Re: shameful-cabling gallery of infamy - does anybody know where it went?
One of the places where I worked had a bunch of networking gear and around 12x1U servers all squeezed into a shower stall There was a cardboard sign hanging from the faucet saying WARNING!!! Do not turn on W On Sep 10, 2007, at 11:38 AM, Leigh Porter wrote: We used to have a POP under somebodys stairs in Bristol in the UK and another POP in the loft of a friend of one of the employees. They sold their house and the POP stayed there and the new owners knew nothing about it, imagine their surprise when a telco engineer turned up wanting to fix a fibre fault ;-) -- Leigh Patrick Muldoon wrote: On Sep 10, 2007, at 12:34 AM, Vinny Abello wrote: One of the stranger things a field tech of ours encountered wasn't necessarily bad wiring (although it's not great), but the fact that the demarc was located next to the toilet in the bathroom. Naturally, the constant humidity caused bad corrosion problems and other issues with their telco services. :) So as a general rule of thumb, avoid putting your telco and/or network gear next to the crapper or the services the equipment is meant to provide might also stink I know of one ISP that had their local POP in a small rural town, the bathroom of a local store, sitting on a shelf in rather close proximity to the sink (Sorry don't have pictures). So Router, modem bank and a couple T1's. The kicker was they had it all plugged into an extension cord that ran to another part of a back room. More than 1 time we (as the local telco) had to go out there cause they where certain it was a problem with the Ts, When in fact someone had either tripped over the power cord or unplugged it somehow. -Patrick -- Patrick Muldoon Network/Software Engineer INOC (http://www.inoc.net) PGPKEY (http://www.inoc.net/~doon) Key ID: 0x370D752C NOTICE: alloc: /dev/null: filesystem full
Re: Content Delivery Networks
On Aug 10, 2007, at 1:55 AM, Paul Reubens wrote: How do you engineer around enterprise and ISP recursors that don't honor TTL, instead caching DNS records for a week or more? A friend of mine was working for a place that performed some service on data (not important what, you send them some data (through this really ugly client app that they wrote in-house) and they sent you back something...). Anyway, for various reasons they needed to move out of their current data-center to a new provider. They had this truly monumental plan for doing this that they had been working on for months --- MS Project printouts that covered entire walls in this huge rainbow of colors, 400 or so pages of plans, etc etc etc -- it all boiled down to: Decrease the TTL, then swap in the new A record at midnight on Friday. As soon as the TTL expired everything would start working in the new place and it will all be transparent to the end users... Anyway, my friend calls me at like 3 in the morning on Saturday -- they have updated DNS and none of their clients are connecting to the new place... It seems that they have burnt some bridges with the old provider and will be shut off on Saturday evening -- he's really desperate, so I agree to wander over and take a look... I arrive to find utter confusion -- the CEO is screaming at the CTO, who appears to have decided that the best way to fix things is by getting drunk, random other people are screaming (apparently just for fun), etc I manage to get someone to calm down for long enough to explain the summary of the plan to me and run nslookup.. Sure enough the TTL is really low and the new IP is being handed out, etc. I ask how long it took for the client to fail over during their tests -- Oh, no, we didn't test like that, we didn't want to impact the current service, so we tested with a different domain and checked how long it took for a IE to pick up the change... It was less than 10 minutes... We track down one of the developers and talk to him. He explains this long and involved system with the client performing heath-checks on the server and reconnecting wit exponential back-off, etc etc etc. Its all great -- apart from the fact that he calls gethostbyname() during startup, and then never again This is a *really* common issue W On 8/7/07, Patrick W.Gilmore [EMAIL PROTECTED] wrote: On Aug 7, 2007, at 10:05 AM, Michal Krsek wrote: 5) User redirection - You have to implement a scalable mechanisms that redirects users to the closes POP. You can use application redirect (fast, but not so much scalable), DNS redirect (scalable, but not so fast) or anycasting (this needs cooperation with ISP). What is slow about handing back different answers to the same query via DNS, especially when they are pre-calculated? Seems very fast to me. Yes DNS-based redirection scales very pretty. But there are two problems: 1) Client may not be in same network as DNS server (I'm using my home DNS server even if I'm at IETF or I2 meeting on other side of globe) This has been discussed. Operational experience posted here by Owen shows 10% of users are far from their recursive NS. You are the tiny minority. (Don't feel bad, so am I. :) Most users either use the NS handed out by their local DHCP server, or they are VPN'ing anyway. 2) DNS TTL makes realtime traffic management inpossible. Remember you may not distribute network traffic, but sometimes also server load. If one server/POP fails or is overloaded, you need to redirect users to another one in realtime. Define real time? To do it in 1 second or less is nigh impossible. But I challenge you to fail anything over in 1 second when IP communication with end users not on your LAN is involved. I've seen TTLs as low as 20s, giving you a mean fail-over time of 10 seconds. That's more than fast enough for most applications these days. -- TTFN, patrick
Re: Why do we use facilities with EPO's?
On Jul 26, 2007, at 12:16 AM, [EMAIL PROTECTED] wrote: On Wed, 25 Jul 2007 12:43:17 PDT, Roy said: Funny story about that and the EPO we have here... ... Story #1 Story #2 Story #3 Story #4 I'm still working at the place mentioned in a previous post -- I was only there for 3 months (actually one day less than 3 month, I know this because the recruiter only got his commission when I was there for at least three months, if I'd know this I would have stuck it out for another few days), but have more funny stories from this place than any other, anyway, onto the story: One of the server rooms becomes unusable and needs to be rebuilt[0], so everything needs to be migrated out of the existing room and into new space -- this includes a large APC Symmetra UPS. We shut down the UPS and pull all of the batteries out of both it and the expansion shelves so that we can move it with a pallet lift. We move everything into the new space and its time to put the UPS back together. I quickly decide that lifting large numbers of heavy batteries into the shelves is not fun, so I show the random helper dude what to do... You pick up this big, heavy thing and put in into this cubbyhole type spot, then you connect this large connector and slide the battery back, lather, rinse, repeat I watch him do the first one and he seems to have it figured out... I wander off to go hook up some fiber or something and peer down the corridor every now and then to make sure he still has this under control. Surprisingly enough he is managing ok and hasn't wandered off to take a nap or anything. He gets down to the last few batteries and seems to be having some issues, but I figure he'll work it out, so I carry on with what I am doing... I peer down the corridor again and he is sitting on the floor with his back braced against something, pushing the battery into place with his feet... Whoa, this can't be good, I think, just as there is a LARGE bang, a big flash and much smoke and fire Turns out that for the last battery he managed to get the cables caught between the side if the battery and the side of the (sheet- metal) case. When it didn't just slide easily back, he pushed it really hard and the edge of the case chomped through the cable creating a dead short -- this literally vaporized a crescent of metal from the case around 5 inches in radius, flung bits of molten case and battery leads all over the place and ignited the cardboard that we put on the pallet to soften it... Much hilarity ensues... Sometime I really need to write down all of the funny things that have happened over the years... Actually, if anyone has other, random funny (?!) stories, pass them along and I'll make a compilation W [0]: Have you ever noticed that places that use gas fire suppression systems either have doors that open outwards and / or big dampers (like http://www.c-sgroup.com/product_home.php? section=exploventpage=3) ? Ever wonder why? :-) -- With Feudalism, it's your Count that votes.
Re: 365 Main - an operators' nightmare?
Or: So I'm working at this place that is really cheap... Our CTO believes that it is stupid to pay for electricians that have experience working in datacenters, because after all, power is power, right? So, he calls a bunch of people in the Yellow Pages and hires the cheapest guy he can find. Said person arrives and looks a little goggle eyed at all the power stuff -- I wander back in a few hours later and he is sitting in the middle of the floor reading the Users Manual for the UPS.. Anyway, he manages to run the three new circuits for us without killing himself (although for some reason keeps switching the UPS between online and bypass), and then starts walking out the door... He stops at the door, looks at the big red glowing switch marked Emergency Power Off -- and then pushes it. Everything goes quiet, apart from Rob got startled and dropped the shelf he was mounting onto his foot. After we got things turned back on we ask the electrician what exactly he was thinking... Well, I figured the light was on because you were running on Emergency Power... W I believe this happened to an Internap facility in Seattle a couple of years ago: http://community.livejournal.com/lj_dev/670215.html I was told it happened in our colo facility about a month before we moved in. Some unfortunate remodeling of previous data center space had left an EPO switch in a janitor's closet. The maid knocked loose the protective covering, which of course made an alarm start screaming...so she hit the EPO to stop the noise. Thankfully, the switch has been since removed... Anyhow, any story involving an EPO at 365 Main seems plausible... -J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Popovitch Sent: Tuesday, July 24, 2007 8:59 PM To: Rusty Hodge Cc: [EMAIL PROTECTED] Edu Subject: Re: 365 Main - an operators' nightmare? On Tue, 2007-07-24 at 19:26 -0700, Rusty Hodge wrote: Think that's good? It gets better http://valleywag.com/tech/breaking/angry-mob-gathers-outside-sf- datacenter-282053.php That article states that only Colo 4 was affected. I'm in Colo 7 and it was affected as well. You're not seriously believing the disgruntled employee story are you? No. ;-) But it is otherwise believable. I've seen people hit big-red-buttons in disbelief before, doing so in anger seems very plausible. -Jim p. !SIG:46a6d6e0156535690315935! -- It's a mistake trying to cheer up camels. You might as well drop meringues into a black hole. -- Terry Prachett
Re: iPhone and Network Disruptions ...
On Jul 24, 2007, at 5:34 PM, Iljitsch van Beijnum wrote: On 24-jul-2007, at 15:27, Prof. Robert Mathews (OSIA) wrote: Looking at this issue with an 'interoperability lens,' I remain puzzled by a personal observation that at least in the publicized case of Duke University's Wi-Fi net being effected, the ARP storms did not negatively impact network operations UNTIL the presence of iPhones on campus. The nagging point in my mind therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs, Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was made visible in Duke's Wi-Fi environment? Reading the Cisco document the conclusion seems obvious: the iPhone implements RFC 4436 unicast ARP packets which cause the problem. I don't have an iPhone on hand to test this and make sure, though. The difference between an iPhone and other devices (running Mac OS X?) that do the same thing would be that an iPhone is online while the user moves around, while laptops are generally put to sleep prior to moving around. There is also the weird property of many types of flood vulnerable systems that they seem to remain stable until some sort of threshold is reached before suddenly spiraling out of control. I am not sure of the exact mechanism behind this, but I have seen multiple instances of this happening. The standard scenario is basically: You have a couple of switches with STP turned off -- someone plugs in some random cable, forming a bridge loop... and everything continues running fine, until some time in the future when it all goes to hell in a hand-basket. Now, I could understand the system remaining stable until the first broadcast / unknown MAC caused flooding to happen, but I have seen this system remain stable for anywhere from a few days to in a few weeks before suddenly exploding. I have seen the same thing happen in systems other than switches, for example RIP networks with split-horizon turned off, weird frame-relay networks, etc. Unfortunately I have never managed to recreate the event in a controlled environment (In the few cases that I have cared enough to try, I form a loop and everything goes BOOM immediately!), and in the wild have always just fixed it and run away (its usually someone else's network and I'm just helping out or visiting or something). I HATE switched networks. A few observations: In *almost* all of the cases, things *do* go boom immediately! In the instances where they don't, there doesn't seem to be a correlation between load and when it does suddenly spiral out of control [0]. There is not a gradual increase increase in the sorts of packets that you would expect to see cause this (in a switched environment, you do not see flooded packets slowly increase, or even an exponential increase over a long time, there is basically no traffic and then boom! 100%). Anyway, I have wondered that triggers it, but never enough to actually look into much W [0] Except for one case that I remember especially fondly -- it was switched network with something like 30 switches scattered around -- someone had plugged one of those silver satin phone type cables (untwisted copper) between two ports on a switch -- the cable was bad enough that most of the frames were dropped / corrupted, but under high broadcast traffic loads enough packets would make it through to cause a flood, and then after some time (5-10 minutes) it would die back down... -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot.
Re: Why do we use facilities with EPO's?
On Jul 25, 2007, at 3:35 PM, Patrick W. Gilmore wrote: On Jul 25, 2007, at 2:03 PM, Tuc at T-B-O-H.NET wrote: If they can be avoided, why do we put up with them? Do we really want our colo in downtown San Francisco bad enough to take the risk of having a single point of failure? How can we, as engineers, ask questions about how many generators, how much fuel, and yet take for granted that there is one button on the wall that makes it all turn off? Is it simply that having colo in the middle of the city is so convenient that it overrides the increased cost and the reduced redundancy that are necessitated by that location? You forgot the default Single Point of Failure in anything.. HUMANS. The earth is a SPoF. Let's put DCs on the moon. Besides, safety always overrides convenience. And I don't think that is a bad trade off. Me neither... Having multiple redundant sites (and a well designed network between them) is almost always going to be better than a single, wildly redundant site. No matter how much redundancy you build into a single site, you cannot (realistically) engineer away things like floods, etc. Planning your redundancy and testing it though is very important... Random anecdote (from a friend, I don't know if it true or not): Back in the day (before cheap international circuits), a very large financial in New York needed connectivity to some branches in Europe, so they bought some capacity on a satellite transponder and built their own ground-station (not cheap) fairly close to NY. They then realized that the needed a redundant ground station in case the first one failed or something similar, so the built a second ground- station, just outside Jersey City One of the satellite connectivity failure modes is... rain fade. W -- TTFN, patrick -- Does Emacs have the Buddha nature? Why not? It has bloody well everything else!
Re: iPhone and Network Disruptions ...
Adding to the random speculation pile this just arrived in my mailbox: -- Cisco Security Advisory: Wireless ARP Storm Vulnerabilities Advisory ID: cisco-sa-20070724-arp http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml It sounds like a badly configured pair of wireless controllers can, under fairly normal conditions, lead to an ARP storm... I have no idea if this is the actual issue that occurred at Duke, but it *is* interesting W On Jul 24, 2007, at 12:28 PM, Frank Bulk wrote: Duke runs both Cisco's distributed and autonomous APs, I believe. Kevin's report on EDUCAUSE mentioned autonomous APs, but with details as hazy as they are right now, I don't dare say whether one system or another caused or received the problem. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale W. Carder Sent: Sunday, July 22, 2007 2:51 PM To: Bill Woodcock Cc: Sean Donelan; North American Network Operators Group Subject: Re: iPhone and Network Disruptions ... On Jul 21, 2007, at 8:52 PM, Bill Woodcock wrote: Cisco, Duke has now come to see the elimination of the problem, see: *Duke Resolves iPhone, Wi-Fi Outage Problems* at http://www.eweek.com/article2/0,1895,2161065,00.asp it's an ARP storm, or something similar, when the iPhone roams onto a new 802.11 hotspot. Apple hasn't issued a fix yet, so Cisco had to do an emergency patch for some of their larger customers. As I understand, Duke is using cisco wireless controllers to run their wireless network. Apparently there is some sort of interop issue where one system was aggravating the other to cause arp floods in rfc1918 space. We've seen 116 distinct iphones so far on our campus and have had sniffers watching arps all week to look for any similar nonsense. However, we are running the AP's in autonomous (regular ios) mode without any magic central controller box. Dale -- Dale W. Carder - Network Engineer University of Wisconsin at Madison / WiscNet http://net.doit.wisc.edu/~dwcarder -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot.
Re: TCP congestion
So, when you say pickup again after 15-20 seconds do you mean that it takes 15-20 seconds to ramp back up to the original speed or that the line is basically idle for 15-20 seconds before any packets start flowing again? If the latter, I'd suggest that you take a look at the apps some more.. Actually, you might want to try and duplicate the issue with identical machines sitting next to each other and a piece of cable between them... On Jul 12, 2007, at 10:42 PM, Jay Hennigan wrote: Philip Lavine wrote: Can someone explain how a TCP conversation could degenerate into congestion avoidance on a long fat pipe if there is no packet/ segment loss or out of order segments? Here is the situation: WAN = 9 Mbps ATM connection between NY and LA (70 ms delay) LAN = Gig Ethernet Receiver: LA server = Win2k3 Sender: NY server = Linux 2.4 Data transmission typical = bursty but never more that 50% of CIR Segment sizes = 64k to 1460k but mostly less than 100k Typical Problem Scenario: Data transmission is humming along consistently at 2 Mbps, all of a sudden transmission rates drop to nothing then pickup again after 15-20 seconds. Prior to the drop off (based on packet capture) there is usually a DUP ACK/SACK coming from the receiver followed by the Retransmits and congestion avoidence. What is strange is there is nothing prior to the drop off that would be an impetus for congestion (no high BW utilization or packet loss). Also is there any known TCP issues between linux 2.4 kernel and windows 2003 SP1? Mainly are there issues regarding the handling of SACK, DUP ACK's and Fast Retransmits. Of course we all know that this is not a application issue since developers make flawless socket code, but if it is network issue how is caused? Duplex mismatch on an intermediate ethernet segment? Oooh, I like that one -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV -- She'd even given herself a middle initial - X - which stood for someone who has a cool and exciting middle name. -- (Terry Pratchett, Maskerade)
Re: Software or PHP/PERL scripts for simple network management?
Many years ago I worked for a small Mom-and-Pop type ISP in New York state (I was the only network / technical person there) -- it was a very free wheeling place and I built the network by doing whatever made sense at the time. One of my favorite customers (Joe somebody) was somehow related to the owner of the ISP and was a gamer. This was back in the day when the gaming magazines would give you useful tips like Type 'tracert $gameserver' and make sure that there are less than N hops. Joe would call up tech support, me, the owner, etc and complain that there was N+3 hops and most of them were in our network. I spent much time explaining things about packet-loss, latency, etc but couldn't shake his belief that hop count was the only metric that mattered. Finally, one night he called me at home well after midnight (no, I didn't give him my home phone number, he looked me up in the phonebook!) to complain that his gaming was suffering because it was too many hops to get out of your network. I finally snapped and built a static GRE tunnel from the RAS box that he connected to all over the network -- it was a thing of beauty, it went through almost every device that we owned and took the most convoluted path I could come up with. Yay!, I figured, now I can demonstrate that latency is more important than hop count and I went to bed. The next morning I get a call from him. He is ecstatic and wildly impressed by how well the network is working for him now and how great his gaming performance is. Oh well, I think, at least he is happy and will leave me alone now. I don't document the purpose of this GRE anywhere and after some time forget about it. A few months later I am doing some routine cleanup work and stumble across a weird looking tunnel -- its bizarre, it goes all over the place and is all kinds of crufty -- there are static routes and policy routing and bizarre things being done on the RADIUS server to make sure some user always gets a certain IP... I look in my pile of notes and old configs and then decide to just yank it out. That night I get an enraged call (at home again) from Joe *screaming* that the network is all broken again because it is now way too many hops to get out of the network and that people keep shooting him... What I learnt from this: 1: Make sure you document everything (and no, the network isn't documentation) 2: Gamers are weird. 3: Making changes to your network in anger provides short term pleasure but long term pain. --- Warren Kumari. http://www.kumari.net On Jun 19, 2007, at 2:05 PM, [EMAIL PROTECTED] wrote: On Mon, 18 Jun 2007 21:18:06 BST, Leigh Porter said: Just out of interest, why are you looking at routing tables to find an available subnet? If your predecessor wasn't quite as careful documenting allocations, it can be useful to see if your paperwork says a /28 is dark, but you're in fact routing traffic for it down some customer's link. Then you get to do two things: (a) check if there's any *return* traffic and (b) call the customer and ask if *they* think it's dark or not. Hilarity ensues for some combinations of answers... (And yes, I once had a co-worker looking for a free /24, found one that was nice and empty except for smack dab in the middle, a route for a / 28 that for no apparent reason pointed at an unused but registered static IP of mine in the middle of our modem pool space. After some digging, we remembered that it was a work-around for when I had 2 IBM RTs at home, that did SLIP and static addresses, but not NAT or DHCP, so my home net had some routing workarounds that never got taken down when I replaced the 2 RTs with one box that was happy to accept whatever address PPP handed it) Life is a concentration camp. You're stuck here and there's no way out and you can only rage impotently against your persecutors. -- Woody Allen
Re: Juniper M10i sufficient for BGP, or go with M20?
On May 14, 2007, at 7:57 PM, Donald Stahl wrote: I'm very happy about the Juniper devices I manage. They're expensive but very reliable, and their config interface has lots of unique features. Juniper's greatest asset over Cisco is the single software image for all their systems. In my latest purchase that didn't justify paying 4 times as much no matter how much I love the software. Warren: For me the greatest asset is the stability... the stability and performance... The two greatest assets are stability and performance... and the fact that the commands that you can type actually do something[0]. The *three* greatest assets are stability and performance and the fact that the commands that you can type actually do something... and the ease of the CLI. The *four greatest ... no ... Amongst their greatest assets are the stability, performance, commands that actually DO something, the CLI.. I'll come in again. [Warren exits] Donald: Juniper's greatest asset over Cisco is the single software image for all their systems [JARRING CHORD] [Warren bursts in] Amongst their greatest assets are the stability, performance, commands that actually DO something, the ability to actually count the bits that you send[1]... and pretty colors - Oh damn! Warren [0] -- You haven't lived until you have spent 4 hours in the middle of the night trying to figure out why the command that you typed (and that shows up in the config) doesn't work -- only to be told Oh, that doesn't exist in this train, you need to upgrade to inset some new version that doesn't include the ability to actually forward packets or something else equally critical, we just reused the same parser... [1] -- If you haven't run into the oh, we can either forward packets *really* fast, or count them, but not both answer then you haven't been doing this long enough. P.S: I neither work for, nor hold any stock of either of the above companies.
Re: 96.0.0.0/6 reachability testing
On May 2, 2007, at 2:58 PM, Scott Weeks wrote: --- [EMAIL PROTECTED] wrote: On 5/1/07 7:19 PM, Scott Weeks [EMAIL PROTECTED] wrote: : Randy's MUA automatically deletes email sent directly to him... Probably because you have a 12+ line .sig full of lawyer-speak. Both practices arguably ingenious or idiotic... - Doesn't matter. He doesn't want to see the .sig and it's his email system. Others do the same. I gotta admit it's a really big .sig that's utterly useless. It *IS* being disseminated, distributed and copied and on a global basis. It's unlawful in what country? No one's going to delete all copies. Blah, blah, blah... Yup, these really long .sigs used to annoy me no end, especially when trying to read email over dial-up or satellite or some other slow access method. I used to complain to the sender that it was a stupid, unenforceable practice And then I worked for a place that automagically inserted something similar After countless (ok, it was probably only 9 or so, but it sure felt countless at the time) meetings with different groups all pointing fingers at each other (Its legal's doing!, SOX! We have to do it for SOX reasons, The mail server automatically does it and we don't know where to turn it off(!), Think of the children!) I eventually just gave in and lived with it... That fact that my (work) emails had some random gobbledygook inserted that I had no control over didn't in any way change the importance [0] or validity[1] of what I had typed above it (and giving up the fight allowed me to work on other, more important stuff -- like keeping the network running). I don't think that Ron is choosing to put this .sig in his mail, some ugly corporate mail gateway is probably appending it for him. While he could spend a huge amount of time trying to explain to someone at Time Warner that it is a stupid thing to do, I sure he has better things to do... Warren [0] about zero [1] also about zero. scott - This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot.
Re: 96.0.0.0/6 reachability testing
On May 2, 2007, at 4:01 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Warren Kumari wrote: On May 2, 2007, at 2:58 PM, Scott Weeks wrote: --- [EMAIL PROTECTED] wrote: On 5/1/07 7:19 PM, Scott Weeks [EMAIL PROTECTED] wrote: Randy's MUA automatically deletes email sent directly to him... Probably because you have a 12+ line .sig full of lawyer-speak. Both practices arguably ingenious or idiotic... - Doesn't matter. He doesn't want to see the .sig and it's his email system. Others do the same. I gotta admit it's a really big .sig that's utterly useless. It *IS* being disseminated, distributed and copied and on a global basis. It's unlawful in what country? No one's going to delete all copies. Blah, blah, blah... I don't think that Ron is choosing to put this .sig in his mail, some ugly corporate mail gateway is probably appending it for him. While he could spend a huge amount of time trying to explain to someone at Time Warner that it is a stupid thing to do, I sure he has better things to do... I don't see anywhere in the NANOG charter that says we have to use our corporate email addresses in correspondence with list. From what I've seen, most of us don't. I agree 100% that trying to get $corporation to remove the useless and annoying .sig's is like tilting at windmills. But for the sanity and comfort of other list users, would it be too much to ask that people with annoying tacked-on .sig's use a personal mail account when posting to the list? I hear Google offers nice email accounts for a reasonable price. Yup, you are 100% correct -- I meant (but forgot) to mention that, other than when officially representing a company on a list, I always post from a personal address, regardless of whether or not $current_employer is doing silly .sigs or not. I have already gotten a bunch of private mails pointing this fact out (and one (spam) reply trying to sell me some sort of Chinese pharmaceuticals :-( ) which is why I am replying publicly... W Andrew -- The plural of anecdote is not evidence. -- Bill Lockyer, California Attorney General
Re: BGP Problem on 04/16/2007
On Apr 19, 2007, at 10:17 AM, Robert E. Seastrom wrote: With certain susceptible Sun CPUs which were popular during the last sunspot maxima, this was actually demonstrably true (and acknowledged by Sun), so don't laugh too hard. Yup, Sandia National Labs made a radiation hardened Pentium and, as far as I remember, was working on a hardened SPARC -- there was also some work done (AFAIR on PPC) whereby 3 processors would run the same instructions and vote on the output... ---rob Leigh Porter [EMAIL PROTECTED] writes: Somebody form a certain large network vendor actually blamed problems with their kit on cosmic rays causing memory corruption... Oh, not just somebody -- a certain large vendor has many, many references to it -- and I have received it as a explanation for random reloads -- believe me, trying to tell an irate customer / PHB that the reason that his mission critical circuit bounced was because of cosmic rays is No Fun(tm). Hmmm.. Isn't this the same vendor that now has a router sitting on a satellite ?! ;-) There was also an issue where one of the large manufacturers of (binary) CAMs received a batch of polyimide that was contaminated with an alpa-emitter (for some reason thorium oxide springs to mind) and their quality control didn't catch it... As far as I know the problem was identified before any products with the CAMs were shipped, but I had an order held up while the vendor tried to source alternate parts... -- Leigh Porter Jay Hennigan wrote: Andre Oppermann wrote: Audie Onibala wrote: Yesterday on 04/16/07 between 3:00 - 3:45 PM we had sporadic Internet problem. Our ISP's are Sprint and Qwest. Around that time there was quite a bit sunspot activity and the moon had an unusual position too. The NOC contacts of your ISP's probably may be of more specific help. But make sure to ask them for their networks SPF (sunspot protection factor). That's an important metric to qualify their network reliability. Are you sure it was sunspots? My NOC contacts were seeing substantial memory corruption due to cosmic rays. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV -- After you'd known Christine for any length of time, you found yourself fighting a desire to look into her ear to see if you could spot daylight coming the other way. -- (Terry Pratchett, Maskerade)t
Re: Thoughts on increasing MTUs on the internet
On Apr 12, 2007, at 10:04 AM, Gian Constantine wrote: I agree. The throughput gains are small. You're talking about a difference between a 4% header overhead versus a 1% header overhead (for TCP). One of the benefits of larger MTU is that, during the additive increase phase, or after recovering from congestion, you reach full speed sooner -- it does also mean that if you do reach congestion, you throw away more data, and, because of the length of flows, are probably more likely to cause congestion... One could argue a decreased pps impact on intermediate systems, but when factoring in the existing packet size distribution on the Internet and the perceived adjustment seen by a migration to 4470 MTU support, the gains remain small.t Development costs and the OpEx costs of implementation and support will, likely, always outweigh the gains. Gian Anthony Constantine On Apr 12, 2007, at 7:50 AM, Saku Ytti wrote: On (2007-04-12 11:20 +0200), Iljitsch van Beijnum wrote: What do you guys think about a mechanism that allows hosts and routers on a subnet to automatically discover the MTU they can use towards other systems on the same subnet, so that: 1. It's no longer necessary to limit the subnet MTU to that of the least capable system 2. It's no longer necessary to manage 1500 byte+ MTUs manually To me this sounds adding complexity for rather small pay-off. And then we'd have to ask IXP people, would the enable this feature if it was available? If so, why don't they offer high MTU VLAN today? And in the end, pay-off of larger MTU is quite small, perhaps some interrupts are saved but not sure how relevant that is in poll() based NIC drivers. Of course bigger pay-off would be that users could use tunneling and still offer 1500 to LAN. IXP peeps, why are you not offering high MTU VLAN option? From my point of view, this is biggest reason why we today generally don't have higher end-to-end MTU. I know that some IXPs do, eg. NetNOD but generally it's not offered even though many users would opt to use it. Thanks, -- ++ytti -- Some people are like Slinkies..Not really good for anything but they still bring a smile to your face when you push them down the stairs.
Re: Abuse procedures... Reality Checks
On Apr 11, 2007, at 11:28 AM, J. Oquendo wrote: [EMAIL PROTECTED] wrote: * PGP Signed by an unverified key: 04/11/07 at 11:21:15 On Wed, 11 Apr 2007 07:07:19 EDT, J. Oquendo said: these so called rules? Many network operators are required to do a lot of things, one of these things should be the mitigation of malicious traffic from LEAVING their network. And I want a pony. We don't even do a (near) universal job of filtering rfc1918 addresses and spoofed addresses. We aren't filtering obvious bogon packets, how do you propose we filter less obvious malicious traffic (is that SYN packet legit, or part of a DDOS, or just a slashdotting of a suddenly popular site?). * Valdis Kletnieks [EMAIL PROTECTED] * 0xB4D3D7B0 - Unverified When you say we, speak for yourself and your own networks. There ARE some people who do take the time to properly design their networks. And I would suggest that Valdis is one of them From my reading of his message I understood that: A: Some people filter bad stuff. B: Some people don't. I don't think that it is unreasonable that he used we to include all network engineers -- we as a community does include A and B It is the same Well since Billy didn't do it neither will I attitude that makes me never think twice about blocking CIDR's. So, I have always wondered -- how do you customers really react when they can no longer reach www.example.com, a site hosted a few IPs away from www.badevilphisher.net? And do you really think that you blocking them is going to make example.com contact their provider to get things fixed? Since 'THEY' (your WE) didn't properly configure their network, why should I think twice about letting it into my backyard. I guess its calling for too much for network operators to actually do their work though Have you considered that being a little politer and not insulting everyone on the list might be a more constructive way of getting your point across -- if I were to call you a big, fat, doodoo head you would probably be less receptive than if I didn't... and I guess considering IPv6 is like how many years away now, I can expect that much of a wait for people to implement what should have been done from the onset. I don't care how filtering gets done from someone else. Like I said if I can watch and control what comes out of my networks using raw tools on nix machines, you cannot with a straight face/typing method tell me that someone at one of these big providers can't clue themselves in to getting malicious traffic controlled. Should someone want to comment about oh golly the cost is outrageous I say bs... Its utter laziness from my eyes. So here I go politely pointing it out... If I can do it with a couple of thousand machines on my VERY OWN, not a team, not a department but me, in a matter of minutes, situate my network to not send out crap, then why can't these companies? Yes, it is great that you are doing your bit to help keep the net clean. Congratulations and thank you. Perhaps you could write a nice, simple, friendly guide explaining how you ensure that your network is never the source of malicious traffic? And how this can be scaled up to work in a large, backbone network where? Perhaps you could politely contact those who are not doing their bit and, in a helpful manner explain how they could improve -- educating and encouraging change in those who are not doing their bit is much more likely to make things better than screaming You suck, I'm not going to accept your packets, nah nah nah. I'd like to here something logical, not someone's opinion. Something like According to ARIN/IEEE specifications of foobarfoo, operators are not allowed to view traffic entering or leaving their networks which hinders this. There is no reason I could think of, no scenario I could imagine, that would prohibit network operators from putting the nail in the coffin with stuff LEAVING THEIR NETS. Note the word LEAVING now. If it doesn't leave, you wouldn't have complaints from some other operator now would you. -- J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams I suspect that I should have just stayed out of this thread W -- Go on, prove me wrong. Destroy the fabric of the universe. See if I care. -- Terry Prachett
Re: Abuse procedures... Reality Checks
On Apr 11, 2007, at 2:53 PM, Scott Weeks wrote: : if someone cannot get out somewhere, they're obviously : going to get in touch with me as to why. Once this is : done, it is explained : I've always contacted someone : after about 3 attempts at getting someone to assess : their network I know from experience this doesn't scale into the hundreds of thousands of customers and can only imagine the big ass eyeball network's scalability issues... scott Hear hear... Scaling process and procedures is often as hard or harder than scaling technical things... Unfortunately, the lesson that scaling either is hard is only really something that one can learn through experience -- I know that I for one used to believe (as I would bet did most of us) that you could scale just by buying a bigger X, where X could be a router, circuit, etc. If that didn't work you could always just buy another X (or a bunch more Xs) -- this strategy works up to a point, after which it all goes pear-shaped. Until you have experienced this firsthand it is hard to truly understand. The same thing happens with things like abuse -- it is easy to deal with abuse on a small scale. It is somewhat harder on a medium scale and harder still on a large scale -- the progression from small to medium to large is close to linear. At some point though the difficulty suddenly hockey-sticks and becomes distinctly non-trivial -- this doesn't mean that it is impossible, nor that you should give up, but rather that a different approach is needed. Understanding this is harder than understanding why you cannot grow your network just by buying more X. W --- [EMAIL PROTECTED] wrote: From: J. Oquendo [EMAIL PROTECTED] To: nanog@merit.edu Cc: Warren Kumari [EMAIL PROTECTED] Subject: Re: Abuse procedures... Reality Checks Date: Wed, 11 Apr 2007 13:49:40 -0400 Warren Kumari wrote: So, I have always wondered -- how do you customers really react when they can no longer reach www.example.com, a site hosted a few IPs away from www.badevilphisher.net? And do you really think that you blocking them is going to make example.com contact their provider to get things fixed? You confused two things. 1) I do my best to stop malicious traffic from leaving my network. With this said, if someone cannot get out somewhere, they're obviously going to get in touch with me as to why. Once this is done, it is explained to them that either their machine, or a machine on their network was doing something fuzzy therefore they were blocked. Most are actually thankful that it was pointed out to them as opposed to having to wait for Security Company X to update its virus/spamware definitions. 2) I do not block getting TO company X at first signs of garbage coming into my network from them. I've always contacted someone to some degree so don't misconstrue my actions as I block the first packets I see. On the contrary I only block CIDR's after about 3 attempts at getting someone to assess their network. After that, I begin with services. This is my network so this is how it pans out... Spam? A CIDR to my email ports are blocked. SSH brute forcing, etc., those ports are blocked. Network who's blocked on ports continues, everything is then blocked. Have you considered that being a little politer and not insulting everyone on the list might be a more constructive way of getting your point across -- if I were to call you a big, fat, doodoo head you would probably be less receptive than if I didn't... What does being polite and matter of factly have to do with administrators cleaning up their networks? Should I beg an administrator of some network to be polite and not refer me to their generic abuse desk who'll do nothing about the issue? I actually am a little too polite in the fact that 1) I'm doing network operators a favor pointing them out to rogue hosts on THEIR networks not mines. If they want to continue hosting said rogue idiots, their problem. I won't be allowing it into my range. If you knew me personally, or have dealt with me, I can guarantee you within minutes of you contacting me for something I would be on it. I as an admin/engineer whatever you want to call me would want to make sure that nothing internal to me is affecting anyone else since it is likely to make things more difficult for me if left unchecked. So on issues of politeness, I am being polite contacting people. I'm being double polite posting evil doing networks on my personal site so others can be aware that These networks are infected. Here are there hosts if you want to block them. I do this on my own spare time, my own expense, and my own filtering of the denials of service that ensue when some botnet reject sees me post a percentage of his botnet. So please don't my messages as anything other than Hey... When is someone going to deal with this? frustration targeted at those with the power to do actually something about
Re: summarising [was: Re: ICANNs role]
On Apr 4, 2007, at 11:57 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: [SNIP] That is really a separate issue. This discussion is about limiting the damage caused by domains which do rapid NS switching. If we know which domains are new, DNS operators could put them on probation and only allow a minimum TTL of 1 day on those names. All that this means is that domains will be registered and sit idle (or host a web server for domain parking, useless content to make it look legitimate, etc.) until the probation period is up. Then it be converted into a rapid NS switching domain used for whatever... The domain owner can still switch NSes but the queries won't chase him, therefore he will sell less product and quickly stop doing NS switching. If he's not NS switching then it is easier to track him down, blackhole him, filter him, whatever. --Michael Dillon
Re: PGE on data centre cooling..
As far as I remember there was a DC in New York (for some reason Globix springs to mind) that did this... It was really cool, apart from when it messed up and sent you to the wrong cabinet W On Apr 2, 2007, at 5:09 PM, Gregori Parker wrote: I've been in there many times over the last two years and didn't see anything like that (at least on second floor east...I hear they've recently expanded into the fisher west building) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lasher, Donn Sent: Monday, April 02, 2007 1:49 PM To: John Kinsella; nanog@merit.edu Subject: RE: PGE on data centre cooling.. I sorta wonder why the default is lights on, actually...I used to always love walking into dark datacenters and seeing the banks of GSRs (always thought they had good Blink) and friends happily blinking away. What we really need is a datacenter with lit floor tiles. ;) John(damn I've been in a DC with clear floor tiles...why didn't I think of this then?) There's at least one datacenter in Seattle that when the customer cards in, lights up the floor to their cabinet Been a while since I've been in it, but I remember it USED to do that (fisher, internap I think?)
Re: what the heck do i do now?
On Feb 4, 2007, at 2:49 PM, Jon Lewis wrote: On Mon, 5 Feb 2007, Simon Lyall wrote: On Thu, 1 Feb 2007, Jay Hennigan wrote: Set up a nameserver there. Configure it to return 127.0.0.2 (or whatever the old MAPS reply for spam was) to all queries. Let it run for a week. See if anything changes in terms of it getting hammered. Well I've seen some RBLs do this with about 2 days notice. Perhaps a special value could be defined ( 127.255.255.255 ? ) to tell users that the DNSBL is no longer in operation and shouldn't be used, standard software can then raise an error or whatever. That doesn't help get the old/unwatched installations to stop sending queries. It's been established that regardless of what you return, those installations will continue querying the dead BL. Sure, but if we could all agree that 127.255.255.255 (or something) means that the BL has been shutdown then in the future this sort of issue could be mitigated. If software were written so that receiving this would drop the BL from the list, then you would only get one query each time the software starts up -- even better would be that this response removes (or comments out) the blacklist from the config file so that it doesn't come back after a restart Yes, this doesn't fix Paul's problem (or anyone who setup a blacklist before this is standardized) and there is no way to enforce this, but it is bunch better than not doing anything... That's why I think your best/only option is to attempt to misdirect them by pointing NS at . or unreachable space...effectively giving them someplace harmless to send their queries or to fail them without even having to send them. Killing the parent domain is an option too, but that only pushes the problem onto someone else's plate (the TLD servers). -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ W -- With Feudalism, it's your Count that votes.
Re: Colocation in the US.
The main issue with Flourinert is price -- I wanted some to cool a 20W IR laser -- I didn't spend that much time looking before I just decided to switch to distilled water, but I was finding prices like $300 for a 1 liter bottle (http://www.parallax-tech.com/ fluorine.htm). I did find some cheaper recycled Fluorinert, but it wasn't *that* much cheaper. I don't remember who made them, but the same laser had these really neat plumbing connections -- very similar to the air hose connectors on air compressors -- there is a nipple that snaps into a female connector. The nipple pushes in a pin when it snaps in and allows the liquid to start flowing. When you disconnect the connector the liquid flow shuts off and you get maybe half a teaspoon of leakage. W P.S: Sorry if I tripped anyones HR policies for NSFW content :-) On Jan 25, 2007, at 12:01 PM, John Curran wrote: At 3:49 PM -0800 1/24/07, Mike Lyon wrote: I think if someone finds a workable non-conductive cooling fluid that would probably be the best thing. I fear the first time someone is working near their power outlets and water starts squirting, flooding and electricuting everyone and everything. http://en.wikipedia.org/wiki/Fluorinert /John -- He who laughs last, thinks slowest. -- Anonymous
Re: Colocation in the US.
On Jan 25, 2007, at 12:49 PM, Warren Kumari wrote: The main issue with Flourinert is price -- I wanted some to cool a 20W IR laser -- I didn't spend that much time looking before I just decided to switch to distilled water, but I was finding prices like $300 for a 1 liter bottle (http://www.parallax-tech.com/ fluorine.htm). I did find some cheaper recycled Fluorinert, but it wasn't *that* much cheaper. I don't remember who made them, but the same laser had these really neat plumbing connections Doh, 10 seconds after hitting send it occurred to me that some sort of Internet search thingie might help with this -- looking for liquid disconnect found them for me -- http://www.micromatic.com/ draft-keg-beer/fittings-pid-60600.html -- even better, it seems that after your datacenter shuts down you can reuse the connectors for your daft keg! :-) W -- very similar to the air hose connectors on air compressors -- there is a nipple that snaps into a female connector. The nipple pushes in a pin when it snaps in and allows the liquid to start flowing. When you disconnect the connector the liquid flow shuts off and you get maybe half a teaspoon of leakage. W P.S: Sorry if I tripped anyones HR policies for NSFW content :-) On Jan 25, 2007, at 12:01 PM, John Curran wrote: At 3:49 PM -0800 1/24/07, Mike Lyon wrote: I think if someone finds a workable non-conductive cooling fluid that would probably be the best thing. I fear the first time someone is working near their power outlets and water starts squirting, flooding and electricuting everyone and everything. http://en.wikipedia.org/wiki/Fluorinert /John -- He who laughs last, thinks slowest. -- Anonymous -- Real children don't go hoppity-skip unless they are on drugs. -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather)
Re: http://cisco.com 403 Forbidden
On Jan 3, 2007, at 9:07 AM, D'Arcy J.M. Cain wrote: On Wed, 3 Jan 2007 16:39:40 + Simon Waters [EMAIL PROTECTED] wrote: On Wednesday 03 January 2007 16:29, you wrote: On Wed, 3 Jan 2007, James Baldwin wrote: Anyone else getting a 403 Forbidden when trying to access http://cisco.com? [...] Working fine here. Resolves to 198.133.219.25 What does DNS resolution have to do with 403 web errors? Nothing -- but in the world of GSLB where different people get handed different IPs, its important to say which www.cisco.com is working :-) W -- D'Arcy J.M. Cain darcy@druid.net | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner. -- It's a mistake trying to cheer up camels. You might as well drop meringues into a black hole. -- Terry Prachett
Re: IP adresss management verification
On Nov 13, 2006, at 9:20 AM, chuck goolsbee wrote: [SNIP] ** I assume it is myth, but I've never heard anyone from Google make any statements that definitively debunks it. Debunking this pervasive among webmasters and SEO Experts myth sure would be a very UN-evil thing to do if true (Hint hint you Google-folk!) Matt Cutts (Matt Cutts works at the Googleplex and at his blog writes about Google, search engine optimization traps and whatever comes to his mind) has just responded on his blog: http://www.mattcutts.com/blog/myth-busting-virtual-hosts-vs-dedicated- ip-addresses/ It pisses me off to no end when a sales guy comes to me with a request from a customer for a /20 for a half-rack of web servers. The justification ALWAYS comes down to this inane search engine optimization pipe dream. =\ Now you have somewhere to point them :-) --chuck goolsbee *** *** Waiting now for ~246 hours for Yahoo!Mail human beings to contact me within their promised 48 hours. W -- Eagles soar but a weasel will never get sucked into a jet engine
Re: Collocation Access
On Oct 23, 2006, at 10:57 AM, Roland Perry wrote: In article [EMAIL PROTECTED], John A. Kilpatrick [EMAIL PROTECTED] writes The fellow I chatted with at ATT said they are not allowed to hand over their badge because it would compromise their security. My tech said the same thing. That keycard could grant central office access On its own? No keycode or anything. What if he lost it? so he couldn't surrender it. But presumably it would need to be stolen. Wouldn't the tech notice that happening... Or is there some way the colo security guy can clone it undetected? These are trivial to clone -- all you need is a reader hooked up to a PC and you can read the number off the card. You can then buy a batch of cards that cover the serial numbers that you are interested in (no, I don't really understand WHY you can buy numbered ranges, but you can...) The other alternative is something like: http://cq.cx/proxmark3.pl This device will read and clone a large number of proximity cards -- you don't even need real access to the card, all you need to do is brush up against the cardholder with the antenna cincealed in your pocket -- Roland Perry -- If the bad guys have copies of your MD5 passwords, then you have way bigger problems than the bad guys having copies of your MD5 passwords. -- Richard A Steenbergen
Re: comast email issues, who else has them?
On Sep 6, 2006, at 5:11 PM, Christopher L. Morrow wrote: On Wed, 6 Sep 2006, Stephen Sprunk wrote: Because Comcast's tools are broken and when other mail admins or even their own customers call them on it, they're not even competent enough to understand the complaint and refuse to escalate? I hate to say this, and get involved in the melee, but... Perhaps the problem is that for an average customer service employee there are 1000 calls about something meaningless and not-wrong and only 1 call about something truly wrong? So escalating every problem that seems even half baked isn't an option? Agreed. While working at a small ISP many years ago I used to make it a point to take a few first level support calls a week -- it gives you a new appreciation for the tech support people and helps you understand what really bothers your customers. I also used to get some of the other NEs to take a few calls a week -- understanding the pain it caused (and making customers into real people) cut down on the more intrusive testing[1]. It can also provide you with much entertainment -- for example, I used to get calls asking things like Can I get the Internet in my house?. A few times I asked Depends, how big is your house?, but no one ever got it... Or the little old lady who would call up every few days and say Dearie, the internet is broken again, can you please reboot it?... Warren [1] Where testing means Eh, lets just reload it and see if the problem goes away...
Re: APC Matrix 5000 question(s)
On Jul 27, 2006, at 12:25 PM, Robert E.Seastrom wrote: [EMAIL PROTECTED] writes: I've had this APC Matrix 5000 with 3 XR battery packs for almost 6 years As others on the list have noted, your batteries are almost certainly ready to head off to the battery recycler. In terms of what to put inside the XR packs, they're Group 24 AGM batteries, 12v, 75 AH, and if my recollection is correct they have lug style terminals not threaded studs like a marine battery (verify before you buy). Others (hi, Steve) have reported success with the PRC-1290S. If you are handy enough with a wrench to change the battery in your car, you can change the batteries in the UPS too (powered off, of course). [non-operational anecdote AKA: Looking for any excuse to avoid writing documentation] Be careful when doing this... A few years ago I was working for a company that had a small enterprise datacenter. We ran out of space and so got a new, better space made and then started migrating into the new space. We shut down the UPS in the old space, pulled all the batteries (so we could move it) and moved all the bits on a pallet-jack to the new space. I showed someone how to hook up a battery and slid it into the bay closest to the ground (no fool I!), then let him get on with reinstalling the rest of the batteries while I cabled up the network gear. After a while I hear some cursing and turn around -- he has managed to get the one of the sets of DC cables between the battery casing and the sheet metal and is sitting on the floor trying to force the battery in with his feet! Before I can say anything he pushed really hard and the sheet metal casing slices through the insulation, shorting out the battery I never did figure out how much current the battery could supply into a direct short (a good car battery can supply 1000 CCA), but it was enough to vaporize a chunk of metal around 8 x 8 from the side of the UPS, blow a large piece of plastic out of the side of the battery and warp the plates Also from the same place: Pointy Haired Boss type reads an article in NetworkWorld on physical security and hires some consultant who comes in and sells some really expensive proximity card reader system. They install the PC that runs the whole system (running Windows 98!) inside the new datacenter space -- entry to with is protected by, you guessed it, the proximity card system. After a few months, the proximity card machine locks up... Of course, by then no-one can find the keys to the lock on the door (Why would we keep that? There is a proximity card reader on that door..). Apparently there was an option for a master card, but it was too expensive There are countless more similar stories from this particular place W You can get these from your local industrial battery supplier (in the yellow pages under batteries). If you have them shipped to you, you'll earn the emnity of your UPS man (no pun intended) since their shipping weight exceeds 60 lbs and you need a bunch of them. If you're an amateur radio operator be sure to mention this to the guy at the battery store; a lot of the proprietors seem to be hams and since hams are big battery users they'll often give fellow hams a discount. ---rob -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot.
Re: Who wants to be in charge of the Internet today?
My favorite was always the (potential) customers who would call up and ask Can I get the Internet in my house? -- I would always answer That depends, how big is your house?, but they NEVER got it... On Jun 23, 2006, at 7:09 AM, Jason Gauthier wrote: Sounds like our typical customer service calls. Them: Is the Internet down? Us: Yes, someone will turn it back on soon. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Ferrigan Sent: Friday, June 23, 2006 10:04 AM To: nanog@merit.edu Subject: Re: Who wants to be in charge of the Internet today? At one of my old jobs, my boss honestly believed that we had a 'switch' that turned the entire internet off or on. When she was having problems accessing her shopping sites, she'd storm in the office and say something like 'did you guys turn the the internet off again?' sigh Yah, I would have customers call and ask me to reboot the Internet, its down again... Ok, let the customer support anecdotes flow... W Then again, this is the same person that tried to tell me that 768 OC-192s are carried on a single DS1.. - Peter On Fri, 23 Jun 2006, Patrick W. Gilmore wrote: On Jun 23, 2006, at 12:45 AM, Sean Donelan wrote: I shudder to think what would happen under large scale attack if one of the CEOs in that room had responsibility for the correct functioning of the Internet. This definitely falls into the Just Doesn't Get It category. -- TTFN, patrick
Re: Silicon-germanium routers?
On Jun 20, 2006, at 12:18 PM, David W. Hankins wrote: IBM and Georgia Institute of Technology are experimenting with silicon- germanium, it is said here: http://tinyurl.com/g26bu I find this interesting having just attended NANOG 37 where some manufacturers of network devices told us in a panel that network heat problems weren't going away unless there's a 'next big thing' in manufacturing process. Is this it? Nope, all this says is that with sufficient cooling you can go faster. What we need is going faster with less cooling. W Corrolary: If our routers are made of silicon-germanium, would the CLI only operate in Deutsch? -- David W. HankinsIf you don't do it right the first time, Software Engineer you'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins -- A. No Q. Is it sensible to top-post?
Re: Silicon-germanium routers?
The point that I was trying to make (admittedly REALLY badly) was that this is not the 'next big thing' . Did you read anything more than just that article? IBMs press release is here: http://www-03.ibm.com/technology/news/2006/0620_frozen_chip.html and they have a video here: http://www-03.ibm.com/technology/ets/capabilities/multimedia_tour/ frozen_chip_wmv.html This is not a new technology (IBM shipped their 100 millionth SiGe chip in around 2002 and if you look at the SONET chipset on an OC48 or greater interface chances are its SiGe), but the speed in cheap material is (Feng Hafez achieved 600Ghz in indium doped) -- this is primarily just a bragging right though. It requires liquid helium temperatures, something that is not practical in the near term, and requires a LOT of power to achieve. On Jun 20, 2006, at 2:05 PM, Chris Adams wrote: Once upon a time, Warren Kumari [EMAIL PROTECTED] said: Nope, all this says is that with sufficient cooling you can go faster. What we need is going faster with less cooling. Read the article, not the headline. They got 350GHz at room temperature (which is a lot more interesting than 500GHz a few degrees above absolute zero). Yes -- the previous silicon based speed record *at room temp* was 375Ghz. Warren -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- Have you got any previous convictions? Well, I dunno... I suppose I used to believe very firmly that a penny saved is a penny earned-- -- Terry Pratchett
Re: key change for TCP-MD5
On Jun 20, 2006, at 4:29 PM, Richard A Steenbergen wrote: We already collectively wasted our time deploying MD5 passwords over a big scare that turned out to be nothing more than someone cracking open the manual and rediscovering how stuff worked all along Bwahahahhahaha. I work with that someone --- he (and the rest of his group) are wildly proud of this l33t discovery W . Why don't we spend our time going forward solving actual issues like filtering/ announcement authentication, and stop trying to solve the non-existant problems. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e- gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Do not meddle in the affairs of wizards, for they are subtle and quick to anger. -- J.R.R. Tolkien
Re: Interesting new spam technique - getting a lot more popular.
On Jun 14, 2006, at 2:18 AM, John van Oppen wrote: That being said, I know at least one of our transit customers does hosting exactly how you are describing. Coincidentally, this customer is also one of the customers that asked if we could give them a class C block. Ok, I KNOW I am going to be slapped by a bunch of people here, but I often refer to a /24 (anywhere in the space) as a class C. I also call the thingie on my digital watch an LCD display, the thing that stops breaks from locking the ABS system and the number I type into the ATM machine my PIN number. Oh yeah, my DLT tape drive is connected to a SCSCI interface. Yup, all of the above are technically incorrect (ok, most of them are just redundant), but I do it anyway, and I am going to carry on doing it, so there! W -- Working the ICANN process is like being nibbled to death by ducks, it takes forever, it doesn't make sense, and in the end we're still dead in the water. -- Tom Galvin, VeriSign's vice president for government relations.
Re: 2006.06.06 NANOG-NOTES CC1 ENUM LLC update
On Jun 8, 2006, at 10:12 AM, Patrick W. Gilmore wrote: On Jun 8, 2006, at 10:04 AM, Matthew Petach wrote: (sorry these are coming out delayed, I had to deal with an internal routing challenge for much of yesterday afternoon. --Matt) I think I speak for the whole list when we say you have absolutely NO reason to apologize, Matt. In fact, I think we'll nominate you for Most Useful Meeting Attendee. :) Seconded. (Although I would love to know how Matt manages to do this...) -- TTFN, patrick -- Do not meddle in the affairs of wizards, for they are subtle and quick to anger. -- J.R.R. Tolkien
Re: private ip addresses from ISP
On May 24, 2006, at 2:05 AM, [EMAIL PROTECTED] wrote: snip So again, I ask the question: Is NANOG an appropriate forum to develop some best practices text that could be incorporated into service agreements and peering agreements by reference in the same way that a software licence incorporates the GPL by referring to it? Ah, I think we all assumed you were kidding when you asked that! While I think NANOG *should* be the appropriate forum, I don't really think it will be -- there are too many personal agendas -- getting the community to agree on *anything* these days appears to be a losing proposition I suspect that a post suggesting we replace IP with a piece of wet spaghetti would: a: Get n replies agreeing b: Get n replies disagreeing c: Possibly generate a post that is trying to be useful. d: A fish (not a fish anything, just a random posting not related to anything on topic) e: Spawn a thread screaming Troll f: Get 2n replies asking if that will run on vendor X g: Get 2n replies suggesting that an alternate root / better SPAM detection / would fix all our woes h: Generate n^2 ad hominem attack threads. i: Be sidetracked into a request for a contact for company Y j: Get misinterpreted [supporting | blasting] someone's pet theory / idea / etc Even the fairly simple question of whether a network should emit packets with RFC1918 sourced packets (a topic I am declining to comment on) exhibited many of the above. While I think having some best practices text that could be incorporated into service agreements and peering agreements would be great I suspect this isn't the forum to generate such a thing -- unless it looks like: Best Common Practices (please circle appropriate field): 1: Interconnecting networks (agree to always) / (agree to never) / (agree to sometimes) emit packets with RFC1918 addresses 2: Interconnecting networks ( shall) / (shall not ) run some form of RPF 3: Interconnecting networks (will) / (won't) / (might) randomly depeer ... etc. Having some best practices text that could be incorporated into service agreements and peering agreements would be great -- lets how about setting up a forum for this? Warren (who is feeling very grumpy and cynical this morning -- and might take all the above back once the coffee sinks in) --Michael Dillon -- Real children don't go hoppity-skip unless they are on drugs. -- Susan, the ultimate sensible governess (Terry Pratchett, Hogfather)
Re: MEDIA: ICANN rejects .xxx domain
On May 12, 2006, at 3:26 PM, John Palmer (NANOG Acct) wrote: What are they talking about? .XXX already exists: No it doesn't, see below: dig ns xxx @g.LookMaICanAlsoSplinterTheNameSpace.com ; DiG 9.2.1 ns xxx @10.24.0.7 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 3245 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;xxx. IN NS ;; AUTHORITY SECTION: . 86400 IN SOA Kook.LookMaICanAlsoSplinterTheNameSpace.com ;; Query time: 4 msec ;; SERVER: g.LookMaICanAlsoSplinterTheNameSpace.com#53(192.0.2.1) ;; WHEN: Fri May 12 15:34:17 2006 ;; MSG SIZE rcvd: 96 And this is exactly why there should be only 1 namespace. W %dig ns xxx @g.public-root.com ; DiG 9.3.2 ns xxx @g.public-root.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 65 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;xxx. IN NS ;; AUTHORITY SECTION: xxx. 172800 IN NS eugene.kashpureff.org. xxx. 172800 IN NS ga.dnspros.net. ;; ADDITIONAL SECTION: ga.dnspros.net. 172800 IN A 64.27.14.2 ;; Query time: 2 msec ;; SERVER: 199.5.157.131#53(199.5.157.131) ;; WHEN: Fri May 12 18:12:48 2006 ;; MSG SIZE rcvd: 100 Oh, sorry - you mean in the restricted USG root where ICANN actually has to approve new TLDs rather than just doing the technical coordination (the ONLY thing they were tasked to do in the first place). Freedom/Free Market Score: Inclusive Namespace: INFINITY, ICANN: ZERO Life is a concentration camp. You're stuck here and there's no way out and you can only rage impotently against your persecutors. -- Woody Allen
Re: Strange network problem accessing Ebay and versiontracker websites
Sounds a whole bunch like you have a PMTUD (Path MTU Discovery) issue. Change the MTU on a host to be smaller and see if this fixes the issue... If it does, there are a bunch of networking tricks you can play to fix it for all of the customers. MSS rewrite is one, clearing the DF BIt on all packets is another -- these are various version of icky... W On May 3, 2006, at 2:22 PM, Shane Owens wrote: All, I know this probably isn't the best forum for this question but I'd like to rule out a network problem before I tell a customer he has a PC problem. I run a small CLEC network that is single homed to BTN for transit. I have 3 sites all interconnected via DS3's and provide DSL services from each site. From anywhere on my network we have problem with Ebay and versiontracker.com but only on certain browsers. IE on a windows machine can access these sites without any problems, but Firefox on the same machine cannot open the websites (Ebay can be opened with addblocking software installed). On a Mac the only browser that works for these sites is Opera. With this knowledge I would say it is something with the coding on the website, but if I take the same machine and connect it to another network other than mine (Verizon, SBC and local municipal wifi have been tested) everything works fine. Can anyone give me any suggestions as to what routes to take to troubleshoot this? Logic tell me that is I have reach ability and one browser work but another doesn't it's a software problem with either the browser or the site, but being able to take the same machine to another network and have it work points to a whole different problem. Could this be a MTU issue? Shane Owens DNA Communications Inc 601 1st Ave Rochelle, IL 61068 work (815)562-4290 ext 201 mobile (815)793-3822 -- He who laughs last, thinks slowest. -- Anonymous
Re: Local Loop Install.
So, back in 1999 I'm working for this small ISP that decides they want to become a colo player and open a datacenter in White Plains, NY. We spend large amount of time with commercial real-estate people to find a building with a: some space and b: fiber into the building. Eventually real estate person calls about a a suitable building (lots of power, cooling and space -- and a large fiber mux in the basement) -- the previous tenant had just vacated the building... We rush over and have a look... The building look great, nice location, generators and even has a large area with raised floor, but we cannot find where the fiber comes in, nor the demarc area... We call up the telco (Nynex at the time) and ask where this magic fiber is... The guy on the phone mumbles something about some room in the basement. We go have a look and find nothing, so we call him back -- he get annoyed and says he was the installer and is sure it is down there -- we have yet another look and nothing, so we call him again... He starts sounding REALLY frustrated and says he will be right over to show us where it is... 10 minutes later he arrives and storms into the building, muttering under his breath about stupid customers being so blind that the cannot find 2 racks worth of equipment... We follow him down into the basement and he strides across to one of the room and throws open the door, saying Look, you see, its over here -- uh --- what?! Where did it go?! Against the back wall there 1/2 an inch of conduit sticking through the wall -- we shine a flashlight down it and around 2 feet into the conduit we can just see a bit of cable... Turns out when the previous tenant left, they abandoned some metal desks and the like in the building -- the building owner called in a scrap metal company and paid them to cart all of this junk away -- it would appear that sometime a large fiber mux looks like junk The sad part of this story (from our point!) is that rerunning the fiber would have involved retrenching across the busiest street in the city and so wouldn't be able to happen for 10-12 months -- thus ended our colo plans... Warren On Apr 26, 2006, at 8:31 PM, Derek J. Balling wrote: Also bear in mind that after your lease expires, they might could very well be SOL if the new tenant decides I don't want telco monstronsity in the space I'm paying for, and they'd have every right to simply rip it out (and possibly keep it, depending on your area's local landlord/tenant laws, as it would be considered abandoned by the former tenant [you]). I'm not sure if you want to remind them of that, but I think it'd be good form for full disclosure, since they might get dozens of customers dependent on that hardware and suddenly have nowhere to put it if you ever decide to leave. Cheers, D On Apr 26, 2006, at 4:23 PM, Aaron Gagnier wrote: I personally don't see how it would be unreasonable to ask for something if they want to use your space that you're paying for. Myself I would ask for the discount on service and also try to get the install waived or at least reduced. -ag Robert Sherrard wrote: I've got an interesting question / situation... I've got a local loop provider that we're looking at using for some fiber connectivity. The long story is that there’s no real great place for them to place their gear in the entire building, sort of paying rent to the landlord, placing gear in our suite, or placing gear in an uncontrolled room , i.e. no cooling, no controlled access. This “local-loop” provider is asking to place this gear into our space… while this gear is to provide us with fiber connectivity back to a carrier hotel; they’re also looking to service other tenants in our building. It is unrealistic to ask this provider for some sort of a kickback, or monthly discount on service? They’re hitting us up for an install fee, maybe they could waive that? Anyone have some thoughts on this? Am I being unrealistic in thinking that, if they are going to profit by having gear in our space, we should expect to see a small return or favor? The only other option for them is to spend money and lease a small room, or modify an existing smaller room in the building to fit their needs. Rob -- Derek J. Balling Systems Administrator Vassar College 124 Raymond Ave Box 13 - Computer Center 217 Poughkeepsie, NY 12604 (845) 437-7231 -- There are only 10 types of people in this world -- those who understand binary arithmetic and those who don't.
Re: Determine difference between 2 BGP feeds
On Apr 18, 2006, at 1:19 PM, Mike Walter wrote: Sounds to me like one of your providers is not feeding you the full internet routing table. Have you checked with them to see if they are providing you that? Sounds to me like a: you are only looking at best routes or b: one of the providers is sending you more specific customer routes (that they summarize before sending to non-customers). Personally I would just slurp one set of routes into an array in perl and then delete them if they appear in the other set. Any left over in either set are unique W Mike Walter Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Tuc Ellentuch at T-B-O-H Sent: Tuesday, April 18, 2006 4:13 PM To: nanog@merit.edu Subject: Determine difference between 2 BGP feeds Hi, We receive a BGP feed from different providers on two different routers. While one seems to be a reasonable amount of feeds after reviewing the CIDR report, the other is anywhere from 3K to 10K more routes. Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Thanks, Tuc/TBOH -- Some people are like Slinkies..Not really good for anything but they still bring a smile to your face when you push them down the stairs.
Re: Transit LAN vs. Individual LANs
On Feb 25, 2006, at 9:23 PM, Owen DeLong wrote: --On February 25, 2006 8:09:22 PM + Christopher L. Morrow [EMAIL PROTECTED] wrote: On Sat, 25 Feb 2006, Neil J. McRae wrote: An argument could be made for individual VLANs to keep things like b- cast storms isolated. But I think the additional complexity will cause more problems than it will solve. Vlans will not stop all typres of broadcast storm. So, perhaps I missed the earlier explanation, but why use switched segments at all? if the purpose is to connect routers to routers putting something that WILL FAIL in the middle is only going to increase your labor costs later :( So, for router-router links, GE doesn't have to mean switched... Very true. In fact, GE is even easier because part of the GE standard for UTP requires it to be Auto-MDI-Sensing (MDI vs MDI-X is handled automatically in ALL compliant GE/TP interfaces). Unfortunately it seems that not all devices actually implement MDI/MDI-X IEE Std 802.3ab-1999, 40.4.4 (Page 93) says: Implementation of an automatic MDI/MDI-X configuration is optional for 1000BASE-T devices. IEE Std 802.3ab-1999, 40.8,2 (Page 93) says: Although the automatic MDI-DI-X configuration (see 40.4.4) is not required for successful operation of 1000BASE-T, is is a functional requirement that a cross-over function be implemented in every link segment to support the operation of Auto-Negotiation Now, seeing as Auto-Negotiation is required, it implies that automatic MDI/MDI-X is also required -- however, certain vendors seem to ignore this W Thus, you can use any eia-568[ab] cable, straight or crossed between them. (Note, USOC cables still won't work, it has to be 568a or 568b pairing) Owen -- If it wasn't crypto-signed, it probably didn't come from me.
Re: Cisco 3550 replacement
Perhaps this thread would be more appropriate for the Cisco-NSP list? Warren On Feb 22, 2006, at 5:44 AM, Aaron Daubman wrote: And no hierarchial QoS, which was requirement of the original poster, of course 3550 offer no such either. IIRC, the only switch to currently support HQF is the 3750 Metro Series: http://www.cisco.com/en/US/products/hw/switches/ps5532/ products_qanda_item09186a00801eb822.shtml Q. What is the difference between the Cisco Catalyst 3750 Metro Series and the Cisco Catalyst 3750 Series? The Cisco Catalyst 3750 Metro Series is built for Metro Ethernet access in a customer location, enabling the delivery of more differentiated Metro Ethernet services. These switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling with class-of-service (CoS) mutation; VLAN translation; MPLS, EoMPLS, and Hierarchical Virtual Private LAN Service (H-VPLS) support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers. The standard Cisco Catalyst 3750 Series is an innovative product line for midsize organizations and enterprise branch offices. Featuring Cisco Systems(r) StackWise™ technology, Cisco Catalyst 3750 Series products improve LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches. 32Gbps Backplane (Counted packet-in, packet-out, each direction, with all packets the same size, multicast?) and 52 GE interfaces. Not exactly non-blocking. Gotsta do the CiscoMath. The 1U with the best blocking ratio is the 4948: http://www.cisco.com/en/US/products/ps6021/ products_data_sheet0900aecd8017a72e.html 96 Gbps nonblocking switch fabric However, I'm unsure of the details of its QoS support? Regards, ~Aaron
Re: How do you (not how do I) calculate 95th percentile?
On Feb 22, 2006, at 10:12 AM, Jo Rhett wrote: A lot of smaller folks check the counter every 5 min and use that same value for the 95th percentile. Most of us larger folks need to check more often to prevent 32bit counters from rolling over too often. Are you larger folks averaging the retrieved values over a larger period? Using the maximum within a larger period? Or just using your saved values? Most people are using 64 bit counters. This avoids the wrapping problem (assuming you don't have 100GE and poll more then once every 5 years :-)). This is curiosity only. A few years ago we compared the same data and the answers varied wildly. It would appear from my latest check that it is becoming more standardized on 5-minute averages, so I'm asking here on Nanog as a reality check. Yup, 5 min seems to be the accepted time. Note: I have AboveNet, Savvis, Verio, etc calculations. I'm wondering if there are any other odd combinations out there. Reply to me offlist. If there is interest I'll summarize the results without identifying the source. -- Jo Rhett senior geek SVcolo : Silicon Valley Colocation
Re: How do you (not how do I) calculate 95th percentile?
Doh! You are 100% correct. I didn't take into account the fact that the counters are if(In|Out) *Octets* and NOT if(in/Out)*Bits*. The point is that 64-bit counters are not likely to roll :-) Warren On Feb 22, 2006, at 12:24 PM, Alex Rubenstein wrote: (I did this fast, and, who knows; I could be off my an order or two of magnitude) Most people are using 64 bit counters. This avoids the wrapping problem (assuming you don't have 100GE and poll more then once every 5 years :-)). 2^64 is 18,446,744,073,709,551,616 bytes. 100 GE (100,000,000,000 bits/sec) is 12,500,000,000 bytes/sec. It would take 1,475,739,525 seconds, or 46.79 years for a counter wrap. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Disaster recovery using as-prepend?
Part of the question is how bad it is for you if you DO get any traffic to your backup datacenter, the connectivity between the datacenters and the datacenters connectivity to the rest of the world. Assuming that you do not have good connectivity between datacenters and that the datacenters have different connectivity to the outside world: While pre-pending should get almost all of your traffic away from your backup DC, you cannot guarantee that it will not get any traffic while the primary is still up. If your primary is connected to ISP_A and the backup is connected to ISP_B, customers connected to ISP_B MAY still flow to your backup DC (ISP_B will probably set local preference on all customer routes - you should be able to override this behavior with communities but not all providers support this (or honor it 100% of the time!)) Announcing a more specific from the primary is likely to work basically all the time (assuming a) your announcement is not too long to be listened to, b) ISP_A and ISP_B don't lose connectivity between themselves). This is not particularly polite however... Another option is just not to announce the backup datacenter until the primary one goes away - see if you can do something like BGP Conditional Advertisement (or your vendor's version of the same). Depending on just how bad having request arrive at the backup datacenter will drive just how paranoid you ned to be - if having your backup get traffic is going to make databases unhappy, etc then you MIGHT even want to consider a manual only failover - if your primary datacenter has a 20 second blip, the pain of dealing with requests that hit the backup during those 20 seconds MAY be greater than just being unavailable for 20 seconds... It all depends on your business, applications, etc, but prepending alone might not be the way to go. Warren On Feb 16, 2006, at 6:56 AM, Christopher J. Pilkington wrote: My apologies if this question doesn't belong here. We have a PI /24 we'd like to advertise out of our primary data center for production use. (Well, actually, we'll be advertising a more specific from our /21 assignment, so already not too friendly... but I digress.) We have a disaster recovery site which will have a clone of the myriad production servers. We'd like to fail over to that site automagically. I'm thinking advertising the same prefix and just doing several as-prepends. However, now I'm not sure if this is a polite thing to do or not. Someone mentioned to me something with MEDs, but as soon as that term was used, I started twitching, and couldn't follow the conversation. Would a good netizen use the as-prepend method? Or am I missing a simpler/more polite solution? -Christopher
Re: nanog.org website - 403s?
On Feb 11, 2006, at 1:09 AM, Mark Foster wrote: Anyone else seeing 403's when trying to pull anything other than the index page from www.nanog.org? Nope, it's not just you. I suspect someone edited the site and copied it with incorrect permissions... Warren -- Some people are like Slinkies..Not really good for anything but they still bring a smile to your face when you push them down the stairs.
Re: the future of the net
Oh, the irony - all I get is: Access denied You are not authorized to access this page. I guess in the future the net is going to be exactly the same is it it now... Warren On Nov 16, 2005, at 5:09 PM, Richard A Steenbergen wrote: On Wed, Nov 16, 2005 at 04:42:41PM -0800, Randy Bush wrote: http://www.linuxjournal.com/article/8673 Hrmmm... The future of the net? You mean, will crazy people continue to post crazy rants about things they clearly don't fully understand? All signs point to yes. You can just call me Netstradamus. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e- gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- With Feudalism, it's your Count that votes.
Re: Cogent/Level 3 depeering
On Oct 5, 2005, at 12:12 PM, Mike Tancsa wrote: At 02:47 PM 05/10/2005, Douglas Dever wrote: fact remains that Cogent is not providing the service I'm paying them for and they need to get it fixed. Really? As you already pointed out, your packets are reaching their destination. So, they don't need to get anything fixed. I think what people are upset about is that you now have less redundancy now if you are a cogent transit customer. If I tell my customers, I have 3 full transit links, I now have to put an * there. If my 2 non cogent links go down, I dont have a full visibility of the Internet. I see everything, except Level3. It becomes more acute if you have just 2 transit links-- Cogent and one other. What if your other provider has a lossy path to Level 3 ? You cant work around it by preferencing 174 3356 ---Mike You have always needed that asterisk, the only thing that changes is the scale of things... 3 full transit links is really only marketing speak, the same thing applies to the full Internet and Tier anything. I run Billy_Bobs_Florist.com[0]. Lets say I filter all routes from your provider, or just your routes (don't ask me why, it's my network...). Are you going to go after your provider and demand credit from them because I have chosen to ignore some routes? No? But now you no longer have the full Internet... Or I run some huge Tier 1 (shudders) and all of the fiber to Singapore (on someone else's network) gets cut. You can no longer reach the full Internet - do I owe you money? Ok, how about the only T1 to some site that you feel like browsing to goes down? Now do I owe you credit? But you no longer have the full Internet, nor full routes. Or lets say I run Billy Bob ISP ( a small ISP that buys connectivity from only one place, ISP_X). You are a customer of ISP_X and I now sell you a circuit and give you full tables (from my view). Do you really have n + 1 full transit links now? When you buy connectivity from a provider the only thing that you really get any guarantee on is whatever is written on your contract - and I would be very surprised if it says anything about reaching all hosts connected to the Internet at all times[1]. Sure you have some expectations of what they will provide (full tables will be some large number of routes, they connect to a bunch of other networks, they don't filter port 80 (or anything else for that matter)), but unless your contract actually specifies all of this, you are on your own. But don't worry, you do have some power in all this - you can vote with your wallet... Warren. [0] Ok, so I don't really, but [1] If it does, I want whoever wrote your contract working for me -- There are only 10 types of people in this world -- those who understand binary arithmetic and those who don't.
Re: [eng/rtg][vendor specific] changing loopbacks
So, on vendor C boxes you might be able to get away from having to do a full reboot to change your OSPF ID by doing a clear ip ospf process. If you don't do this, even though you change the loopback address, your router will still keep the old address as the OSPF router ID[1]. You won't actually end up with a route to the old loopback, but it will still be in the OSPF database. While this is less than optimal, it will still work (note, I don't recommend running your network like this!). It is somewhat disconcerting if you don't know that changing loopback address doesn't automatically change OSPF ID[2] and look in your OSPF database and see addresses that you shouldn't / you retired, etc, especially because most people only page through their OSPF database when they suspect something is odd... Warren Kumari [1] As with most things, I am sure that the exact behavior depends upon hardware and software version, phase of moon, flavor of doughnut, etc. [2] Sure it seem obvious when you thin about it, but most people don't seem to think. On Sep 29, 2005, at 12:20 PM, Neil J. McRae wrote: this is my fear. which is why i asked. pushing out new configs (the canonic config is on disk, not the router [0]) and setting a reload of a bunch of routers at time t0 does not give me warm fuzzies about what the world will be like at time tn (n 0). but i may have to take that path. i am hoping folk will give me a magic pill. after all, any group with such a deep understanding of how to deal with the world's social ills must know a bit of router magic smirk. I think with OSPF this will be very difficult to do without rebooting (or as long an outage as rebooting). We migrated from OSPF to IS-IS and changed some loopbacks a while ago, the IS-IS change was totally transparent - no issue, but on the change of loopback caused a lot of BGP churn. It was easier to change it and reboot and do it over a period of time in small network triangles. I always thought that the billing system was the database of record ;-) Neil.
Re: [Misc][Rant] Internet router
On Sep 29, 2005, at 12:56 PM, Elmar K. Bins wrote: [EMAIL PROTECTED] (Elmar K. Bins) wrote: That somehow sums it up quite good. Folks, I'm taking this back, seeing that the original poster is not alone. Makes me wonder as to what current network engineers do know about the world they do networking in. I - please forgive me if this seems far-fetched - would have thought everybody doing real networking (as in interconnecting with other networks) would know where and how to look for that information and how to interpret the usual tools' output. Am I wrong? Yes, sadly you are... Part of the problem is that during dot-com boom (shudder) a large number of people heard that network engineering was easy money and took a class at the local community college. They don't like networks, they don't care about connectivity, its just a job to them. They don't want to learn anything and so they don't. Unlike some other engineering fields (I think that civil engineers are an example of this), you don't have to get any sort of certification / license to claim that you are a network *engineer*. I have met Senior Network Engineers who don't understand longest match rule (The traffic will take 10/8 instead of 10.0.0.0/24 because it has a better admin distance, I can override these 300 OSPF routes with a single static supernet, etc), who believe that routers will not route between directly connected interfaces without putting them into a routing protocol, that transit networks don't need a full mesh of iBGP[1] because you can just redistribute BGP into [OSPF/IS-IS/IGP of choice], that ICMP uses TCP as a transport, etc. These are not simple brain-farts, there were all examples of deeply held beliefs that needed example networks built to convince the person otherwise (and the person who thought that routers would not route between directly connected networks without having the networks in a routing protocol still thinks that the example device was misfunctioning :-( ). I am sure that there are other, much more scary examples out there, feel free to send me (humorous) examples, I need a laugh today... Warren Bitter today Kumari [1] Yeah, yeah, or route reflectors, or confeds, or.. or... or... * Please note, this is not directed at Ronald at all, who I am assuming is clue-full but hadn't had coffee yet... Puzzled, Elmar. -- Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren. (PLemken, [EMAIL PROTECTED] berlin.de) -- [ ELMI-RIPE ]---
Re: Calling all NANOG'ers - idea for national hardware price quote registry
On Sep 16, 2005, at 2:12 PM, Matt Bazan wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Figgins Yes, it would be great, however it won't work. Couple points. This is true typically in only the largest enterprise quotes. For the vast majority of medium and small business quotes NDAs are rarely used. And hey, if they are , that's why the process is anonymous ;-) Besides, in today's crap economy, is a vendor really going to come down on a client for violating an NDA and throw away $ $$$? I personally don't have experience with this but I'm willing to bet that most NDAs are more bark than bite. You might want to be careful there... A friend of mine moved from Company A to Company B and told his new employer what discount he had been getting from Vendor C (suggesting that new employer could get a better discount) . Vendor C promptly sued him for breach of NDA. AFAIR, the case was settled, but Company B had some fairly high legal bills... The range of discounts that different customers get is quite surprising and often seems to change mainly upon negotiation skills and not necessarily amount of equipment purchased. Warren. -- With Feudalism, it's your Count that votes.
Re: Calling all NANOG'ers - idea for national hardware price quote registry
Uhh, make sure the data isn't stored anywhere vendor X's attornies can get to it. Rest assured, whoever hosts the site would be sent paperwork in hours, if not minutes from it's discovery. If need be I'll off shore it. Matt Fine, you can build it and off-shore it, but I suspect that is a case of if you build it they will not come. I think that people have made it fairly clear that this is a bad idea, but I don't think that anyone is going to stop you building it. I am guessing that you will 1) get inflated prices because the people who are getting the really good discounts are going to be the ones with the most to lose personally and 2) lots of happy shiny letters from vendor's lawyers asking you for logs. Whether or not you have logs is largely irrelevant, you will still get the letters. I don't know about you, but I have better things to do than a: unnecessarily antagonize the same people that you presumable want to get a good discount from and b: collect subpoenas. Warren. -- Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. -- Terry Pratchett
Re: UUNET connectivity in Minneapolis, MN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So I am standing in a datacenter fiddling with some fiber and listening to an electrician explaining to the datacenter owner how he has just finished auditing all of the backup power systems and that the transfer switch will work this time (unlike the last 3 times). This is making me a little nervous, but I keep quiet (unusual for me)... Electrician starts walking out of the DC, looks at the (glowing) Big Red Button (marked Emergency Power Off) and says Hey, why ya'll running on emergency power? and presses BRB. Lights go dark, disks spin down, Warren takes his business elsewhere! This is the same DC that had large basement mounted generators in a windowless building in NYC. Weeks before the above incident they had tried to test the generator (one of the failed transfer switch incidents), but apparently no one knew that there were manual flues at the top of the exhausts Carbon monoxide, building evacuated... Warren On Aug 12, 2005, at 8:27 AM, [EMAIL PROTECTED] wrote: On Fri, 12 Aug 2005 06:50:47 CDT, James D. Butt said: Unless there is some sort of crazy story related to why a service provider could not keep the lights on, this should have not been an issue with proper operations and engineering. So a while ago, we're in the middle of some major construction to put in infrastructure for a supercomputer. Meanwhile, as an unrelated project we installed a new diesel backup generator to replace an older generator that was undersized for our current systems, and take several hours of downtime on a Saturday to wire the beast in. The next Friday, some contractors are moving the entrance to our machine room about 30 feet to the right, so you don't walk into the middle of the supercomputer. Worker A starts moving a small red switch unit from its location next to where the door used to be to its new location next to where the door was going to be. Unfortunately, he did it before double- checking with Worker B that the small red switch was disarmed... Ka-blammo, a Halon dump... and of course that's interlocked with the power, so once the Halon stopped hissing, it was *very* quiet in there. Moral: It only takes one guy with a screwdriver. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFC/NVFHSkNr4ucEScRAkc9AKCnwraT9DztjAConsyuBZ7wDs/bJACgyrWR e2zcwlIffPxhTKfFJWm3T3A= =qDyJ -END PGP SIGNATURE-
Re: The Cidr Report
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 13, 2005, at 2:31 AM, Christopher L. Morrow wrote: On Sat, 12 Feb 2005, Alexander Koch wrote: On Sat, 12 February 2005 14:58:42 +, Stephen J. Wilcox wrote: From: Stephen J. Wilcox [EMAIL PROTECTED] [...] - would you agree that most of the poor deaggregating is not intentional ie that they're announcing their '16 class Cs' or historically had 2 /21s and Think about someone putting in a Null0 route and re- exporting stuff unconditionally, now after he originates his /19 he is then adding a /24 here, and a /25 there. Lack of experience, when you suggest to them they should remove these announcements they are afraid to change it, not understanding the implications, etc. Not to mention ppl using cisco and prefix lists, it is way too easy with cisco to say '/19 le 24', and then they use outbound prefix lists to their transit supplier (different, but related as I see it). Some transit ISPs use that a lot, and encourage the table growth. There are some business reasons to de-aggregate. Look at some outages caused by 'routing problems' (someone leaked my /24's to their peers, peers, peer and my traffic got blackholed, because the public net only knows me as a /20) There are multiple reasons for deaggregation aside from 'dumb operator', some are even 'valid' if you look at them from the protection standpoint. -Chris That and the I have 1 circuit to $good_provider and 1 circuit to $bad_provider and the only way I can make them balance is to split my space in half and announce more specifics out through each provider argument. I have also often seen people do this without announcing the aggregate because some undefined bad thing will happen, usually justified with much hand-waving. The people who do this can usually not be reasoned with It happens all the time... Warren. - -- He who laughs last, thinks slowest. -- Anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCEMBhHSkNr4ucEScRArsVAKD98l4rpQLmPh6PBuCqvaYHFWYPhwCg1+Ua KP85z1snGejdGB+D7klo+U8= =Mz3a -END PGP SIGNATURE-
Re: The Cidr Report
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 13, 2005, at 6:19 PM, Christopher L. Morrow wrote: On Sun, 13 Feb 2005, Michael Smith wrote: From: Warren Kumari, Ph.D, CCIE# 9190 [EMAIL PROTECTED] On Feb 13, 2005, at 2:31 AM, Christopher L. Morrow wrote: That and the I have 1 circuit to $good_provider and 1 circuit to $bad_provider and the only way I can make them balance is to split my space in half and announce more specifics out through each provider argument. I have also often seen people do this without announcing the aggregate because some undefined bad thing will happen, usually justified with much hand-waving. The people who do this can usually not be reasoned with So, say I'm a provider that has received a /22 from UUNet (just for example Chris :-) ) and I now get another transit provider and announce the /22 there. So, I call UUNet and ask them to announce the /22 as a more specific Meaning you have PA space from UUNET, and you have BGP so you can multi-home... I'd expect you to know how to deaggregate yourself. You MIGHT even know how to send no-export on deaggregated prefixes, or use the 1996 policies to influence preferences/prepends internal to 701, yes? because I don't want a de-facto asymmetric configuration. I *want* to get a /20 from ARIN but my usage doesn't justify it yet, so I have to ride the /22 for some time. I'm not clear as to how the /22 to /20 discussion goes, or how it's even relevant... but it's been a long day. Can you elaborate? By the long string of anecdotal attacks in the string to date, listing most or all such providers as bad or uninformed how do you separate out those providers who are legitimately interested in routing redundancy and not clue a /22 in both directions seems like safe 'redundancy'. Adding no-export /24's or /32's if you want (yuck) would get you more preference inside one provider or the other. I'm also fairly sure I didn't say: bad or uniformed the 'bad provider' is from Warren, not I. Whoops, I guess I wasn't very clear. By $good_provider and $bad_provider I wasn't meaning to imply that $good_provider ran their network better or cleaner than $bad_provider, merely that (by default and without tuning) more traffic travels via $good_provider than via $bad_provider (e.g. $bad_provider buys transit from $good_provider). I guess I should have used big_provider and little_provider or something. impaired? Do we just say too bad, routing table bloat is more important than your need for redundancy small guy!? No, I don't think anybody was saying that, just that many people are needlessly de-aggregating space. I have seen someone with a single T3 (and obviously a single provider!) announcing his PA /19 as a bunch of /24s, redistributed into BGP from OSPF! Some consultant had come in, set it up and left. After a bit of help, said person turned off BGP and has been running fine ever since. No-one was trying to take away your redundancy, just limit the number of unnecessary announcements. See Chris's comments above on how to get redundancy without making others pay for it I think that folks have been pushed toward multihoming with multiple providers (not just 'redundant T1' or 'shadow T1' services inside the same provider) over the last few years. That means some bloat is bound to occur. I'm not measuring it myself, but the renesys folks and LCS folks have been I think? Perhaps they can comment on that phenomenon? I find it interesting that the general theme is one of we're smarter than they are because we aggregate more routes as if clue were directly correlated to aggregated routing announcements. Well, often lack of aggregation is directly caused by lacy of clue. Obviously there are legitimate reasons for de-aggregating a big block (otherwise we would all just carry 0/0 :-) ) but if there is no additional information in the more specifics, then there is no reason for them the be announced. it's not? :) (joking of course) As I said before some folks feel they have a legitimate reason for deaggregating. If you can spend some time chatting them up about their reasons and either: 1) realizing they hav a point 2) re-purpose their thoughts toward 'better cidr management' (as pfs said) then good for you... and everyone else :) I have spent sometime on occasion doing this, sometimes it works out, othertimes it doesn't :( It's always an experience though. It certainly is... -Chris - -- Militant Agnostic--I don't know and you don't either! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCEAWZHSkNr4ucEScRAoz3AKD6qP+le+n38KEodea6WsoWB/av9gCdH/bu 4YG3VVrMNd/61Lr5ZZBgnRY= =/Ebs -END PGP SIGNATURE-
Re: NANOG 33 (Las Vegas) Lost/Found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On a similar note, did anyone find a (Canon) digital camera after NANOG 32? (Reston, VA) I have checked with lost and found at NANOG and the hotel, but no luck... If you happen to have come across it, please let me know... - -- Warren. On Feb 11, 2005, at 1:46 PM, Carol Wadsworth wrote: Found: rechargeable battery for laptop (in general session room on Tuesday). - -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCDmBrHSkNr4ucEScRAn7jAJ9tCO280UtjfsKZafLLevVwVPTXtACePKuN 6sndVxhea9dDOpnJIrSbsBI= =3BZ9 -END PGP SIGNATURE-
Re: (newbie) BGP For Dummies?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To my mind, John Stewart's BGP4: Inter-Domain Routing on the Internet is the best networking book ever. Unfortunately, it is also one of those books (just like A Brief History of Time) that one leant is never returned. I must have bought around 10-12 copies of it by now. It is well written, concise (around 150 pages) and deals with real world scenarios. I strongly recommend it, Warren. - -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFBvQJAHSkNr4ucEScRAuTLAJ9R98NhpIzg5QZHUL0/xN0BZ7suewCfQNrs TPiA2myhTI9XNLV0QlaQccc= =TuYo -END PGP SIGNATURE-
Re: Remote hands @ Equinix, Ashburn.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Due to the very favorable response that I received from this, I wanted to let everyone know that this is an open offer. I live around 10-15 minutes from the Ashburn facility and am always looking for things to relieve the boredom / help out the networking community. I am available after-hours most days and all day on weekends (and if you are REALLY stuck, nights too - but expect me to be grumpy if woken). Payment is not expected, but if you feel like it I am always looking for interesting cpas / t-shirts... Warren. On Sep 18, 2004, at 11:39 AM, Warren Kumari, Ph.D, CCIE# 9190 wrote: Hi All, I'm heading over to Equinix, Ashburn in a few minutes to help out a friend. If anyone needs anything done over there I can provide free remote hands for a bit. Feel free to give me a call @ +1 571-344-0997. Warren. - -- - -- I had no shoes and wept. Then I met a man who had no feet. So I said, Hey man, got any shoes you're not using? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFBTguwHSkNr4ucEScRAkfWAJ0TYK+COjYkCf/l0fwnsXjfOddaBACg0LTC fVDc42qQV5U5Ml2tXc/k3Qc= =X6yf -END PGP SIGNATURE-
Remote hands @ Equinix, Ashburn.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I'm heading over to Equinix, Ashburn in a few minutes to help out a friend. If anyone needs anything done over there I can provide free remote hands for a bit. Feel free to give me a call @ +1 571-344-0997. Warren. - -- Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. -- Terry Pratchett -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFBTFbOHSkNr4ucEScRAk8CAKCsmbs2oCOh1TUjRFhclvj5IHHhVACdEJf9 qVYKY/GMqeNDZVHkrm3xIcY= =Izce -END PGP SIGNATURE-
Re: Cisco HFR
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have been making a collection of interesting logos from vendor equipment - hey, its better than train-spotting! I have put some of the GSR ones up on a a temporary site (my server is moving this week, FedEx seems to have lost it though): http://homepage.mac.com/warrenkumari/BFR/BFR1.JPG http://homepage.mac.com/warrenkumari/BFR/BFR2.JPG http://homepage.mac.com/warrenkumari/BFR/BFR3.JPG http://homepage.mac.com/warrenkumari/BFR/BFR4.JPG http://homepage.mac.com/warrenkumari/BFR/BFR5.JPG Here are some of my other favorites: The happy Buddha from the 3550-48 http://homepage.mac.com/warrenkumari/BFR/3550-1.JPG http://homepage.mac.com/warrenkumari/BFR/3550-2.JPG The (out of focus) Martini from the M40 http://homepage.mac.com/warrenkumari/BFR/Martini.JPG Please send me any interesting ones and I'll add them to the collection (when my box gets here). Warren On May 26, 2004, at 12:43 PM, Petri Helenius wrote: Mans Nilsson wrote: Nitpick: It is not a sticker, but printed on the PCB of the GRP. Quite like the head of a rhino on the LS1010 systemboard and some other cards too. I also took a picture of a BFR (mug): http://helenius.fi/cisco/ Pete - -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAtTCAHSkNr4ucEScRAvvvAJ9EMuIDNbsHmkOFzDGEP18jaiLTXACgpj1W wXJmJMBU8Y4MH3YNPgGvlB0= =G9hV -END PGP SIGNATURE-
Re: Analogies=dead threads (was RE:Open, anonymous services and dealing with abuse)
On Feb 17, 2004, at 4:05 PM, [EMAIL PROTECTED] wrote: On Tue, 17 Feb 2004 20:38:12 GMT, Rainer Atkins [EMAIL PROTECTED] said: Is it just me, or is it a clear indication that a thread is ending its useful life is when people start debating the merits of the analogies that have been posed rather than the original subject matter of the thread? Or, maybe a thread is exhausted when the analogies start to crop up. No, it's not dead until some jackboot shows up and invokes Godwin. ;) So, I have always wondered: Can you invoke Godwin for every post on alt.politics.socialist.nazi? :-) Warren. -- The plural of anecdote is not evidence. -- Bill Lockyer, California Attorney General
MTUs - Was: Strange public traceroutes return private RFC1918 addresses
Ok, I know that this is getting away from the original thread, but I've always wondered this... Why is the MTU on Ethernet 1500 bytes? I have looked through various docs (eg IEEE Std 802.x) and can find where maxUntaggedFrameSize is listed as 1518 octets, but there is no mention of why this was chosen. I know where the minimum frame size comes from (CSMA/CD and propagation times, etc), but the maximum frame size number sounds fairly arbitrary. -- Warren. On Feb 4, 2004, at 5:46 PM, Hani Mustafa wrote: How does a 50Mbyte MTU sound like? http://www.psc.edu/~mathis/MTU/ ~Hani Mustafa Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. -- Terry Pratchett
RE: different use of a backhoe
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christopher L. Morrow wrote: http://news.bbc.co.uk/1/hi/england/2879833.stm Do british cops have fiber in their cars?? Quite possibly! There are a few (competing) in-car fiber solutions, MOST (Media Oriented Systems Transfer) seems to be the most popular, but there are others, at least one of which is based on IEEE1394 (Firewire). http://www.eetimes.com/story/OEG20001113S0048 - --Warren. -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBPn9Gwx0pDa+LnBEnEQLUCwCdGf3ET8ttXzKmWryc6R2Gg2SNBV8AoPFN l2R78OFIJRmvMe+bCuYQoFBM =s9/l -END PGP SIGNATURE-
Re: Anyone home at AOL?
On 10/10/02 2:12 PM, Roger Marquis [EMAIL PROTECTED] wrote: PS. these logs illustrate only a small fraction of the SMTP activity from AOL's servers. Um, I am sorry that you are hurting, but was 450+ lines of log *really* necessary?! - Warren. -- Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. -- Terry Pratchett
