Re: EU Official: IP Is Personal
On Fri, Jan 25, 2008 at 10:49:48AM +0200, Hank Nussbacher wrote: On Fri, 25 Jan 2008, [EMAIL PROTECTED] wrote: On Thu, 24 Jan 2008 22:33:20 PST, Owen DeLong said: And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc). In order to be using the license plate, you had to be physically present in the car. It wasn't me at the hit-and-run, my car was stolen last night It wasn't me, my PC got zombied Like I said, they work *exactly the same way*. But I'm giving up. We've got people here who work for companies that have business models that boil down to given an IP address, figure out who to bill - but although it identifies a person well enough to send them an invoice, they think it isn't enough to identify them. I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-) That'd be a fun law to try and enforce, especially against the people who refuse to accept such long routes (which is, after all, the only thing that's stopping such long announcements from appearing already). Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know. - Matt
Re: EU Official: IP Is Personal
On Thu, Jan 24, 2008 at 10:33:20PM -0800, Owen DeLong wrote: On Jan 24, 2008, at 8:55 PM, [EMAIL PROTECTED] wrote: On Thu, 24 Jan 2008 20:39:53 PST, [EMAIL PROTECTED] said: What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get unusual access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other unusual user, might have done this or that. And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc). In order to be using the license plate, you had to be physically present in the car. You can work backwards from a phone number to a person, without a *guarantee* that you have the right person - but I don't see anybody claiming that phone numbers don't qualify as personal information under the EU definition. In order to be on the telephone number, you (almost always) need to be present at the site where that phone number is terminated. I don't know about your IP addresses, but, people can use my IP addresses from a number of locations which are nowhere near the jurisdiction in which my network operates, so, I don't really see the correlation here with license plates or phone numbers. In order to be using the IP address, your packets (almost always) have to pass through the device allocated that address. - Matt
Re: Cost per prefix [was: request for help w/ ATT and terminology]
On Sun, Jan 20, 2008 at 08:20:36PM -0500, Jeff McAdams wrote: Joe Abley wrote: On 20-Jan-2008, at 15:34, William Herrin wrote: Perhaps your definition of entry level DFZ router differs from mine. I selected a Cisco 7600 w/ sup720-3bxl or rsp720-3xcl as my baseline for an entry level DFZ router. A new cisco 2851 can be found for under $10k and can take a gig of RAM. If your goal is to have fine-grained routing data, and not to carry gigs of traffic, that particular router is perfectly adequate. And to take that concept to its logical extreme. A Linux box (*BSD, pick your poison) running Quagga or similar will do the job at an extremely low price point. So if we plug in, say, $2k for the cost of the Linux box, and compare it to the L3 switch mentioned earlier, each extra prefix saves the Internet around 50c? grin - Matt -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila, in the Monastery
Re: FW: ISPs slowing P2P traffic...
On Mon, Jan 14, 2008 at 06:43:12PM -0500, William Herrin wrote: On Jan 14, 2008 5:25 PM, Joe Greco [EMAIL PROTECTED] wrote: So users who rarely use their connection are more profitable to the ISP. The fat man isn't a welcome sight to the owner of the AYCE buffet. The fat man is quite welcome at the buffet, especially if he brings friends and tips well. That's the buffet's target market: folks who aren't satisfied with a smaller portion. The unwelcome guy is the smelly slob who spills half his food, complains, spends most of 4 hours occupying the table yelling into a cell phone (with food still in his mouth and in a foreign language to boot), burps, farts, leaves no tip and generally makes the restaurant an unpleasant place for anyone else to be. However, if the sign on the door said burping and farting welcome and please don't tip your server, things are a bit different. Similar comparisons to use of the word unlimited apply. What exactly does this imply, though, from a networking point of view? That the unpleasant nuisance who degrades everyone else's service and bothers the staff gets encouraged to leave. Until it is generally considered common courtesy (and recognised as such in a future edition of Miss Manners' Guide To The Intertubes) to not download heavily for fear of upsetting your virtual neighbours, it's reasonable that not specifically informing people that their unpleasant behaviour is unwelcome should imply that such behaviour is acceptable. - Matt
Re: Anyone using uvlan out there?
On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote: From the web site: uvlan is a User-space Virtual Local Area Network. In other words, uvlan peers act as nodes on a network switch. Routing ethernet traffic between peers inteligently. Thus allowing for multiple networks to share resources and even IP address space. Some may call it a VPN (Virtual Private Network) application, but it's much more powerful. Differences with traditional VPN technology: It's a VPN. None of these supposed differences are different from the fundamental characteristics of a VPN: 1. It is peer-to-peer invoke_buzzword_of_the_month(); 2. It doesn't require licensing Plenty of VPN products out there are FOSS; 3. It is much simpler Simpler than what? 4. It operates at Layer-2 (Ethernet), VPNs generally operate at Layer-3 (IP) Generally, perhaps, but it's not a requirement of the term VPN that it be an L3 transition. Layer-2 applications like gaming can't be supported with Layer-3 tunneling. Plenty of games can successfully use IP. From my understanding, this software is pretty much acting like a bridge, but with endpoints over a routed IP network. Has anyone actually used this? Thoughts? Criticisms? I haven't used this particular software, but I've used OpenVPN (software of the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all of the usual restrictions on LAN-like traffic over a low-bandwidth, high-latency link. Most things that need to use Ethernet assume all sorts of things that just don't hold over the Internet, and it causes some painful hassles. But, engineered properly, in the correct circumstances, it can be handy to bridge two or more segments over a routed network. A criticism of uvlan in particular is that I wouldn't trust my network security to people who sound so clueless. Their derision of VPNs, as you quoted above, shows either a lack of sense or a blind hatred, using libpcap in this situation gave me some chuckles, and their What algorithms are used? page scares me a little. I'll stick with OpenVPN, myself. Phone: (03) 90001 6090 - 0412 935 897 Gee you Melbournians are advanced... you've already gone to 11 digit phone numbers... grin - Matt
Re: Anyone using uvlan out there?
On Fri, Sep 14, 2007 at 12:33:03PM +1000, Steven Haigh wrote: Quoting Matt Palmer [EMAIL PROTECTED]: On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote: 2. It doesn't require licensing Plenty of VPN products out there are FOSS; Yeah - I wasn't too sure about this either. I haven't seen any VPN software that requires licensing in years. I didn't know anyone still required this? There's plenty of lots-o-money VPN products out there; presumably that's what they're talking about. The problem is that the statement uvlan isn't a VPN because it doesn't require licencing is a ridiculous statement, because you don't have to have a licencing requirement to be a VPN. 3. It is much simpler Simpler than what? Routing? Simple is in the eye of the beholder. Switched ethernet networks have their complexities that routed networks don't... 4. It operates at Layer-2 (Ethernet), VPNs generally operate at Layer-3 (IP) Generally, perhaps, but it's not a requirement of the term VPN that it be an L3 transition. Layer-2 applications like gaming can't be supported with Layer-3 tunneling. Plenty of games can successfully use IP. I was thinking more the case of joining lans. Obviously its not a solution for all causes, as anything with more than 5-10 nodes per site and more than 2-3 sites would get pretty ugly. I think a nice thing would be for things that can ONLY use a local LAN due to either software or developer restrictions. Well, obviously. From my understanding, this software is pretty much acting like a bridge, but with endpoints over a routed IP network. Has anyone actually used this? Thoughts? Criticisms? I haven't used this particular software, but I've used OpenVPN (software of the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all of the usual restrictions on LAN-like traffic over a low-bandwidth, high-latency link. Most things that need to use Ethernet assume all sorts of things that just don't hold over the Internet, and it causes some painful hassles. But, engineered properly, in the correct circumstances, it can be handy to bridge two or more segments over a routed network. I've used a lot of VPN stuff in the past, but I've usually always ended up doing it on a router, then had to NAT over it and all sorts of nasty stuff. I think this is a nicer solution if it could be implemented right :) I don't think you quite got my point -- you *don't* need uvlan to bridge Ethernet segments over a routed network; there are other products which will do the same thing. As I said, I've used OpenVPN to do this job, and my experiences are given in that block of text you quoted. A criticism of uvlan in particular is that I wouldn't trust my network security to people who sound so clueless. Their derision of VPNs, as you quoted above, shows either a lack of sense or a blind hatred, using libpcap in this situation gave me some chuckles, and their What algorithms are used? page scares me a little. I'll stick with OpenVPN, myself. I think it's come about of a case of wanting to do stuff that won't work properly over a routed network (xbox games etc) - however could be nicer for a lot more things. XBox games don't work over a routed network? Please tell me that XBox Live isn't just a giant uvlan install. - Matt -- When the revolution comes, they won't be able to FIND the wall. -- Brian Kantor, in the Monastery
Re: Cacti 0.8.6j Released (fwd)
[If people think this is off-topic, please let me know and I'll take it to private mail with Travis.] On Tue, May 08, 2007 at 07:32:18PM -0500, Travis H. wrote: Hey folks, I am following up to an ancient email because I'm curious if anyone has some SNMP-related resources. Basically, there's a lot of how-to or manpage sort of information, but I'm still unclear on what an MIB actually _is_, It's an overloaded term. Technically, I think it's the values which you can query by OID in an agent, but most people use the term to describe the textual description of the OIDs and what they mean, especially when they talk about downloading a MIB. what problem ASN.1 actually solves, How to encode the queries and responses. Unless you're actually writing an agent or low-level manager library, ignore it. Seriously, you don't need the headache. and more to the point how the whole shebang (I'm using net-snmpd) is typically used. Agent on device provides values, management app(s) collect data by polling (and possibly via traps), sysadmin gets to go home on time for once. I believe that what I need to do is get any/all MIBs for all entities (typically networking hardware devices) that I want to monitor, and import them into the net-snmp configuration somehow, and then software that calls on net-snmp can access the information from the devices. Is this accurate? Kinda-sorta. You don't actually need a MIB to be able to query a device -- you can, in theory, just walk it from the root and get all the OIDs (and their values) that the agent provides. However, since all you'll get are massive quantities of numbers, that'll be fairly useless, and the MIB file you refer to will help you (and your agent software) decode the OIDs into something more readable. That being said, if you only want to monitor a few OIDs, and you know the OIDs already, then the MIB is unnecessary. Where you put the MIBs to net-snmp can find them depends on where net-snmp has been told to look for them. /usr/share/snmp/mibs is where they go on my system, but $DEITY knows where they might end up on some Unices. Will I need to import MIBs to every net mgmt application? Should they If they use different OIDs, and you want to be able to use them easily, yes. This using different OIDs thing is depressingly common -- although there are RFC standards for a lot of the common types of networking data, a combination of the RFCs don't define all our statistics and NIH means that a lot of vendor equipment does it's own SNMP thing. be carefully accounted for and synchronized, or can I treat them like a typical configuration file, where it is obvious if I need it and I get them as needed? They're not critical to the operation of the whole thing, merely the comprehensibility, so don't get too obsessed over your MIBs. - Matt -- Just because we work at a University doesn't mean we're surrounded by smart people. -- Brian Kantor, in the monastery