Re: IPv6 on SOHO routers?
On 13/03/2008, at 11:30 AM, [EMAIL PROTECTED] wrote: On Wed, 12 Mar 2008 15:06:24 CDT, Frank Bulk - iNAME said: Slightly off-topic, but tangentially related that I'll dare to ask. I'm attending an "Emerging Communications" course where the instructor stated that there are SOHO routers that natively support IPv6, pointing to Asia specifically. Well, of *course* you're more likely to find such SOHO routers in markets where a SOHO router owner might actually be able to use the feature. But in most parts of the US, IPv6 support in a SOHO router is right up there with GOSIP compliance as far as actual usefulness goes... Yup. If you look at the devices claimed to be IPv6 CPE in Asian markets, they're inevitably Ethernet-only, to be used on networks where the customer is provided with an Ethernet jack in their home or apartment complex. Those of us who use ADSL or (heaven forbid) Cable are kinda out of luck. I haven't yet found ADSL2+ CPE that does IPv6 over PPPoE or PPPoA out of the box. (Billion in Taiwan has a device which they've stamped an "IPv6 Ready" sticker onto, but the IPv6 version of the software hasn't left the confines of their lab yet) As far as I've been able to determine, IPv6 SOHO CPE is largely vaporware right now. And lets not even get started on residential grade CPE, that doesn't even appear to be on most vendors' radar _at all_. If anything useful is going to happen in this space, my guess is that it'll be with custom Linux firmware running on a LinkSys blob with no vendor support. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: [admin] [summary] RE: YouTube IP Hijacking
On 27/02/2008, at 11:39 AM, Adrian Chadd wrote: (speaking as someone who has built large ACLs/prefix-lists and has 6MB+ configs that can't be loaded on my routers. without vendor support those that want to do the right thing can't, so the game is lost). I remember the days of making rtconfig work properly in various situations (heck, do people still use that? Does it even do IPv6 right?) Yeah, we use it. And (following a bunch of patches we made a couple of months ago) we've convinced it to do IPv6 too. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Fourth cable damaged in Middle Eest (Qatar to UAE)
On 04/02/2008, at 4:38 PM, Martin Hannigan wrote: I agree with Rod Beck as far as the speculations go. It could be terror, Well, no, it couldn't be. Nobody is being terrorized by this. How can it possibly be a terrorist incident? If it's deliberate, it might be described as an "information warfare tactic." But not terrorism. (visions of some guy sitting a in cave with a pair of wet boltcutters laughing maniacally to himself, cackling, "Ha-ha! Now their daytraders will get upset, and teenagers will get their porn _slower_! Die American scum!" Doesn't really work, does it?) Politicians have succeeded in watering down the definition of the word "terrorism" to the point where it no longer has any meaning. But we're rational adults, not politicians, right? If we can't get it right, who will? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Lessons from the AU model
On 22/01/2008, at 7:30 PM, Mikael Abrahamsson wrote: I am also hesitant regarding billing when a person is being DDOS:ed. How is that handled in .AU? I can see billing being done on outgoing traffic from the customer because they can control that, but what about incoming, the customer has only partial control over that. It isn't hard. For a start, there are only one or two providers where customers ever get excess bills, so we aren't really talking about "billing when a person is being DDOS'ed", we're talking about "rate- limiting after a person has been DDOS'ed." On the rare occasion when it happens, the ISPs who aren't bastards are usually understanding enough to back out measurements which are DDOS related. Whether or not your ISP is a bastard is one of the factors you'd use to determine which ISP is offering a package that fits your needs in a competitive environment. In my observation, customers who are repeatedly DDOS'ed are usually doing something to provoke it. I don't think I've ever seen an instance where a DDOS'ed customer has had a repeat occurrance after that datapoint is illuminated for them. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Lessons from the AU model
he bandwidth cap level is itself contingent on the reasonableness of the metered plan. The metered plan will be reasonable, as dictated by all the competitive pressures you keep banging on about. With multiple vendors of metered Internet access, the vendor offering the best deal will get the customers. "Best" varies according to the eye of the beholder. Some prefer high reliability, zero effective contention, on-net content sources, titanium-plated CPE, clueful support, and hot and cold running network engineers. Some prefer it cheap-and-cheerful, and will prefer the provider that costs the least amount per month regardless of the quality. Some shop at Target, some shop on Rodeo drive. Some buy Ladas, some buy BMWs. You get what you pay for. But even assuming you manage to define a "reasonable" cap, how will you defend it against competitors, and how will you determine when & how to adjust it (presumably upwards) as the basket of "typical" user content and services gets beefier -- or will that simply tip more and more people into some premium user category? You make it sound like this stuff is hard and unworkable. Quotas and prices are adjusted according to competitive pressure. In 2000, Telstra was offering 3 Gbyte per month caps and we were offering 4.5 Gbyte per month. Now the industry norm is more like 40 - 60 Gbytes. I'm sure that in another 2 years it'll be 150 - 200 Gbytes. Competitive pressure is every bit as powerful in a metered marketplace as it is in a non-metered one, and to pretend that the alternative to the current US status quo somehow involves the end of business as we know it is just crazy talk. In Canada, which has much lower transit costs than ,au, the benchmark quota is presently about 100 Gbytes. How many broadband customers in the USA would actually have a problem with that as a limit? Here's a question for you: Power is metered. Water is metered. Gas is metered. Heating oil is metered. Even cable-TV is packaged so that you pay more if you want to use more channels... ... what economic fundamentals exist to suggest that Internet access should be the _only_ domestic utility that's delivered to households unmetered? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Lessons from the AU model
On 22/01/2008, at 10:21 AM, Tom Vest wrote: On Jan 21, 2008, at 6:10 PM, Mark Newton wrote: It goes a bit deeper than that when the monopoly can compound the problem my artificially constraining capacity by underspending on infrastructure (e.g., only lighting one pair on a multi-pair cable) So infrastructure spending can (and does) affect the price. Hi Mark, So you're saying that if a cable owner/monopolist simply lit another fiber pair, that would cause them to reduce prices? No, I'm saying that if another infrastructure provider launched itself onto the marketplace, that'd immediately inspire the incumbent who is presently using scarcity as a justification for high prices to light another fiber pair. It's a bit more complicated than that, but arguing that supply has no effect on price is overly simplistic when there are monopolistic barriers preventing new sources of supply. Put it this way: how would you define (much less calculate) "replacement cost" for an asset whose financing was predicated on a useful of capacity of (x), but which, with fractional additional investment relative to the original outlay, can be leveraged to deliver (x)^4-n capacity -- with n yet to be determined? Must every increment of the now vastly larger resource be priced as it would have been assuming the "original" max cap? How much must the "replacement cost" replace? The original (x) capacity? The as-yet indeterminate (x)^n capacity? The originally anticipated/full scarcity-based/monopoly-backed profits? Whichever one of those comes out to the largest number. Eventually the asset will reach its capacity -- we can't keep upgrading things forever. Submarine cable systems also have a useful working life, so even if they haven't reached capacity they'll run out of legs eventually anyway (the ones installed during the dot-com boom are approaching their half-life) When the cable is full or EOL'ed its owner should have earned enough to build a new one at current market rates. So if they don't have a billion or so dollars stored away somewhere, they're selling below replacement value. Once you get acquainted with the power of that ^n, you'll believe ;-) Unfortunately, your location gives you few opportunities to familiarize yourself. Well, no, we have footprint in Australia, the USA and Japan at the moment. We'd have built out to Europe by now if not for the fact that global IP transit is being sold cheaper than transatlantic transmission, so what's the point of building a POP across the pond? Now, given that transatlantic transmission is already artificially cheap due to the acquisition of distressed assets in 2001, what does that tell you about IP transit pricing? Metered charging systems are, to me, evidence of a realization that the business model underlying much of the Internet's last five years is unsustainable. You guys might think they're a novel and unwelcome arrival at the moment, but give it a few years and we'll see what happens :-) If fine-grained metered pricing comes to the rest of the world, it'll be because people roll over for it (you guys weren't given a choice). No, it won't be because people roll over for it, it'll be because carriers and service providers just get on with it and do it. See my first post to this thread to see the progression which outlines why the introduction of metering by _one_ serious player in any given economy virtually forces every other player to switch to metering as well. Do you think Australian ISPs haven't tried to offer US-style flat-rate services? Of course they have. And they get destroyed in the marketplace. Here's the thing that metering gives you: it stratifies the marketplace. It gives you two classes of customer. One class is customers who know they can live painlessly within the boundaries of whatever quotas you're offering. They don't complain, they just pay their flat monthly bill every month and get on with their lives. The other class is customers who do so much P2P that the imposition of quotas is a painful and unwelcome experience. They whinge and bitch loudly about how awful their ISP is, and migrate en-masse towards whichever ISPs are providing "unlimited" services. The only people who truly care about "unlimited" are the ones who know they can't live within any limits. That means "unlimited" ISPs almost exclusively attract the most voracious, least profitable, noisiest, most difficult to support, loudest complaining customers. And the metered ISPs cater for normal folks who aren't like that. That's the dynamic some of you are missing which makes quotas inevitable. If one moderately large player adopts it, the rest of you are going to have to adopt it too. If/when that happens, I'll be lobb
Re: Lessons from the AU model
On 21/01/2008, at 10:49 PM, Tom Vest wrote: In the absence of competition (and esp. in the presence of risk of empowering competitive entrants), supply has no general/necessary effect on prices at all. So excess capacity of a product that is completely monopolized (or priced by cartel fiat, ala OPEC or SC) is largely irrelevant. It goes a bit deeper than that when the monopoly can compound the problem my artificially constraining capacity by underspending on infrastructure (e.g., only lighting one pair on a multi-pair cable) So infrastructure spending can (and does) affect the price. We get that every day in .au (Transmission on the monopoly route between Melbourne and Hobart costs 3 times more than transmission between Sydney and LA; and other potential cable operators have always known that the monopoly has an excess of supply hidden away somewhere which they can roll out at bargain basement prices if a competitor ever arrives in the market) [ housing ] Come to think of it, our sector has been struggling with its own roughly similar terms-of-exchange crisis since about 2004-2005... arguably driven by very similar prior circumstances as well... worth investigating a bit further perhaps... I think the dominant factor that the American internet sector has been grappling with goes back further than that. It has its origins in the dot-com boom, when lots of people who didn't have any real money rolled out enormous infrastructure buildouts. When they inevitably went broke their infrastructure was bought at cents in the dollar, enabling the current generation of Internet companies to behave as if the infrastructure they're using was a lot cheaper than it really is. So hardly anyone has been selling below cost, but almost everyone has been selling below replacement cost. So everyone can extract profits for years, making out like bandits as they grow in to the excess capacity that was installed between 1999 and 2001, and they won't have a day of reckoning until they run out of capacity and find that they haven't been earning enough from their networks to service the debt they're going to need to take out to perform the next round of infrastructure upgrades. Example: You cannot seriously expect me to believe that the price of transatlantic connectivity actually reflects the cost of laying cables across the Atlantic. It defies common sense that a Gig-E tail from NYC to London is priced within an order of magnitude of a Gig-E tail from NYC to Boston. Metered charging systems are, to me, evidence of a realization that the business model underlying much of the Internet's last five years is unsustainable. You guys might think they're a novel and unwelcome arrival at the moment, but give it a few years and we'll see what happens :-) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Lessons from the AU model
On 21/01/2008, at 12:43 PM, Martin Barry wrote:
This was basically setting up the next comment which was in relation
to how
this situation ("my customer is now at a multi-lateral peering point
I'm on")
is not really an issue as far as the bean-counters are concerned.
Unless any
ratio limit you have was applicable to that customer.
We don't really have a lot of ratio-limit issues over here. Nobody
is going to say, "Our traffic is way imbalanced so I'm not peering
with you anymore," when transit costs hundreds of bucks per megabit.
The industry in .au is very firmly stratified into one group
containing Telstra, Singtel/Optus, AAPT/TNZ and MCI-703, and another
group containing everyone else. The everyone-else crowd (which
makes up well over half of the domestic marketplace) is perfectly
happy to exchange traffic with each other on almost any terms
whatsoever if it means they can reduce or elminiate their financial
commitments to the other four.
- mark
--
Mark Newton Email: [EMAIL PROTECTED]
(W)
Network Engineer Email:
[EMAIL PROTECTED] (H)
Internode Systems Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Lessons from the AU model
On 21/01/2008, at 11:02 AM, Randy Bush wrote: and pricing in australia had nothing to do with a monopilist telco with a rapacious plan highly well articulated and sold to the govt by an arch-capitalist with a silver tongue? It used to, but not so much now. The access tail price is still dominated by Telstra's macinations, but national SDH capacity is relatively competitive these days, and Telstra are almost completely uninvolved in transpacific pricing. Transpacific pricing is more driven by the duopoly effects of AJC and Southern Cross. Will be interesting to see how PPC-1 shakes the market up next year. We're looking forward to it. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: An Attempt at Economically Rational Pricing: Time Warner Trial
On 21/01/2008, at 7:53 AM, Jeff Johnstone wrote: All of these discussions ignore the developments taking place in the consumer electronics marketplace. A quick glance at this years consumer electronics show in Vegas shows a HUGE variety of home, mobile and automobile consumer devices using IP services. These devices, AppleTV as an example, will require large bandwidth commitments. Sure. But it isn't an ISP's job to provide below-cost infrastructure to subsidize the bandwidth requirements of Sony and Apple. Pricing should be set without reference to the application developers. If the application developers end up building applications which are too expensive to use, then that's their loss. Nobody in the service- provider industry should be going out of business because they can't afford the infrastructure needed to give their AppleTV users 20 Gbit/sec ports when Cupertino comes out with HD Video in a few years time. Add this to IP based telephony and you can't just "shut off" a users service after they reach a cap, you would be removing their emergency services access. Why can't you? We do it all the time. You shape to 64kbps, which is more than enough bandwidth to run a SIP session with a low-end CODEC. Phone calls still work, hardly anything else does. (performance on a Virtual-Access interface with a rate-limit on it is way worse than performance on a BRI interface without a rate-limit because rate-limits lead to tail-drops, which spooks TCP very, very badly. So 64kbps is actually worse than it sounds for TCP applications, but constant bitrate CODECs deal with it just fine) Hopefully we won't be seeing "basic" internet services of a couple of gig per month and "channel" offerings of AppleTV, all you can eat as "tier 2 plan", or "other service" as "teir 3 plan". You guys seem to be behaving as if this stuff hasn't happened before. No, you won't see "basic" internet on a couple of gig per month. You'll see "basic" internet on 40 - 60 Gbytes per month, which is more than most mortals use in any given 30 day period (like, ferchrissakes, who needs 2 Gbytes per day, day in day out? Grandma certainly doesn't use that much when she's checking her email...) Alongside this discussion is AT&T's direction of content censorship and its impact on end users. No, the two issues are completely orthogonal. You're supposed to be a network operator, stop thinking like an end user. Our help desks are going to take a huge hit in the future as we start trying to troubleshoot issues where the general rule of "I'll pass any packet I get" becomes "I will pass any packet I am payed for and have dissected for content, and after I have determined that the rest of the stream won't push my end user over his network cap this month". No, metering means the network neutrality debate undergoes gravitational collapse, and caring about what's inside a packet turns into a total waste of time. You don't need to care about whether a packet has been paid for because you know that every packet has been paid for. That's what metering delivers. Why do you think the DPI vendors haven't had much traction outside of Europe and North America? It isn't because the rest of the world can't afford them. It's because Europe and North America are where all the "unlimited" access services are sold, so they're the places where DPI is actually needed. Would you need to spend millions with Ellacoya or Sandvine if your customers imposed their own self-created backpressure against P2P usage? Again: Some of the significant economies on the Internet have done this already. The TWC paper isn't trailblazing, and every issue you can think of to explain why it'll be horrible and won't work has already been demolished by real-life day-to-day business in other countries. You guys who are behaving as if the sky will fall are going to have to explain why the Internet industry hasn't ceased to function in .au and .nz before you get on to explaining why its collapse would be inevitable in the USA. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: An Attempt at Economically Rational Pricing: Time Warner Trial
On 19/01/2008, at 6:41 AM, Michael Holstein wrote: My guess is the market will work this out. As soon as it's implemented, you'll see AT&T commercials in that town slamming cable and saying how DSL is "really unlimited". Meanwhile, on TWC where downloading the entire Internet over bittorrent every month is expensive, the disproportionately high users will have migrated to other ISPs. That'll have some pretty obvious and inevitable effects: * TWC's cost of operations will drop because they won't have to provision bandwidth and infrastructure for people downloading billions of terabytes per month (slight exaggeration :-) * TWC's perceived performance will increase in some neighborhoods because their coax local loops won't be congested anymore. That'll make their customers happy. * TWC's competitors who still offer "all you can eat" broadband will find themselves attracting the customers who can't afford to use TWC anymore, i.e., the heavy users who cost zillions of dollars to support. That'll push their cost base sky-high, even as they send out triumphant press releases bragging about their fantastic growth rates (customer headcount: Growing! Transit requirements: Growing! Revenues: Growing, a little bit) * Because TWC's competitors won't be able to afford infrastructure upgrades to match the usage habits of their newfound customers, over time they'll become congested and start turning down the screws on their DPI boxes and/or putting their prices up. All their newfound customers will say, "You've changed, man," as they dis 'em in the marketplace. TWC's competitors' customers will be sad. * Over time, TWC's competitors will decide that the path of least resistance is to switch to usage based pricing just like TWC has. For these reasons, I'm pretty sure that it only takes one player with significant market share in any given economy to switch to usage based pricing to eventually force all the others to eventually switch to usage based pricing as well. In .au, where this is commonplace (and has been since the mid '90s), we occasionally get naive providers starting up who offer "unlimited Internet". They invariably instantly attract all the heavy P2P users, their performance goes down the toilet, and they run out of money in about six months. Then a new "unlimited Internet" company springs up, lather, rinse, repeat. The P2P users don't care, they treat each new ISP as a thing to be used to feed their habit. As long as they can leave each carcass behind after they've sucked it dry they're happy enough. The more sensible end of town pays about $80 per month for about 40 Gbytes of quota, give or take, depending on the ISP. After that they get shaped to 64 kbps unless they want to pay more for more quota. Bytecounts are retrieved via SNMP (for business customers) or Radius (for DSL, dial, ISDN, etc). When transit is costing $250 per megabit per month, there aren't many other options. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Oregon storms affect trans-pacific traffic
On 05/12/2007, at 9:29 AM, John Savageau wrote: If there is anything we at One Wilshire can do to assist any network in dealing with this, or recovering from the storm - let us know. We can probably facilitate some emergency cross connections or if you are connected to our IXP (Any2) nail up sessions for those carriers present within One Wilshire within a few hours. SCCN have carried out a temporary repair, and services are now restored (ours are, in any case -- Two of our six unprotected STM-4's on SCCN were affected by this, but they're now back) There'll likely be some further outages down the track while the temporary repair is made permanent. But at least the emergency has been mitigated. Sounds like things are pretty bad at Portland, Oregon. Repair took over 24 hours because flooding prevented the splicing crews from getting to the worksite. Ouch. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Why do some ISP's have bandwidth quotas?
On Sun, Oct 07, 2007 at 10:33:19AM -0500, Joe Greco wrote: > Well, since I didn't insist that you follow any definition of "reasonable", > and in fact I started out by saying > > : Continued reliance on broadband users using tiny percentages of their > : broadband connection certainly makes the ISP business model easier, but > : in the long term, isn't going to work out well for the Internet's > : continuing evolution. With respect, Joe, you also said this: # Of course, that's obvious. The point here is that if your business is so # fragile that you can only deliver each broadband customer a dialup modem's # worth of bandwidth, something's wrong with your business. Now, I don't know what you think you've trying to achieve by throwing around doubts and aspersions about other peoples' business viability without the faintest idea about the constraints said businesses are working under, but whatever it is I doubt you're achieving it :-) Thought experiment: With $250 per megabit per month transit and $30 - $50 per month tail costs, what would _you_ do to create the perfect internet industry? Be warned that the industry is already full of sharks who don't know what they're talking about, and if what you suggest happens to match the business model deployed by one of those guys who has subsequently gone broke, I reserve the right to point and laugh derisively. Yours, - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Why do some ISP's have bandwidth quotas?
On Sat, Oct 06, 2007 at 10:16:16AM -0500, Joe Greco wrote: > > So to run the numbers: A customer who averages .25Mbit/sec on a tail > > acquired > > from the incumbent requires -- > > > >Port/line rental from the telco ~ $50 > >IP transit~ $ 6 (your number) > >Transpacific backhaul ~ $50 (I'm not making this up) > > These look like great places for some improvement. Of course. Transpacific backhaul may drop in price once the AJC/Southern Cross duopoly is broken. Perhaps 2009, we'll have to see. Port/line rental? Ha. We have an incumbent telco who owns 100% of the copper local loop, who is so aggressive about protecting their monopoly that they've actually sued the Federal Government to obtain relief from the requirement to offer wholesale access to the local loop to their competitors. The competition regulator has recently imposed an order on them to drop their price of access to the raw copper; The incumbent's response has been to initiate a national political debate during the present federal election campaign campaign over the merits of a nation-wide Fiber-To-The-Node network which, just coincidentally, requires the exclusion of competition to make the numbers in the business case add up. So I wouldn't be holding my breath about that one. > > Like I said a few messages ago, as much as your marketplace derides > > caps and quotas, I'm pretty sure that most of you would prefer to do > > business with my constraints than with yours. > > That's nice from *your* point of view, as an ISP, but from the end-user's > point of view, it discourages the development and deployment of the next > killer app, which is the point that I've been making. Generalizing: We're living in an environment where European service providers use DPI boxes to shape just about everyone to about 40 Gbytes per month, and where US service providers have enough congestion in their reticulation networks that the phrase "unlimited access" carries ironic overtones, and where Australian and New Zealand service providers give uncongested access at unconstrained ADSL2+ rates for as much capacity as an end user is prepared to pay for, and Asian ISPs where in-country is cheap but international is slow and expensive (but nobody cares because they don't speak English and don't need international content anyway), and most of the rest of the world is so expensive that hardly anyone uses it anyway. If there's another killer app on the way, there are enough global constraints on its development that I reckon Australian ISPs' business cases probably aren't the be-all and end-all of its developmental merits. Five years ago the typical .au quota was 3Gbytes per month. Now it's more like 30 - 50 Gbytes per month. If there's a killer app there'll no doubt be commercial pressure on ISPs to bump it again. But until said app comes along? Well, it isn't an ISPs job to subsidize the R&D overheads of application developers, is it? The point here is that you guys in the US have a particular market dynamic that's shaped your perspective of what "reasonable" is. It's completely delusional of you to insist that the rest of the world follow the same definition of "reaosnable", *ESPECIALLY* when the rest of the world is subsidizing your domestic Internet by paying for all the international transit. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Why do some ISP's have bandwidth quotas?
On Fri, Oct 05, 2007 at 01:12:35PM -0400, [EMAIL PROTECTED] wrote: > As you say, 90GB is roughly .25Mbps on average. Of course, like you pointed > out, the users actual bandwidth patterns are most likely not a straight > line. 95%ile on that 90GB could be considerably higher. But let's take a > conservative estimate and say that user uses .5Mbps 95%ile. And lets say > this is a relatively large ISP paying $12/Mb. That user then costs that ISP > $6/month in bandwidth. (I know, that's somewhat faulty logic, but how else > is the ISP going to establish a cost basis?) If that user is only paying > say $19.99/month for their connection, that leaves only $13.99 a month to > pay for all the infrastructure to support that user, along with personnel, > etc all while still trying to turn a profit. In the Australian ISP's case (which is what started this) it's rather worse. The local telco monopoly bills between $30 and $50 per month for access to the copper tail. So there's essentially no such thing as a $19.99/month connection here (except for short-lived "flash-in-the-pan" loss-leaders, and we all know how they turn out) So to run the numbers: A customer who averages .25Mbit/sec on a tail acquired from the incumbent requires -- Port/line rental from the telco ~ $50 IP transit~ $ 6 (your number) Transpacific backhaul ~ $50 (I'm not making this up) So we're over a hundred bucks already, and haven't yet factored in the overheads for infrastructure, personnel, profit, etc. And those numbers are before sales tax too, so add at least 10% to all of them before arriving at a retail price. Due to the presence of a quota, our customers don't tend to average .25 Mbit/sec over the course of a month (we prefer to send the ones that do to our competitors :-). If someone buys access to, say, 30 Gbytes of downloads per month, a few significant things happen: - The customer has a clear understanding of what they've paid for, which doesn't encompass "unlimited access to the Internet." That tends to moderate their usage; - Because they know they're buying something finite, they tend to pick a package that suits their expected usage, so customers who intend to use more end up paying more money; - The customer creates their own backpressure against hitting their quota: Once they've gone past it they're usually rate-limited to 64kbps, which is not a nice experience, so by and large they build in a "safety margin" and rarely use more than 75% of the quota. About 5% of our customers blow their quota in any given month; - The ones who do hit their quota and don't like 64kbps shaping get to pay us more money to have their quota expanded for the rest of the month, thereby financing the capacity upgrades that their cumulative load can/will require; - The entire Australian marketplace is conditioned to expect that kind of behaviour from ISPs, and doesn't consider it to be unusual. If you guys in North America tried to run like this, you'd be destroyed in the marketplace because you've created a customer base that expects to be able to download the entire Internet and burn it to DVD every month. :-) So you end up looking at options like DPI and QoS controls at your CMTS head-end to moderate usage, because you can't keep adding infinite amounts of bandwidth to support unconstrained end-users when they're only paying you $20 per month. (note that our truth-in-advertising regulator doesn't allow us to get away with saying "Unlimited" unless there really are no limits -- no quotas, no traffic shaping, no traffic management, no QoS controls. Unlimited means unlimited by the dictionary definition, not by some weasel definition that the industry has invented to suit its own purposes) - There is no net neutrality debate to speak of in .au because everyone is _already_ paying their way. Like I said a few messages ago, as much as your marketplace derides caps and quotas, I'm pretty sure that most of you would prefer to do business with my constraints than with yours. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Why do some ISP's have bandwidth quotas?
On Thu, Oct 04, 2007 at 03:50:11PM +0100, Leigh Porter wrote: > Also there may be more tax costs, staff costs, equipment costs with > import duty etc which obviously means buying more equipment to support > more throughput costs more money. The biggest issues are the transmission costs to get to the USA. There are basically two cable systems, Southern Cross and AJC (we'll ignore SEA-ME-WE-3 because you can only buy STM-1's on it, and who wants to mess around with trivialities like that?) Ask an economist what happens to prices in duopoly environments. The cost of crossing the Pacific is north of US$200 per megabit per month in .au, which I reckon is about ten times what it costs you Europeans to get across the Atlantic (or what it costs the Japanese to cross the very same Pacific) There are a few cable projects underway at the moment which may break the duopoly, e.g., http://www.pipenetworks.com/docs/media/ASX_07_08_09%20Runway%20Update%204%20-%20BSa.pdf I suspect we're going to have an interesting few years. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Wed, Oct 03, 2007 at 12:02:31PM +0200, Iljitsch van Beijnum wrote: > The tricky part is that we're not going to agree on that as a > community, so the status quo will persist until someone cares enough > to do something drastic that moves the entire industry in one > direction or another. That isn't actually true. I could move to IPv6 and deploy a NAT-PT box to give my customers access to the v4 Internet regardless of whatever the rest of the community thinks. This whole "debate" is a complete waste of time, because everyone, yourself included, knows that regardless of what consensus we end up with, at the end of the day if NAT makes sense NAT will be deployed. End of story, game over. This whole meme that says we need the entire industry to move in the same direction at the same time is yet another delaying fallacy, and yet another example of you proposing that we all behave like old-skool telcos inside the exact same 24 hour period when you decry any suggestion that we act like old-skool telcos. Whatever. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 10:33:43PM +0200, Iljitsch van Beijnum wrote: > On 2-okt-2007, at 16:10, Stephen Sprunk wrote: > >You can't trust the OS (Microsoft? hah!), you can't trust the > >application (malware), and you sure as heck can't trust the user > >(industrial espionage and/or social engineering). The only way > >that address-embedding protocols can work through a firewall, > >whether it's doing NAT or not, is to use an ALG. > > You assume a model where some trusted party is in charge of a > firewall that separates an untrustworthy outside and an untrustworthy > inside. This isn't exactly the trust model for most consumer networks. Err, it is. Really, it is. Residential-grade customers employ trusted parties like "DLink", "Alloy", "Alcatel", "Linksys", and various others to be in charge of the firewall that separates the untrustworthy internet from their inside network. Corporate-grade customers employ trusted parties as staff. SMEs are somewhere in between, often substituting their ISP as a proxy for "staff." Ether way you cut it, the model you've just dismissed is _exactly_ the way the real world works. > Also, why would you be able to trust what's inside the control > protocol that the ALG looks at any better than anything else? You can't. So if the control protocol can possibly do anything bad, the firewall administrator says, "Well, can't let this take control of my network, I'll just block it." ... which breaks end-to-end reachability every bit as effectively as a NAT box does, regardless of whether or not the firewall employs NAT. Which is why various correspondents in this thread have repeatedly pointed out that any assertion that an IPv6 Internet is going to be any more end-to-end than an IPv4 Internet is delusional. > >The defense and healthcare industries will force vendors to write > >those ALGs (actually, make minor changes to existing ones) if they > >care about the protocols in question because they have no choice -- > >security is the law. > > Seems to work well, that law. > > But these people don't complain when their video streaming/chatting > doesn't work out of the box. Oh yes they do. You better believe it. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 10:07:19PM +0200, Iljitsch van Beijnum wrote: > >IPv6 will happen. Eventually. And it'll have deficiencies which > >some believe are "severe", just like the IPv4 Internet. Such as > >NAT. Deal with it. > > If you want NAT, please come up with a standards document that > describes how it works and how applications can work around it. Just > implementing it and letting the broken applications fall where they > may is so 1990s. Ah, how obstructive of you. "We can't possibly do this until a multi-volume standards document has been written which encompasses and solves every conceivable problem with absolute perfection. Have it on my desk by 5pm." No, that's not how we do things on the Internet. It _is_ how they do things on those old-school telco networks you keep telling us to avoid emulating, but it's not our way. Never has been, likely never will be (and, indeed, I'd put it to you that the reason we're all talking about IPv6 in 2007 instead of _using_ it is because the IETF tried the old-school way instead of the Internet way to solve the running-out-of-addresses problem) > >If you believe that v4 exhaustion is a pressing problem, then I'd > >humbly suggest that 2007 is a good time to shut the hell up about > >how bad NAT is and get on with fixing the most pressing problem. > > "NAT is not a problem" and "running out of IPv4 address space is a > problem" can't both be true at the same time. With enough NAT > lubrication you can basically extend the IPv4 address space by 16 > bits so you don't need IPv6. Don't you think that's a bit of an oversimplification? With respect, Iljitsch, if you want a "long and bloody argument" about IPv6 NAT, and you engineer one by constructing straw men to argue against, my guess is that the blood on the walls at the end of the process will be yours. > >If we're successful, there'll be plenty of time to go back and > >re-evaluate NAT afterwards when IPv6 exhaustion is a distant memory. > > Right. Building something that can't meet reasonable requirements > first and then getting rid of the holes worked so well for the email > spam problem. My email works. How about yours? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 09:50:09PM +0200, Iljitsch van Beijnum wrote: > On 2-okt-2007, at 16:55, Mark Newton wrote: > >So everyone will deploy IPv6 applications, which require no ALGs, > >instead. > >Isn't that a solution that everyone can be happy with? > > Well, I can think of a couple of things that make me unhappy: Doubtless. > - IPv4 vs IPv6 is completely invisible to the user. I regularly run > netstat or tcpdump to see which I'm using, I doubt many people will > do that. So if IPv6 works and IPv4 doesn't, that will look like > random breakage to the untrained user rather than something they can > do something about. With respect, that's why a bunch of us have been suggesting using techniques such as NAT-PT to make sure taht IPv6 works _and_ IPv4 works. If the mechanisms used lack sufficient quantities of perfection, they'll be modified until they're "good enough." > - If we do NAT-PT and the ALGs are implemented and then the > application workarounds around the ALGs, it's only a very small step > to wide scale IPv6 NAT. And thus the sky falls. Perhaps it's a perspective issue, but I really don't see a problem with that. If the network works, who cares? Perhaps you'd be happier if, in recognition of the fact that NAT appears to be a dirty word, we called it something else. The IPv6 people have already jumped on this bandwagon, so it shouldn't be a huge gulf to bridge: SHIM6 is basically wide-scale highly automated NAT, in which layer-3 addresses are transparently rewritten for policy purposes (a "SHIM6 middlebox," if it ever existed, would be indistinguishable from a NAT box), so we have a start here: If we rename NAT, it becomes acceptable to IPv6 proponents. So my proposal is this: Instead of saying, "NAT," from now on we should say, "Layer-4 switch." I don't know about you, but I feel comfortable deploying a network which has layer-4 switches in it. I already have layer-2 and layer-3 switches, so I might as well collect the whole set. That solution to this quagmire also solves the other great problem that you seem to have in gaining acceptance: There are legitimate uses for NAT right now, and there will be in the future, so arguing for the elimination of a useful tool before we can move the Internet forward strikes me as a fundamentally regressive argument. Perhaps in years to come we'll look at the people who argue for the elimination of layer-4 switches in the same way that we look at 1980's campus network administrators who thought the whole organization should be one big broadcast domain, with no place for layer-3 switches. "Ah, look at that, he doesn't like NAT. How... quaint." :-) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 01:50:57PM +0200, Iljitsch van Beijnum wrote: > ALGs are not the solution. They turn the internet into a telco-like > network where you only get to deploy new applications when the powers > that be permit you to. No, they turn the Intenret into a network where you only get to deploy new IPv4 applications when the powers that be permit you to. So everyone will deploy IPv6 applications, which require no ALGs, instead. Isn't that a solution that everyone can be happy with? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
ssing problems of the time, then going back and fixing it later when the heat has died down if the suboptimal solutions create their own new problems. If you believe that v4 exhaustion is a pressing problem, then I'd humbly suggest that 2007 is a good time to shut the hell up about how bad NAT is and get on with fixing the most pressing problem. If we're successful, there'll be plenty of time to go back and re-evaluate NAT afterwards when IPv6 exhaustion is a distant memory. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Mon, Oct 01, 2007 at 09:18:43PM -0500, Stephen Sprunk wrote: > That depends. If Amazon sees absolutely no ill effects from v6 users > reaching it via v4, then they obviously have little technical incentive to > migrate. OTOH, if that is true, then all the whining about how "evil" > NAT-PT is is obviously bunk. We can't have it both ways, folks: either > NAT-PT breaks things and people would move to native v6 to get away from > it, or NAT-PT doesn't break things and there's no reason not to use it. The IPv4 Internet has been awash with dodgy NATs that negatively affect functionality ever since NAT arrived on the scene. What has happened? Well, application protocols have evolved to accommodate NAT weirdness (e.g., SIP NAT discovery), and NATs have undergone incremental improvements, and almost no end-users care about NATs. As long as they can use the Google, BitTorrent and Skype, most moms and dads neither know nor care about any technical impediments NATs erect between them and their enjoyment of the Internet. There's no rational reason to believe that NAT-PT would be any different. If NAT-PT breaks stuff, it'll get improved. It'll keep getting better until we don't need it anymore (or forever, whichever comes first) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: death of the net predicted by deloitte -- film at 11
On Sun, Feb 11, 2007 at 02:39:04PM -0800, Joseph Jackson wrote: > My CIO is convinced that Google is going to take over the internet and > everyone will pay google for access. He also believes that google will > release their own protocol some sort of Google IP which everyone will > have to pay for also. Sounds great. We won't all have to move to IPv6 after all! - mark :-) -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Collocation Access
On Thu, Dec 28, 2006 at 12:13:07AM +0100, Leo Vegoda wrote: > My driving license doesn't have a photograph on it, so using it as an > identity document is pointless. There's no way for a minimum-wage security grunt to verify the particulars of my passport, so using it as an identity document is pointless. Even if they could verify it, my passport says nothing about whether or not I'm authorized to enter any colocation facilities, so using it as an identity document would *still* be pointless. Lets keep our eyes on the real issue here, which is that requiring handover of an "identity document" usually has very little to do with actual identification. These places are making you hand over something of value to lessen the likelihood that you'll leave without following their sign-out procedures. They're basically using security window-dressing (identification requirements) to solve a procedural/business issue. It makes no difference to them whether you hand over your passport, drivers license, car keys, marriage license or firstborn son, as long as you sign-out and hand back your visitors pass on the way out of the building when you're finished. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Net Neutrality Legislative Proposal
On Tue, Jul 11, 2006 at 03:58:00PM +0200, Florian Weimer wrote: > > Eh? Of course they are. They're selling transit to their cable > > modem customers, surely? > > Quote from a typical terms of service agreement: I think you're missing the point, Florian. Regardless of any retail restrictions, the fact still remains that your local Cable company is selling connectivity to other peoples' autonomous systems. That's transit. And that's what eBay and Google don't sell. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Net Neutrality Legislative Proposal
On Tue, Jul 11, 2006 at 09:39:50AM +0200, Florian Weimer wrote: > * Mark Newton: > > On Tue, Jul 11, 2006 at 07:58:48AM +0200, Florian Weimer wrote: > > > (I've wondered for quite some time if "net neutrality" implies that > > > Ebay or Google must carry third party traffic on their corporate > > > networks, by the way.) > > eBay and Google aren't selling transit. > > Neither is your local cable company. 8-) Eh? Of course they are. They're selling transit to their cable modem customers, surely? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Net Neutrality Legislative Proposal
On Tue, Jul 11, 2006 at 07:58:48AM +0200, Florian Weimer wrote: > (I've wondered for quite some time if "net neutrality" implies that > Ebay or Google must carry third party traffic on their corporate > networks, by the way.) eBay and Google aren't selling transit. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: shim6 @ NANOG (forwarded note from John Payne)
On Fri, Mar 03, 2006 at 09:50:55PM +0100, Iljitsch van Beijnum wrote:
> On 3-mrt-2006, at 21:43, Brandon Ross wrote:
> >What's worse is that unless people start changing their tune soon
> >and make the ownership of IP space official, this will be a black
> >market (like it is now, just much bigger).
>
> But that will end as soon as interdomain routing is protected by
> certificates given out by the RIRs.
No, it'll end as soon as those certificates become mandatory.
Which will, in my humble estimation, happen at some point near the
year 4523.
("Hey, guys, you're all using these CIDR blocks which have real
monetary value, how about you all agree to deploy this technology
which will make them all valueless again? Huh? Hello? Anyone
listening? Where'd everyone go?")
- mark
--
Mark Newton Email: [EMAIL PROTECTED] (W)
Network Engineer Email: [EMAIL PROTECTED] (H)
Internode Systems Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: shim6 @ NANOG (forwarded note from John Payne)
On Thu, Mar 02, 2006 at 10:44:01PM +0100, Iljitsch van Beijnum wrote: > >And why would those people consider migrating to IPv6? > > Because they can't get IPv4 addresses or so many other people use > IPv6 (because _they_ can't get IPv4 addresses) that communicating > with them natively is important. > But today there are still enough IPv4 addresses (I just checked: we > still have 1444.12 million addresses or 86.08 /8s) so that won't > happen for a few more years. You've probably seen Geoff Huston's comments about this; I tend to agree with him here. When IPv4 space is exhausted, the sky won't fall; We'll simply work out an address space management policy which is different from the one we have right now. Right now we can hand them out to anyone who demonstrates a need for them. When they run out we'll need to be able to reallocate address blocks which have already been handed out from orgs who perhaps don't need them as much as they thought they did to orgs which need them more. Sounds like a marketplace to me. How much do you think a /24 is worth? How many microseconds do you think it'll take for members of each RIR to debate the policy changes needed to alter their rules to permit trading of IPv4 resource allocations once IANA says, "No!" for the first time? That'll be interesting, because it'll place a cost on not migrating to IPv6: If an ISP wishes to grow its business it'll need to have sufficient resources to buy the address space it needs. We'll also have a reasonably good idea of what it'd cost to perform an IPv6 migration as we gather feedback from orgs who have actually done it. My guess is that we'll keep using IPv4 until the cost of growing businesses with the old address space exceeds the cost of migrating to the new one. One thing that Geoff hasn't been cynical enough to put forward is the idea that orgs with lots of valuable, monetized address space may very well end up lobbying the IAB and RIRs to erect new cost structures around green-fields IPv6 allocations as well, to make sure that the profit-providing marketplace survives for as long as possible by making the IPv6 migration process as expensive and inconvenient as possible. What will happen when the MCI's of the world discover that the race to $0 for IP transit prices has created a world in which they make more money by selling their IPv4 addresses than they make by selling Internet access? Will we see them coming out as a strong supporter of restrictive RIR policies and IPv6 technologies which don't work as a way of artificially boosting the price of IPv6? It's going to be a fun ride :-) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: shim6 @ NANOG (forwarded note from John Payne)
On Thu, Mar 02, 2006 at 03:51:43PM +0100, Iljitsch van Beijnum wrote: > >Now, some may take that as a sign the IETF needs to figure out how > >to handle 10^6 BGP prefixes... I'm not sure we'll be there for a > >few years with IPv6, but sooner or later we will, and someone needs > >to figure out what the Internet is going to look like at that point. > > It won't look good. ISPs will have to buy much more expensive > routers. At some point, people will start to filter out routes that > they feel they can live without and universal reachability will be a > thing of the past. But don't we filter out routes we feel we can live without *right now* without the world ending? I mean, who accepts prefixes longer than /24 these days anyway? We've all decided that we "can live without" any network smaller than 254 hosts and it hasn't made a lick of difference to universal reachability. What's to stop someone who wants to carry around less prefixes from saying, "Bugg'rit, I'm not going to accept anything smaller than a /18"? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Shim6 vs PI addressing
On Thu, Mar 02, 2006 at 02:21:45AM -0800, Owen DeLong wrote: > Yes, I am well aware of 32bit ASNs. However, some things to consider: > 1. Just because ASNs are 32 bits doesn't mean we'll instantly > issue all 4 billion of them. The reality is that we probably > only need about 18 bits to express all the ASNs well need for > the life of IPv6, but, 32 is the next convenient size and there's > really no benefit to going with less than 32. It's probably worth using this juncture to point out that exactly the same principle applies to the bit-width gap between IPv4 and IPv6: the fact that IPv6 gives 128 bits doesn't mean we're going to allocate all of them right away. The number of networks in use is not driven by the size of the address space; it's driven by the number of enterprises who wish to connect to the Internet, the number of sites at which they wish to connect, the number of interfaces they wish to use to carry out their interconnections, and the number of hosts they're bringing along with each connection. Notice that none of that has anything to do with the version number of the protocol which those hosts are speaking. By any way you measure it, Internet growth is a function of end-user demand, not a function of the number of bits in an IP address. We can spend another decade talking about how to manage routing table growth if we really want to, but during that decade the routing table is going to *keep growing anyway*. If we want to prevent it from growing, the only real way to do it is going to be at the demand side -- which is another way of saying that we'd need to address and control all of the clauses I iterated through two paragraphs ago. When you distill *that* message to its essence, you can restate it like this: "We can control the growth of the IP routing table by making it harder for people to connect their networks to the Internet." Because that's what the advocates for IPv6 universal PA space are *really* saying, once you remove all the smoke and mirrors. ... which neatly explains a major reason for why IPv6 hasn't taken off, and why shim6 remains vapourware despite many years of discussion and the presence of a clear, unambiguous demand for a solution to the multihoming problem. What's the way out? Acknowledgement of the fact that the size of the routing table is a function of the size of the Internet. Y'know, one of those "duh!" statements. If we expect the Internet to grow past 32-bit limitations, we're going to have to expect the routing table to grow past the constraints which that 32-bit world has imposed upon it. Solving *that* problem is, IMHO, overwhelmingly preferable to breaking multihoming and handing routing policy decisions over to the viruses and worms which control each host. (note that I'm not pretending that solving the routing table growth problem is -easy-, it's just plainly obvious to me that it'll need to be solved anyway, and the IPv6 PA advocacy that keeps coming up seems to be an exercise in denial...) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Network Map Generator
On Mon, Sep 26, 2005 at 05:58:21PM -0500, Joe Johnson wrote: > I'm looking more for something that will let me create either a cascading > down tree format of the network, or as a drill-down map with major > components on the main screen and dependencies available by clicking on the > parent. For that, I just need a dynamic org-chart type component that will > let me generate the views based on parent-child dependencies. Anyone know > of something down those lines, instead? http://nodemap.internode.on.net GPL. Produces heirarchical drill-down style maps, highlights packet loss, congestion, unreachability, etc. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: London incidents
On Mon, Jul 11, 2005 at 10:57:55PM -0400, Steven M. Bellovin wrote: > In message <[EMAIL PROTECTED]>, Bill Nash writes: > >Would the folks posting news related events please footnote source URLS, > >especially if arguing over factual details? > > http://networks.silicon.com/mobile/0,39024665,39150177,00.htm > has what Sean was referring to. Then we have this: http://us.cnn.com/2005/US/07/11/tunnels.cell.phones.ap/index.html "The Port Authority of New York and New Jersey, which runs area transit hubs, bridges and tunnels, decided last Thursday to indefinitely sever power to transmitters providing wireless service in the Holland and Lincoln tunnels, spokesman Tony Ciavolella said Monday." [ ... ] "The Department of Homeland Security said the decision in New York to cut off cellular service was made without any recommendation by the federal government's National Communications System, which ensures communications are available during national emergencies." I gotta say, this is pretty typical of the lack of coordination and actual rational thought that goes into reacting to security incidents. There's been -nothing- from the Brits to say that cellphones were involved in their explosions; And DHS says they haven't made any recommendations one way or the other; And there's no reason to believe that the threat to the New York subway system is any higher than usual; And yet someone at the Port Authority has made a unilateral decision to shut off the cells, and now if there -is- a real emergency nobody can call 911. Breathtaking. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Wed, Jul 06, 2005 at 01:06:15AM +0200, Brad Knowles wrote:
> >> The reverse problem is more difficult to deal with -- that of
> >> people wanting to access Chinese (or whatever) sites that can only be
> >> found in the Chinese-owned alternative root.
> >
> > Stipulated. But whose problem *is* that?
>
> The users will make it our problem, if we don't get this sorted out
> soon.
It seems to me that "this" is *already* sorted out, and that all of
this discussion has been about whether to invent new problems, rather
than about whether to solve existing problems.
Alternate root servers exist for one plain simple reason: To give
their operators their own little playpen of TLDs they can mess
around with without ICANN getting in their faces. People who don't
want to own and operate TLDs don't actually give a crap about that
reason.
These operators have been pushing this idea for 6 or 7 years now.
Frankly I'm of the view that if the "benefits" of alternate roots
were in any way desirable *to anyone other than those who operate
them* we'd probably all be using them by now.
But we aren't. And probably never will.
If we probably never will then the alternate root operators can
either stop flogging their dead horse and shuffle off into the sunset,
or they can continue to pollute mailing lists with useless discussions
about whether they have a right to exist every time the concept is
mentioned from now until eternity, just like they do now.
Right now, on July 5th 2005, "The whole alternate-root ${STATE}horse"
has absolutely zero operational impact on any network operators.
So could y'all please perhaps take it to USEnet where it belongs
and let this list get back to normal?
Thanks,
- mark
--
Mark Newton Email: [EMAIL PROTECTED] (W)
Network Engineer Email: [EMAIL PROTECTED] (H)
Internode Systems Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Stanford Hack Exposes 10,000
On Wed, May 25, 2005 at 05:12:18PM -0700, Adam McKenna wrote: > On Wed, May 25, 2005 at 11:59:17PM +, Fergie (Paul Ferguson) wrote: > > Yet another unfortunate disclosure... > > http://www.techweb.com/showArticle.jhtml?articleID=163701121 > > I wonder when schools are going to get the hint and stop using SSN's as ID > numbers.. Around about whenever the US Federal Government gets the hint and passes a bill which makes it illegal to use social security numbers for any purpose other than the administration of social security. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Schneier: ISPs should bear security burden
On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > Any IP that a provider allows servers on should have > distinctive, non-dynamic-looking DNS (and preferably be in a separate > netblock from the dynamically-assigned IPs). What the hell is a "non-dynamic-looking DNS"? Sure, if I see something like "static-192-168-1-1.isp.net" I can be reasonably sure that it's non-dynamic-looking, but what does the same thing look like in Portugese? German? Spanish? French? (Korean? Chinese?) Just wait'll we start getting unicode DNS names in non-English alphabets. Perhaps then you can tell what to look for in a string of Kanji symbols which might be suggestive of the concept of "static". - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Schneier: ISPs should bear security burden
On Wed, Apr 27, 2005 at 06:06:22AM +, Fergie (Paul Ferguson) wrote: > -- Mark Newton <[EMAIL PROTECTED]> wrote: > > On Tue, Apr 26, 2005 at 10:38:00PM -0700, Owen DeLong wrote: > > > So much for any sort of journalistic ethic, fact checking, or, unbiased > > > reporting. > > Schneier isn't a journalist or reporter; He's a security vendor. > > And you're a network engineer. What's your point? Merely that Owen's expectation of "journalistic ethic, fact checking, or unbiased reporting" was misplaced because his remarks are addressing someone who has a vested interest in the outcome of the debate, not an ethical, unbiased disinterested observer. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Schneier: ISPs should bear security burden
On Tue, Apr 26, 2005 at 10:38:00PM -0700, Owen DeLong wrote: > So much for any sort of journalistic ethic, fact checking, or, unbiased > reporting. Schneier isn't a journalist or reporter; He's a security vendor. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Contact from ACM?
I need to talk to someone who can update the bogon filters on www.acm.org. Attempts to reach technical contacts via the website have failed, which is a bit surprising given the nature of the org. If anyone reading this is an ACM member who can pass this message along to someone who cares I'd appreciate it. Thanks, - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Obsolete bogon filtering
On Sat, Mar 12, 2005 at 04:56:09PM -0500, Joe Provo wrote: > > If you run any bogon filtering, can you please check your > > border ACLs and BGP prefix filters to ensure that you're > > no longer preventing access to 58.0.0.0/8 or 59.0.0.0/8 ? > [snip] > > It is useful to point out that APNIC indicates the minalloc > in 59/8 is /20 and 58/8 is /21. I see several prefixes 'in > the wild' which are longer, so where you think you might be > seeing old bogon filters you are potentially seeing registry > minalloc filters. No, we're announcing 59.167.0.0/17 -- Well shorter than the minalloc restriction. We're not dealing with peole who are trying to "enforce" registry allocation guidelines here (note: that's allocation guidelines, not BGP announcement guidelines). We're just dealing with people who are potentially too clueless to breathe, who haven't updated their filters for nearly a year. Speaking of "too clueless to breathe": DShield.org On Wednesday I emailed them to tell them that one of their customers had informed me that they had 58/8 and 59/8 in the blacklists they publish on their website. Somewhere along the line whoever read that email had a small neural collapse immediately afterwards, and imagined that what I had actually said was, "I am a responsible person in charge of 58/8 and 59/8, and you may begin sending IDS logs and exploit reports direct to me for action." Since then I've received about 250 such email messages, and every single one of them pertains to networks which have absolutely nothing to do with me. I emailed them on Thursday and Friday to tell them about their mistake, but they've (thus far) ignored those messages, and I have had no further (non-automated) contact from them. Words fail me. Today it got worse: Apparently they share their database with "netvigator.com", who send out automated "you're hosting an open relay" email messages; So now I'm getting security alerts from two completely different organizations all telling me that IP addresses belonging to a bunch of Asian ISPs I've never heard of are attacking IP addresses belonging to a bunch of American ISPs I've never heard of. As me whether or not I could care less. Go on, ask me. I dare you. Needless to say my spam filter has been receiving some remedial retraining over the last couple of days, and now understands exactly how to deal with anything from netvigator.com and dsheild.org. It's things like this that really point out that most of the Internet is under the custodianship of total amateurs. It's really disappointing to see the level of abject cluelessness I've found surrounding this topic; There are *SO MANY* people out there who have read in a book somewhere that they should be blocking a few things, so they've just blocked 'em without any further thought. Even some Serious Blue-Chip Multinationals appear to have professional Network Security divisions who really should know better, but don't. It's a real eye-opener. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Obsolete bogon filtering
On Thu, Mar 10, 2005 at 11:51:40AM +1030, Mark Newton wrote: > If you run any bogon filtering, can you please check your border ACLs > and BGP prefix filters to ensure that you're no longer preventing > access to 58.0.0.0/8 or 59.0.0.0/8 ? Further to this: If anyone from EV1 hosting is reading this, please get in touch ASAP? We've been talking to a few of your front-line tech support people for a couple of days now, and while it's been fun, we'd kinda like to stop doing that and start talking to someone who acknowledges that there's a problem here and knows how to fix it :-) Thanks, - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Obsolete bogon filtering
Hi. We've recently been allocated address space out of 59.0.0.0/8, which was released to APNIC by IANA about 11 months ago. Prior to that release, it was reserved, and appeared on all the public bogon filtering lists. It obviously isn't supposed to appear on them anymore. If you run any bogon filtering, can you please check your border ACLs and BGP prefix filters to ensure that you're no longer preventing access to 58.0.0.0/8 or 59.0.0.0/8 ? Thanks, - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Open-Source Network Management Tools
On Wed, Sep 15, 2004 at 12:16:15AM -0700, Alexei Roudnev wrote: > In reality, to get best results, use some combination of few such systems. > All have string sides and weak sides. > (For example, snmpstat shows excellent network view, allowing to see exactly > what is going on, and shows good unlimited traffic patterns, such as average > packet size etc, have embedded tickets and reports, but have hardcoded set > of parameters so if you want something out of it's scope, it's not enough. > Others, such as nagual or cricket, allows to monitor everything but can not > show system overview and do not have usage reports. ) Add in Nodemap (http://nodemap.internode.on.net) as a way of gluing things together too. Provides an overview (configurable level of detail) and can be configured with hyperlinks to other places (MRTG/Cricket graphs, site descriptions, etc) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
"Internode Nodemap" network visualization/monitoring software
Posted here on the assumption that some will find it useful: http://nodemap.internode.on.net # Internode Nodemap performs SNMP queries against network devices to # determine the status of network links in complicated networks. # # Using the results of those probes, Nodemap produces visualizations # to convey the "holistic" state of the network. A "drill-down" user # interface is provided which permits detailed link-by-link status # information to be presented at low-levels, with abstracted # summarizations available at higher levels. This enables network # operations staff to determine the current state of a network with # a single glance, without regard to topology complications or the # number of devices on the network. It's GPLed. Simple config examples, screenshots, vast quantities of documentation and mailing list subscription details are on the website referenced above. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
