Mitigating HTTP DDoS attacks?
Howdy all, So, i'm kind of new to this so please deal with my ignorance. But, what is common practice these days for HTTP DDoS mitigation during an attack? You can of course route every offending ip address to null0 at your border. But, if it's a botnet or trojan or something, It's coming from numerous different source IPs and Null0 routes can get very cumbersome. obviously. How do you folk usually deal with this? Any input would be greatly appreciated. Cheers, Mike
Re: Blackberry List
If anyone is interested: Blackberry Outage A component of the network infrastructure is experiencing a service interruption. Service Affected: BlackBerry All service for some *The Americas Network (MULT) subscribers in the following locations: The Americas, Summary: BlackBerry Network Infrastructure Impact: BlackBerry subscribers may be unable to send or receive messages. Subscribers may also be unable to register their device, roam in another location, or use other services such as Internet browsing. BlackBerry Internet Service subscribers may be unable to use the BlackBerry Internet Service web site or perform activities such as creating new accounts, accessing their Internet mailbox, integrating third-party email accounts, or viewing email attachments. Devices may not receive new service books. BlackBerry Connect and BlackBerry-enabled devices that require a new PIN may be unable to receive the PIN. BlackBerry Enterprise Servers may be unable to connect to the BlackBerry Infrastructure. Wireless service providers and device resellers may be unable to use BlackBerry administration web sites or perform activities such as creating subscriber accounts or provisioning services for subscribers. [0491] Ticket Number: BB90352 Incident Window Start Date and Time: 11 February 2008 15:20:00 (EST) Downtime Duration: Ongoing % of Subscribers Affected: 50.00 (estimated) Cause: To Be Determined EST = GMT - 5 hours EDT = GMT - 4 hours AEST = GMT + 10 hours On 2/11/08, Paul Ferguson [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Justin Pauler - Lists [EMAIL PROTECTED] wrote: I realize this isn't the right forum for this, so, does anyone have a Blackberry list that has discussions much like what we do here? Even better, that might have information or alerts for when there are issues? I'm seeing an issue right now where phones from two independant providers have not recieved updates from two independant BES servers since 2:30 PM CST (that's now about 2 1/2 hours). For what it's worth, RIM has indicated that there is a large and critical BlackBerry outage in the Americas: http://www.reuters.com/article/technologyNews/idUSN1114968920080211 Also, there is the outages mailing list: http://isotf.org/mailman/listinfo/outages - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHsMvmq1pz9mNUZTMRAoXrAKCep73E6cQ9X1uaE6Flo9qmJh78cQCeMB6x SbGmsmEq45bDd6Tv5j57W3I= =AFOw -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
[EMAIL PROTECTED]
Lovely... Could someone who reads (or is suppose to read...) empty the mailbox over at [EMAIL PROTECTED] sccrmxc20.comcast.net #5.0.0522_mailbox_full;_sz=629145600/629145600_ct=2746/10 smtp; Permanent Failure: Other undefined Status Thanks, Mike
Re: Level 3 (3356) issues?
Our DS3 here in Cupertino, Ca seems to be working flawless -Mike On Jan 15, 2008 8:44 AM, David Hubbard [EMAIL PROTECTED] wrote: Just curious if anyone is seeing issues with Level 3 right now? Our session is still up but we can't see any outside routes through them currently. I'm guessing by the fact that I've been on hold for 25 minutes that I'm not the only one having an issue with them but wanted to double check. Thanks, David
US Provisioned GSM cards abroad... SSL Issues?
Curious. Has anyone on the list here ever encountered issues while traveling in EMEA accessing SSL websites back in the states while using an ATT/Cingular GSM data card? We are seeing some issues with this and were curious to see if anyone else is seeing the same issue. Any insight would be appreciated. Thank You, Mike Lyon
Re: FCC rules for backup power
What? The gov't putting their nose in where it shouldn't be? NEVER! -Mike On Nov 13, 2007 1:00 PM, Wayne E. Bouchard [EMAIL PROTECTED] wrote: On Tue, Nov 13, 2007 at 03:07:03PM -0500, Sean Donelan wrote: Proposed new FCC rules for backup power sources for central offices, cell sites, remote switches, digital loops, etc. For the first time, the FCC is considering specific backup power time requirements of 24 hours for central offices and 8 hours for outside plant and cell sites. Although most carriers tended to follow old Bell System Practices for backup power, BSP's weren't official regulations. ISPs aren't specifically covered, but http://www.tessco.com/yts/industry/products/infra/infrastructure/power_supplies/pdf/agl_reprint.pdf I would suggest that these requirements will run afoul of local regulations regarding the storage of combustibles such as diesel fuel or other hazardous materials. (Think 111 8th ave and 9/11) This article seems to take much the same position. In short, this, to me, is the FCC putting it's nose where it doesn't belong. This is not something which should be regulated by this agency, it should be something done by the various communications operators in conjuntion with local municipalities. Yes, this means that there will be variances in many places but the regulations in place regarding fuel storage and so forth (no to mention batteries for DC plants, FM200 storage, etc, etc) are there because they are deemed to be in the best interests of the local community. The FCC has no idea what those best interests are and never will. Besides, when you're talking about a Katrina sized event, 24 hours is meaningless. Normal communications were not restored on many areas of the region (not just Louisiana) for days or weeks afterwards. And the assessment of what had occured didn't really begin until after the 24 hour mark was over anyway. The NTSB learned from its process of grounding planes after 9/11 that there are some emergency events where having pre-existing procedures in place can actually be harmful. The determination was that if there had been a process defined, all it would have done is slow things down by restricting what controllers could and could not do. Better to just let them use their knowledge and experience and act in the best way they know how, given the situation before them. Lets also point out that a generator is most often going to be outside the building at ground level, wether or not it is contained within its own structure. And if the generator isn't, there's a fair chance it's fuel tank would be. Not everyone will be willing to deal with the expense of burying it. As such, these are usually totally exposed to the elements and any lowland flooding. Meaning that if something fails in a facility due to a weather related event, it's probably going to be the generator. We've all seen that many times before. My $0.37 -Wayne --- Wayne Bouchard [EMAIL PROTECTED] Network Dude http://www.typo.org/~web/
Re: FCC rules for backup power
I do find it very interesting with all of what has happened post 9/11. Or maybe it's just more in the open now since then. But now we have the gov't putting there noses into everything network related it seems. For example, the Patriot Act (not saying this is good bad, i'll leave my thoughts to myself), CALEA and every other wire-tapping means that they have. Hell, now we even have SOX, but that wasn't really due to 9/11 but having that in place does it make life a pain for those in Enterprise IT. I think we have a very interesting next couple of years ahead of us with the Administration change. It will be interesting to see if the internet gets more regulated or less regulated. My $.02 worth. Mike On Nov 13, 2007 1:44 PM, Jared Mauch [EMAIL PROTECTED] wrote: On Tue, Nov 13, 2007 at 01:15:53PM -0800, Mike Lyon wrote: What? The gov't putting their nose in where it shouldn't be? NEVER! I must say, if you're a provider with US presence and you're not paying attention to the FCC, DHS (NCS, NCSD) and possibly that thing called NSTAC you may wake up one day and be amazed what is going on. Take an example - Unregulated chemical industry becomes regulated under DHS. (One of the 17 sectors that the govvies track). There's stuff to track that doesn't involve having a full time employee to associate with it, but some allocation of time is valuable. If you don't, who knows, you may have Senator Stevens setting policy that is relevant to you. http://hsgac.senate.gov/ http://homeland.house.gov/ There's all sorts of interesting stuff in this space to track. What if your network traffic doubled tomorrow due to a pandemic outbreak and everyone starts telecommuting? http://www.dhs.gov/xprevprot/programs/editorial_0760.shtm Perhaps it's wrong, or maybe they're right? I think continuing to watch the activities in this space are going to be critical to our evolution as providers of these ip packets. - Jared ps. other stuff of interest: www.it-scc.org (free) www.pcis.org (us, ca) -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Cogent issues in SF area?
Anyone else seeing it? BGP_Level3traceroute 208.70.27.35 Type escape sequence to abort. Tracing the route to 208.70.27.35 1 4.79.220.77 0 msec 4 msec 0 msec 2 4.68.123.30 [AS 3356] 8 msec 0 msec 4 msec 3 4.68.18.5 [AS 3356] 0 msec 4 msec 0 msec 4 4.68.110.138 [AS 3356] 4 msec 0 msec 4 msec 5 154.54.6.81 [AS 174] 4 msec * 0 msec 6 154.54.6.133 [AS 174] 4 msec 4 msec 4 msec 7 154.54.24.38 [AS 174] 4 msec 4 msec 4 msec 8 * * * 9 * * * Bah! -Mike
Re: Cogent issues in SF area?
CNN and www.archive.org were the two sites I couldn't get to... -Mike On 9/28/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: We're seeing very poor performance on Cogent in Chicago to major sites such as CNN and Salon. Traceroutes indicate packets dropping inside Cogent's network and at their handoff to at atdn.net. Opened a ticket with Cogent around 10am Central, haven't heard from anybody since. Not necessarily related to your problem, but maybe another data point. Carl Hirsch *Mike Lyon [EMAIL PROTECTED]* Sent by: [EMAIL PROTECTED] 09/28/2007 01:39 PM To NANOG nanog@merit.edu cc Subject Cogent issues in SF area? Anyone else seeing it? BGP_Level3traceroute 208.70.27.35 Type escape sequence to abort. Tracing the route to 208.70.27.35 1 4.79.220.77 0 msec 4 msec 0 msec 2 4.68.123.30 [AS 3356] 8 msec 0 msec 4 msec 3 4.68.18.5 [AS 3356] 0 msec 4 msec 0 msec 4 4.68.110.138 [AS 3356] 4 msec 0 msec 4 msec 5 154.54.6.81 [AS 174] 4 msec * 0 msec 6 154.54.6.133 [AS 174] 4 msec 4 msec 4 msec 7 154.54.24.38 [AS 174] 4 msec 4 msec 4 msec 8 * * * 9 * * * Bah! -Mike
Re: Network Inventory Tool
Excel or any opensoure version of it seems to do the job just fine for us... And you can massage the data any way you want! -Mike On 8/14/07, Joe Abley [EMAIL PROTECTED] wrote: On 13-Aug-2007, at 23:31, Wguisa71 wrote: Does anyone known some tool for network documentation with: - inventory (cards, serial numbers, manufactor...) - documentation (configurations, software version control, etc) - topology building (L2, L3.. connections, layer control, ...) All-in-one solution and It don't need to be free. I'm just looking for some thing to control the equipments we have like routers from some sort of suppliers, etc... If you don't succeed in finding an all-in-one, vendor-neutral solution which does precisely what you want straight out of the box (and don't feel bad if so, since many have failed before you) there are some clues for rolling your own here: http://www.nanog.org/mtg-0210/ppt/stephen.pdf Joe
Current rack pricing?
Curious as to what other companies are paying on a per-rack basis at the various tier-1 providers (L3, att, sprint) with dual 30 amp 120vac drops in them? Any input would be appreciated. Thanks, Mike
Re: HSRP availability in datacenters?
So is the question: you are selling transit to your customers and you are wondering if you should charge your customer for allowing them to use your HSRP gateway instead of a physical interface on your router? Personally, if I saw a provider charging for that service, I would shy away from them. Only because it tells me they are piece-mealing their services and are cheap. I would think a good provider would include that (and/or not sell it WITHOUT HSRP) in their sales offering. If for the only reason of customer support nightmares. If you have your customers on HSRP and you have a router go down, you wont have them calling you every five minutes bitching at you... -Mike On 5/11/07, Randal Kohutek [EMAIL PROTECTED] wrote: My cohorts in suits have begun wondering if HSRP is standard for customer gateways, and from there wondering if it is something we should charge for. I did some research and came up with mixed results; I'd like to hear nanogers experiences with this: In your experience, do datacenters provide free HSRP gateways, or do they make you pay for it? Real world examples are better than Google :) Thanks, Randal
Re: HSRP availability in datacenters?
Check out this article: http://www.cisco.com/en/US/products/hw/switches/ps646/products_qanda_item09186a00801cb707.shtml#q1 Get rid of the 3550. Get youself a 6509 or 6513 :0 -Mike On 5/11/07, Randal Kohutek [EMAIL PROTECTED] wrote: We currently offer HSRP everywhere, the problem is that it doesn't scale on a budget. For example, a 3550 can do 16 HSRP groups, limiting the number of customers that we can attach to (2x 3550s) to 16. That's a lot of distribution infrastructure for 16 customers. Then to scale that, say, to 200+ customers, that means we have 12-13 pairs of distribution routers, each with 2x gigE uplinks to the core ... Which means that either (A) the core has to be really big or (b) we get fewer, more powerful distribution devices. This is where my employer is at now - I admit, we're tiny in the datacenter world - but the cost to aggregate 100+ HSRP groups into the core, with room to grow, is pretty staggering for a smb. This why the suits are wondering if there is a revenue opportunity hiding somewhere to finance such a thing. Ah, the joys of growing out of your britches :) Thanks for any continued response, Randal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Lyon Sent: Friday, May 11, 2007 12:40 PM To: Randal Kohutek Cc: nanog@merit.edu Subject: Re: HSRP availability in datacenters? So is the question: you are selling transit to your customers and you are wondering if you should charge your customer for allowing them to use your HSRP gateway instead of a physical interface on your router? Personally, if I saw a provider charging for that service, I would shy away from them. Only because it tells me they are piece-mealing their services and are cheap. I would think a good provider would include that (and/or not sell it WITHOUT HSRP) in their sales offering. If for the only reason of customer support nightmares. If you have your customers on HSRP and you have a router go down, you wont have them calling you every five minutes bitching at you... -Mike On 5/11/07, Randal Kohutek [EMAIL PROTECTED] wrote: My cohorts in suits have begun wondering if HSRP is standard for customer gateways, and from there wondering if it is something we should charge for. I did some research and came up with mixed results; I'd like to hear nanogers experiences with this: In your experience, do datacenters provide free HSRP gateways, or do they make you pay for it? Real world examples are better than Google :) Thanks, Randal
Re: HSRP availability in datacenters?
Well, the suits will realize the support nightmare (which equals $$$) if they don't keep HSRP. Hopefully, they won't have to learn that the hard way. -Mike On 5/11/07, Randal Kohutek [EMAIL PROTECTED] wrote: I had read that on our original deployment, and it's a nightmare to keep the documenation and configuration in synch. My personal opinion is that potentially failing 16 VSIs over to the standby at once (because they're all in the same group) - instead of just the affected ones - is poor policy. I agree, 6500s or 4500s for distribution are where it's at ... Unfortunately they cost a lot. Which is why the suits are considering financing them by charging for the features they provide. This has been a hot topic around the office, with all of us network guys saying `keep hsrp everywhere` because it makes our phones ring less, but we realize that network upgrades aren't free, which is making the non-IT folks all antsy. Regards, Randal -Original Message- From: Mike Lyon [mailto:[EMAIL PROTECTED] Sent: Friday, May 11, 2007 1:11 PM To: Randal Kohutek Cc: nanog@merit.edu Subject: Re: HSRP availability in datacenters? Check out this article: http://www.cisco.com/en/US/products/hw/switches/ps646/products _qanda_item09186a00801cb707.shtml#q1 Get rid of the 3550. Get youself a 6509 or 6513 :0 -Mike On 5/11/07, Randal Kohutek [EMAIL PROTECTED] wrote: We currently offer HSRP everywhere, the problem is that it doesn't scale on a budget. For example, a 3550 can do 16 HSRP groups, limiting the number of customers that we can attach to (2x 3550s) to 16. That's a lot of distribution infrastructure for 16 customers. Then to scale that, say, to 200+ customers, that means we have 12-13 pairs of distribution 200+ routers, each with 2x gigE uplinks to the core ... Which means that either (A) the core has to be really big or (b) we get fewer, more powerful distribution devices. This is where my employer is at now - I admit, we're tiny in the datacenter world - but the cost to aggregate 100+ HSRP groups into the core, with room to grow, is pretty staggering for a smb. This why the suits are wondering if there is a revenue opportunity hiding somewhere to finance such a thing. Ah, the joys of growing out of your britches :) Thanks for any continued response, Randal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Lyon Sent: Friday, May 11, 2007 12:40 PM To: Randal Kohutek Cc: nanog@merit.edu Subject: Re: HSRP availability in datacenters? So is the question: you are selling transit to your customers and you are wondering if you should charge your customer for allowing them to use your HSRP gateway instead of a physical interface on your router? Personally, if I saw a provider charging for that service, I would shy away from them. Only because it tells me they are piece-mealing their services and are cheap. I would think a good provider would include that (and/or not sell it WITHOUT HSRP) in their sales offering. If for the only reason of customer support nightmares. If you have your customers on HSRP and you have a router go down, you wont have them calling you every five minutes bitching at you... -Mike On 5/11/07, Randal Kohutek [EMAIL PROTECTED] wrote: My cohorts in suits have begun wondering if HSRP is standard for customer gateways, and from there wondering if it is something we should charge for. I did some research and came up with mixed results; I'd like to hear nanogers experiences with this: In your experience, do datacenters provide free HSRP gateways, or do they make you pay for it? Real world examples are better than Google :) Thanks, Randal
Re: Load balancing
Upgrade to 10 gigabit :) -Mike On 5/7/07, dan [EMAIL PROTECTED] wrote: Hello, I currently have 2 routers with a single gigabit link (and corresponding internal BGP session) between them. router1 -gigabit---router2 Simple setup. Now that we have reached the limit on this gigabit link, we are adding a second gigabit link between the same 2 routers, and we wish to load balance across them. Traffic is about 5:1 ratio of out:in. router2 has bgp sessions with several upstreams, and router 1 has bgp sessions with further internal routers. What is the best way to balance across these 2 links? --- dan
Slightly OT: datacenter cage providers in SF Bay Area?
Anyone know of any vendors in the SF Bay Area that build out datacenter cages? Thanks, Mike
Re: Slightly OT: datacenter cage providers in SF Bay Area?
That should read: I have an internal datacenter. I need someone to come out and build out a cage for me. Thanks, Mike On 5/3/07, Mike Lyon [EMAIL PROTECTED] wrote: Anyone know of any vendors in the SF Bay Area that build out datacenter cages? Thanks, Mike
Re: PGE on data centre cooling..
Wonder if they visited Equinix in South San Jose... There ain't no light in that place... But, i still think it's one of the better ones that I have been in. -Mike On 3/29/07, Jonathan Lassoff [EMAIL PROTECTED] wrote: From the article: San Francisco-based 365 Main has ... installed lighting controls that automatically turn off lights... That's funny, I've never really noticed. I've worked out of 365 for a while now at all hours of the day, and it's still the brightest facility that I've ever been too. It always seemed folly to me that they had fairly bright fluorescent lights over all of the datacenter floor, even when nobody has badged in, when they don't even have cameras covering a majority of every colocation room. It's a very nice facility, but you certainly pay for it, and they have some of the more wasteful operating practices that I've seen. -j On 3/29/07, Alexander Harrowell [EMAIL PROTECTED] wrote: http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9014674source=rss_news50 -- Jonathan Lassoff echo thejof | sed 's/^/jof@/;s/$/.com/' http://thejof.com GPG: 0xC8579EE5
Re: NOC Personel Question (Possibly OT)
NOC Technician? Support Technician? I have others that I was called when I worked in a NOC but it probably wouldn't be proper for here... -Mike On 3/14/07, Todd Christell [EMAIL PROTECTED] wrote: Greetings, Sorry if this is OT but we are having a discussion with our HR department. We are in the process of getting a 24 X 7 NOC in place and HR has a problem with calling them NOC Specialist. What is the generally accepted title? Thanks in advance, Todd Christell SpringNet Network Manager 417.831.8688
Re: NOC Personel Question (Possibly OT)
NOC monkey On 3/14/07, Gadi Evron [EMAIL PROTECTED] wrote: On Wed, 14 Mar 2007, K. Graham wrote: I was called a nocling but I doubt that would pass the HR test. There's also reboot monkey. :) How about Network Support something ? Gadi. -- beepbeep it, i leave work, stop reading sec lists and im still hearing gadi - HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.
Re: Paul Vixie: Suspected Arms Dealer
Sweet! That means I don't need to drive to AZ to get that AR15 I have been wanting to get! -Mike On 3/7/07, Joseph S D Yao [EMAIL PROTECTED] wrote: On Wed, Mar 07, 2007 at 01:01:40PM +, Alexander Harrowell wrote: One of my blog-related interests is the career of Russian arms dealer Viktor Bout. I recently checked out the namebase.org social network diagram for him...and was a little surprised to see where our very own Paul Vixie comes in it. http://www.namebase.org/cgi-bin/nb06?BOUT_VICTOR_ Is there something he's not telling us? More seriously, good work. Lauren Weinstein, too. I can't imagine im as an arms dealer! Unless it's a different LW. -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: Request for topic death on Cold War history (was RE: Every incident is an opportunity)
Come on guys... Some more originality please... Internet---Al-Qaeda fundraisingAfghanistan---USSR vs. USCold war Arpanet--- Internet. Vicious cycle. -mike On 2/12/07, Alexander Harrowell [EMAIL PROTECTED] wrote: Causality? WW2=nukes, cold war=arpanet=internet, surely? On 2/12/07, micky coughes [EMAIL PROTECTED] wrote: Hmm, let's see. Nukes = cold war = arpanet = internet Yup, looks ok. On 2/12/07, Olsen, Jason [EMAIL PROTECTED] wrote: Of course, but the point was the goal of that targetting. The US public by and large believed, and seems to still believe [snip] If anniliation is the goal than it's of no importance, just bomb the densest population centers. To borrow from snarky comments past: Unless Vendor C has introduced a no nuclear-apocalpyse command that I need to enable in IOS, it seems that this thread has wandered far from the flock and subsequently lost most any relevance to the listserv and/or topic that spawned it. Cold War strategy is fascinating and all (I do mean that in a non-snarky way) but does it really belong on NANOG after it has seemingly dropped any pretense of being an analogy for anything list-relevant? -Feren Sr Network Engineer DeVry University
Anyone with SMTP clue at Verizon Wireless / Vtext?
Their gateway is blocking mail from my host. Of course, there is no clueful contact info on their webpage... Please hit me up offlist. Thanks, mike
Re: Colocation in the US.
Paul brings up a good point. How long before we call a colo provider to provision a rack, power, bandwidth and a to/from connection in each rack to their water cooler on the roof? -Mike On 24 Jan 2007 17:37:27 +, Paul Vixie [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (david raistrick) writes: I had a data center tour on Sunday where they said that the way they provide space is by power requirements. You state your power requirements, they give you enough rack/cabinet space to *properly* house gear that consumers that properly is open for debate here. ... It's possible to have a facility built to properly power and cool 10kW+ per rack. Just that most colo facilties aren't built to that level. i'm spec'ing datacenter space at the moment, so this is topical. at 10kW/R you'd either cool ~333W/SF at ~30sf/R, or you'd dramatically increase sf/R by requiring a lot of aisleway around every set of racks (~200sf per 4R cage) to get it down to 200W/SF, or you'd compromise on W/R. i suspect that the folks offering 10kW/R are making it up elsewhere, like 50sf/R averaged over their facility. (this makes for a nice-sounding W/R number.) i know how to cool 200W/SF but i do not know how to cool 333W/SF unless everything in the rack is liquid cooled or unless the forced air is bottom-top and the cabinet is completely enclosed and the doors are never opened while the power is on. you can pay over here, or you can pay over there, but TANSTAAFL. for my own purposes, this means averaging ~6kW/R with some hotter and some colder, and cooling at ~200W/SF (which is ~30SF/R). the thing that's burning me right now is that for every watt i deliver, i've got to burn a watt in the mechanical to cool it all. i still want the rackmount server/router/switch industry to move to liquid which is about 70% more efficient (in the mechanical) than air as a cooling medium. It's a good way of looking at the problem, since the flipside of power consumption is the cooling problem. Too many servers packed in a small space (rack or cabinet) becomes a big cooling problem. Problem yes, but one that is capable of being engineered around (who'd have ever though we could get 1000Mb/s through cat5, after all!) i think we're going to see a more Feinman-like circuit design where we're not dumping electrons every time we change states, and before that we'll see a standardized gozinta/gozoutta liquid cooling hookup for rackmount equipment, and before that we're already seeing Intel and AMD in a watts-per-computron race. all of that would happen before we'd air-cool more than 200W/SF in the average datacenter, unless Eneco's chip works out in which case all bets are off in a whole lotta ways. -- Paul Vixie
Re: Colocation in the US.
I think if someone finds a workable non-conductive cooling fluid that would probably be the best thing. I fear the first time someone is working near their power outlets and water starts squirting, flooding and electricuting everyone and everything. -Mike On 1/24/07, Brandon Galbraith [EMAIL PROTECTED] wrote: On 1/24/07, Deepak Jain [EMAIL PROTECTED] wrote: Speaking as the operator of at least one datacenter that was originally built to water cool mainframes... Water is not hard to deal with, but it has its own discipline, especially when you are dealing with lots of it (flow rates, algicide, etc). And there aren't lots of great manifolds to allow customer (joe-end user) service-able connections (like how many folks do you want screwing with DC power supplies/feeds without some serious insurance).. Once some standardization comes to this, and valves are built to detect leaks, etc... things will be good. DJ In the long run, I think this is going to solve a lot of problems, as cooling the equipment with a water medium is more effective then trying to pull the heat off of everything with air. But standardization is going to take a bit.
Anyone in or near Brentford, Middlesex, UK?
That could lend me a Cisco 256MB (or larger) CF flash card for a SUP720 for a week? In desperate need of one for a migration. If you can help, please hit me up offlist. Now back to regularly-scheduled North American network discussions... Thank You, Mike Lyon
network maintenance notification .pl scripts?
Howdy, Figured before I re-invent the wheel here I would ask to see if anyone has a simple .pl script where one would enter their maintenance data into a webpage and press enter and it would spit out a handy maintenance notice that you could cut/paste it into an e-mail. Anyone? -Mike
Urgent need for bandwidth in Chiswick/London
Howdy. Please excuse the semi-offtopic post. My company is looking for bandwidth at the location below before Christmas. So that pretty much rules out your standard leased-line options. Leased line looks to be about 60 days out or so. Does anyone know of any MAN (or anything else for that matter) options at this location? Building 10 Chiswick Park 566 Chiswick High Road London W4 5XS Thanks in advance, Mike
AOL Lameness
Is anyone else noticing new AOL lameness that when you send an e-mail to an AOL user and if the e-mail has a URL in it but the reverse lookup of that url doesn't come back to that domain name that AOL's postmaster rejects it and gives you this URL: http://postmaster.info.aol.com/errors/554hvuip.html This has to be new policty for them because it never rejected them before... Ugh. -Mike
Re: AOL Lameness
OK, I should clarify this. The description that is on that link I put in my original e-mail doesn't actually describe what is happening, but that is the error they spit back at me. What really is happening is that the url that is in my e-mail and when you reolve it to an IP, if you do a reverse lookup on that IP, it comes back with a generic DNS entry that my colo provider has assigned to it. So the issue seems to be that the reverse DNS entry and the domain name don't match. But this isn't really an issue, a lot of providers do it this way. But why is AOL being lame with this? -Mike On 10/2/06, Matt Baldwin [EMAIL PROTECTED] wrote: Yes, I'm noticing this too. Very lame indeed. Doing a quick Google on it in the Groups it seems that it was a feature that was enabled earlier this year. My guess is they turned it off, then turned it back on. Anyone from AOL care to explain this behavior and what should be communicated to the end-user? Thanks. -matt On 10/2/06, Mike Lyon [EMAIL PROTECTED] wrote: Is anyone else noticing new AOL lameness that when you send an e-mail to an AOL user and if the e-mail has a URL in it but the reverse lookup of that url doesn't come back to that domain name that AOL's postmaster rejects it and gives you this URL: http://postmaster.info.aol.com/errors/554hvuip.html This has to be new policty for them because it never rejected them before... Ugh. -Mike
Anyone with clue at Halifax Cablevision or Eastlink in Canada?
I need to speak with someone with clue at either of the companies below: Andara High Speed Internet c/o Halifax Cablevision LTD. ANDARA Eastlink HSI EASTLINK-BWTR-UBR-1 Please hit me up offlist. Thank You, Mike
Re: New Laptop Polices
Are laptops being questioned now in the UK when going through security? I would assume that they are probably wiping every laptop and doing the explosive check that they do... -Mike On 8/11/06, Cullen, Michael [EMAIL PROTECTED] wrote: Greetings all, Given the new threats and the change in policy with the airlines and traveling in and around the UK, has anyone changed their laptop and portable computing device policy? We are being questioned about the safety of executives traveling with their laptops. Thank You, Michael Cullen Global Security, Universal Music Group 818 286-5473 (w) | 818 919-6974 (c) UMG GSO Michael (aim) | UMG.GSO.Michael (gtalk) | [EMAIL PROTECTED] (msn) The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that it is strictly prohibited (a) to disseminate, distribute or copy this communication or any of the information contained in it, or (b) to take any action based on the information in it. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
Re: PIPE CLEANERS... was: APC Matrix 5000 question(s)
I need a Spam Pig... -Mike On 8/2/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: pipecleaners? http://www.ppsa-online.com/about-pigs.php#UTILITY%20PIGS do they make one for Internet Pipes? --bill On Wed, Aug 02, 2006 at 05:59:29PM -0700, joe mcguckin wrote: Can't you guys take this off-list? I'm seeing this thread gatewayed on *another* mailing list also. Somehow, APC battery maintenance doesn't seem like a critical topic (unlike for example, internet pipe cleaning day) ^) Joe McGuckin ViaNet Communications [EMAIL PROTECTED] 650-207-0372 cell 650-213-1302 office 650-969-2124 fax On Aug 2, 2006, at 6:34 AM, [EMAIL PROTECTED] wrote: On Wed, 2 Aug 2006, Matthew Sullivan wrote: [EMAIL PROTECTED] wrote: Update: I replaced the batteries today, and indeed, several of the old ones (mostly in the first pack) were split and some had popped a couple of their sealed tops. I left for several hours and came back to the house stinking like burning rubber. The new batteries are apparently melting the terminal rubber insulation. I had to throw it back into bypass mode and unplug that pack (the only one with new batteries!) Any ideas to the cause? The status screens looked ok. (no bad batteries again) Tip: Except where a newly supplied battery is faulty, replace all or none - across all your packs connected to the same UPS. Understood...that's why I unplugged the other 2 XR packs from the UPS. APC rejected the notion that there was a controller problem, until they had me perform the battery test, when it not only cut power (batteries were fried anyway), it stayed in test mode until bypassed. According to them, even with dead batteries, it should come out within 5-10 seconds. James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am == ===
LimeLigh random Friday afternoon renumbering, anyone?
Anyone else have LimeLight randomly decide to renumber their IP blocks on Friday afternoon without any heads up to anyone? Just curious to see who else had their connectivity go down because of it... Yay! -Mike
Portable datacenter coolers?
Anyone know of any places in the silicon valley area that lease or rent those portable datacenter coolers? You know, those ones that stand about 5 feet high, are usually blue in color and are on wheels? The ones you are suppose to have on hand in case your main cooling system takes a dump on you? Yeah, those. Anyone have any idea where I could get my hands on one fairly quickly? I am in Santa Clara.Thanks,Mike
Vonage Contacts?
If anyone from Vonage is on NANOG could you please drop me an e-mail off-list? Thank You, Mike
Anyone alive at Sprint Abuse?
Is there anyone on this list from Sprint Abuse or does anyone have a human contact over there? One of their customers is port scanning one of my customers (who also happens to be a Sprint customer...) and e-mails to [EMAIL PROTECTED] have gone unanswered. Anyhelp would be appreciated. Thanks, Mike Lyon
Slightly OT: Flannery VS RSA
I haven't heard much lately about Flannery. Have their been any implementations or benchmarks of the flannery Cayley-Purser algorithm in comparison to RSA in the real world? -Mike
Re: Finding information about metro private line service in downtown SF
Depends on the distance and what antennas you are using. If it's a short hop (which it sounds like it is) and you have very directional antennae, you can usually avoid most of the interference, especially if engineered correctly with frequency coordination (BANC) and checking of the frequencies with a spectrum analyzer before hand using the the antennas you plan to use (like stated earlier in this thread). But of course, stear away from the 2.4 Ghz band, look at 5 Ghz and beyond. -Mike On Thu, 28 Oct 2004 21:56:37 -0700 (PDT), Tom (UnitedLayer) [EMAIL PROTECTED] wrote: On Thu, 28 Oct 2004, Jeff Rosowski wrote: The Corning, FreeLink Optical Transport System looked pretty good as well if you have the money for it. Handles most weather, with the exception of fog. Using FSO in San Francisco is almost impossible :) There are way too many foggy days, I've watched links go up and down when fog rolls down the street. If you're looking at wireless, the only real option is 38Ghz (if you can get the license) because of all of the 802.11x pollution.
Re: Finding information about metro private line service in downtown SF
Can you get roof rights at both locations? If so, can you stand on one roof and see the other? If yes, go wireless. You will have the capital cost upfront but no monthly fees to pay to your friendly telco of choice each month. There are plenty of companies that manafacture telco quality radios for instances like this. Proxim, Alavarion, P-Com, RadioLAN, just to name a few. -Mike On Wed, 27 Oct 2004 19:41:29 -0700, Roy [EMAIL PROTECTED] wrote: Oops Forgot my Sig Roy Engehausen Roy wrote: I have used PacBell's GIGAMAN service at a number of locations. Its basically managed fiber running GigE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Garrison Sent: Wednesday, October 27, 2004 7:32 PM To: [EMAIL PROTECTED] Subject: Finding information about metro private line service in downtown SF Hello, I am investigating the options for linking up a new office to our (coincidentally) close datacenter in downtown San Francisco. Both locations are SOMA and within about 10 minutes walking of each other. Calling SBC provided me with a rather clueless person telling me all about ATM, Frame Relay and other options I don't want. To his credit, I believe I may have been defining what I want incorrectly. Since both areas are well within the same LATA (do people say that anymore?) I am simply looking for some sort of private line service be it fiber or copper. Who are the providers local to the area? Is there any way of finding what is in the ground around me? (I know UPN Networks is in between our offices so I am confident there is fiber or copper all around us.) What are the easiest options for this sort of thing? What kind of pricing might we be looking at? To give some perspective, we push a significant amount of bandwidth through our datacenter such that if the costs work out we would prefer a private line into our datacenter (for many reasons including cost, internet speed in the office, ability to have a backend entrance to our network for offsite backups, etc.). We would also then just setup a DSL line or T1 for emergencies/failover.[1] Please reply offlist, thanks for any insight, Bill [1]: Our alternative is too just get a T1 with a DSL for manual failover but piping into our datacenter would provide a substantial number of benefits. (this is a small office with about 10 people all of whom can handle cold-swapping to DSL if ever needed...)
ATT Worldnet Mail Contact?
Could someone from ATT Worldnet who has access to blacklist info please contact me offlist? Thank You, Mike
Re: Moving filters from edge to core
I would tend to keep the filters on the edge, for obvious reasons. Your management would probably agree with this the first time you get attacked coming from each of your edge routers with nothing to protect it from happening. You could always make a script (PERL) to go out and make the modifications to your edge routers for you. My $.02, Mike On Mon, 28 Jul 2003, Tay Chee Yong wrote: Hi all, This might be quite a stupid question. But my management is looking at moving the filters from the edge to the core, so as to reduce adminstration of apply filters on all our edge routers, and minimizing the possibility of non-synchronized filters at the edge. Does anyone has any advise on this? I believe all the there are many larger ISP in this list that have a better way to manage your filters at the edge. Would appreciate all inputs/comments. Thanks. Regards, Cheeyong -- -Mike Lyon - -Network Admin/Engineer for hire: - -www.mikelyon.net - - Cell: 408-621-4826 -
Re: State Super-DMCA Too True
On Sun, 30 Mar 2003, Simon Lyall wrote: On Sat, 29 Mar 2003, Tony Rall wrote: No, it is not theft of service. It doesn't cost an ISP more for me to have 20 machines than it does if I have just 1. Nor does it cost them if I use NAT. What might cost them more is if I use more bandwidth or use additional IP addresses (for which there may be an associated expense). But a user with one machine can potentially use as much or more bandwidth than a user with 20. There simply isn't a decent correlation between number of machines and amount of service consumed. Even so, an ISP doesn't have a legitimate complaint against users that are simply consuming the bandwidth that the ISP advertised as being part of their service. So if I own an all you can eat restaurant you would say that I should allow you and your whole family to eat for the price of one person as long as only one of your was in the restaurant at any one time? Ahh! But you see it ain't all you can eat or rather, use as much bandwidth as you want as we don't throttle you at all. I recently signed up for Comcast and had it installed. I get some really nice download speeds, would be surprised if the download has a cap on it. However, upload is definetly throttled, stops at about 250 kbps. So that is what I am paying for. It's not limitless. I payed for a big mac and a drink with free refills, If I share that with my room mate, I am not stealing from them. -Mike Of course you'll say your family of vegetarian dieters eats less food than some truck driver I had in last week so thats okay. The ISP is able to charge the low price for flat rate Internet because it knows there is only one computer in the house and it's (99% of the time) doing normal web browsing and email type stuff for only a limited amount of time each day (p2p has screwed up the economics a bit). If you price your product on the assumption that the average customer only uses 5% of their bandwidth then it doesn't take many customers using 50% or 100% of it to really spoil your economics. Banning NAT and servers is a simple way to filter out most of the power users without scaring the mom and pop customers with bandwidth and download quotas. -- -Mike Lyon - -Network Admin/Engineer for hire: - -www.mikelyon.net - - Cell: 408-621-4826 -
Re: Arin Smack down?
Worked for me: [mlyon@fitzharris mlyon]$ whois -h whois.arin.net 64.124.168.60 [whois.arin.net] OrgName:Abovenet Communications, Inc OrgID: ABVE NetRange: 64.124.0.0 - 64.125.255.255 CIDR: 64.124.0.0/15 NetName:ABOVENET NetHandle: NET-64-124-0-0-1 Parent: NET-64-0-0-0-0 NetType:Direct Allocation NameServer: NS.ABOVE.NET NameServer: NS3.ABOVE.NET Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate:2000-07-06 Updated:2001-04-27 TechHandle: NOC41-ORG-ARIN TechName: Metromedia Fiber Networks/AboveNet TechPhone: +1-408-367- TechEmail: [EMAIL PROTECTED] OrgTechHandle: MFNA1-ARIN OrgTechName: Metromedia Fiber Networks AboveNet OrgTechPhone: +1-408-367- OrgTechEmail: [EMAIL PROTECTED] # ARIN Whois database, last updated 2002-11-20 19:05 # Enter ? for additional hints on searching ARIN's Whois database. [mlyon@fitzharris mlyon]$ -Mike On Thu, 21 Nov 2002, Joe wrote: Perhaps something I've mised, but is ARIN.Net no longer handling lookups? I usually use them to find offending users but got this when doing a lookup. No match for 64.124.168.60 Thanks in Advance off on on list. -Joe
Re: Standalone Stratum 1 NTP Server
As I am sure you have noticed from other replies on the list here, the idea for NTP is not to have a Stratum one device at every single POP. That would be pricey not only in equipment costs but in roof-rights cost. What many do for NTP is to have one or two Stratum 1 devices amongst your network and then distribute it to a box that would then in turn distribute down to the next layer of equipment and so on. So if you are only spending $2400 and maybe even $4800 to support NTP across your whole network, I would think that would be worth it. -Mike On Tue, 27 Aug 2002, John Todd wrote: Hmm... $2400 is still in the pricey range to be throwing out bunches of these across a network in wide distribution. (Pardon me if some of you on the list snicker at my reluctance at the $2400 price - for some of us the new, new Econcomy is making things like NTP Stratum 1 clocks a luxury that The Budgeters doesn't see as necessary, since it's an invisible engineering issue.) One would think that a vendor could come up with a 1u rackmount box with a GPS and single-board computer (BSD or Linux-based) for ~$500 total cost. Add 150% for profit and distribution costs, you're still in the $1300 range, which is more reasonable. I suppose my oversimplification is the reason I'm not in the hardware business. I'd be even happier with a PCI-bus card that I could put into an old (reasonably fast) PC and a CD-ROM with an OpenBSD distribution that automatically did the Right Thing. There is a case to be made about off-the-shelf PC hardware not being accurate enough to handle a true Stratum-1 clock, and that is a valid point. However, if I can get within .5ms, I'm happy since most of my applications don't require anything more accurate than that. (Those of you timing T1's should use the more expensive systems.) I will go out on a limb and say that a reduction in the cost of stratum-1 servers will increase their use across the Internet. The results of such an increase would be arguably visible, as the current multi-layer timekeeping system seems to be more-or-less keeping clocks correct to the point of usefulness, at least from a layer-4-and-up standpoint. However, accuracy and self-determination for timing are probably things that most organizations would consider good by self-evidence, and the lower the price the more possible things become to implement. Perhaps there are reasons that putting stratum-1 clocks in many, many places is sub-optimal; I leave that for others to illuminate. I know that I would like to not rely on POP-external network connections to keep my clock sources accurate, but these prices (while very inexpensive, compared to other stratum-1 sources I have seen) are still outside the put-one-in-every-POP price. JT At 9:48 AM -0700 8/27/02, Mike Lyon wrote: Here is your base pricing from Truetime: NTS-150 $2395 NTS-200 $3595 -Mike On Tue, 27 Aug 2002, John Todd wrote: Happen to know what the base price is for these? Low price is a relative term when dealing with clock makers. :) JT http://www.truetime.com/index.html Not exactly stand alone because you have to place the antenna somwhere where it can see the GPS satellites as is the case with any any Stratum 1 NTP device. Then you have to program the IP into it and plug the ethernet into it. They are really simple to install and configure. They give you a certain amount of Coax (you can order more if need be) and you put the antenna on the roof and run it down to the receiver. Quite simple. They have a couple different models to choose from. -Mike On Mon, 26 Aug 2002, Mike Leber wrote: I was wondering if anybody has any suggestions for a low priced, off the shelf, complete (includes any necessary receivers), standalone (as in you just plug it in and connect ethernet), stratum 1 NTP server? Please also mention where to buy it. Mike. +- H U R R I C A N E - E L E C T R I C -+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +---+ -- / - Mike Lyon- - Studio Engineer - - KKUP Public Radio, Cupertino, Ca- -Cell: 408-621-4826- - www.fitzharris.com/~mlyon - / -- / - Mike Lyon- - Studio Engineer - - KKUP Public Radio, Cupertino, Ca- -Cell: 408-621-4826- - www.fitzharris.com/~mlyon - /
Re: Standalone Stratum 1 NTP Server
http://www.truetime.com/index.html Not exactly stand alone because you have to place the antenna somwhere where it can see the GPS satellites as is the case with any any Stratum 1 NTP device. Then you have to program the IP into it and plug the ethernet into it. They are really simple to install and configure. They give you a certain amount of Coax (you can order more if need be) and you put the antenna on the roof and run it down to the receiver. Quite simple. They have a couple different models to choose from. -Mike On Mon, 26 Aug 2002, Mike Leber wrote: I was wondering if anybody has any suggestions for a low priced, off the shelf, complete (includes any necessary receivers), standalone (as in you just plug it in and connect ethernet), stratum 1 NTP server? Please also mention where to buy it. Mike. +- H U R R I C A N E - E L E C T R I C -+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +---+
Re: Standalone Stratum 1 NTP Server
Here is your base pricing from Truetime: NTS-150 $2395 NTS-200 $3595 -Mike On Tue, 27 Aug 2002, John Todd wrote: Happen to know what the base price is for these? Low price is a relative term when dealing with clock makers. :) JT http://www.truetime.com/index.html Not exactly stand alone because you have to place the antenna somwhere where it can see the GPS satellites as is the case with any any Stratum 1 NTP device. Then you have to program the IP into it and plug the ethernet into it. They are really simple to install and configure. They give you a certain amount of Coax (you can order more if need be) and you put the antenna on the roof and run it down to the receiver. Quite simple. They have a couple different models to choose from. -Mike On Mon, 26 Aug 2002, Mike Leber wrote: I was wondering if anybody has any suggestions for a low priced, off the shelf, complete (includes any necessary receivers), standalone (as in you just plug it in and connect ethernet), stratum 1 NTP server? Please also mention where to buy it. Mike. +- H U R R I C A N E - E L E C T R I C -+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +---+ -- / - Mike Lyon- - Studio Engineer - - KKUP Public Radio, Cupertino, Ca- -Cell: 408-621-4826- - www.fitzharris.com/~mlyon - /
Re: Colocation Enclosures
Try SharkRack. They'll make custom racks if need be. Very nice sales people. http://www.sharkrack.com/ -Mike On Mon, 15 Jul 2002, Christopher J. Wolff wrote: Greetings, I'm trying to find alternative sources for a 2 or 3 section locked colocation cabinet cosmetically similar to the following: http://www.budind.com/images/big/DC-8125bg.jpg It appears that Encoreusa is no longer in business so I would appreciate any pointers as to where I may locate such an enclosure. Thank you! Chris