Re: Why do some ISP's have bandwidth quotas?
In article <[EMAIL PROTECTED]>, Andy Davidson <[EMAIL PROTECTED]> wrote: > > >On 8 Oct 2007, at 13:06, Roland Perry wrote: > >> Surely the incumbent doesn't impose a cost on the bandwidth along >> the local loop - the bottleneck (and cost per gigabyte) is the >> backhaul from their locally operated DSLAM to the ISP's own network. > >Yes, and it's 1,758,693 ($3.5m) PA for a 622Mbit BT Central, (so in >bandwidth terms, equates to $471/Mbit per month - if the central is >maxxed out). Wow. The pricing of the local incumbent in .NL is public - you can find everything on www.kpn-wholesale.com. Here is a direct link to the pdf with wholesale-prices: http://www.kpn-wholesale.com/content/doc/WBA%20annex%204%20CM%20v1.3.pdf I guess it's about 50-100 times cheaper, but OTOH, we only put like ~3000 customers on an STM-4, so we need way more of them. Mike.
Re: Routing public traffic across county boundaries in Europe
In article <[EMAIL PROTECTED]>, Scott Weeks <[EMAIL PROTECTED]> wrote: > > > >--- [EMAIL PROTECTED] wrote: > >What (if any) are the legal implications of taking internet destined >traffic in one country and egressing it in another (with an ip block >correctly marked for the correct country). > >Somebody mentioned to me the other day that they thought the Dutch >government didn't allow an ISP to take internet traffic from a Dutch >citizen and egress in another country because it makes it easy for the >local country to snoop. >-- > > >That's funny. I've always thought of the internet as a global, >borderless entity where ideas and information are shared without >restraint. Perhaps it's time to whap the gov't with a clue bat? I'm a Dutch network engineer and I have never heard of this. Mike.
Re: ams-ix - worth using?
In article <[EMAIL PROTECTED]>, Mikael Abrahamsson <[EMAIL PROTECTED]> wrote: > >On Wed, 23 Aug 2006, matthew zeier wrote: > >> Does it simply provide an easy way to privately connect to transit and >> peers? Or can I also go crazy and peer with anyone who wants to peer >> (like in the olden day!) ? > [..] > >I'd say AMS-IX is mostly for peering with a lot of people, if that answers >your question. Also relevant: the ams-ix is a service, not a colocation facility. They basically run a ridiculously high traffic ethernet platform that is distributed over four locations in Amsterdam. Most of the peering is done on the public ethernet (v)lan, though you can get extra ports or a q-tagged port and private vlans if you want. Mike.
Re: small group seeks european IPv6 sceptic for good time
In article <[EMAIL PROTECTED]>, Jeroen Massar <[EMAIL PROTECTED]> wrote: >* = not even joking, but could somebody set up a free IPv6 p0rn service; >that should considerably raise the demand for IPv6 around the globe. I >have some nice statistics from users from a certain asian ISP who are >looking at some cosy pictures quite often, most likely using IPv6 as the >content is blocked over IPv4 as The Great Firewall doesn't support the >new protocol yet ;) news://newszilla6.xs4all.nl/ :) Mike.
Re: Zebra/linux device production networking?
In article <[EMAIL PROTECTED]>, william(at)elan.net <[EMAIL PROTECTED]> wrote: >you should be able >to set linux that is secure as freebsd. There are some differences >in the routing code whereas Linux is designed with per-flow based >switching in mind (which works very well when used as a server) Nobody noticed, but Linux 2.6 has alternative FIB code you can select when compiling the kernel. Yes, it is fairly new and I'm not sure it is production quality, but still. The config option is IP_FIB_TRIE, for the LC-trie algorithm. It's supposed to be something like CEF. Mike.
Re: Open Letter to D-Link about their NTP vandalism
In article <[EMAIL PROTECTED]>, Matt Ghali <[EMAIL PROTECTED]> wrote: >> .or do you think that TCP/IP connection >> should be held open until the message can be scanned for spam and >> viruses just so we can give a 550 MESSAGE REJECTED error instead of >> silently dropping it? > >absolutely. is that actually a problem, today, in 2006? RCPT TO: <[EMAIL PROTECTED]> RCPT TO: <[EMAIL PROTECTED]> DATA . .. after content scanning, user1 wants the mail, user2 doesn't. Now what ? Mike.
Re: QoS for ADSL customers
In article <[EMAIL PROTECTED]>, Kim Onnel <[EMAIL PROTECTED]> wrote: >We have Juniper ERX as BRAS for ADSL >Our humble approach was to collect some p2p ports and police traffic to >these ports, but the traffic wasnt much, one other thing is rate-limiting >per ADSL customers IPs, but that wasnt supported by management, so we >thought of matching ADSL www traffic and doing exceed action is transmit, >and police other IP traffic. > >Doing so on the ERX wasnt a nice experience, so we're trying to do it on the >cisco. The ERX really has good CoS and QoS controls (not NBAR though AFAIK). It can do it all in hardware, I've heard a lot of good things about it from people who actually use it. If you have a support contract just ask if you can spend a day in a Juniper lab with an engineer to learn how it works (Juniper here in NL definitely does that). Mike.
Re: Blocking certain terrorism/porn sites and DNS
In article <[EMAIL PROTECTED]>, Abhishek Verma <[EMAIL PROTECTED]> wrote: >Okay, so i am not talking about blocking or removing a name server. I >am talking of removing that offending entry (like www.abc.com) from >the whois database or whereever the central database is mantained. The database you're talking about is DNS, not the WHOIS database. There is no central DNS database. The DNS database is distributed in a tree-like fashion. Mike.
Re: OC3 to Gig-E conversion
In article <[EMAIL PROTECTED]>, Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > >On Fri, Apr 29, 2005 at 05:20:21PM -0400, Peering wrote: >> All, >> >> > Is there something out there (other than a router) that will convert >> > from OC3c to Gig-E? Feel free to answer offline, don't want to fill >> > everyone's inbox at once :) > >If you are looking for something that will actually convert native >ethernet frames to native sonet frames, you are pretty much SOL. If you have an OC3 circuit and just want to see GigE on both sides, use two RIC-155GE boxes - one on each side. http://www.rad.com/Article/0,6583,21840-GbE_over_STM-1_OC-3_Intelligent_Converter,00.html "The RIC-155GE is an intelligent converter enabling simple, efficient and cost-effective bridging of Gigabit Ethernet over STM-1/OC-3 lines." I have no idea how well this works or what the costs are .. Mike.
Re: E1 - RJ45 pinout with ethernet crossover cable
In article <[EMAIL PROTECTED]>, Miquel van Smoorenburg <[EMAIL PROTECTED]> wrote: > >In article ><[EMAIL PROTECTED]>, >Sam Stickland <[EMAIL PROTECTED]> wrote: >>Quick question: If I have two E1 ports (RJ45), then will running a >>straight ethernet cable between the two ports have the same affect as >>plugging a ballan into each port and using a pair of coax (over a v. >>short distance). >> >>Likewise would using an ethernet crossover cable have the same affect as >>swapping the pairs round on one balland. >> >>Or are the pinouts different to ethernet? I tried googling but couldn't >>find anything (perhaps because I can't seem to spell ballan :/ ). > >The pinouts are different. It's easy to make your own E1 crosscable >though. > >E1 uses pairs 4-5 and 3-6, just swap those. > > 4-5 <> 3-6 > 3-6 <> 4-5 I wrote this from memory, and I got it wrong. Sorry. It's not 4/5 and 3/6, but 1/2 and 4/5 (as others undoubtedly will point out). Mike.
Re: E1 - RJ45 pinout with ethernet crossover cable
In article <[EMAIL PROTECTED]>, Sam Stickland <[EMAIL PROTECTED]> wrote: >Quick question: If I have two E1 ports (RJ45), then will running a >straight ethernet cable between the two ports have the same affect as >plugging a ballan into each port and using a pair of coax (over a v. >short distance). > >Likewise would using an ethernet crossover cable have the same affect as >swapping the pairs round on one balland. > >Or are the pinouts different to ethernet? I tried googling but couldn't >find anything (perhaps because I can't seem to spell ballan :/ ). The pinouts are different. It's easy to make your own E1 crosscable though. E1 uses pairs 4-5 and 3-6, just swap those. 4-5 <> 3-6 3-6 <> 4-5 (Oh it's "balun", from BALanced/UNbalanced, but you don't need one) Mike.
Re: who gets a /32 [Re: IPV6 renumbering painless?]
In article <[EMAIL PROTECTED]>, Jeroen Massar <[EMAIL PROTECTED]> wrote: >On Thu, 2004-11-18 at 16:40 +0000, Miquel van Smoorenburg wrote: >> That depends on the jurisdiction. In many parts of the world, >> downloading is NOT illegal. But making copyrighted files available >> for download is illegal (without the proper autorization, ofcourse). > >Thus... say a newsserver full of illegal stuff is quite illegal? >Or that other nice example 'proxy servers', they store the data and then >relay it. A router could be said to 'store' the data also (in registers >for like a zillionth microsecond ;) and In general, store-and-forward and caching are allowed and not illegal. Yet. Mike.
Re: who gets a /32 [Re: IPV6 renumbering painless?]
In article <[EMAIL PROTECTED]>, Jeroen Massar <[EMAIL PROTECTED]> wrote: >The business case of about 80% of the ISP's is Pr0n & W4R3z (or what >spelling is 'in' this year?) > >But it is not illegal to make adverts for say "Downloading the >newest movies over a cool 8mbit DSL line". But downloading it itself is >of course. Might be analogous to providing a busservice to the crack >dealers mansion. [OT] That depends on the jurisdiction. In many parts of the world, downloading is NOT illegal. But making copyrighted files available for download is illegal (without the proper autorization, ofcourse). Mike.
Re: Lazy network operators
In article <[EMAIL PROTECTED]>, Petri Helenius <[EMAIL PROTECTED]> wrote: >Miquel van Smoorenburg wrote: > >>That was solved 6 years ago. You let them use port 587 instead of 25. >>http://www.faqs.org/rfcs/rfc2476.html > >How many MUAs default to port 587? The one I use daily does. >How many even know about 587 and give >it as an option other than fill-in-the-blank? Setting up authenticated SMTP in most MUAs is an order of a magnitude more complicated than changing port 25 to 587 anyway. >...back to the computer literacy requirement again... >How many support calls you get by requiring 587 instead of 25? I don't know, but we get a lot of support calls about spam and viruses, so if we can cut back on those .. But the subject is still spot-on: not moving customers to port 587 for mail submission because it would be "too hard" is laziness on the part of the ISP. Mike.
Re: Lazy network operators
In article <[EMAIL PROTECTED]>, Petri Helenius <[EMAIL PROTECTED]> wrote: > >Paul Vixie wrote: > >>that's somewhat the opposite of empowerment. if a "spam solution" can >>take away that crisis and the expense is that my dsl-connected end host >>has to tunnel its e-mail to someplace out in >>then that's a tradeoff i can live with. >> >> >> >You, sure, how about the people who are not really computer literate and >use SMTP AUTH to send their mail from various places? Remember that >convinience almost always outweighs security with the general >population. If it wouldn´t, the ICT market would not look like it looks >today. That was solved 6 years ago. You let them use port 587 instead of 25. http://www.faqs.org/rfcs/rfc2476.html Mike.
Re: TISCALI
In article <[EMAIL PROTECTED]>, Shazad <[EMAIL PROTECTED]> wrote: >Looking for opinions and experience on Tiscali IP network performance within >Europe and out of Europe i.e. North America on the whole.. >I have heard mixed reports, but am looking for information from those with >first-hand experience either on transit or peering level. > >Would they be classed in top-three performing networks in Europe (recent >bandx report gave them #1 spot)? If not what are you recommendations on >reaching the largest amount of eyeballs on a very stable network primarily >in Europe. I think Telia is one of the better European networks. It seems they have low-latency links to everyone and everywhere in .eu Keep in mind though that both Telia and Tiscali refuse to peer with smaller providers on the European exchanges. It's probably a good idea to check if the provider you want to use has an open peering policy as well as a large network if you really want the best performance. For example, http://www.ams-ix.net/connected/index.html lists all members of the Amsterdam Internet Exchange, and their peering policy. Mike.
Re: SMTP authentication for broadband providers
In article <[EMAIL PROTECTED]>, Lou Katz <[EMAIL PROTECTED]> wrote: > >On Wed, Feb 11, 2004 at 03:13:30PM -0500, Sean Donelan wrote: >> >> On Wed, 11 Feb 2004 [EMAIL PROTECTED] wrote: >> > On Wed, 11 Feb 2004 11:15:20 PST, Dave Crocker said: >> > > what about port 25 blocking that is now done by many access providers? >> > > this makes it impossible for mobile users, coming from those providers, >> > > to access your server and do the auth. >> > >> > Port 587. >> > >> >> So is it time for ISPs to start blocking port 587 too? >> >> If the complaints are going back to the IP address anwyay, why shouldn't >> an ISP force it subscribers to go through the ISPs mail servers so it can >> control any messages sent by its subscribers? > > >Because, maybe, I don't think it is a good idea for someone else to CONTROL >any messages I might send. Who will control the controllers? As if they don't yet CONTROL the messages you receive ? Where, exactly, is your POP3/IMAP mailbox located ? Ah, you run your own mailserver for your own domain. So, you can use the submission port on your own mailserver, right ? Mike.
Re: Did Wanadoo, French ISP, block access to SCO?
In article <[EMAIL PROTECTED]>, Stephen J. Wilcox <[EMAIL PROTECTED]> wrote: > >So thats 1-0 to the worm! > >You could do some real cool things if you were controlling the DNS for a site >under a major sustained DDoS, who doesnt the intended victim like.. just >fire up >an A record and they're gone! ;p http://news.netcraft.com/archives/2004/01/30/wwwscocom_is_a_weapon_of_mass_destruction.html Mike.
Re: Cachibility analysis software ?
In article <[EMAIL PROTECTED]>, Yu Ning <[EMAIL PROTECTED]> wrote: > >Hi nanog, > >Can anyone tell me is there any tool to analysis if a web site is >cachable ? >Or now many content in a given site is cachable ? Go to http://www.ircache.net/ and click on the "cachability checker" link in the left navigation menu. Mike. -- When life hands you lemons, grab the salt and pass the tequila.
Re: [arin-announce] IPv4 Address Space (fwd)
In article <[EMAIL PROTECTED]>, Scott McGrath <[EMAIL PROTECTED]> wrote: >And sometimes you use NAT because you really do not want the NAT'ed device >to be globally addressible but it needs to have a link to the outside to >download updates. Instrument controllers et.al. I don't understand. What is the difference between a /24 internal NATted network, and a /64 internal IPv6 network that is firewalled off: only paclets to the outside allowed, and packets destined for the inside need to have a traffic flow associated with it. As I see it, NAT is just a stateful firewall of sorts. A broken one, so why not use a non-broken solution ? We can only hope that IPv6 capable CPE devices have that sort of stateful firewalling turned on by default. Or start educating the vendors of these el-cheopo CPE devices so that they will all have that kind of firewalling enabled before IPv6 becomes mainstream. Mike.
Re: Rx and Tx on a single SMF strand for MANs?
In article <[EMAIL PROTECTED]>, Eric Kuhnke <[EMAIL PROTECTED]> wrote: >Would anyone like to contribute their favorite solution for doing both >Rx and Tx over a single fiber, in MAN environments? Google for "fiber splitter/combiner" Mike. -- Never trust a statistic you didn't fake yourself.
Re: Providers removing blocks on port 135?
In article <[EMAIL PROTECTED]>, Justin Shore <[EMAIL PROTECTED]> wrote: >Now I'm going to get even more off-topic. It occurs to me that major >changes to a protocol such as SMTP getting auth should justify utilizing a >different tcp/ip port. Think about it like this. If authenticated forms >of SMTP used a different TCP/IP port we netadms could justify leaving that >port open on these same dynamically assigned netblocks in the theory that >they are only able to connect to other authenticated SMTP services. >Doesn't that seem logical? That's not exactly a new idea. http://www.faqs.org/rfcs/rfc2476.html (december 1998). Mike.
Re: Worst design decisions?
In article <[EMAIL PROTECTED]>, Todd Vierling <[EMAIL PROTECTED]> wrote: > >On Thu, 18 Sep 2003 [EMAIL PROTECTED] wrote: > >: Without a question: PS/2 style keyboard and mouse connectors. Impossible >: to tell from each other, > >And this part is somewhat funny, too, because the PS/2 connector layout is >capable of having both devices share the same bus (there's two unconnected >pins, which some laptops use to provide alternate CLK/DATA signals). > >If PS/2 mice used the unconnected pins rather than the same CLK/DATA pins as >the keyboard, all machines could simply have two connectors using all six >pins and you'd be able to plug either device into either socket. Actually a PC can detect if a mouse or keyboard is plugged in and behave appropiately - there were PCs (I forget which) on which it didn't matter what port you used for kbd or mouse, it all just worked. In fact 2 kbds is quite possible as well. So that is basically a software problem. Mike.
Re: What *are* they smoking?
In article <[EMAIL PROTECTED]>, Christopher X. Candreva <[EMAIL PROTECTED]> wrote: >This also blows away the whole idea of rejeting mail from non-existant >domains -- never mind all the bounces to these non-existant domains when the >spammers get ahold of them. Boy, I hope they have a good mail server >responding with the 550 on that IP ! Oh yes, top of the line: $ telnet ariekanariebla.net 25 Trying 64.94.110.11... Connected to sitefinder-idn.verisign.com. Escape character is '^]'. 220 snubby3-wceast Snubby Mail Rejector Daemon v1.3 ready syntaxerror 250 OK quit 221 snubby3-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel 221 snubby3-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel Connection closed by foreign host. Mike. -- The big problem with blacksmithing resumes is that most of them are forged. -- Joe Marshall
Re: Fun new policy at AOL
In article <[EMAIL PROTECTED]>, Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: >But how about this: in addition to MX hosts, every domain also has one >or more MO (mail originator) hosts. Mail servers then get to check the >address of the SMTP server they're talking to against the DNS records >for the domain in the sender's address. Then customers who use an email >address under their ISP's domain have to use the ISP's relay, while >people with their own (sub) domain get to use their own. Google for "RMX DNS". There's a few other proposals too; see for example http://spf.pobox.com/ Mike. -- RAND USR 16514
Re: routing between provider edge and CPE routers
In article <[EMAIL PROTECTED]>, Mike Bernico <[EMAIL PROTECTED]> wrote: >> So, by accepting routes from CPE you create a huge security >vulnerability >> for your customers, and other parties. This practice was understood >as a >> very bad network engineering for decades. > >Is there someplace I can find tidbits of information like this? I >haven't been alive decades so I must have missed that memo. Other than >this list I don't know where to find anyone with lots of experience >working for a service provider. You could have thought this up yourself. If you put something in production, /always/ ask yourself: if I was a hacker with bad intentions, how could I abuse this. And actually try to. I hacked my own network and machines a couple of times for fun, you learn a lot from it. Mike. -- Anyone who is capable of getting themselves made President should on no account be allowed to do the job -- Douglas Adams.
Blocked by msn.com MX, contact for MSN.COM postmaster ?
I found out that our outgoing SMTP servers have been blocked by the msn.com MXes. In a nasty way, too -- no SMTP error, the TCP connection is simply closed by them immidiately after establishing it. We're not listed on any RBL/DNSBL and have an active abuse desk. I mailed [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], but didn't get a reply from any of them. Does anyone here know who to talk to ? Thanks, Mike. -- Anyone who is capable of getting themselves made President should on no account be allowed to do the job -- Douglas Adams.
Re: i think terroists are going to love ipv6
In article <[EMAIL PROTECTED]>, Joe Baptista <[EMAIL PROTECTED]> wrote: >On Wed, 25 Sep 2002, Kurt Erik Lindqvist wrote: > >> Not commenting on some of the fantasies in the article > >you should point out any fantasies you find in the article. The main focus of this growth is to ensure that the IPv4 distribution nightmare that left Europe, Asia and Africa with an infrastructure shortage is not repeated. Hmm, the old "everything outside the USA is a third world country" again. "Europe has a shortage of IP addresses". Not. Mike. -- Computers are useless, they only give answers. --Pablo Picasso
Re: IP over in-ground cable applications.
In article , Christopher J. Wolff <[EMAIL PROTECTED]> wrote: >Can anyone recommend a method for integrating TCP/IP with an existing >analog cable television network. http://www.google.com/search?q=docsis Mike.
Re: Network Routing without Cisco or Juniper?
In article <[EMAIL PROTECTED]>, Peter van Dijk <[EMAIL PROTECTED]> wrote: >On Wed, Sep 04, 2002 at 03:39:25AM -0400, Deepak Jain wrote: >[snip] >> Boxes like Foundry, Extreme, Redback and many others all talk BGP >> (at least to a first approximation) but is their lack of use in >> the core/edge/CPE a lack of scale, stability, performance or just >> interest? > >One Dutch ISP that shall remain unnamed (and is not one I work for or >have worked for) deployed Extreme on AMS-IX, with Extreme's BGP >implementation. > >It broke horribly. The Extreme BGP implementation, instead of sending >their peers just their own prefixes, would send each peer *all* >prefixes and then withdraw all but their own networks. However, doing >this with tens of peers at the same time was too much for the Extreme >itself, which died. OTOH, I know of other ISPs also present on the AMS-IX that have been using Extreme switches to connect to the AMS-IX and their upstreams without any of those problems. Their network has been very stable for over a year now, I think. It's even a fault-tolerant setup with VRRP. Cistron IP is using a Foundry switch right now as core router. You can't get a BGP/OSPF router with lots of GigE and 10/100 interfaces for that price over at C or J .. We had some problems with instability at first, but with recent firmware everything runs just fine. We have several full BGP upstreams and over a hundred of AMS-IX peers (at GigE) and it works fine. On of the nicest things is that the box boots in 15 seconds or so and even with >100 BGP sessions coming up simultaneously it's still fast - a Cisco would take minutes to get all BGP sessions up, the Foundry does it in mere seconds. Mike.
Re: Sprint peering policy
In article , Phil Rosenthal <[EMAIL PROTECTED]> wrote: >Apples and oranges. Wcom isn't talking about dropping AT&T as a peer, >they just don't want to peer with "Joe Six Pack ISP". Wcom would likely >not peer with most ISPs, and I wouldn't expect them to. They gain >absolutely nothing from it, and the small ISPs gain plenty. Wcom's >costs only increase since they need "more ports". Wcom could peer with "Joe Six Pack ISP" at an exchange if - connection cost is very low (shared ethernet) - they don't peer with Joe's upstream at the same location - they only announce regional routes to Joe - they use hot potato routing everywhere in that case, the peering would just be local/regional, probably all that Joe is after anyway Mike.
Re: Bogon list
In article <[EMAIL PROTECTED]>, Richard A Steenbergen <[EMAIL PROTECTED]> wrote: >On Wed, Jun 05, 2002 at 08:34:58AM +0000, Miquel van Smoorenburg wrote: >> >> I haven't seen a 'icmp source lo0' interface command yet. Hopefully >> it will be added for ipv6 so exchanges can use link-local addressing >> (ipv6 has no fragmentation, PMTUd is mandatory). > >I'm not terribly sure why you would want to make traceroutes lose all >information about the circuits you're traveling through. It would make >diagnostics an everloving nightmare, IMHO. With link-local addressing and ip verify unicast reverse you're not going to see any TTL exceeded traceroute packets from link-local addresses anyway. And no ICMP size exceeded packets either, which was my point. But indeed it should be 'ip icmp type source ', with at least a default 'ip icmp type 4 source lo0' or similar for interfaces with link-local addressing. Mike.
Re: Bogon list
In article <[EMAIL PROTECTED]>, Sean M. Doran <[EMAIL PROTECTED]> wrote: > >| Why treat exchange subnets differently to any other bit of backbone >| infrastructure? > >Oh, I wholeheartedly agree. I would love them all to use RFC 1918 >addresses, because it is VERY VERY VERY rare that anything outside >the scope in which the 1918 local use addresses are unique actually >has to communicate with backbone infrastructure of any type. And again Path MTU discovery gets broken. >What communication can your workstation have with an XYZNET router? Receive ICMP size exceeded packets ? I haven't seen a 'icmp source lo0' interface command yet. Hopefully it will be added for ipv6 so exchanges can use link-local addressing (ipv6 has no fragmentation, PMTUd is mandatory). Mike.
