Re: Anyone from Verio here?
Have you called your ISP today? On 4/16/08, Jake Matthews [EMAIL PROTECTED] wrote: I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet. There is an IRC DDoS bot on EFnet actively attacking users - and has been for quite a while, as you can see from the signon date. I am one of those being hit - any idea how to take care of it? g is [EMAIL PROTECTED] * sharon stone g on @#tcp @#ping @#nsa.gov @#london @#jupe @#dust g using irc.wh.verio.net ooh omnipotence. mm yes gotta get me some of that. g actually using host 81.19.98.235 g has been idle 2mins 12secs, signed on Thu Apr 03 23:53:18
Re: Calling TeliaSonera - time to implement prefix filtering
Yes, it is operational. Best, Marty On 4/15/08, Fred Reimer [EMAIL PROTECTED] wrote: But isn't this what nanog is for? It appears to be more on-topic than the email threads. More E than S. Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS Senior Network Engineer Coleman Technologies, Inc. 954-298-1697 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, April 15, 2008 9:51 AM To: nanog@merit.edu Subject: RE: Calling TeliaSonera - time to implement prefix filtering aut-num:AS29049 and *of course* they don't own 62.0.0.0/8. Own!? I think he was saying that Delta Telecom don't *own* 62.0.0.0/8 and therefore shouldn't be advertising it. Following that Telia shouldn't be accepting the route and then re-announcing it to peers ... Of course! ... /8? ... Azerbaijan? ... What was I thinking?... Still, it would be better to contact the upstream directly and work back through the peering chain because this kind of thing is usually a result of education deficit, not malice. --Michael Dillon
Re: Abuse response [Was: RE: Yahoo Mail Update]
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? Some of the folks that are complaining about abuse response generate revenue addressing these issues. Give me some of that. I'll give you a priority line to the NOC. Disclaimer; No offense intended to security providers, I'm just stating a fact. Best, Marty On 4/15/08, Joe Abley [EMAIL PROTECTED] wrote: On 15 Apr 2008, at 11:22 , William Herrin wrote: There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. At a long-previous employer we once toyed with the idea of having everybody in the (fairly small) operations and architecture/ development groups spend at least a day on the helpdesk every month. The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale. Joe
[admin] RE: Problems sending mail to yahoo?
Folks, Can we wrap the mail threads up or at least move them over to their respective best-places like zorch, nsp-sec, spam-l, asrg, or yet-another-favorite-list-for-spam-religion? We've gone far beyond typical mass-mail operations. Best Regards, Marty -- Martin Hannigan http://www.verneglobal.com/ Verne Global Datacenters e: [EMAIL PROTECTED] Keflavik, Icelandp: +16178216079
[admin] RE: the O(N^2) problem
Folks, Same request as the Yahoo! Mail thread, can we go ahead and wrap this up? Excellent points, intelligent positions, but definitely not operational. This one might be great for ASRG, which has been a little more active lately. Best Regards, Marty -- Martin Hannigan http://www.verneglobal.com/ Verne Global Datacenters e: [EMAIL PROTECTED] Keflavik, Icelandp: +16178216079
RE: nanog volume (was: Problems sending mail to yahoo?)
-Original Message- From: Randy Bush [mailto:[EMAIL PROTECTED] Sent: Monday, April 14, 2008 12:56 PM To: Martin Hannigan Cc: nanog@merit.edu Subject: nanog volume (was: Problems sending mail to yahoo?) Can we wrap the mail threads up actually, i am still learning from some of them. Great, I'll stop the world. -M
Re: Yahoo Mail Update
On Sun, Apr 13, 2008 at 1:58 AM, Ross [EMAIL PROTECTED] wrote: [ clip ] I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon) mail system personnel should be actively participating here, on mailop, on spam-l, etc. A lot of problems could be solved (and some avoided) with some interaction. ---Rsk Why should large companies participate here about mail issues? Last I checked this wasn't the mailing list for these issues: It is an operations list and part of operating a network is delivering content of protocols whether it be http or smtp. [ clip ] But lets just say for a second this is the place to discuss company xys's mail issue. What benefit do they have participating here? Likely they'll be hounded by people who have some disdain for their company and no matter what they do they will still be evil or wrong in some way. They can use an alias if they don't want to publish under their company banner. It is easy for someone who has 10,000 users to tell someone who has 50 million users what to do when they don't have to work with such a large scale enterprise. I find it funny when smaller companies always tell larger companies what they need to be doing. When lots of smaller companies tell larger companies what to do, they typically do it. Part of the value of a community like NANOG is for groups of smaller companies to demonstrate both the positive and negative aspects of products(routers) or services(mail) of others so that these other companies (cisco, Yahoo!, et. al.) can learn from us and either create new products(Nexus 7000) or add features(LISP) and fixes(autosecure) or (abuse desk). The fact that a bunch of little companies are pointing out the operational inefficiencies of large providers (of mail services) should offer some value to them, and to us. The reason why these operations are not open and friendly is because they are overhead and cost of doing business. I doubt you'll see any investments in making it easier, but if the interaction process was better explained or simplified, it might be helpful. Having some provider or group(MAAWG?) explain the new and improved overhead driven mail/abuse desk would make an excellent NANOG presentation, IMHO, and it could include a V6 slant like and to handle V6 abuse issues the plan is.. Best, -M
RE: Problems sending mail to yahoo?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Shein Sent: Friday, April 11, 2008 5:04 PM To: nanog@merit.edu Subject: Re: Problems sending mail to yahoo? The lesson one should get from all this is that the ultimate harm of spammers et al is that they are succeeding in corrupting the idea of a standards-based internet. Sites invent policies to try to survive in a deluge of spam and implement those policies in software. Usually they're loathe to even speak about how any of it works either for fear that disclosure will help spammers get around the software or fear that someone, maybe a customer maybe a litigious marketeer who feels unfairly excluded, will hold their feet to the fire. So it's a vast sea of security by obscurity and standards be damned. It's a real and serious failure of the IETF et al. Has anyone ever figured out what percentage of a connection to the internet is now overhead i.e. spam, scan, viruses, etc? More than 5%? If we put everyone behind 4to6 gateways would the spam crush the gateways or would the gateways stop the spam? Would we add code to these transitional gateways to make them do more than act like protocol converters and then end up making them permanent because of benefit? Perhaps there's more to transitioning to a new technology after all? Maybe we could get rid of some of the cruft and right a few wrongs while we're at it? P.S. Anyone else getting hit by sales calls for DDoS appliances and other salespeople as a result of this thread? This fishing in NANOG waters by salespeople is irritating and a good reason not to do business with these companies. I don't take my time to post on NANOG to invite a deluge of sales calls. nanog admin If we catch them, we'll act. We added some language related to that to the new AUP and have been able to act on it as a result. /nanog admin -- Martin Hannigan http://www.verneglobal.com/ Verne Global Datacenters e: [EMAIL PROTECTED] Keflavik, Icelandp: +16178216079
RE: spam wanted :)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marshall Eubanks Sent: Thursday, April 10, 2008 9:39 AM To: William Waites Cc: Rich Kulawiec; North American Network Operators Group Subject: Re: spam wanted :) [ clip ] I receive serious amounts of spam in Hebrew and Russian, and haven't even been to either Israel or Russia recently. Regards Marshall I started getting spam in Icelandic 24 hours after my account was set up. I get Russian, Chinese, and Hebrew spam all the time. The most spam I receive is from an old domain that I turned off the MX records. Every now and then I turn them back on to see what's flowing and it never changes. Within seconds. [obOp] I think that the language change defeats many of the heuristics found in common spam appliances. -- Martin Hannigan http://www.verneglobal.com/ Verne Global e: [EMAIL PROTECTED] Keflavik, Icelandp: +16178216079
Re: Bandwidth issues in the Sprint network
Has this circuit ever run clean(normal)? -M On Mon, Apr 7, 2008 at 1:06 PM, Brian Raaen [EMAIL PROTECTED] wrote: I am currently having problems get upload bandwidth on a Sprint circuit. I am using a full OC3 circuit. I am doing fine on downloading data, but uploading data I can only get about 5Mbps with ftp or a speedtest. I have tested against multiple networks and this has stayed the same. Monitoring Cacti graphs and the router I do get about 30Mbps total traffic outbound, but individual (flows/ip?) test always seem limited. I would like to know if anyone else sees anything similar, or where I can get help. The assistance I have gotten from Sprint up to this point is that they find no problems. Due to the consistency of 5Mbps I am suspecting rate limiting, but wanted to know if I was overlooking something else. -- Brian Raaen Network Engineer [EMAIL PROTECTED]
Re: Dubai impound ships suspected in cable damage
On Tue, Apr 8, 2008 at 5:57 PM, Deepak Jain [EMAIL PROTECTED] wrote: There is no reason to assume these are civilian satellites. Any one of a number of affected or interested countries could have provided the imagery (or ship information) to Reliance. Its not saying *who* analyzed the images. ;) You can purchase these things from sattelite image services these days as well as get them from intelligence services. Then again, how are ship's captains supposed to know *where* they are allowed to drop anchor? Is there a Call before you drop anchor service similar to call before you dig? The Captain has a responsibility to know where proper anchorages are. That, and they are required to know where oil pipelines, utilities, and other types of cables are run including communications cables. There is a lot of stuff under the water. Cable operators also provide specific locating data so that Captains do have information available to avoid these issues. If it was the result of the specific ships that they've surveilled, it's likely that they were off anchorage and slipping their anchor. The anchor catches the cable and then the cable snaps under it's own weight from the pulling. -M
Re: cooling door
On Wed, Apr 2, 2008 at 6:06 AM, [EMAIL PROTECTED] wrote: I doubt we'll ever see the day when running gigabit across town becomes cost effective when compared to running gigabit to the other end of your server room/cage/whatever. You show me the ISP with the majority of their userbase located at the other end of their server room, and I'll concede the argument. Last time I looked the eyeballs were across town so I already have to deliver my gigabit feed across town. My theory is that you can achieve some scaling advantages by delivering it from multiple locations instead of concentrating one end of that gigabit feed in a big blob data center where the cooling systems will fail within an hour or two of a major power systems failure. That would be a choice for most of us. -M
Re: NXDOMAIN data needed for survey
On Thu, Mar 27, 2008 at 10:09 PM, bill fumerola [EMAIL PROTECTED] wrote: [ disclaimer: i work for opendns. ] On Fri, Mar 21, 2008 at 05:53:15PM -0400, Martin Hannigan wrote: [ snip ] so, to recap: nope, we don't sell NXDOMAIN data. we don't sell any other data either. I don't think that policy includes derivative works. If you are saying that you don't sell any data at all, feel free to say that. -M
Re: NXDOMAIN data needed for survey
On Thu, Mar 20, 2008 at 3:22 PM, Steve Atkins [EMAIL PROTECTED] wrote: [ snip ] I wonder who he's paying for his nxdomain data, and whether that someone is authorized to sell it. It strikes me that it's just a small step for someone with access to ISP internal data to go from selling DNS logs to selling usernames too. This is tip of the iceberg level activity. These people are exploiting unique identifiers i.e. domains names and IP addresses. We need to fear them, and respond appropriately. They are disruptive to the Internet, to the users and commerce. -M
Re: default routes question or any way to do the rebundant
On Fri, Mar 21, 2008 at 4:29 PM, Barry Shein [EMAIL PROTECTED] wrote: Is this for real? Someone asks a harmless question about setting up multiple default routes, not about Barack Obama or whether the moon is made of green cheese, but about default routes. Then 10 people decide to respond that this isn't appropriate for nanog. Then 25 people decide to dispute that. Then 50 people are arguing (ok maybe I exaggerate but just a little) about it. So the person who asked the original question feels bad and apologizes. And 5 people decide to tell her there's nothing to apologize for. And 10 people dispute that...and...what next? Oh, right, and next I feel an urge to write this idiotic meta-meta-meta-note. I think psychologists have a term for this, chaotic instability disorder or something like that. Maybe what we need are NANOG GREETERS! Hello, welcome to Nanog, can we help you find something? Hello, welcome to Nanog, can we help you find something?... Blue light special in slot 5? V6 only STM64's now half price! personal opinion I dont think that there's any issue at all to be honest. NANOG isn't just for the clued. /personal opinion Best, Marty
Re: NXDOMAIN data needed for survey
I think it's best that we let David Ulevitch and the crew @ OpenDNS make the money that is to be made off this. He's doing good while doing well. Why shouldn't anyone be able to make the money? The problem with that post wasn't that he was advocating law breaking, it was that it's a marketing missive and inconsistent with community norms, IMHO. That doesn't mean that it's illegal, and it certainly doesn't mean it's ok for one good guy to be allowed to profit and one unknown not to. Setting classes of who can profit from NXDOMAIN data creates unfairness in the system and it should be all or none. What you really want to look at is privacy policy. Not all of the good guys are actually good guys in that respect. BTW: If someone legitimate needs NXDOMAIN data, I do have a bunch. How much are you charging? -M
Re: NXDOMAIN data needed for survey
On Thu, Mar 20, 2008 at 12:22 PM, Ray Demain wrote: We are looking to purchase NXDOMAIN data for an internet survey. We prefer to receive the data on an hourly basis so it is as fresh as possible. Our system receives the data from you via ftp that you provide. Its hard to value the data until we have taken a look at it. As one example, we pay a current partner $4000 per month for 100,000 records per day. If you would like to setup a test so we can determine the value of your data please contact me at What company would this be for? -M
Re: NXDOMAIN data needed for survey
On Thu, Mar 20, 2008 at 1:33 PM, Steve Atkins [EMAIL PROTECTED] wrote: On Mar 20, 2008, at 9:56 AM, Martin Hannigan wrote: On Thu, Mar 20, 2008 at 12:22 PM, Ray Demain wrote: We are looking to purchase NXDOMAIN data for an internet survey. We prefer to receive the data on an hourly basis so it is as fresh as possible. Our system receives the data from you via ftp that you provide. Its hard to value the data until we have taken a look at it. As one example, we pay a current partner $4000 per month for 100,000 records per day. If you would like to setup a test so we can determine the value of your data please contact me at What company would this be for? A domain squatting company, presumably. Thanks, I know. I wanted to stimulate a thread that was archived for others historical reference. -M
Re: YouTube IP Hijacking
On Sun, Feb 24, 2008 at 4:06 PM, Tomas L. Byrnes [EMAIL PROTECTED] wrote: Clearly, they are incensed by youtube content, so what makes anyone think that they would not be trying to engage in a case of Cyber-Jihad? Let's avoid speculation as to the why and reserve this thread for global restoration activity. -M
Re: Area Social Activity
There's also some golf taking place, but it might be too late for this NANOG. If you golf and attend NANOG drop me a line and we'll set you up with the specifics. We're also close to being able to crertify a PGA sanctioned club. ;) Search Facebook for 'Internet Golf Society' and join for more info. Best, Marty On 2/15/08, John Osmon [EMAIL PROTECTED] wrote: On Thu, Feb 14, 2008 at 11:20:53AM -0800, Jay Hennigan wrote: Rod Beck wrote: I am suggesting a Certified Drinkers Event in the hotel bar Sunday evening. Any Hash House Harriers in our midst? The thought of the cross-section of society that would partake in both NANOG and H^3 is rather frightening... On On (but not horribly active) -- Sent from Google Mail for mobile | mobile.google.com
Re: Looking for Verizon-GNI network engineer
On Thu, Feb 14, 2008 at 9:49 PM, K. Scott Bethke [EMAIL PROTECTED] wrote: Sorry if this is off-topic frustration has set in. I've got what looks like a routing loop or a wedge in your network and I cant get past tier2 saying it is an internet problem. I asked to speak with an engineer directly was told Verizon engineers don't talk directly with customers. Issue going on for 4 days. Actually, this is great and on-topic. Thanks for helping out. -M
Re: FW: Jeanette Symons Memorial Service
John, I am sorry for your loss. I hope that you are doing well with this. I would like to ask that we take this off the NANOG list. I think that it would be much more suitable for a blog or a website where people can interact if they choose. I would appreciate your cooperation. Best Regards, Martin Hannigan NANOG MLC Member On Feb 5, 2008 7:33 PM, John Lee [EMAIL PROTECTED] wrote: Sent: Tue 2/5/2008 2:49 PM To: John Lee Subject: Jeanette Symons Hi John, You may remember me. I am Sasha Match. Steve Speckenbach was my late husband. I saw your posting online about Jeanette's death and several people were requesting information about arrangements. This information came from the manager of Jeanette's Industrious Kid company. Liz Ramos works for me. She is planning to attend, and I may attend as well. Sasha A memorial service honoring Jeanette and her son Balan will be held on Monday, February 11, 2008 at 10:00 am with a lunch following shortly thereafter at the Grand View Pavilion located at 300 Island Drive, Alameda, California 94502. In lieu of flowers, donations can be made in memory of Jeanette and her son Balan Symons to World Partners Adoption, Inc Cindy Harding, Executive Director 2205 Summit Oaks Court Lawrenceville, GA 30043 1- 800-350-7338 Donations can also be made online at: http://www.worldpartnersadoption.org/project.html, kindly send an email to Jim Harding, Executive Director, at [EMAIL PROTECTED] to let him know your donation is in memory of Jeanette and Balan.
Re: FW: Jeanette Symons Memorial Service
Obviously, this was meant to be a private communication. My apologies for cc'ing the nanog list, it was intended to follow the admins procedure and go to nanog admins and respect the feelings of the poster. Best Regards, Martin On Feb 5, 2008 9:10 PM, Martin Hannigan [EMAIL PROTECTED] wrote: John, I am sorry for your loss. I hope that you are doing well with this. I would like to ask that we take this off the NANOG list. I think that it would be much more suitable for a blog or a website where people can interact if they choose. I would appreciate your cooperation. Best Regards, Martin Hannigan NANOG MLC Member On Feb 5, 2008 7:33 PM, John Lee [EMAIL PROTECTED] wrote: Sent: Tue 2/5/2008 2:49 PM To: John Lee Subject: Jeanette Symons Hi John, You may remember me. I am Sasha Match. Steve Speckenbach was my late husband. I saw your posting online about Jeanette's death and several people were requesting information about arrangements. This information came from the manager of Jeanette's Industrious Kid company. Liz Ramos works for me. She is planning to attend, and I may attend as well. Sasha A memorial service honoring Jeanette and her son Balan will be held on Monday, February 11, 2008 at 10:00 am with a lunch following shortly thereafter at the Grand View Pavilion located at 300 Island Drive, Alameda, California 94502. In lieu of flowers, donations can be made in memory of Jeanette and her son Balan Symons to World Partners Adoption, Inc Cindy Harding, Executive Director 2205 Summit Oaks Court Lawrenceville, GA 30043 1- 800-350-7338 Donations can also be made online at: http://www.worldpartnersadoption.org/project.html, kindly send an email to Jim Harding, Executive Director, at [EMAIL PROTECTED] to let him know your donation is in memory of Jeanette and Balan.
Re: Fourth cable damaged in Middle Eest (Qatar to UAE)
Marshall: I don't see any cables for Lebanon. I also don't see any cable for Syria. I see Falcon coming down an estuary on an edge border for Jordan. In proximity, Israel has some redundancy, although I don't have the granularity to strip out the specific cables. It looks like a branch to me, a splice point in a cable that happens under the water, which allows for multi-directional paths from a single cable. I would think that route-views would have any of what you may need to track down what's going on advertisement wise, and for free. Best, Marty On Feb 3, 2008 7:33 PM, Marshall Eubanks [EMAIL PROTECTED] wrote: Dear Sean; Do you know how Syria, Jordan and Lebanon get their connectivity ? They have dropped off the map today for us. (Or maybe yesterday - I wasn't able to pay any attention to this yesterday.) Our Egyptian audience remains very low, while Iran still seems to be unaffected. Regards Marshall On Feb 3, 2008, at 6:52 PM, Sean Donelan wrote: A fourth submarine cable in the middle east was damaged Sunday between Haloul, Qatar and Das, United Arab Emirates. This is in addition to the damage affecting FLAG, SAE-ME-WE4, FALCON cables. Afer reviewing surveillance video of the area, Egypt's ministry of maritime transportation is reporting no ships were near the FLAG or SAE-ME-WE4 cables 12-hours before or after the cable damage near Alexanderia, Egypt. The reason for outage of the cables has not been identified yet.
Re: Fourth cable damaged in Middle Eest (Qatar to UAE)
On Feb 4, 2008 12:38 AM, Sean Donelan [EMAIL PROTECTED] wrote: On Mon, 4 Feb 2008, Todd Underwood wrote: there has has been a lot of speculation that this is all some US prelude to war with iran. while i don't claim to know much about whether that makes any sense, i do know that if they're trying to disconnect iran from the internet, they're doing a lousy job: An extremely poor job if that was the intent. According to SLAC, throughput to Iran actually improved. https://confluence.slac.stanford.edu/display/IEPM/Effects+of+Fibre+Outage+through+Mediterranean If the intent was to cut off Iran, they're picking the wrong cables. TAE goes across the northern part of Iran Where are you seeing that? I can only see access to Iran through the Gulf of Oman and Caspian Sea. The Caspian Sea doesn't appear to have any cables. The only service to Iran that seems logical, or that I can see, is via Kuwait City and across the Gulf. Nothing appears to go through the Straight of Hormuz without touchdown in Oman or the UAE. I would hope that there is significant terrestrial cooperation in the region all considered, but I don't know anything about Med terrestrial networks. I agree with Rod Beck as far as the speculations go. It could be terror, but it's just not that interesting and is not really a soft-target. I caught some posts about beach heads, et. al. There are some vulnerabilities related to shared landing stations, but I think that places like Telehouse North are far more vulnerable and sexy as a target. Should be interesting to read the RFO's if and when they become public. Best, Marty
Re: Another cablecut - sri lanka to suez Re: Sicily to Egypt undersea cable disruption
On Feb 1, 2008 11:43 AM, Steven M. Bellovin [EMAIL PROTECTED] wrote: There's an interesting article at http://www.nytimes.com/aponline/technology/AP-Internet-Outages-Cables.html on cable chokepoints. NEW YORK (AP) -- The lines that tie the globe together by carrying phone calls and Internet traffic are just two-thirds of an inch thick where they lie on the ocean floor. This article is somewhat misleading. Semantics, but it set the tone of the article for me and probably most of the public. The cables are able to have their physical characteristics changed by the ability to splice joints into the cable and connect two physically disparate ends to serve specific purposes related bottom geologies, depth, and other dangers. Different cable types are deployed to mitigate different risks such as fishing, quakes, slides, etc. The lightweight cable may be thinner, but is used in less risky settings like massive depths. When you get to something like heavy weight armored on the edge of a fishing ground or winding through a treacherous bottom geology, your're talking much larger diameters and much more weight, as Rod Beck had mentioned previously. There are many variables that go into route selection and cabling which impact type. Cost is one. -M
Re: Sicily to Egypt undersea cable disruption
On Feb 1, 2008 2:25 PM, Ahmed Maged (amaged) [EMAIL PROTECTED] wrote: Does look normal to me is far from a global conspiracy theory. Thank you for the translation but I think you got it wrong. I agree, there should be a sanity check as I understand that they are within close proximity of each other. Two ships slipping anchors and causing cable breaks in the same area is odd, but if there's a storm in the area, that would not be that much of a surprise. There should be some logic to the madness. I think that the moral of the story is that more operators should try to better understand what diversity means beyond the metro. The challenge is getting the information. The Teleography series of internet/sub maps are interesting. They don't demonstrate diversity though, since they show figurative routing. Those nice and straight lines are a pipe dream. -M -M
Re: Sicily to Egypt undersea cable disruption
Hi Michael: On Feb 1, 2008 6:44 PM, Michael Painter [EMAIL PROTECTED] wrote: Here's at least one: http://www.ofcc.com/procedures.htm Yes, this is the idea. My experience is that fisherman coops, similar to this one for network operators, are contacted during the desk top study DTS phase so that the parties can negotiate the best routes insuring that fisheries aren't disrupted or displaced and that the cable finds an agreed upon and effective route around risks that the fisherman have unique views into. There's also public permitting processes that occur and you want harmony. Groups of people angry at your submarine cable is not a good way to start a business and a submarine cable is a business (see Rod Beck ;-P ) -M
Re: Sicily to Egypt undersea cable disruption
On Jan 31, 2008 4:30 AM, Hank Nussbacher [EMAIL PROTECTED] wrote: \ I think more interesting is the landing stations where numerous cables intersect. They may be diverse in the water, but they cluster around each other when they hit the landing stations. -Hank They aren't that diverse in the water either and many cables cross each other and cluster before they hit landing stations including out in the middle of the sea. The Teleography maps, for example, are not route maps, they are showing a cable A and Z end with a relative route. The International Cable Protection Committee has some literal maps available that show just how much of a mess it all is. US East Coast to UK West Coast is a great example. -M
Re: Sicily to Egypt undersea cable disruption
On Jan 31, 2008 11:20 AM, Rod Beck [EMAIL PROTECTED] wrote: http://www.kisca.org.uk/Web_SWApproaches.pdf And if you enlarge the map, you can see little dots on the lines representing the cables that denote repairs. Lots and lots of repairs. Treacherous waters. The distances are consistent with repeaters/op amps. And the chart legend notates the same. Coincidentally, Telecom Egypt announced a new cable to be built by Alcatel-Lucent this morning. TE North, which looks like it's going from Egypt to France, is an 8 pair system (128 x 10Gb/s x 8). Thanks for your input. -M
Re: Sicily to Egypt undersea cable disruption
On Jan 30, 2008 9:41 PM, Todd Underwood [EMAIL PROTECTED] wrote: On Thu, Jan 31, 2008 at 01:56:42AM +, Paul Ferguson wrote: For what its worth, Todd Underwood has a very good overview of the countries affected by this outage over on the Renesys Blog here: http://www.renesys.com/blog/2008/01/mediterranean_cable_break.shtml while i very much appreciate the compliment, this work was all done by my colleagues at renesys earl zmijewski and alin popescu. i've been following the routing events around this cable break, though. there are some interesting findings here about who (what carriers, what countries) were critically dependant on these cable systems. In the Med/IO cable case, a ship dropped an anchor on the cable, something that is 1:1,000,000 shot, but happens. At least they know where it is. The failure to contract the maintenance ship tighter on a route that turns out to be that vulnerable is probably of concer for users of that cable now as well. A lot of the impact is likely also due to people not buying protect circuits or bothering to understand the IP architecture. That is something that is becoming common globally, IMHO. Folks assume that IP will route around the damage. Sure it will, if all the physical layer paths aren't busted. Layer 1 really does rock. Watching BGP announcements seems less important in these erious performance impacting cases, to me, than understanding the underlying architecture and what the root cause a half step above the anchor and a half a step below the advertisement was. Looking forward to Rod Beck's response. :-) Best, Marty
Re: Sicily to Egypt undersea cable disruption
On Jan 31, 2008 2:08 AM, Paul Ferguson [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Martin Hannigan [EMAIL PROTECTED] wrote: In the Med/IO cable case, a ship dropped an anchor on the cable, something that is 1:1,000,000 shot, but happens. [...] Isn't that exactly what happened with the Pakistan fiber in 2005 with SEAMEWE-3? :-) The 1:1,000,000 was without a reference so it was fugurative. Mea Culpa. If you count the amount of cables and the anchor drop cuts, it's probably much less as an afterthought. From what I read about this cut, the way it happened seemed to have figurative odds of 1:1,000,000. It looks like authorities moved the anchorage area for some undefined reason. Cables are documented on marine charts and, at least theoretically under international standards, Captains and Pilots are lawfully required to refer to them before dropping the hook. Having some experience in marine operations, it would be 'curious' for a Captain or Pilot to not notice that there was a cable marking so close to their re-designated anchorage based on the chart that they would need to refer to for low tide depths and other (un)common hazards to insure that they weren't in imminent danger. I'm sure that there is more to this story than meets the eye. -M
[admin] Re: EU Official: IP Is Personal
Folks, we'd like to ask that this thread die a quick and painful death. It's gone off topic and it seems to have run whatever short course that it tried. While what Europe does is interesting to us as network operators, this is European policy and off topic for NANOG. Best Regards, Martin Hannigan NANOG Mailing List Comittee On Jan 25, 2008 3:22 PM, Joseph S D Yao [EMAIL PROTECTED] wrote: On Fri, Jan 25, 2008 at 10:49:48AM +0200, Hank Nussbacher wrote: ... I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-) And yet that is said to be one of the advantages of IPv6. -- Joe Yao Qinetiq NA / Analex Contractor
Re: FW: ISPs slowing P2P traffic...
On Jan 15, 2008 3:52 PM, Joe Greco [EMAIL PROTECTED] wrote: Joe Greco wrote: I have no idea what the networking equivalent of thirty-seven half-eaten bags of Cheetos is, can't even begin to imagine what the virtual equivalent of my couch is, etc. Your metaphor doesn't really make any sense to me, sorry. There isn't one. The fat man metaphor was getting increasingly silly, I just wanted to get it over with. Actually, it was doing pretty well up 'til near the end. \ Not really, it's been pretty far out there for more than a few posts and was completely dead when farting and burping was used in an analogy. -M
Re: [admin] Using the NANOG list as a paging mechanism
On Jan 8, 2008 7:22 PM, Deepak Jain [EMAIL PROTECTED] wrote: They're almost always short, and have Subject: lines that indicate what they're about, so it's easy to skip over them based on the Subject: line, and Gmail thinks I have 6.5GB of remaining quota space so it's not even worth the effort of deleting them. Sometimes they're even about issues like getting through the AOL email-rejection loop that are useful to multiple people. It's operational and de minimus. Its operational and de minimus and sometimes the most simple way to arrange something... e.g. a mail filter/blackhole and no obvious contact phone number (e.g. the remote website is affected by the blackhole, etc). This is not a suggestion that NANOG should be carte-blanche a paging service, but in the few cases it appears, it doesn't seem to be clue-deprived requests that often. Hi Deepak, Agreed, and both that are described contain content, or at least that's the way I'm reading your reply. We are specifically pointing out the paging messages that contain nothing but an empty request for someone from xyz to contact $foo for an unknown reason. I think it's fair for us to ask for some content if we're going to see these requests forwarded to ~9k users. Best Regards, Martin Hannigan NANOG MLC Member
[admin] Using the NANOG list as a paging mechanism
Hi Folks, We'd like to politely note that paging each other on the list without content or context is generally off-topic. These messages are perceived by many as fragments that are not useful to the wider community. If you could provide some level of detail as to why you are using the list to reach someone, it would be much appreciated. There are many benefits to this approach including more eyes on the issue (and the message) as well as a faster MTTR. If the issue is not involving the public Internet, then it's probably safe to conclude that a private approach may be better. Best Regards, Martin Hannigan NANOG Mailing List Committee
Re: DreamHost Contact?
On Dec 30, 2007 9:42 PM, Michael Greb [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've attempted to contact DreamHost NOC or Abuse departments via the numbers in whois but just get voice mail and no call back. I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Why not call your user and tell them that you see suspect traffic? This is your revenue. I think it makes sense to be proactive, but be proactive for yourself _and_ resolve the issue. -M
Re: New Years Eve
Hello Folks: That would be a slip of the auto-completion function. I can't really think of how to operationalize NYE so I'll have to apologize instead. Sorry for the mis-directed email! Best Regards and Happy Holidays, Marty On Dec 29, 2007 2:29 AM, Martin Hannigan [EMAIL PROTECTED] wrote: Ok folks, what's the plan? [ clip]
New Years Eve
Ok folks, what's the plan? I think we should opt to join each others company at either Brasserie Jo's, or Blu. I can't speak for Jo's NYE, but Blu NYE has optional fireworks viewing on their deck facing the common. Should be pretty awesome. $99 bux. Significant others invited, of course, and anyone else who may be straggling on NYE. Let's do something together. It's long overdue. Marty
Re: [admin] Re: unwise filtering policy from cox.net
On Nov 20, 2007 3:11 PM, Alex Pilosov [EMAIL PROTECTED] wrote: On Tue, 20 Nov 2007 [EMAIL PROTECTED] wrote: On Tue, 20 Nov 2007 11:21:19 PST, [EMAIL PROTECTED] said: This seems a rather unwise policy on behalf of cox.net -- their customers can originate scam emails, but cox.net abuse desk apparently does not care to hear about it. Seems to be perfectly wise if you're a business and care more about making money than getting all tangled up in pesky things like morals and ethics. It's great when you can help the balance sheet by converting ongoing support costs and loss of paying customers into what economists call externalities (in other words, they make the decisions, but somebody else gets to actually pay for the choices made). This is one of the threads where posting further will not be productive. Cox abuse has been named and shamed, and hopefully, the next post we see to the thread will be from them. As a reminder, political discussions, and discussions about spam filtering (other than operational, such as abuse@ or [EMAIL PROTECTED]) are off-topic for nanog. Please keep it this way. Actually, filtering techniques as applies to the operational aspect of a mailer, MX to MX, are fine. -M (BTW: Next time please run this to the MLC beforehand. Our public policy says consensus based and public. You forgot the consensus part.)
Re: unwise filtering policy from cox.net
On Nov 20, 2007 2:21 PM, [EMAIL PROTECTED] wrote: [ snip ] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 552 5.2.0 F77u1Y00B2ccxfT000 Message Refused. A URL in the content of your message was found on...uribl.com. For resolution do not contact Cox Communications, contact the block list administrators.) This seems a rather unwise policy on behalf of cox.net -- their customers can originate scam emails, but cox.net abuse desk apparently does not care to hear about it. I haven't had any issues between my network and cox related to mail operations lately. What URL? -M
New AUP as of 16 NOV 07
Dear Colleagues: This morning, a new Acceptable Use Policy was posted on the NANOG website. http://www.nanog.org/aup.html Please be aware of it and note some significant changes. Much of the language like discouraged was removed so that readers of the list can interpret the AUP clearly vs. the general and vague interpretations that were possible before. The problem we recently saw with marketers contacting people has been addressed as well. Of note to many of our enterprise network operator readers, there is a new addition that should be of great concern and note: 8. Autoresponders sending mail either to the list or to the poster are prohibited. If you for any reason turn on an automatic courtesy response (vacation, out of office, etc.) to people who mail you directly, you will be removed from NANOG and you can resubscribe later. There is process that was agreed upon by the MLC and that you can use to set expectations: • AUP Adherence and Support ▪ MLC comments that address a posters behavior not on the list ▪ MLC comments that address the relevancy of any thread will be consensus based and public ▪ MLC will seek internal consensus on warnings and warnings will be clearly identified as such ▪ AUP non-conformance is equally weighted ▪ Roll call votes for subscriber bans and/or reinstatement We tend to send notes of concern mostly, and if you are getting a warning, it will clearly be marked warning and will carry the full backing of the MLC. There was work around transparency of the inner workings of the list itself: • Transparency ▪ Automated filters will be posted clearly and accurately on website ▪ Automated monthly statistics will be posted on website ▪ Public minutes of monthly meetings posted in a timely fashion on website Note: The AUP was _not_ unanimously approved by the NANOG MLC. The fractious item was #8, since it is beyond many folks control and required by employers _and_ easily mitigated by local filtering. And the obligatory -- Please abide by the AUP. -M
Re: MXLogic Mail Admins
On Nov 15, 2007 1:44 PM, Raymond L. Corbin [EMAIL PROTECTED] wrote: Multiple outbound gateways have been having problems with the MXLogic inbound servers over the past few days and the tier1 support continues to say that our IP's are not on their blacklists and that there shouldn't be anything wrong. What IP addresses and what does the banner say on drop? -M
Re: [admin] Errors to NANOG list subscribers
Folks, A brief update. The team at Merit has identified what is causing the mailer messages to come back to the entire list. The admin team at Merit is working on a solution. Please do continue to ignore the message. We'll update again when there is a solution. Best Regards, Martin Hannigan NANOG MLC Member
[admin] Errors to NANOG list subscribers
Dear Colleagues: We have an issue with bounce messages blowing back at NANOG subscribers. We are aware of this, and Merit, the folks who provide us the day to day technical support for the service, is working diligently to resolve the problem. Thank you to everyone that has let us know. Best Regards, Martin Hannigan NANOG MLC Member
Re: Hey, SiteFinder is back, again...
On Nov 6, 2007 5:35 PM, Greg Skinner [EMAIL PROTECTED] wrote: [ snip ] Hmmm. When using IE 7 on Windows Vista out of the box, and I give it a non-existent domain, it prompts me to connect to a network (even if I'm already connected to one). It also puts the browser in work offline mode. (Very annoying.) I've never been pointed to a search engine or prompted to select one. Perhaps this is something that is controlled by the machine's initial setup. Is the coffee cup holder sticking out? It sounds like a local problem to me and probably dealt with by calling MS first. :-) -M
Re: mail operators list
On 10/31/07, Alex Pilosov [EMAIL PROTECTED] wrote: On Wed, 31 Oct 2007, Suresh Ramasubramanian wrote: [ snip ] MLC's position is that anything that is acceptable for the conference is acceptable on the list. Mail operations are on-topic, although tangentially. Spam filtering is definitely off-topic. Perhaps personal filtering is not, but spam appliances or home grown filtering, methods, code, or techniques for the purpose of despamming customer in/out mail is mail operations are, for all intents and purposes, on topic. I've demonstrated this myself in a few topics related to spam ddos and surrounding tools and techniques. The only thing I'd ask is that people don't branch off threads. It messes up our killfiles. :-) Martin Hannigan NANOG MLC Member
Re: mail operators list
On 10/30/07, Joe Abley [EMAIL PROTECTED] wrote: On 30-Oct-2007, at 12:55, Andy Davidson wrote: I would support the creation of a mail-operators list ( agenda time for a mailops bof, since a lot of networks are small enough to mean that netops and sysops are often the same guys) if it's deemed to be offtopic on nanog-l. Mail seems to be one of those topics which is of interest to many nanog subscribers, but simultaneously annoying to many (presumably different) nanog subscribers. Given that observation, creating a [EMAIL PROTECTED] list for the discussion of e-mail operations as a bounded experiment seems like a reasonable thing to do. We've already talked about this. It was left at possible. I don't agree that operational issues related to the Internet needs to be segregated from the main list, just the politics and kookery. I'm not in favor of mailops@ since opening up such a topic as a free for all is a recipe for disaster. Spam-l is well established and accepts operators. Go west young man. Otherwise, use your kill file, Luke. Martin Hannigan NANOG MLC Memeber
Re: mail operators list
On 10/30/07, William B. Norton [EMAIL PROTECTED] wrote: On 10/30/07, Martin Hannigan [EMAIL PROTECTED] wrote: On 10/30/07, Joe Abley [EMAIL PROTECTED] wrote: On 30-Oct-2007, at 12:55, Andy Davidson wrote: I'm trying to understand your point here - you believe that it will be a more free-for-all as a separate list than it is on the nanog list? I would think that separating it out would provide some relief from the nanog msg volume issue that has long been an issue for the general community. Why wouldn't divide and conquer work here ? What would work is for people to post on topic so that the list is interesting and relevant. -M
Re: Fwd: [nanog-admin] Vote on AUP submission to SC
personally i find prohibited to be unnecessarily strong. sc hat on looks pretty much as expected from meeting and discussion between sc and mlc. What do you see that's different from what the MLC initial vote approved, what the community approved, and what you got?
Re: Any help for Yahoo! Mail arrogance?
On 10/30/07, chuck goolsbee [EMAIL PROTECTED] wrote: believe me, if your user is jackass enough to click report spam on email that comes through his .forward the complaints can go up real high) .. is enough to get your IP blocked. While there really should be some sort of particularly painful and embarrassing punishment for this sort of jackass** we just kill their .forward and try to clue-by-four them when they call. Sigh. On a more relevant and operational sort of note, it sure would be nice if there were a NAMOG (North American Mail Operators Group) or the like to resolve these sorts of issues. Feel free to clue-by-four me if I've missed it. Hi Chuck, Mail problems that are operational in nature are more than welcome here. The politics and kookery of spam policy and fighting should be directed elsewhere. Best Regards, Martin Hannigan NANOG MLC Member
Re: Any help for Yahoo! Mail arrogance?
On 10/29/07, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote: On 10/29/07, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote: Unfortunately, we cannot provide you with specific information other than to suggest a review of the questionnaire we supplied and try to determine where your mailing practices may be improved upon. In other words, fix your forwarding a lot better (and possibly segregate it from your main mail stream, clearly label the forwarding IP as a forwarder, etc) Yahoo arent really in the business of teaching people how to do a better job. If that sounds like arrogance .. srs Fix your forwarding a lot better. Not sure what this means. My machines are MX's for the clients domain. What are the addresses of the machines? -M
Re: OT: Vendors Using NANOG for a Sales Channel
On 10/26/07, Scott Weeks [EMAIL PROTECTED] wrote: [ snip ] --- [EMAIL PROTECTED] wrote: From: David Ulevitch [EMAIL PROTECTED] Often times when I get these (and it's pretty often) I just take their email address and add it to my list of people we send out RFQs to. [..and.. ] You obviously haven't had the experiences that some have had with sales folks that use this method. Some are like the little Chihuahua that won't quit trying to hump your leg. No matter how many times you tell them you're not going to do it they keep trying. The AUP that we ( the NANOG MLC) presented to the community at NANOG 41, which seemed to have wide support, contained a new provision to deal with this problem. Hopefully, the steering committee will step up to the plate and approve soon. -M
Re: Hotmail/MSN postmaster contacts?
On 10/25/07, Al Iverson [EMAIL PROTECTED] wrote: On 10/25/07, Weier, Paul [EMAIL PROTECTED] wrote: Any Hotmail/MSN/Live postmasters around? My company sends subscription-based news emails -- which go to thousands of users within Hotmail/MSN/Live. I appear to be getting blocked recently after years of success. Hotmail mail administrators are unlikely to be lurking on NANOG. Check the archives. I believe there are more than a few of them here. -M
Re: [nanog-admin] NANOG Elections
On 10/16/07, Jared Mauch [EMAIL PROTECTED] wrote: On Tue, Oct 16, 2007 at 01:03:36PM -0400, Martin Hannigan wrote: At 60 votes, that's .6% participation. If we don't hit at least 2, we ought to seriously consider disbanding the current evolution. If that means the disbanding of NANOG is that acceptable? I don't see how the two are inextricably linked. There would be no reason for nanog to discontinue as a result of disbanding the bureaucracy. I think the numbers may slightly mislead here as Betty told me privately the other day, roughly 30% (or was it 1/3) of attendees do not return to nanog. That is someone that is in the voter pool that is not likely to vote. Not intentionally. The numbers I usually use for this stuff are a superset of subscribers to the list plus digest. I believe that the 8400 list members count. We didn't need any framework or MLC to get AUP changes done. We needed some work. -M
Re: Geographic map of IPv6 availability
On 10/14/07, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 14-okt-2007, at 19:34, Martin Hannigan wrote: Is this a configurable option for the inverse behavoir? Seems to me that it should be since it affects the user experience and sets policy for the network. It just may be, but I can't find the option if it is. If you have FreeBSD or Windows you can manipulate the policy table to make this happen. It's a bit too complex to explain how this works in a post though, but try: # ip6addrctl show [ snip ] The way I read the portion of the thread related to resolver behavoir was that the resolver behavior was being discussed. Not the client. The resolver should have an attribute to select the preference between A vs. . Otherwise, it's setting network policy through code. My question was if there is an option to adjust this, where is it? I don't see it. I'm not a BIND uber-expert. If there is no option, there quite possibly ought to be one. Best, Martin
Re: Geographic map of IPv6 availability
On 10/15/07, Mark Andrews [EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED] you write: On 15/10/2007, at 8:24 PM, Martin Hannigan wrote: [moresnip] The way I read the portion of the thread related to resolver behavoir was that the resolver behavior was being discussed. Not the client. The resolver should have an attribute to select the preference between A vs. . Otherwise, it's setting network policy through code. My question was if there is an option to adjust this, where is it? I don't see it. I'm not a BIND uber-expert. If there is no option, there quite possibly ought to be one. I guess the question could also be asked as to whether BIND honours the host's configuration of the address selection policy - which seems more likely than implementing it itself. For those who missed it - OS level address selection policy won't apply to BIND without specific code, as BIND is a recursive resolver so won't be calling getaddrinfo(3). -- Nathan Ward named actually measures the response times to individual addresses and uses those to determine which servers to query. Named also uses what addresses it has before attempting to determine if there are alternate addresses. Address selection policies are kind of meaningless in this environment. How so? I think it's valuable to be able to decide for myself if I want preference for or A. If I understand what I am reading, and am properly recalling past threads here, this would seem important since it affects the user experience. As far as how it sets network policy goes, any time something sets a preferred mode over other options and is not modifiable, it's akin to setting policy. History has shown that most of us agree with this. If I'm not interpreting this correctly, I'm all ears (eyes). [ Note, I'm not making any assumption that anyone has set out to set internet policy through software. ] -M
Re: Geographic map of IPv6 availability
On 13 Oct 2007 15:47:16 +, Paul Vixie [EMAIL PROTECTED] wrote: Nathan Ward [EMAIL PROTECTED] writes: ... Nice rant though :-) agreed. ... Does anyone have info on how bind (and other recursive resolvers) select whether to use v6 or v4 if an NS points at a resource with both A and records? Most OSes prefer the record, does bind behave the same? yes. Is this a configurable option for the inverse behavoir? Seems to me that it should be since it affects the user experience and sets policy for the network. It just may be, but I can't find the option if it is. Best, -M
Re: Researchers ping through first full 'Internet census' in 25 years
On 10/12/07, Steve Atkins [EMAIL PROTECTED] wrote: On Oct 12, 2007, at 5:08 PM, Mark Foster wrote: (If some random dynamic IP host on the other side of the world started hitting my firewall for no apparent reason, i'd be raising my eyebrows too. Of course, these days, I have a much better idea of what is genuinely threatening and what isn't.) If there weren't a dynamic IP host on the other side of the world hitting my firewall I'd be calling my provider, 'cos I'd know my connection had gone down. Probably a good enough observation to call this thread DOA. -M
Re: mlc files formal complaint against me
On 10/10/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: How do we determine what people do want to read vs. what they don't? Do a survey. We're going to. -M
Re: mlc files formal complaint against me
On 10/10/07, Scott Weeks [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: Probably not feasible to do a non web forms based survey, but the list users would be target. Lets be happy that one may get done at all. If you dont have web, Ill call you and you and do it over phone. - Perhaps instigate discussion on the list as to what's valuable to the list folks and try like hell to keep the discussion as focused as possible (I know. It's like herding cats :-) Thanks for the suggestion, I will ask the MLC about it. I don't have a lot of faith that it will have support. The reason why is because we can probably formulate the right questions in the group based on list history and reviewing some postings. Dragging 8000+ people into a series of debates about what they should be asked could prove overwhelming to more than a few. :-) -M
Re: mlc files formal complaint against me
On 10/8/07, Joe Provo [EMAIL PROTECTED] wrote: On Mon, Oct 08, 2007 at 12:11:17PM +0100, Stephen Wilcox wrote: [snip] i guess it could be 'character assassination' or 'political' which are both against the AUP [mild tangent: How can the blanket label of political be off-topic given the serious time and energy spent with both informed and otherwise posts about regulatory matters and related 'politics' that have direct bearing on Internet growth/deployment/operations? fodder for another time] [ snip ] If this off-topic post is getting a response, I presume others are as well. Since the SC hasn't (and shouldn't be) copied on any private warnings, I look forward to meaningful statistics in ABQ. Don't hold your breath. The only issue here is that someone was asked to cooperate and instead, the chose to dance. Nobody was warned. Others were contacted just like our unhappy Randy. They were asked to help out. Randy was asked to show some leadership and the SC was cc'd to make sure that it was open and transparent. -M
Re: mlc files formal complaint against me
[ snip, nobody cares about Telstra or the embedded baiting ] if it was just marty being on a piss off about me, then no big deal; i can handle marty (and certainly am in no position to abuse him for being hot-headed). Hot-headed for what reason? Because you are off topic as usual? Not quite. You were asked as a matter of routine task to bring yourself together and get on topic. I'm used to your off topic posting. Hardly a reason to become irritated. but if the mlc is sending undocumented and non-consensus reprimands, warnings, and threats to people and their perceived management, Translation: The chair ran away from this screaming. Yes, I know. Just so we're clear, you will continue to see requests to adapt to the AUP wrt to being on topic. If you don't like that, you can certainly seek to have me thrown off the MLC. In fact, I encourage it. :-) In any event, there's nothing left to say. Case closed. Feel free to continue yelling at the community meeting. -M
Re: mlc files formal complaint against me
On 10/8/07, Randy Bush [EMAIL PROTECTED] wrote: Just so we're clear, you will continue to see requests to adapt to the AUP wrt to being on topic. your complaint to me was not about topic, but rather about ad homina. to quote And as you know, the NANOG AUP specifically discourages personal attacks -- which that is. though you do go on to say Please refrain from off topic posting on the NANOG Mailing List. which does subtly imply, but does not explicitly say, that you also thought my posting off topic. Randy, Try and think of NANOG as Nordstroms instead of Best Buy. At Nordies, you buy stuff and you don't negotiate the price. At Best Buy, you yell open box! open box! and you get a 20% discount. Best(not Buy), Martin
Re: mlc files formal complaint against me
On 10/8/07, Jim Popovitch [EMAIL PROTECTED] wrote: On Mon, 2007-10-08 at 18:46 -0400, Martin Hannigan wrote: Just so we're clear, you will continue to see requests to adapt to the AUP wrt to being on topic. If you don't like that, you can certainly seek to have me thrown off the MLC. In fact, I encourage it. :-) I think that is Randy's point... he is seeing them and no one else is, apparently. I've contributed nothing of worth to this discussion today, just some personal opinions, yet I haven't gotten a cease-or-desist nor warning email. That's because there is nothing off topic on nanog-futures. You're opinion is valuable unfiltered. Unfortunately, an apparent vast majority may not feel the same about opinions on NANOG. How do we determine what people do want to read vs. what they don't? It would be nice to have some direction. I don't mean from futures, there's nobody really here, but I mean community wide overall? How do we determine what people really want to hear about and act accordingly? Best, Martin
Re: mlc files formal complaint against me
On 10/9/07, vijay gill [EMAIL PROTECTED] wrote: On 10/8/07, Joel Jaeggli [EMAIL PROTECTED] wrote: Martin Hannigan wrote: How do we determine what people do want to read vs. what they don't? It would be nice to have some direction. I don't mean from futures, there's nobody really here, but I mean community wide overall? How do we determine what people really want to hear about and act accordingly? I'm pretty sure I know what I don't want to hear about on futures in the next day or so... For the community meeting assuming anyone shows up this time I think it would be reasonable to engage in a Socratic dialog about whether the volunteer governance structure we have is better serving us then the one we had, not out of nostalgia, there's no going back, only forward. Really, reading this thread has left me stupider. I guess instead of focusing on things like the lightweight agenda, abysmal content and actual value to be had from NANOG, we are getting tied up discussing an offhand remark about a convicted felon. I submit that nanog as a whole is stupider under this formal SC/MLC/PC/whatever than when it was under the benevolent dictatorship of Susan. I'm not going to say you're wrong, but everytime those topics come up the machine comes out in full force. But that's what we created, the machine. -M
Re: mlc files formal complaint against me
I suggest with the best intention possible that marty unwad his shorts and the rest of us STFU and GBTW. I'll add others to the list, but yes, in the simplest possible terms, this thread was a ridiculous waste of time of everyone involved. Well, Vijay can KMA, but point taken. My shorts are wadded in the right direction. Enough of this bureaucratic bs. Cancel the SC, turn the PC back over to Merit, and get consensus on who should be running the mailing list. It's not that hard. -M
Re: router install in Troy, Michigan
On 10/6/07, Dorn Hetzel [EMAIL PROTECTED] wrote: apologies if this is non-operational content. I have a customer site in the Troy, Michigan area where I need a small (Cisco 2610) router installed next week. I would suggest that Craigslist is a much better place for this. You could also try OnForce http://www.onforce.com/. Thanks for your help. Best Regards, Martin Hannigan NANOG MLC Member
Re: Establish Peer Relationship with Comcast
On 10/5/07, Darin Pesnell [EMAIL PROTECTED] wrote: Hello all, I was wondering if anyone on the list works for Comcast or could help me get in touch with them to discuss the requirements for establishing a peering relationship. So far our efforts to contact them have not resulted in talking to anyone except folks who can sell me a cable-modem circuit :). Any help would be greatly appreciated. Please e-mail me off-list at darin _at_ peznet.net Darin, Try [EMAIL PROTECTED] -M
Re: DDoS Question
On 9/28/07, Paul Ferguson [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Hex Star [EMAIL PROTECTED] wrote: This problem is easily solved by simply rejecting mail sent by servers on dynamic IP ranges... Great. I guess we can all go home now. :-) As long as we leave our wallets on our desks, no problem. :-) Summary of private responses: - Use LDAP - Use regexp and kill, kill, kill - Send me your data! All very good suggestions, but I thought of that and I have a variety of issues that limit me to my existing environment and do not allow fast and easy deployment of enhancements. One being I'm tied into a big OSS. Over this year I've expended significant amounts of time and energy on a problem that is created by people that are exploiting the Internet for profit which the vast majority is either fraud or identity theft oriented. Mail is a huge expense and sending it the way of usenet, outsourced en-masse using cheap and fast OEM interfaces and services, is the right thing to do. After researching the outsourced mail options, I found that the market is not mature or flexible enough yet. For example, we need the hook into automated systems, we need some level of control for front line support, and we need assurances that the provider will comply with the laws of where *the subscribing network* may be regulated. Not another country. If we get a subpoena or surveillance request, we need to be in the loop since we (and you all) are regulated. Google was my best hope and it was too bad they barely responded. The application suite for ISP's might have been ok if it were tuned up a little, or had more information and a real person running the program. They seem to have the right idea. Throw massive reasons at the problem, build user base, generate ad revenue to pay for it, and sell services to others i.e. anti-fraud and anti-phishing. Best, Martin
DDoS Question
Folks, I'm receiving about 25K spams per minute with this subject: Subject: Looking for Sex Tonight? Curtis Blackman They randomize the name on the subject line. Is this any particular virus/malware/zombie signature and any suggestion on how to defend against it besides what I'm already doing (which is all of the obvious, rbls, spam appliances, hot cocoa, etc.)? This happened right around the time I started securing the name server infrastructure with BIND upgrades and recursor/authoritative NS splitting. :-) Best, Marty
Re: DDoS Question
On 9/27/07, Raymond L. Corbin [EMAIL PROTECTED] wrote: Did you check the source IP in the headers? My logs show that they are coming from a buncha residential IP addresses so its prolly a bot network doing it. Most of the messages going through our servers with that have the domain lifeleaksfromyo.com in it which is causing the messages to fail in our servers. You can always try the rbl that lists a lot of residential IP's in it...i think it's the PBL from spamhaus. That would help limit it, and blocking emails with the domain lifeleaksfromyo.com Other then that I'm out of ideas. What spam appliance are you using? Raymond, all: Thanks for all the responses, public and private. I did, and am, watching the sources. It's uninteresting in terms of capability to act since it's spread out pretty widely and it's obviously difficult to tell what will and will not cause collateral damage. I'll capture some source traffic and put it out on the web for all the researches that replied looking for sample data. I think I can probably pcap something that won't violate any privacy laws where this is. In the meantime, here's some sources that are in the top tier of connections: 3215| 86.195.231.168 | AS3215 France Telecom - Orange 3269| 87.19.141.208| ASN-IBSNAZ TELECOM ITALIA 3320| 84.148.13.150| DTAG Deutsche Telekom AG 3320| 84.148.13.150| DTAG Deutsche Telekom AG 3320| 84.148.13.150| DTAG Deutsche Telekom AG 3320| 84.148.13.150| DTAG Deutsche Telekom AG 6746| 89.136.159.120 | ASTRAL ASTRAL Telecom SA, Romania 7132| 67.120.22.10 | SBIS-AS - ATT Internet Services 9121| 78.180.16.161| TTNET TTnet Autonomous System 9121| 85.108.127.90| TTNET TTnet Autonomous System 9121| 85.108.127.90| TTNET TTnet Autonomous System 9121| 85.108.127.90| TTNET TTnet Autonomous System 10796 | 71.79.216.254| SCRR-10796 - Road Runner HoldCo LLC 10796 | 71.79.216.254| SCRR-10796 - Road Runner HoldCo LLC 19262 | 71.254.34.123| VZGNI-TRANSIT - Verizon Internet Services Inc. 22773 | 64.58.163.237| CCINET-2 - Cox Communications Inc. 25041 | 91.125.42.251| BRIGHTVIEW-UK-AS Brightview Internet Services AS 35911 | 24.212.10.244| BNQ-1 - Telebec 35911 | 24.212.10.244| BNQ-1 - Telebec
Re: Going dual-stack, how do apps behave and what to do as an operator (Was: Apple Airport Extreme IPv6 problems?)
On 9/21/07, Mark Andrews [EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED] you write: On 9/15/07, Jeroen Massar [EMAIL PROTECTED] wrote: [spam: Check http://www.sixxs.net/misc/toys/ for an IPv6 Toy Gallery :)] Somewhat long, hopefully useful content follows... Barrett Lyon wrote: [..] [ clip ] Of course when there is only a A or only that protocol will be used. All applications are supposed to use getaddrinfo() which sorts these addresses per the above specification, the app should then connect() to them in order, fail/timeout and try the next one till it Since when is a timeout on the Internet ok? Haven't we moved beyond that? You mean to say you get 100% connectivity with IPv4? I mean to say that I don't willingly set out to deliver 100%.
Re: Going dual-stack, how do apps behave and what to do as an operator (Was: Apple Airport Extreme IPv6 problems?)
On 9/15/07, Jeroen Massar [EMAIL PROTECTED] wrote: [spam: Check http://www.sixxs.net/misc/toys/ for an IPv6 Toy Gallery :)] Somewhat long, hopefully useful content follows... Barrett Lyon wrote: [..] [ clip ] Of course when there is only a A or only that protocol will be used. All applications are supposed to use getaddrinfo() which sorts these addresses per the above specification, the app should then connect() to them in order, fail/timeout and try the next one till it Since when is a timeout on the Internet ok? Haven't we moved beyond that? This is a controllable timeout. We don't have to do it, which is the point. What's the right way to do this? Thank you, and thank you Barret for starting the thread. :-) -M
Re: Apple Airport Extreme IPv6 problems?
On 9/15/07, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 15-sep-2007, at 21:25, Barrett Lyon wrote: The other thought that occurred to me, does FF/Safari/IE have any ability to default back to v4 if v6 is not working or behaving badly? This could be a helpful transition feature but may be more trouble than it's worth. Browsers are pretty good at falling back on a different address in general / IPv4 in particular when the initial try doesn't work, but it does take too long if the packet is silently dropped somewhere. If there is an ICMP unreachable there is no real delay. Worst case is a path MTU discovery black hole, then browsers generally don't fall back. Getting back to my original discussion with Barrett, what should we do about naming? I initially though that segregating v6 in a subdomain was a good idea, but if this is truly a migration, v4 should be the interface segregated. I have also read Jordi? saying that no dual naming should occur, but I think this is unrealistic. (Sorry if I misquoted you, Jordi) It would be good if more ISPs deployed 6to4 gateways so the 6to4 experience would be better. We are. There are an unending supply of small details that are in the way at the moment. :-) Best, Marty
Re: Apple Airport Extreme IPv6 problems?
On 9/17/07, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 17-sep-2007, at 19:06, Martin Hannigan wrote: Getting back to my original discussion with Barrett, what should we do about naming? I initially though that segregating v6 in a subdomain was a good idea, but if this is truly a migration, v4 should be the interface segregated. For debugging purposes, it's always good to have blah.ipvX.example.com, but the real question is: do you feel comfortable adding records to your production domain names? Although I've been running that way for years and I've had only one or two complaints during that time, I can see how someone could be worried about reduced performance over IPv6 (it's still slower than IPv4 a lot of the time because of tunnel detours etc) or even timeouts when advertised IPv6 connectivity doesn't work for someone, such as a Vista user with a public IPv4 address behind a firewall that blocks protocol 41. Then again, I'm guessing that few people type www.ipv6.google.com rather than www.google.com. And with stuff like mail, where you set up the server names once and forget about it, it's even worse. I see. There isn't really an answer. :-) That's what I am getting at. Not to suggest that this is your responsibility, it's not - it's ours. For now, I'm going to try the unique A/ and segregate the answers by protocol and sub domain the v4 traffic since it's a migration to v6. -M
Re: Apple Airport Extreme IPv6 problems?
On 9/17/07, Barrett Lyon [EMAIL PROTECTED] wrote: On a totally unrelated note: Not to make any accusation on the security of the end-point tunnel network what-so-ever, but an entirely other issue is the tiny bit of a security conundrum that default tunnels create -- tunneling traffic to another network without notifying the user seems dangerous. If I were a tinfoil-hat security person (or a CSO of a bank for example) this would really freak me out. I wonder how setting Internet policy by putting defaults on become part of the regular operational internet? We're seeing a lot of this with v6 and I can't figure out how this is being driven. Best, Marty
Re: Apple Airport Extreme IPv6 problems?
On 9/15/07, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 15-sep-2007, at 21:25, Barrett Lyon wrote: The other thought that occurred to me, does FF/Safari/IE have any ability to default back to v4 if v6 is not working or behaving badly? This could be a helpful transition feature but may be more trouble than it's worth. Browsers are pretty good at falling back on a different address in general / IPv4 in particular when the initial try doesn't work, Pretty good as in there is a browser standard to poke for v6 then v4 or is this a stack behavior? -M
Re: Apple Airport Extreme IPv6 problems?
On 9/15/07, Barrett Lyon [EMAIL PROTECTED] wrote: How did you do the naming? Matching or unique? Matched , I was thinking about doing a w6 or something more unique for now, but that somewhat defeats the point. I tried to do it in a round robin record based on the described behavior. My theory was that the inverse response should occur and satisfy. My results were failure. BIND 9.3.2 accepted the record, did not complain and properly reloaded the zone, but did not offer the v6 as the inverse. I'm probably missing something here... like not supported. :-) The other thought that occurred to me, does FF/Safari/IE have any ability to default back to v4 if v6 is not working or behaving badly? This could be a helpful transition feature but may be more trouble than it's worth. Should be an operation defined by gethostbyname() no? -M
Re: Apple Airport Extreme IPv6 problems?
On 9/15/07, Barrett Lyon [EMAIL PROTECTED] wrote: [ snip ] We removed on our production hosts shortly after we deployed it, our global v6 deployment goes production next week, at which time I may re-add the to limited production. If we do this, I publish a report of the stats once I have more accurate figures. How did you do the naming? Matching or unique? I have no idea what to expect over time with behavior on matching and A since I have no idea what to expect with v6 since we don't really have any standard deployment plans or even de-facto standards in place to move forward. Is there any de-facto or otherwise standard around host schemes for dual stack? -M
Re: Good Stuff [was] Re: shameful-cabling gallery of infamy - does anybody know where it went?
On 9/12/07, Ross Vandegrift [EMAIL PROTECTED] wrote: On Wed, Sep 12, 2007 at 08:36:45AM -0400, Joe Abley wrote: This (the general subject of how to keep real-world cabinets tidy and do cabling in a sane way) seems like an excellent topic for a NANOG tutorial. I'd come, for sure :-) This is a topic that I am quite interested in. I have no telco background, but got started in a shop on par with many of these photos. Around my current job, I'm the guy who is known for whining about crappy cabling jobs. Does anyone know if any good resources on best-practices at this sort of thing? I'm pretty sure that others must've already figured out the trickier stuff that I've thought about. Telcordia. There are age old standards that are related to CO construction and service delivery. In most non ILEC facilities, Bellcore/Telcordia standards are hybrid. Two of the best hybrid implementations I've worked with are Level(3) and MCI. For example - some of the posted pictures show the use of fiber ducts lifted above cable ladders. Why opt for such a two-level design instead of bundling fibers in flex-conduit and running the conduits adjacent on the ladder? I'm not sure what you mean. If you are talking about ladder separation and fiber trough, there are multiple, solid, engineering reasons. The optical trough is used so that you don't need to touch bundle and potentially cause an larger outage with damage. The trough allows fast service delivery of xcons as well. Third tier bundle is used as simple a path route, never to be modified, generally a route from the OSP/ISP termination to splice shelving. If you have access to Level(3) facilities, walk around a bit and look. IMHO, they have the ultimate hybrid CO/datacenter hybrid design. -M
Re: Any MSN/Live Mail Admin Contacts?
On 8/27/07, Raymond L. Corbin [EMAIL PROTECTED] wrote: Hello, I'm experiencing a lot of problems with about 8 of our outbound mail gateways to the MSN/Live mail servers throughout the day. Are there any mail/sysadmins on this list, or anyone that can get me in contact with someone there, as the general postmaster support is less then fourth coming with information. Anything would be greatly appreciated. Ray: Im not sure what you mean by less than forthcoming, but we have success here: http://postmaster.msn.com/Guidelines.aspx And here: http://postmaster.msn.com/Default.aspx Best, Marty
Re: ISP CALEA compliance
I do have a volunteer from EFF... I had mentioned that both VeriSign and Neustar have people that are fluent in the technical and general legal issues as well as the legal aspects. It would seem to make more sense to solicit one of those organizations since NANOG is about operations, and not politics. The EFF is a political organization and these are not topics that make sense for NANOG, IMHO, the list, the program, or a BoF. Having the EFF explain CALEA at NANOG is like asking the Sierra Club to identify good sites for oil wells in forests. Best, -M
Localized Root Servers in Europe?
Furthermore, at least one large ISP in Europe is doing the same thing, redirecting root server traffic to their own servers. http://www.circleid.com/posts/submit_comment/splitting_root_too_late/ Furthermore, at least one large ISP in Europe is doing the same thing, redirecting root server traffic to their own servers. Which large European operator has implemented this solution? I would love to see a talk at the next NANOG about how this works and how it performs. Best Regards, Martin (Note: Article quote slightly out of context. I tried to keep it to what may be on topic here..)
Re: Localized Root Servers in Europe?
http://www.circleid.com/posts/submit_comment/splitting_root_too_late/ I tried to look, but I can't seem to find circleid.com; perhaps bestbuy is intercepting my dns traffic :) It's quite possible these days. :-) http://www.circleid.com/posts/splitting_root_too_late/ I gave you a better URL, but circleid.com resolves for me. Best, Martin
Question re: privacy regulation (USA)
Dear Colleagues: Anyone have a pointer to a list of regulations, or know off the top of your head, related to data privacy at US ISP's? CALEA? CANSPAM? DMCA? et. al. Please reply off list and I will summarize responses back to the list at a later date. Best Regards, Martin
Re: progrma topics for the future.
On 3/13/07, Martin Hannigan [EMAIL PROTECTED] wrote: DNS operations mechanics of voip network instrumentation ids/ips deployment understanding flow/packet capture output noc practices (monitoring/ticketing) setting up a looking-glass deploying load-balanced services machine virtualization Are things like this useful? Yes., but I'd be curious how you aren't going to just repeat the same old party line and make objective presentations. For example, explaining alternative root and roll your own root as concepts in how the DNS operates. One thing I'd like to suggest. Policy training. Is audience too macho to be seen with their peers discussing rfc 2317 reverse dns delegation? Are the potential Most of the audience should be attending that one so no worries. presenters who haven't submitted tutorials because of a perception that nanog isn't in the business of entry-level educational outreach? It's more like 'witness intimidation'. Yes, good thoughts. -M
Re: ruminating about attendance in Canada
On 26-Feb-2007, at 17:39, Jared Mauch wrote: [ snip ] We expect (empirically) a dip in the winter meetings, which I think is illustrated by the numbers above (with Toronto and Salt Lake City as outliers). The theory that is most frequently put forward to explain the winter dip is the proximity to Christmas. As far as raw numbers go, expecting a dip in cold climates is an error. The data shows random based on time of year vs. avg temperature vs. attendees. I think it's Agenda. Baseline Average attendance: 452 Average Temp: 57F Average Expected Revenue: $610,290 (YR) (raised fees) Avg. No-Pay: ($67,500) (YR) I noticed that the transaction status on attendee list was removed. Was that mentioned in the SC record or Community Meeting? That allowed us, the community, to somewhat reverse engineer ~finances and helped identify a fare jumper. -M -M
Re: meeting in the Dominican Republic
On Feb 26, 2007, at 1:05 PM, Martin Hannigan wrote: What reason would NANOG have for holding a meeting in DR? Not a lot of context. DR is also in the LACNIC region. LACNIC has meetings similiar to RIPE in content i.e. policy and ops. http://lacnic.net/en/eventos/lacnicix/index.html LACNIC is not the equivalent of NANOG any more than ARIN is. According to http://lacnic.net/en/sobre-lacnic/cobertura/ index.html, LACNIC covers Mexico. If a meeting were suggested in Mexico, would you say NANOG should not meet there because LACNIC has meetings there? One of the reasons why these spots are in the LACNIC region is language. They don't speak english. I would say that if LACNIC has a meeting in a non english speaking location that we should seriously consider NOT holding meetings in locations that duplicate effort. There has to be a better reason than a warm body willing to pay. It would make far more sense to hold a meeting in Jamaica[1], or the rest of the english speaking Caribbean. -M [1] Jamaica has a very large market in the region.:
Re: meeting in the Dominican Republic
On Mon, Feb 26, 2007 at 10:42:00PM -0500, Martin Hannigan wrote: One of the reasons why these spots are in the LACNIC region is language. They don't speak english. OH MY GHOD! HEATHENS! let's bomb them quickly. We already did seriously? my family in santo domingo never told me that the US was bombing them. http://sincronia.cucsh.udg.mx/dominican.html this worry about language is certainly an issue, but it's also manageable. apricot/ripe/afnog/etc manage to hold meetigs with substantially larger population that is non-native english speaking. and there are lots of native spanish-speakers in nanog as well. I am glad that you acknowledged this as exactly what it is, a business issue to be seriously considered before jumping into something that is not well defined or understood. [ snip ] It might be smarter to test the waters with a smaller, shorter, meeting that doesn't impact the way we usually do business. At least if we find out that we're not really wanted and nobody local will show up, it won't hurt so much. We ignored that part of 'our area' until 2007 so holding a mini-meeting is not going to slow anything down. so marty doesn't want to go to a nanog in santo domingo. Incorrect. I think that there are more than just philanthropic considerations and language is one, as well as financials being another. -M
Re: Polling the NANOG List
How about a survey of the mailing list members to see what they think? - Simon J. Lyall Considering that this is a mailing list to supplement the NANOG meetings how about if we restrict the poll participants to people who have attended a NANOG in the last 12 months! Ron, Everyone should be able to participate. The more participation we get the better the poll would be. I'd suggest we encourage the Wiki first though. There's nothing in the way of either. We don't exactly need permission. -M
Re: Discard the AUP and other discussions
the aup seems to work How do you come up with that? Not subscribed to the list? The MLC actions are not a measure of the AUP working or not. What percentage of this weeks load is on topic? -M
Throwing out the NANOG AUP
I created a draft Wiki article to try and bring together everything we've argued^H^H^H^H^H^H^H discussed over the last few years and I it boils down to a few standards (duh). http://nanog.cluepon.net/index.php/Will_of_the_Members I don't know if this will work, but my motiviation is an experiment I read about in Drachten, NL where all traffic signals were removed as an experiment and only a few standards are implemented. The rest is left up to the community. Apparently, the roads are proving to be safer. Perhaps this concept can work in this community? The NANOG AUP and all associated order from past Politburos are way out of date and overly complex. The AUP and all the subsequent FAQ's around posting, etc are outdated and archane. It should be thrown out entirely. -M
Re: Cable Tying with Waxed Twine
Upon leaving a router at telx and asking one of their techs to plug in the equipment for me, I came back to find all my cat5 cables neatly tied with some sort of waxed twine, using an interesting looping knot pattern that repeated every six inches or so using a single piece of string. For some reason, I found this trick really cool. It's called 'wax lacing' and it was originally a CO standard. It was adapted to collocation, FWIW, first by MCI, IIRC, then Level(3). Level(3) mastered the art of building converged central office and colo (T Colo + Colo) by taking Bellcore standards and CO experience and creating hybrid standards of design and installation. Internap used this standard as well. The beauty of using this technique is service delivery and aesthetics. You don't just do and un-do wax lacing. It's meant to be permanent so in order to use it extensively, you need to have a superior cross connect system and plant engineering in place and a detailed service delivery methodology. This doesn't work in most places because they don't have or do enough detail planning. The knot you are seeing is likely chicago knot. It should be easily undone by tugging on one of the two short ends. Wax is also used in conjunction with fish paper, green wax paper that is used as a coating between metal and cable so that wear is offset from vibrations et. al. There are multiple reasons to use wax over zip ties. Some are safety related, some are service delivery related, and some are wear related. It is definately not cheap. It also a highly technical undertaking to do correctly.. You have to make all your decisions on cabling up front i.e. split at center, left to right, split at rack, mid to upper, mid to lower, etc. http://www.dairiki.org/hammond/cable-lacing-howto/ and digg it: http://www.digg.com/mods/The_lost_art_of_cable-lacing... (I'm well under 50. See digg article :) ) -M
Re: Reasons for attendance drop off
Forget what I said about Vegas. I was looking at it from a cost perspective. One item of note, the cost to attend the conference is the same no matter where the venue. I am sure some venues are less expensive than others. Maybe pricing should be based on the location. There have been enough different locations already that if we saw the true cost to host at any one location, it might help decide where future Nanogs are held. Or they can say, the cost cannot exceed x. Having Data on cost breakdown per location might start making Eugene or Salt Lake City a yearly occurrence to save money. What about splitting the conference away from the Hotel? Go back to looking at bussing people to less expensive locations which are close. Christian Hi Christian, Focusing on expense is a short term way to manage a loss in the front end, the bottom line. It would be useful to talk about solutions that drive attendance, IMHO. I would hope that there is plan in place to address this for the Toronto meeting. -M
Re: Increase in NANOG Meeting Attendance Fees
Hey Marty, On 30-Nov-2006, at 11:30, Martin Hannigan wrote: [ snip ] (e) I think you should raise sponsorship fees with attendance fees. The pressure is on to add value since NANOG is no longer a bargain, but it certainly isn't a value at the moment. It is a definite goal to increase revenue from sponsors. Whether that means increasing the cost of individual sponsorship options, or adding new ones, or even reducing the cost for individual sponsors doesn't seem to me like it matters much, so long as the total revenue from the sponsors as a whole increases. (h) I'd be willing to pay ala carte expenses at cost recovery +, a small +. I'm not quite sure what you mean by that. I wouldn't object to certain things being removed from the general admission fee, but in retrospect it may be easier just to raise the rate again. For example, if the beer and gear were tailored more to a faux-dinner, I'd be willing to pay to attend. I believe the current policy is that where multiple presenters are listed for a single presentation, only one of them gets free attendance at the meeting. I'm not sure that we want a more restrictive policy than that (or are you proposing that all speakers should pay?) There is a proposal in the September minutes that two speakers would be allowed. If that has been acted upon, there's no reflection of it. I think that if there is going to be more than 1 speaker, that there should be a rigorous approval process to insure that we're getting our value out of the free attendance. It may also be worthwhile to consider a half-price for panelists. The surveys basically don't like the panels so there doesn't seem to be a solid argument for a 100% free admission. What is the cause of attendance drop off? We seem to be treating the symptoms extensively. Indeed. I have heard lots of handwaving about why attendance might be down, but few ideas that are amenable to quantitative analysis. Several possible reasons are being attended to, however (e.g. planning meeting locations far in advance, changes to the programme structure by the PC). There is doubtless more work to do. I'm convinced it's a combination of location and agenda. There's definately a lot of FUD flying and it would be nice to see some work that has some facts associated with it, but also some solutions. Best, -M
Re: dns - golog
Simon Waters wrote: On Friday 20 Oct 2006 00:35, you wrote: [ SNIP ] I think one problem is that IANA doesn't have a brand name, so when you buy IANA has nothing to do with routing policy and neither does ICANN. ICANN has no authority through any contract vehicle inside any network. Do you have some information contrary to that? an Internet connection you aren't told you are getting an IANA DNS, There's no such a thing as IANA DNS. The DoC controls the root DNS zone file. IANA distributes and does change management. that is assumed. The interesting question is whether that is sustainable if a lot of ISPs provide a non-IANA DNS service. There may be an argument for saying that non IANA DNS services can't be described as Internet services, but that is an issue for ICANNs lawyers. No, actually, it's not. http://www.circleid.com/posts/techies_wanna_do_policy/http://www.circleid.com/posts/techies_wanna_do_policy/ Karl was so wrong on the F root-server issue. Paul asserted no new right, most ISC asserted that they own IP address space and can control the routability, contrary to standard Internet and operator policy. They can't, and I doubt anyone is very worried about a lawsuit from ISC. Legal geniuses they are not. -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: dns - golog
* From: Luke Besson * Date: Thu Oct 19 08:54:47 2006 I work for a big French ISP and I manage the DNS architecture (based on Linux+Bind); Golog proposed to our society the DNS redirect service (redirect all the not existant domains according to marketing criteria). Even if our marketing team would like to join this solution, our technical team opposes hardly to such a not-standard implementation of the DNS. Can you suggest me any objective reason in order to invalidate this proposal? This is a network autonomy issue. What occurs inside the provider edge related to routing and applications is the responsibility of the provider and they have the right to modify answers or routes in their networks, even if they are not theirs. There is some holy grail you should consider, like making sure that etrade.com is etrade.com, the legitimate IP/trademark holder. The questions to ask yourself as an organization are something like this: a) is there enough revenue here to consider? b) is someone else going to capture revenue between my customer and myself if I don't? c) will this break my network or the networks of others? If you can answer the first two yes, the third is worth trying to make no. -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: dns - golog
At 06:53 PM 10/19/2006, Thomas Leavitt wrote: Hi Thomas! [ snip ] ... finally, why go through all this hassle for what has to be an utterly trivial amount of money resulting from people being presented with something totally unexpected and clicking on a link therein... how valuable are these people as customers? I can't imagine much... a) is there enough revenue here to consider? This isn't something that's so easy to determine, but golog and others must have a financial model in order to be pursuing it. Here's a visionary article related to this topic, but at the root server level, even more of a delicate issue, but with the same principles as the one we're discussing: http://www.circleid.com/posts/techies_wanna_do_policy/ And this article shows the convenience of falling back on standards when they serve your purpose: http://www.circleid.com/posts/paul_vixie_on_fort_nocs/ YMMV: Best Regards, Martin -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: 2006 PC participation summary
At 02:40 PM 10/18/2006, Steve Feldman wrote: I finally had time to go through my notes and put together a participation summary of PC members for 2006: http://www.nanogpc.org/public/participation-2006.html For what it's worth... Steve I think you are missing the point. It's not really that interesting to know by name who was on the call. That could be gleaned from minutes, if you had any that were publicly available. If you have someone not showing up, then as a group you need to deal. Not all your dirty laundy needs to be public, and nobody is asking for it to be. I don't think it's useful to have you sitting around every day trying to figure out statistics. Let me dumb down what I think would be useful. 1. How many members attended each call vs. specifically who It shows that work is being done, which no one has ever doubted. You are taking feedback personally. 2. How much mail was sent during the month? This shows that you communicate. If you don't send mail, how many BBS posts happen per month? This shows if you spread the work out or do it all at the last minute. 3. Accepted vs. Non Accepted You claim to do this, but you don't do it every NANOG as far as I can tell. Perhaps codifying rejections to compare those would be easy. 4. Ratings of Accepted vs. Ratings of the Surveys from Members Inverse rate the presentations back to the PC ratings to identify the reality delta. The suggestions are easy kills that don't require you to spend hours upon hours culling data. If you are already doing all this...where? (once a year isn't where) Second, if you can't get 16 people on a call, think about breaking it up into sub groups. 1 group for BoF's, one for plenary, and one for track. You could get smaller groups to meet on unique calls or even IM. You could then free up some effort for projects. Out of curiosity, since I noticed it, why does the PC maintain a separate domain and machine outside of Merit? Is there some benefit to having the PC domain separated from NANOG.ORG? 14 it-pao.woodynet.net (204.61.209.225) 86.305 ms 89.700 ms 86.748 ms 15 sfo-pao.woodynet.net (204.61.209.121) 89.218 ms 90.141 ms 89.772 ms 16 www.nanogpc.org (204.61.208.235) 85.884 ms 85.780 ms 86.246 ms -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]