receives iBGP routes and uses IGP (OSPF > or EIGRP or anything you > use) for route decisions (of course, we can image > exceptions, but normally , > it works so that all decisions are based on IGP > routing). Most important > decisions are done , where routes are emitted from > EBGP into iBGP, others - > by iGP; which decisions are done by RR's themself? The primary decision made by a route-reflector is the same decision which would be made by multiple routers in an iBGP full-mesh: which exit point should this router use to reach a specific netblock. Leaving aside for the moment any manipulation of multipath, each router will run the BGP route selection algorithm on each route learned. If multiple routes are learned to a given destination, only one will be inserted into the RIB. The standard behavior for a router is to only pass on those routes which have been accepted into the RIB. So if you have this network C1 -R1--R2-C2 | | C1 -R3--R4-C3 And R1 is the only route-reflector (yeah, yeah, bad design - it's just an example), R4 will only learn about the path to C1 through R1, and might route traffic along the R4->R2->R1->C1 path rather than along the R4->R3->C1 path which would be preferred by an iBGP full-mesh. The upshot of this is the following (drumroll): route reflectors are a wonderful thing, but make sure that their topology reflects and respects your underlying IP network topology. If you don't, you can get unpleasant consequences. = David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet
--- [EMAIL PROTECTED] wrote: > When we make it too hard for legitimate businesses > to > use spam as a means of advertising their product, > then > only criminals will use spam. you can have my mailserver when you can pry it from my cold, dead datacenter... seriously, there have been various proposals ([ADV], etc) to facilitate "legit UCE," but that hasn't slowed the arms race. How would you recommend that we make it easier for legit businesses? = David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
Re: IPv6, IPSEC and DoS
--- Joe Abley <[EMAIL PROTECTED]> wrote: > No, it's packet-switching with a provisioning > process reminiscent of > the Book of Telco. Static provisioning does not a > circuit make. Point made - what I was trying to say was that it has most of the disadvantages of a circuit-switched architecture... = David Barak Need Geek Rock? Try The Franchise. __ Do you Yahoo!? Dress up your holiday email, Hollywood style. Learn more. http://celebrity.mail.yahoo.com
Re: IPv6, IPSEC and DoS
--- Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote:
> If you can then enforce the port->MAC->IP mappings
> you're pretty much
> bullet proof. I know there are switches that can
> handle the port->MAC
> part. An alternative for the MAC->IP part would be
> the TCP MD5 option
> or IPsec.
>
>
I guess it's true that everything old is new again:
isn't this effectively circuit-switching? If you're
dedicating network elements to particular hosts in a
non-dynamic manner, doesn't that make your
infrastructure effectively a PBX, where moving
{device} from one room to the next requires a a
technician's assistance?
-David Barak
=
David BarakNeed Geek Rock? Try The Franchise.
__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
CIDR & Broadband
Hi everyone, I just happened to notice something: AS18566 7557 74899.1% CVAD Covad Communications AS27364 441 33 40892.5% ARMC Armstrong Cable Services AS22773 416 24 39294.2% CXA Cox Communications Inc. AS21502 2723 26998.9% ASN-NUMERICABLE NUMERICABLE is a cabled network in France, AS14654 2626 25697.7% WAYPOR-3 Wayport AS25844 244 17 22793.0% SASMFL-2 Skadden, Arps, Slate, Meagher & Flom LLP AS4814 2136 20797.2% CHINA169-BBN CNCGROUP IP network¡ªChina169 Beijing Broadband Network Of these, the CIDR-report entries with > 90% deaggregation, 6 are high-speed Internet providers, and one's a lawfirm. Clearly, all of them can be described as "leaf" ASes. None of them seem to have multihoming customers (or at least not THAT many). I seem to remember a person from Covad saying that their deaggregation was going to be temporary (http://www.merit.edu/mail.archives/nanog/2004-11/msg00366.html) for some value of temporary, but what about the others? Any of the rest of you want to speak up and explain this? = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250
Re: Bogon filtering (don't ban me)
--- "J. Oquendo" <[EMAIL PROTECTED]> wrote: > I thought about it over and over, and wonder why > this hasn't been done. > Any care to beat me with a clue stick or two. I can > understand the > arguments of not wanting a vendor to have control of > some aspect of my > business, or control over my network, but correct me > if I am wrong, > wouldn't this solve a heck of a lot of issues > concerning network based > attacks, spam, scumware/spyware/fooware/$*something? Vendor C has something similar, in their "autosecure" feature. However, the trouble is that the list of bogon networks is static, and in fact includes 70/8 among many others. This is (I'm certain) contributing to the reachability issues that those folks with new netblocks experience. A better implementation would be for vendors to include a "bogon-subscribe server x.x.x.x" feature, which would simply allow a router to talk to a centralized bogon server. However, the complexity of setting up the real-time BGP bogon feeds is not that hard - anyone who would use the above command could do it - so I'm not sure that this requires any new tools. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250
Re: ATM over T1
--- Greg Boehnlein <[EMAIL PROTECTED]> wrote: > Hello, > This is my first post to the NANOG list, so > please.. be gentle! ;) ok. > So, can I cross connect several ATM T1s onto a DS3 > mux and break them out > on the other side? Or do I need some sort of > intelligent MUX that > understands ATM? A straight TDM mux will work fine. ATM is a layer 2, and as long as your mux isn't trying to do anything other than TDM T3 <->> T1 demuxing, it will work. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
Re: Sensible geographical addressing
--- Peter Corlett <[EMAIL PROTECTED]> wrote: > > David Barak <[EMAIL PROTECTED]> wrote: > [...] > > What exactly would be so bad about taking a page > from the PSTN and > > using a country-code-like system? There are under > 200 countries on > > the whole planet, so that's not a huge number of > bits... > > Not that this avoids renumbering, as countries do > occasionally split > or merge. Sometimes there's also address space > exhaustion within a > country and renumbering is required. > > (I am reminded of a Londoner whining about "loads" > of number changes > since 1990. In fact, there have been just three: 01 > -> 071/081 -> > 0171/0181 -> 020.) > But if the "country ID" bits were always in a defined place, the pain of renumbering due to country merge/split could be mitigated. In any case, countries don't split or merge THAT much. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Re: Sensible geographical addressing
--- [EMAIL PROTECTED] wrote: > 10 years ago we didn't have the RIR system in > place to help us with geographic addressing. Today > we do. Now you might be able to convince me that > we could achieve similar goals by putting together > route registries, RIRs and some magic pixie dust. > As far as I'm concerned, geographical route > aggregation > is necessary for the v6 network to scale. It will > happen, the only question is how we solve the > problem. > What exactly would be so bad about taking a page from the PSTN and using a country-code-like system? There are under 200 countries on the whole planet, so that's not a huge number of bits... = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com
Fwd: The Cidr Report
--- [EMAIL PROTECTED] wrote: > AS701 6090 892 519885.4% UU > UUNET Technologies, Inc. > AS705 2258 1009 124955.3% UU > UUNET Technologies, Inc. Top 20 Net Increased Routes per Originating AS Prefixes Change ASnum AS Description 4861 1224->6085 AS701 UU UUNET Technologies, Inc. 1820 437->2257 AS705 UU UUNET Technologies, Inc. 758 268->1026 AS7046UU UUNET Technologies, Inc. Any idea what happened here? Is this long-term? = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
Re: Low latency forwarding failure detection
--- John Kristoff <[EMAIL PROTECTED]> wrote: > I'm cco-familiar with GLBP. It appears to have > essentially the same > timing knobs with the ability to actively load > balance traffic. Is > my assumption that some traffic will not > experience any packet loss > if it is not using the failed path correct? For > anyone who has used > this, was the added complexity of this protocol > worth it? I've used GLBP, and I was pleasantly surprised at how well it worked. Certain types of failures were hitless, and non-hitless failures were still pretty fast. I'm not sure if it's fast enough for your application, but I thought it was great. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
Re: short Botnet list and Cashing in on DoS
--- Andrew D Kirch <[EMAIL PROTECTED]> wrote: ... > and anyone posting from yahoo/gmail/hotmail > should have their > posting rights immediately revoked because obviously > they have no claim > whatsoever to any critical Network Operations. You had me until then: has it not occurred to you that some of us work for large corporations which would rather not make official stands on the topics discussed on the NANOG list? There is a certain plausible deniability which is created by using a yahoo/etc account. Furthermore, some of us have changed jobs inside the field, and the use of personal email addresses avoids any complications with that. Also, it avoids the stupid autoresponder issues which some corporations force upon their employees. Your argument works if you're the boss. If you're not, of if there's any PHBs above you, it's better to stick with the private email. = David Barak -fully RFC 1925 compliant- ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
Re: RIPE "Golden Networks" Document ID - 229/210/178
--- Petri Helenius <[EMAIL PROTECTED]> wrote: > Pay me to treat your prefixes more nicely? 1/2 :-) > Isn't that the difference between transit and peering? Does anyone dampen people who are paying them? = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
Fwd: Please stop sending me emails
I've gotta say - this is a new one for me. I'm used to hearing about low signal/noise ratios, and the inevitable off-topic griping, but I wasn't expecting that someone who is actually subscribed to a list such as this one would have such idiot-ware enabled... -David Barak -Fully RFC 1925 Compliant- --- Jason Silverglate <[EMAIL PROTECTED]> wrote: > Date: Tue, 29 Jun 2004 22:44:34 -0400 > From: "Jason Silverglate" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Please stop sending me emails > > THIS IS AN AUTOMATIC REPLY > > Your e-mail message to me (see below) was not > delivered. I > am no longer accepting mail from your address. > > This extreme measure was most likely taken in > response > to unsolicited or unwanted e-mail from you. If you > were > attempting to market a commercial product or service > to me, > then please note that I am absolutely not interested > in > it. I take a dim view of any form of UCE, and on > principle > refuse to patronize any business that resorts to > this > tactic. > > This email account is protected by: > Active Spam Killer (ASK) V2.4.1 - (C) 2001-2002 by > Marco Paganini > For more information visit > http://www.paganini.net/ask > > --- Original Message Follows --- = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
Re: BGP list of phishing sites?
--- Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: > > The principle has been analogized to describe > larger > > systems and items, and is a useful but not always > > completely accurate metaphor. It is entirely > possible > > to observe some things without affecting them. > > Is it? If I want to look at you, I must bounce > photons off of you. > Similar stuff needs to happen for other types of > observation. This may > not have a very large effect on you, but there is > _some_ effect. for some value of _some_, right? ;) I agree that there is an affect, but not necessarily due to the observation itself: consider a webcam. Whether I am observing you in the camera is not dependent on my interacting with you per se: the photons were already on their way from you to the lens. You could argue that those photons cause a change, but I would respond that the photons would have caused that change regardless of whether they are measured. Perhaps some beer and philosophy at the October meeting? = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: BGP list of phishing sites?
--- Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: > Einstein taught as that even the simple act of > observation influences > our surroundings. Wouldn't it make sense to try to > leverage this > influence such that the future is shaped more to our > liking, however > small the change may be? nitpick: it wasn't Einstein, but rather Heisenberg who developed the uncertainty principle. The uncertainty principle only speaks of electrons (or other small wavicles) and describes how it's not possible to know both the position and momentum. If you're not interested in knowing both of those at the same time, the uncertainty principle does not apply. The principle has been analogized to describe larger systems and items, and is a useful but not always completely accurate metaphor. It is entirely possible to observe some things without affecting them. -David Barak -Fully RFC 1925 Compliant __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
RE: What percentage of the Internet Traffic is junk?
--- Steve Gibbard <[EMAIL PROTECTED]> wrote: > > If a few of you can stop being so pedantic for a > second, the definition > looks pretty easy to me: traffic unlikely to be > wanted by the recipient. > Presumably, if it's being sent that means somebody > wanted to send it, so > the senders' desires are a pretty meaningless > metric. I'm not sure that I'd agree with this statement. What about the traffic from compromised sources? The pps floods or spam emails are not being created with the knowledge of the source, so it would be hard to say that the source "wanted" to send it. -David Barak -Fully RFC 1925 Compliant- __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
RE: Cisco Router best for full BGP on a sub 5K bidget 7500 7200 or other vendor ?
--- Michel Py <[EMAIL PROTECTED]> wrote: > The part I missed earlier is that I think Alexander > needs to buy the > platform. As of today I can not recommend buying any > 7500 as even the > 7507 and the 7513 are going to EOL sooner or later. > If you can't afford > a 7603, then the 7206VXR with NPE400G and a gigabit > trunk to a 3550 is > what I would do. It's always worth taking a look at multiple vendors: the m7i is a lot of power for not so much money, relatively speaking, although you won't find much on the ebay-market... -David Barak -Fully RFC 1925 Compliant- __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
Re: Packet Kiddies Invade NANOG
--- [EMAIL PROTECTED] wrote: > Assuming that they are not sourcing the attacks > in Banetele's AS, then you, the peer of Banetele > are delivering the packet stream that kills the > BGP session. How long before peering agreements > require ACLs in border routers so that only BGP > peering routers can source traffic destined to > your BGP speaking routers? Even better is to seperate the control plane from the forwarding plane, and ensure that the control plane of a given router cannot be spoken to by anyone who is not either internal or a direct BGP peer. Why permit garbage to touch your network? -David Barak -Fully RFC 1925 Compliant- = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Re: Packet Kiddies Invade NANOG
Susan, could you please clarify the NANOG AUP for the benefit of some of our young/new posters? Thank you, -David Barak -Fully RFC 1925 Compliant- --- John Harold <[EMAIL PROTECTED]> wrote: = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Re: UUNet Offer New Protection Against DDoS
--- "Patrick W.Gilmore" <[EMAIL PROTECTED]> wrote:
> What's wrong with letting customers announce /32s
> into your network, as
> long as you do not pass it to anyone else (including
> other customers)?
Theoretically nothing. However, you do need to watch
out, because there are a certain percentage of
clue-impaired folks who believe that {traffic
engineering | load-balancing | whatever mojo they're
calling it now} can be best accomplished by announcing
every /32 out of their legitimate /16 block.
While there are certainly vendors who can take an
extra 60,000 routes with impunity, there is a lot of
gear out there which can't.
Moral: if you let your customers advertise more
specifics to you, use maximum-prefix filters...
-David Barak-
-Fully RFC 1925 Compliant-
__
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster
http://search.yahoo.com
Re: Converged Networks Threat (Was: Level3 Outage)
--- vijay gill <[EMAIL PROTECTED]> wrote: > How would you know this? Historically, the cutting > edge technology > has always gone into the large cores first because > they are the > ones pushing the bleeding edge in terms of capacity, > power, and > routing. > > /vijay I'm not sure that I'd agree with that statement: most of the large providers with whom I'm familiar tend to be relatively conservative with regard to new technology deployments, for a couple of reasons: 1) their backbones currently "work" - changing them into something which may or may not "work better" is a non-trivial operation, and risks the network. 2) they have an installed base of customers who are living with existing functionality - this goes back to reason 1 - unless there is money to be made, nobody wants to deploy anything. 3) It makes more sense to deploy a new box at the edge, and eventually permit it to migrate to the core after it's been thoroughly proven - the IP model has features living on the edges of the network, while capacity lives in the core. If you have 3 high-cap boxes in the core, it's probably easier to add a fourth than it is to rip the three out and replace them with two higher-cap boxes. 4) existing management infrastructure permits the management of existing boxes - it's easier to deploy an all-new network than it is to upgrade from one technology/platform to another. -David Barak -Fully RFC 1925 Compliant __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools
Re: Converged Networks Threat (Was: Level3 Outage)
--- vijay gill <[EMAIL PROTECTED]> wrote: > In all of the above cases, those were the large isps > that forced > development of the boxes. Most of the smaller > "cutting edge" > networks are still running 7513s. > Hmm - what I was getting at was that the big ISPs for the most part still have a whole lot of 7513s running around (figuratively), while if I were building a new network from the ground up, I'd be unlikely to use them. > GSR was invented because the 7513s were running out > of PPS. > CEF was designed to support offloading the RP. > > > 2) they have an installed base of customers who > are > > living with existing functionality - this goes > back to > > reason 1 - unless there is money to be made, > nobody > > wants to deploy anything. > > > > 3) It makes more sense to deploy a new box at the > > edge, and eventually permit it to migrate to the > core > > after it's been thoroughly proven - the IP model > has > > features living on the edges of the network, while > > capacity lives in the core. If you have 3 > high-cap > > boxes in the core, it's probably easier to add a > > fourth than it is to rip the three out and replace > > them with two higher-cap boxes. > > The core has expanded to the edge, not the other way > around. > The aggregate backplane bandwidth requirements tend > to > drive core box evolution first while the edge box > normally > has to deal with high touch features and port > multiplexing. > These of course are becoming more and more > specialized over > time. > I agree, from a capacity perspective: the GSR began life as a core router because it supported big pipes. It's only recently that it's had anywhere near the number of features which the 7500 has (and there are still a whole lot of specialized features which it doesn't have). From a feature deployment approach, new boxes come in at the edge (think of the deployment of the 7500 itself: it was an IP front-end for ATM networks) > > 4) existing management infrastructure permits the > > management of existing boxes - it's easier to > deploy > > an all-new network than it is to upgrade from one > > technology/platform to another. > > Only if you are willing to write off your entire > capital > investment. No one is willing to do that today. That is EXACTLY my point: as new companies are unwilling to write off an investment, they MUST keep supporting the old stuff. once they're supporting the old stuff of vendor X, that provides an incentive to get more new stuff from vendor X, if the management platform is the same. For instance, if I've got a Marconi ATM network, I'm unlikely to buy new Cisco ATM gear, unless I'm either building a parallel network, or am looking for an edge front-end to offer new features. However, if I were building a new ATM network today, I would do a bake-off between the vendors and see which one met my needs best. -David Barak -Fully RFC 1925 Compliant- = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools
Re: ICANN/Registry Agreement:
--- "Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]> wrote: >> ..."hijacking of every non-existent domain name in > existence." > > ..."non-existent ... in existence." > > Several people have said things like that in recent > times. Including > me, I'll bet. > > What exactly does it mean? > > (Yes, I know. We are talking about the fact that > strings submitted for > lookup that have not been registered as names would > not be cause an > error to be returned. And that is clearly a lot > more words, if not a > clearer description of the problem. We need a > wordsmith to give us a > short string that can be converted into a useful > TLA.) > How about this: "Sitefinder gives Verisign revenue from every non-existent, well-formed domain name." -David Barak -Fully RFC 1925 Compliant- __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools
RE: PC Routers (was Re: /24s run amuck)
--- Michel Py <[EMAIL PROTECTED]>
wrote:
> If you have vendor C or vendor J, and all vendor C
> or J routers crap out
> at the same time, you're safe. Yes, you were down
> but so was half of the
> rest of the world, so it's obviously not your fault
> but vendor C or J's
> fault.
> Michel.
>
But this doesn't reflect the way the problems tend to
spread: I've seen cases where something which crushes
C gets injected, carried by Js across a network, and
trashes all of the Cs in the network. However, it
didn't spread to other providers, because the problem
was { too many /32s | weird masks | an IGP messup | a
J bug }
For a problem to spread to other networks, it has to
be perpendicular to the actual BGP configs, because
most carriers apply just enough filtering on their
peers to keep garbage like that out. Problems like
that seem to be mostly customer-initiated. The ones
that spread seem to be M$ related...
-David Barak
-Fully RFC 1925 Compliant-
=
David Barak
-fully RFC 1925 compliant-
__
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
Re: /24s run amuck
I intend to give them a serious look: they sound like they could make good CPE for about 75% of my customers... (and of course, ssh v2 is a big plus :) -David Barak -Fully RFC 1925 Compliant- --- [EMAIL PROTECTED] wrote: > http://www.imagestream.com/Cisco_Comparison.html > > How many of you would buy an Imagestream box to > evaluate for > your next network buildout? > > --Michael Dillon > > = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus
Re: AS Path Loops in practice ?
--- "Stephen J. Wilcox" <[EMAIL PROTECTED]> wrote: > > 3) One advantage of using a public, albeit common, > customer ASN is that if a > > customer has RIR-allocated space, those IPs will > make it onto the global > > table, and will not suffer the filtering which may > be present for the > > provider's own routes. > > Ok this seems to be a difference, altho not sure why > the custs IPs should need > to do anything different from the providers IPs as > presumably both need to be > reachable from everywhere? > There are providers out there who treat $PEER differently from $CUSTOMER_OF_PEER, with regard to aggregation etc. Also, I believe that there used to be providers who would dampen routes on a per-AS basis, rather than on a per-route basis. I am not sure whether anyone still does this. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Re: AS Path Loops in practice ?
--- "Stephen J. Wilcox" <[EMAIL PROTECTED]> wrote: > > > Most (all) large ISP's have a "customer ASN". > This allows a customer > > to connect in multiple places, run BGP, and get > something approximating > > real redundancy to that carrier. However, rather > than allocate one > > ASN to each customer, all customers use the same > "customer ASN". > > Yes, that means they must default to the provider > (and/or have the > > provider provide a default route) to reach the > other customers using > > this technique. > > Perhaps I'm missing something having not done this > myself but why arent the > customers just using private ASNs? That would also > remove the 'must default' > clause. > > Steve 1) It would only remove the "must default" clause if the provider either stripped (or overrode) the local-as, or if all of the private ASNs were unique. That is a big headache. 2) Private ASNs are not, per RFC1918, supposed to be connected to the Internet, in much the same way that private IP space is not supposed to be connected to the Internet. This can also be solved by stripping/overriding. 3) One advantage of using a public, albeit common, customer ASN is that if a customer has RIR-allocated space, those IPs will make it onto the global table, and will not suffer the filtering which may be present for the provider's own routes. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Re: WLAN shielding
--- [EMAIL PROTECTED] wrote: > > >Planning on limiting signal using a physical > mechanism of some sort's > just > >a little too scifi to be useful. > > It's too much effort to shield the room itself, but > you > might want to try making the inverse square law work > for > you by shielding all of the wireless antennae so > that > the signal is too weak to travel more than a meter > or two. Put extra shielded wireless access points on > > the conference tables so that everyone can place > their > laptops within range of a signal. However, if you're talking about one room only, and you're trying to prevent outsiders from sniffing, why not just use a cheap workgroup switch/hub? Having to buy multiple WAPs and insulate them quickly destroys the wireless value-add... -David Barak = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
