Atrivo/Intercage: Now Only 1 Upstream
Looks like WVFiber removed them as a customer: http://www.cidr-report.org/cgi-bin/as-report?as=as27595 Now only AS32335 [PACIFICINTERNETEXCHANGE-NET] remains. - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: ARP Table Timeout and Mac-Address-Table Timeout
I saw that one before. Thats what we based our current fix on. Frank Bulk wrote: > Steven: > > This was recently discussed on cisco-nsp: > http://marc.info/?l=cisco-nsp&m=121316151010190&w=2 > > Frank > > -Original Message- > From: Steven King [mailto:[EMAIL PROTECTED] > Sent: Sunday, September 14, 2008 7:27 PM > To: nanog@nanog.org > Subject: ARP Table Timeout and Mac-Address-Table Timeout > > I am a network engineer for a large web hosting company. We are having > an issue with our distribution routers flooding traffic in one of our VLANs. > > We have a customer with a routed mode ASA 5550. They have their own > private VLAN that is a /23 This VLAN is 145. The outside interface of > the firewall is in VLAN 132. We are routing all traffic for VLAN 145 to > the IP of the outside interface of the firewall in VLAN 132. > > VLAN 132 is Layer3 routable and VLAN 145 is only Layer2 switchable. > > We have two distribution switches which are redundant with HSRP. Dist1 > is the active forwarder in this case. Traffic coming into these two > routers are load balanced between Dist1 and Dist2 with EIGRP routes with > equal cost. > > We have found that traffic coming into Dist2 (the standby) is flooding > traffic destined for the firewall outside interface. But Dist1 is not. > > We have tracked down the cause of this to the MAC-Address-Table timing > out before the ARP table times out. We leave these values at the Cisco > default. ARP = 4hr MAC = 5 minutes. Since Dist2 is not receiving any > traffic from the firewall going out to the internet, it is not updating > the MAC-Address-Table after it expires. Instead, it waits 4 hours for > the ARP cache to expire for that IP, and then updates everything. But > Dist2 ends up flooding traffic for that 4 hours causing latency. > > We have done some research on this problem and have found so far the > best solution to be to make the ARP timeout less than the > MAC-Address-Table aging-timer.We have set the ARP = 1hr and MAC = 2hrs > in this case to correct the problem. So when the ARP entry times out > before the MAC entry, the forced update of the ARP entry before the MAC > timeout causes the MAC entry age to reset. Indeed this does correct the > problem. > > Is this the best solution to the problem, or is there another preferred > solution? Has anyone ran into this in their own Enterprise Networks? > > Please let me know if I didn't explain anything well enough. > > -- > Steve King > > Network Engineer - Liquid Web, Inc. > Cisco Certified Network Associate > CompTIA Linux+ Certified Professional > CompTIA Network+ Certified Professional > CompTIA A+ Certified Professional > > > > -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA Network+ Certified Professional CompTIA A+ Certified Professional
NANOG List Monthly Post.
General Information === About NANOG:http://www.nanog.org/about/ NANOG News: http://www.nanog.org/ NANOG lists and AUP:http://www.nanog.org/mailinglist/ NANOG List FAQ: http://www.nanog.org/mailinglist/listfaqs/ To Subscribe or Unsubscribe from the list: http://mailman.nanog.org/mailman/listinfo/nanog To contact the list's admins: [EMAIL PROTECTED] Posting Policy == The NANOG list has over 10,000 subscribers so it is very easy for a thread to have scores of posts while being off-topic and only of interest to only a small proportion of subscribers. Please consider before each post if your email will be of interest to the majority of members or might alternatively be emailed directly the people of interest or posted to another forum. Please read the FAQ and AUP policy before posting for more details. Especially the following are discouraged: * Is a certain site down? Other Outages not affecting half the Internet. Please use http://downforeveryoneorjustme.com/ or a similar site. Please post to the Outages mailing list: https://puck.nether.net/mailman/listinfo/outages * Spam Please use SPAM-L - http://www.claws-and-paws.com/spam-l * Contacting People * http://puck.nether.net/netops/ * Please try other methods of contacting sites before you post to NANOG. Saying something like "I tried calling 213-555- but no answer" shows you _have_ tried alternative methods first. * Political Issues * Topics such as ICANN policy, Government Policy or Law changes that do not have short term Operational impact should be avoided. * Operation topics with more specific lists * DNS - http://lists.oarci.net/mailman/listinfo/dns-operations * Email - http://www.mailop.org/ * NANOG Mailing list policy Please use the nanog-futures list or contact [EMAIL PROTECTED] Please also avoid = * Sending posts to the list relevant to only one or two people on this list, such as tests or traceroutes in response to another post for comparison to those originally posted. * Jokes, Puns, amusing observations, spelling corrections. Other NANOG related lists = * NANOG-futures - for discussion of the evolution of NANOG, including organizational structure, policies and procedures, and agendas for NANOG meetings. Such topics aren't appropriate for the main NANOG mailing list. http://mailman.nanog.org/mailman/listinfo/nanog-futures * nanog-attendee - For discussion of venue-specific issues relevant to attendees of the current NANOG physical meeting. http://mailman.nanog.org/mailman/listinfo/nanog-attendee * nanog-announce - For announcements of NANOG meetings an other Important NANOG related announcements. Low traffic and all posts are also sent to main list. http://mailman.nanog.org/mailman/listinfo/nanog-announce Other Mailing Lists === Information about related lists: http://www.nanog.org/mailinglist/listfaqs/otherlists.php
Re: Internet Traffic Begins to Bypass the U.S.
On Mon, Sep 15, 2008 at 7:13 AM, Jim Mercer <[EMAIL PROTECTED]> wrote: > oddly enough, the ISP's in the region have not caught on to the potential > winfall of providing cost effective hosting locally, so therefore, the bulk > of the hosting for companies in the region is primarily done in the US, > then > in EU, then, maybe locally. > > if you drive down Sheikh Zayed Road in Dubai, and check where the hosting > is > for 90% of the URL's on the billboards (even those with .ae domains), you > will > find that they follow the above pattern. > > a primary example is that of du.ae, one of the only two > incumbent/dual-opoly > providers for the UAE, hosts its own website and customer portal in Canada, > even though it has a perfectly fine data center (if not more than one) in > Dubai. The political implications are interesting; the UAE has been more than keen to attract fibreoptic infrastructure, but setting up an IX would encourage local networks to interconnect without going via either Etisalat or Du, which has consequences both for their quasi-official monopoly and for the government's mass Internet filtering policy. There are (as you know Bob) already office developments that are allowed to have their own access to $World, and presumably there are networks in them; if they were allowed to interconnect with each other and with other networks, who knows? anarchy, cats and dogs making love in the streets, etc. Interestingly, other emerging markets did it the opposite way round. Kenya, frex, established an IX long before it had even the hope of submarine cable access. Now, with the new East African projects, there is talk of an Indian-style call centre/backoffice boom.
Re: Internet Traffic Begins to Bypass the U.S.
* Jean-François Mezei: > Did western europe ever really have a primary route via the USA to reach > asia ? It depends where you buy transit from. For instance, I see Baidu through AT&T, and the traffic is routed through the U.S. Some Singaporean banks and a few Koran government sites are routed through Level3, also via the U.S West coast. For sites in Thailand and Vietnam, the picture is a bit unclear (no visible IP hop in the U.S.). On another network, I reach Baidu through Telia, and it's still routed through the U.S. West coast. Both networks appear to see IIJ through a peering in San Jose. Anyway, at times, the more apt question would have been: Is Europe reachable from Europe without crossing the U.S.? I can't read the NYT story, but it seems highly unlikely to me that risk of eavesdropping on behalf of democratically elected governments is a factor in public Internet routing decisions.
Re: Internet Traffic Begins to Bypass the U.S.
On Mon, Sep 15, 2008 at 10:22:27AM +0100, Alexander Harrowell wrote: > On Mon, Sep 15, 2008 at 7:13 AM, Jim Mercer <[EMAIL PROTECTED]> wrote: > > oddly enough, the ISP's in the region have not caught on to the potential > > winfall of providing cost effective hosting locally, so therefore, the bulk > > of the hosting for companies in the region is primarily done in the US, > > then in EU, then, maybe locally. > > The political implications are interesting; the UAE has been more than keen > to attract fibreoptic infrastructure, but setting up an IX would encourage > local networks to interconnect without going via either Etisalat or Du, > which has consequences both for their quasi-official monopoly and for the > government's mass Internet filtering policy. there is an exchange http://emix.ae, however, when i last interacted with them several years ago, it was a relatively closed club. that, and the actual exchange is located in Dubai (i think), which will require the arrangement of transit from the fiber drops (in Fujerah) to Dubai, at whatever rates etisalat (maybe du) decide to charge. the government filtering is not out of line with others in the region, and for the most part, doesn't hit political or religious sites, mostly porn, or sites that are reported to have porn (facebook/myspace/etc have all had their turn at being blocked, and then unblocked). > There are (as you know Bob) already office developments that are allowed to > have their own access to $World, and presumably there are networks in them; > if they were allowed to interconnect with each other and with other > networks, who knows? anarchy, cats and dogs making love in the streets, etc. nah, the perception that it is some kinda quasi-moral, quasi-authoratarian issue is wrong. its about money, period. they currently actively block anything VoIP related, and at points in the past, i ran into etisalat blocking access to sites containing voip-related forums/etc. generally the blockage is either for preserving their cash-flow (ie, no VoIP), or reactions to local-culture complaints about content, which allows them to maintain the high-moral ground with the local population, as "outsiders" wouldn't defend the local-culture. > Interestingly, other emerging markets did it the opposite way round. Kenya, > frex, established an IX long before it had even the hope of submarine cable > access. Now, with the new East African projects, there is talk of an > Indian-style call centre/backoffice boom. yep. as i was saying, the middle east region, with all of its potential capital, is overly protective of its incumbents to allow any kind of real competition. having lived here for some time, this tends to be true in alot of other market segments as well. if anyone from du or etisalat wishes to speak up and correct my impressions, please do. -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 "I'm Prime Minister of Canada, I live here and I'm going to take a leak." - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, "Who are you and where are you going?"
RE: [SPAM-HEADER] - Re: Internet Traffic Begins to Bypass the U.S. - Email has different SMTP TO: and MIME TO: fields in the email addresses
Fiber opic capacity from to Europe to Asia via the African cost has always been quite slim by TransAtlantic standards. As I recollect, you have FLAG, SWM3, and SWM4. Those systems can push multi-terabits. Capacity is not fundamentally the problem, but rather the lack of competition. Also you need a vibrantly competitive local loop market in these countries to drive undersea capacity demand. You don't have that yet, although it is emerging in countries like India. Regards, Roderick S. Beck Director of European Sales Hibernia Atlantic
Paging Level(3) Security Operations
Hello NANOG list, I'm trying to reach out to Level(3) Security Operations for assistance with a Denial of Service attack. So far, the normal means to contact Level(3) have failed. I can be reached directly at 603-296-1598. Thanks, Tom Daly -- Tom Daly [EMAIL PROTECTED] Dynamic Network Services, Inc. http://dynamicnetworkservices.com/
Jay Shao is out of the office.
I will be out of the office starting 09/15/2008 and will not return until 09/21/2008. I will respond to your message when I return. Please contact with [EMAIL PROTECTED] for any production issues - DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Re: Internet Traffic Begins to Bypass the U.S.
On 14 Sep 2008, at 23:38, Matthew Moyle-Croft wrote: Other cable systems predated FLAG (at least for voice). The qualifier might be important. As should have been obvious from all the IIRCs and related qualifiers in my note, I wasn't in Europe at the time I started paying attention to these things. However, in other parts of the world, circuits provisioned and planned for voice traffic growth started to become effectively full as soon as there was demand for circuits much bigger than an E1. As an example, PacRimEast still had capacity in the late 90s, strictly speaking. But given the difficulty in ordering anything other than E1s on it at that time, did it really exist as a terrestrial option for New Zealand ISPs trying to send packets to the US? There was a lot of satellite transmission sold around that time on PanAmSat, IntelSat and Loral transponders, and it's not as if anybody was really using satellite out of choice. There are only so many discrete E1s you can comfortably inverse-mux together before it's really not worth bothering. The timelines are no doubt different, since Europe experienced a giant boom in Internet demand and infrastructure while smaller markets like New Zealand were still preoccupied with X.25. However, the original question was whether there had ever been a time during which Europe had no option but to cross oceans to get to Asia, and I'd be surprised if that wasn't the case. Perhaps someone who actually knows this stuff can throw some facts into the thread and put a stop to my wild speculation. SEA-ME-WE predates FLAG by almost a decade. I'm sure some digging would reveal a bit more on that path either submarine or terrestrial. The contract to build SEA-ME-WE-4 was signed in March 2004, according to their web page. SEA-ME-WE-3 was commissioned in March 2000 in India, according to Wikipedia. The Europe-Asia segment of FLAG was lit in the mid-1990s. Joe
RE: Internet Traffic Begins to Bypass the U.S.
Hi Francois, The answer is yes. The cost of reaching Asian via the US was and is still much lower than via the cables that hug the Africain cost. And since Europe had a lot of traffic terminating in the US, it made more sense to throw it all that way than split into two major routes. Finally, a lot of European traffic is handed off to Asian backbones at the US West Coast peering points. There is no need to carry all the way to Asian since the Asian carriers have a huge presense at PAIX and other West Coast sites. Regards, Roderick S. Beck Director of European Sales Hibernia Atlantic 13-15, rue Sedaine, 75011 Paris http://www.hiberniaatlantic.com Wireless: 1-212-444-8829. French Wireless: 33-6-14-33-48-97. AOL Messenger: GlobalBandwidth [EMAIL PROTECTED] [EMAIL PROTECTED] ``Unthinking respect for authority is the greatest enemy of truth.'' Albert Einstein.
Re: Internet Traffic Begins to Bypass the U.S.
On 15 Sep 2008, at 05:40, Jim Mercer wrote: there is an exchange http://emix.ae, however, when i last interacted with them several years ago, it was a relatively closed club. Unless things have changed recently, it's more of a monopoly transit provider than an exchange point. It's a service of Emirates Telecom/ Etisalat, AS8966; it's who people are obliged to buy transit from, there being no alternative for licensed ISPs. They do like to use the word "exchange" though, which can give the wrong impression. If it seems like a closed club, perhaps that's more of an ISP licensing issue in UAE than anything else. Joe
RE: Cisco uRPF failures
The 3560E/3750E support uRPF as per docs: http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/softwar e/release/12.2_46_se/configuration/guide/swiprout.html#wp1388196 The unsupported command guide looks in error. > -Original Message- > From: Brandon Ewing [mailto:[EMAIL PROTECTED] > Sent: Saturday, September 13, 2008 11:26 AM > To: nanog@nanog.org; [EMAIL PROTECTED] > Subject: Re: Cisco uRPF failures > > On Thu, Sep 11, 2008 at 08:11:28PM +0300, Saku Ytti wrote: > > > > Sound like these shops are using 3550 as router, which is common for > > smaller shops, especially in EU. And indeed, 3550 would not do uRPF. > > (3560E does). > > > > Are you sure? According to the IOS guide for 3560E/3750E, "ip verify" > is > still an unsupported interface command. I don't have a 3560E handy to > test > on, but I know that a non-E 3560 refuses it with a notice regarding how > verification is not supported by hardware. > > http://tinyurl.com/5qbqzb > > -- > Brandon
NANOG44 PGP Keysigning
Greetings, For NANOG44 in Los Angeles, we will be running the keysigning sessions during the general session breaks in the Moroccan open seating area, which is on the Mezzanine level (above the Main Galleria). If you're planning to attend any of the keysigning sessions, please paste your keys into the keyring at: http://biglumber.com/x/web?keyring=2221 Also, if you do sign keys, whether or not you intend to attend one of the sessions, please do pick up a red sticker for your name tag when you pick it up. If you've never attended a PGP keysigning before, you may wish to review the following first for an understanding and overview of the process: http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html If you have any questions, please contact me off list. Thank you and I will see you in Los Angeles! --msa
Today's Point-2Point WAN Options
Hello Nanog, I'm currently looking into what are the options for enabling inter-datacenter communication. Our current solution is to use ipsec/gre tunnels traversing over the Internet. The specific needs the new solution must meet are: - The ability to run end-to-end QOS. - Dedicated bandwidth - Support 1gbps transfer rates - Enable communication between 3 locations The options I have looked into so far are: - Layer 2 Ethernet (Virtual Private Line): This service seems to be offered by a lot of ISPs using various networking techniques. The price point is attractive however packets are forwarded only at best effort across the ISP's network which means the quality of the service will directly reflect the ISP's network performance. - Traditional Leased Line (dsX/ocX): This service seems to be more expensive then wavelength services however meets my needs. - WaveLength Services (oc3-10gig): This service seems to be cheaper then traditional leased lines when comparing similar bandwidth. However, availability is limited to on-net buildings. This solution meets my needs. - MPLS based VPN solutions: Seems to be a good point to multipoint technology with QOS offerings. However, the price seems to be around the same as wavelength services for the amount of bandwidth we require. If the number of data centers we were looking to connect was larger then this option would be more attractive. This solution meets my needs. Based on my needs and what my options are I am leaning towards point to point wavelength services connecting my 3 locations in a loop like fashion. Are there any other options I should consider? Are my descriptions of the today's possible solutions inaccurate? Are there any thoughts on today's pricing that differs then my findings? Thanks Chris Kleban
Re: Today's Point-2Point WAN Options
> - Layer 2 Ethernet (Virtual Private Line): This service seems to be offered > by a lot of ISPs using various networking techniques. The price point is > attractive however packets are forwarded only at best effort across the ISP's > network which means the quality of the service will directly reflect the > ISP's network performance. Depending on how it's implemented, it might have QoS in the ISPs network. If the ISP has plenty of bandwidth, best effort is fine. > - WaveLength Services (oc3-10gig): This service seems to be cheaper then > traditional leased lines when comparing similar bandwidth. However, > availability is limited to on-net buildings. This solution meets my needs. > - MPLS based VPN solutions: Seems to be a good point to multipoint technology > with QOS offerings. However, the price seems to be around the same as > wavelength services for the amount of bandwidth we require. If the number of > data centers we were looking to connect was larger then this option would be > more attractive. This solution meets my needs. Wavelengths are often sold without fibre redundancy; virtual links usually (I hope) have some redundant back haul, at least. Redundancy isn't necessarily good - the redundant path might be really, really bad.
[NANOG-announce] Call for volunteers for the NANOG PC
Hi everyone, There are going to be a few announcements over the next few days regarding all things NANOG, so please bear with us! Thanks to all who volunteered for the Steering Committee - the list of candidates to join the three continuing Steering Committee members is at http://www.nanog.org/governance/elections/2008elections/2008sc_candidates.php. We will be holding elections during NANOG 44 in LA to determine who will join the Steering Committee. Now to the Program Committee! Here is your chance to help shape the future of the NANOG program content. NANOG Program Committee The NANOG Program Committee is a group of sixteen individuals from the NANOG community who together are responsible for the solicitation and selection of material for NANOG meeting Programs. A new NANOG Program Committee will be selected by the NANOG Steering Committee after the Steering Committee election in October. Eight positions are to be filled, and the Steering Committee is now seeking nominations. Per the NANOG charter (6.2.1), eligible candidates are individuals who have attended at least one NANOG meeting in the past 12 months (i.e. one or more of NANOG 42, NANOG 43 or NANOG 44). Broad technical knowledge of Internet operations and familiarity with NANOG meetings are useful attributes. Having constructive opinions and ideas about how NANOG meetings might be improved is of high value. If you are interested in nominating someone else or yourself, please send a brief note to [EMAIL PROTECTED] The note should include the nominee's contact details, and a brief description of why (in your opinion) the individual concerned would be a good addition to the Program Committee. The Steering Committee will accept nominations received before the conclusion of NANOG 44 on October 14. If you would like to see a list of current nominations, please look at http://www.nanog.org/governance/elections/2008elections/2008pc_candidates.php. Many thanks, and hope to hear from you soon!! philip (for the SC) ___ NANOG-announce mailing list [EMAIL PROTECTED] http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: Internet Traffic Begins to Bypass the U.S.
On 15/09/2008, at 10:06 PM, Joe Abley wrote: As an example, PacRimEast still had capacity in the late 90s, strictly speaking. But given the difficulty in ordering anything other than E1s on it at that time, did it really exist as a terrestrial option for New Zealand ISPs trying to send packets to the US? There was a lot of satellite transmission sold around that time on PanAmSat, IntelSat and Loral transponders, and it's not as if anybody was really using satellite out of choice. There are only so many discrete E1s you can comfortably inverse-mux together before it's really not worth bothering. Satellite was mainly because it was cheaper in a world where 2mbps out of Australia to the US cost US$150k/month. Circa around 1996 Telstra Internet had 16x2Mbps to the US plus 1x2Mbps to NZ.That didn't change until Southern Cross (SCCN) arrived in 2000. (I started in the ISP industry in 1994 in Australia, so whilst some of this is now a tad fuzzy, I was at least there for this bit. My home / 24 was 16 years old last month). The timelines are no doubt different, since Europe experienced a giant boom in Internet demand and infrastructure while smaller markets like New Zealand were still preoccupied with X.25. However, the original question was whether there had ever been a time during which Europe had no option but to cross oceans to get to Asia, and I'd be surprised if that wasn't the case. I guess it depends how far back you look in telecommunications history. The 1901 telegraph network was as extensive as today's submarine networks (if not broader) (http://atlantic-cable.com/Maps/1901EasternTelegraph.jpg ). Australia had telegraphy connectivity via Singapore and the All Red Route that the British ran and controlled since around 1879. Perhaps someone who actually knows this stuff can throw some facts into the thread and put a stop to my wild speculation. SEA-ME-WE predates FLAG by almost a decade. I'm sure some digging would reveal a bit more on that path either submarine or terrestrial. Before SEA-ME-WE4 and 3 there was SEA-ME-WE and SEA-ME-WE2. SEA-ME- WE had an inservice date of 1986. MMC -- Matthew Moyle-Croft Internode/Agile Peering and Core Networks Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia Email: [EMAIL PROTECTED]Web: http://www.on.net Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999Fax: +61-8-8235-6909
confusing packet data
This is something has been bugging me lately Etherape is a Linux tool that graphs packets arriving at your host, and shows paths of connectivity. I captured the graphs, at the URL below, from my Linux laptop connected to a Linksys wifi router that is hooked to a Comcast cable modem. Why is it that I can see packet data from IPs all over the place? http://picasaweb.google.com/jimpop/Public# Any insight is much appreciated. -Jim P.
Re: Internet Traffic Begins to Bypass the U.S.
On 15/09/2008, at 10:36 PM, Joe Abley wrote: On 14 Sep 2008, at 23:38, Matthew Moyle-Croft wrote: Other cable systems predated FLAG (at least for voice). The qualifier might be important. As should have been obvious from all the IIRCs and related qualifiers in my note, I wasn't in Europe at the time I started paying attention to these things. However, in other parts of the world, circuits provisioned and planned for voice traffic growth started to become effectively full as soon as there was demand for circuits much bigger than an E1. As an example, PacRimEast still had capacity in the late 90s, strictly speaking. But given the difficulty in ordering anything other than E1s on it at that time, did it really exist as a terrestrial option for New Zealand ISPs trying to send packets to the US? yes, for Australia, certainly. A number of us were using E1 inverse MUX units to pull higher channel rates out of the circuits. Same thing happened a few years later with muxing up 155Mbpsd circuits. There was a lot of satellite transmission sold around that time on PanAmSat, IntelSat and Loral transponders, and it's not as if anybody was really using satellite out of choice. There are only so many discrete E1s you can comfortably inverse-mux together before it's really not worth bothering. heh heh - we ran out of cable capacity before we ran out of cascading inverse muxes at the time! Satellite really was a very inferior choice. The timelines are no doubt different, since Europe experienced a giant boom in Internet demand and infrastructure while smaller markets like New Zealand were still preoccupied with X.25. However, the original question was whether there had ever been a time during which Europe had no option but to cross oceans to get to Asia, and I'd be surprised if that wasn't the case. The original telegraph circuits in the latter half of the 19th century were largely overland, but, unless there are markets you want to intercept with in the middle, undersea tends to be a better option where you consider all aspects (territorial rights, political issues, total length, stability etc etc). There was a very informative article by Neal Stephenson in Wired some years back that was published at about the time FLAG was being constructed which still is about the best article on the submarine cable business I've read. Everyone interested in this submarine cable game except Joe should read it. The problem with the routes in that part of the word include: the Wallace line, territorial waters, shallow waters, the Luzon strait, the stability of overland segments, the size of the markets in the middle, the cost and availability of the alternatives, and the major factor that spending 100% of your investment money to optimise 80% of your traffic needs makes more sense than many other investment strategies - hence the outcome that the Pacific has become the heavily favoured route for submarine cable systems in this area of the world. Perhaps someone who actually knows this stuff can throw some facts into the thread and put a stop to my wild speculation. nah - more fun to watch you speculate Joe.
Re: confusing packet data
On 16/09/2008, at 1:34 PM, Jim Popovitch wrote: This is something has been bugging me lately Etherape is a Linux tool that graphs packets arriving at your host, and shows paths of connectivity. I captured the graphs, at the URL below, from my Linux laptop connected to a Linksys wifi router that is hooked to a Comcast cable modem. Why is it that I can see packet data from IPs all over the place? My suspicion is that the tool is malfunctioning and is spitting out random data. Probably best to post on the Etherape mailing list for help on this one. I see stuff in 224/4 and 240/4 in your pictures. -- Nathan Ward
Re: Today's Point-2Point WAN Options
Chris Kleban <[EMAIL PROTECTED]> wrote: > Hello Nanog, > > I'm currently looking into what are the options for enabling inter-datacenter > communication. > > Our current solution is to use ipsec/gre tunnels traversing over the > Internet. The specific needs the new solution must meet are: > > - The ability to run end-to-end QOS. What are you trying to accomplish? Do you need to be able to pass DiffServ/DSCP tagging between sites? > - Dedicated bandwidth > - Support 1gbps transfer rates > - Enable communication between 3 locations Okay. > The options I have looked into so far are: > > - Layer 2 Ethernet (Virtual Private Line): This service seems to be offered > by a lot of ISPs using various networking techniques. The price point is > attractive however packets are forwarded only at best effort across the ISP's > network which means the quality of the service will directly reflect the > ISP's network performance. How is this a problem? Is that concern that you never want an interface which is (physically, to routing protocols, ...) "up" but latent and dropping packets like whoa, from an application or monitoring/management prospective? You raise a valid point about oversubscription. At the same time, this is often overhyped by marketing people, and dependent on how ghetto your pseudowire provider is and whether or not they know how to capacity-plan. > - Traditional Leased Line (dsX/ocX): This service seems to be more expensive > then wavelength services however meets my needs. Quite. And it limits your router options significantly while driving up capex costs. Just say no! > - WaveLength Services (oc3-10gig): This service seems to be cheaper then > traditional leased lines when comparing similar bandwidth. However, > availability is limited to on-net buildings. This solution meets my needs. Not a bad idea, but often overlooked when purchasing unprotected long-haul waves is that you can be down for days or weeks on end, depending on the severity of a given fiber cut. And protected waves cost significantly more because the carrier is provisioning twice the capacity -- sometimes in a configuration not as redundant as advertised. This is not for the faint of heart, and best left to ISPs who are buying from multiple vendors/cable systems and put in the effort to engineer suitable diversity. As an end-user, a switched service might afford you more economical route protection. > - MPLS based VPN solutions: Seems to be a good point to multipoint technology > with QOS offerings. However, the price seems to be around the same as > wavelength services for the amount of bandwidth we require. If the number of > data centers we were looking to connect was larger then this option would be > more attractive. This solution meets my needs. (Assuming you're talking about l3vpn, as l2 can be grouped into your first example...) It would probably help if you'd explain the "QOS" feature set of the offerings you're looking at. This is a highly technically complex deployment; even at the largest telecoms, you can count on one hand the number of staff expert in its implementation and troubleshooting. It's also the most limiting in terms of specific routing protocols and prefix counts supported, the type of traffic you can pass, etc. The only benefit I can see to a l3vpn is in the enterprise with a lot of branch offices, where it simplifies end-site configurations and hub/spoke topology. Connecting your three datacenters, this is obviously not an issue. These are often the most expensive solutions too, given that their target customers have deep pockets. > Based on my needs and what my options are I am leaning towards point to point > wavelength services connecting my 3 locations in a loop like fashion. > > > Are there any other options I should consider? None come to mind. > Are my descriptions of the today's possible solutions inaccurate? More or less, though it would help if you'd explain more what you're trying to get out of the "QOS". Best Of Luck, and Drive Slow, Paul Wall
Re: Atrivo/Intercage: Now Only 1 Upstream
Paul, Cogent is keeping tabs of the Intercage/Atrivo situation in ticket HD000789038. Be sure to e-mail or call them referencing that number with any information you may have to share. AboveNet's ticket auto-responder is broken. I've been unable to get a response out of NTT (AS 2914). Drive Slow, Paul Wall
Re: Atrivo/Intercage: Now Only 1 Upstream
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- "Paul Wall" <[EMAIL PROTECTED]> wrote: >Cogent is keeping tabs of the Intercage/Atrivo situation in ticket >HD000789038. Be sure to e-mail or call them referencing that >number with any information you may have to share. > >AboveNet's ticket auto-responder is broken. > I don't have time to pass along intelligence to Cogent, and if I did feel so inclined, somehow I get the feeling that I would largely be ignored since I'm not a direct customer. I'm more inclined to pass along the intelligence to law enforcement, as many of us have been doing for a couple of years now. In any event, the badness is still there. Lots of it. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIzz/jq1pz9mNUZTMRAoykAKDT0Z9j7zw8RHpO0fSjBIYdbUCTiACg3koi F2OWk5qP+5ZsXdBbBcg6cB4= =Mfgg -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: confusing packet data
On Tue, Sep 16, 2008 at 00:43, Hank Nussbacher <[EMAIL PROTECTED]> wrote: > Are you running Skype? Have you become a supernode? There is now a > registry switch in 3.0 that allows you to disable supernode functionality. No. Nothing is running on this host (my laptop) when initiating etherape. Also, etherape reports nothing until I initiate some traffic (i.e. whois www.yahoo.com) I suspect that Nathan is correct and I have filed a bug report with Debian. -Jim P.
Re: confusing packet data
On 16/09/2008, at 4:43 PM, Hank Nussbacher wrote: Are you running Skype? Have you become a supernode? There is now a registry switch in 3.0 that allows you to disable supernode functionality. This would not cause him to see traffic to and from random addresses. Note that traffic is not going to his IP address, but to AND from addresses that are not his. That, plus the fact that there 'is' traffic on 240/4 and 224/4, and it sounds like a bug. -- Nathan Ward
Re: Atrivo/Intercage: Now Only 1 Upstream
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- "Paul Wall" <[EMAIL PROTECTED]> wrote: >Cogent is keeping tabs of the Intercage/Atrivo situation in ticket >HD000789038. Be sure to e-mail or call them referencing that >number with any information you may have to share. > >AboveNet's ticket auto-responder is broken. > By the way, a lot of folks are watching all domains registered within Atrivo/Intercage IP address space every day. Here's a few for you to decide -- and they have been registered only in the past few days: undaground.biz pillshere.net ukrnic.info (originally registered in Intercage IP space, now in UkrTelecom) This is only a fraction of a percentage of the activities. We are watching. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIz0ozq1pz9mNUZTMRAnHeAJ4ntfwfiQaQxhTXfs89uo2I3cTJMgCfb41s M7q+r1sgTSmGL1+vszyHYb0= =c6jO -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Atrivo/Intercage: Now Only 1 Upstream
On Tue, 16 Sep 2008, Paul Ferguson wrote: In any event, the badness is still there. Lots of it. Not according to this: http://www.domainnews.com/en/general/estdomains-denies-links-to-malware-distribution.html "The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance." You really need to read the entire posting and not end up ROTFL. -Hank
Re: confusing packet data
On Mon, 15 Sep 2008, Jim Popovitch wrote: Are you running Skype? Have you become a supernode? There is now a registry switch in 3.0 that allows you to disable supernode functionality. -Hank This is something has been bugging me lately Etherape is a Linux tool that graphs packets arriving at your host, and shows paths of connectivity. I captured the graphs, at the URL below, from my Linux laptop connected to a Linksys wifi router that is hooked to a Comcast cable modem. Why is it that I can see packet data from IPs all over the place? http://picasaweb.google.com/jimpop/Public# Any insight is much appreciated. -Jim P.
