ATT SMTP Admin contact?
Hi all, Would I be able to get an ATT mail administrator to contact me off-list? We've recently moved our mailservers to a new IP address range, and the standard CGI forms haven't produced any progress for us in over a week now. Unfortunately this affects dozens of hosted clients... The CGI form at http://wn.att.net/cgi-bin/block_admin.cgi has also got a dead link at the bottom, which shakes my confidence in its level of maintenance a little. Thanks in advance, -- Regards, Brad Laue Systems Administrator, Inftek Hosting 1-888-44-SYNCD http://www.getsyncd.com (888) 44-SYNCD (888-447-9623) x702
Re: Who has AS 1712?
On 24.11 08:48, Daniel Karrenberg wrote: RIS Routing History for AS1712 since 2001: ... PS: And yes we are going to make the REX tool for querying ASes available soon. Keep watching labs.ripe.net. OK, by popular demand: Before we release the nicely presented version, here is a direct link to some of the RIS data which can be queried by AS: http://albatross.ripe.net/cgi-bin/inrdb-risribl.cgi?res=1712rrc=aggrmatch=x There are links at the bottom for explanations and a link at the top for asking different questions. Note again that this is not a production service, it is raw data that needs interpretation and a nicer presentation is coming soon. Daniel
Re: Who has AS 1712?
RIS Routing History for AS1712 since 2001: on what date was AS1712 assigned to the current RIPE holder? randy
Re: Who has AS 1712?
At 18:29 24/11/2009 +0900, Randy Bush wrote: RIS Routing History for AS1712 since 2001: on what date was AS1712 assigned to the current RIPE holder? Based on: ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest it doesn't show AS1712 ever being allocated to Renater (probably why the inter-RIR mistake happened) but the surrounding ASNs give you an idea of the timeframe: ripencc|IL|asn|1680|1|19930901|allocated ripencc|EU|asn|1707|1|19930901|allocated ripencc|EU|asn|1729|1|19930901|allocated ripencc|EU|asn|1732|1|19930901|allocated -Hank randy
Re: Who has AS 1712?
* Christopher Morrow: In all seriousness though, how does this get fixed? AS number translation, perhaps? But more seriously, in general, it is impossible to tell if a conflict between RIPE and ARIN is real, or is the result of lack of updates after mergers and acquisitions on one of the sides. A good example in this area is 53.0.0.0/8, which has a rather interesting history. Another one is AS702. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Re: Ethernet over DS3 Converters
I've been using the RAD products for years. The price is right and they are extremely reliable. On Nov 23, 2009, at 12:25 PM, Brad Fleming wrote: Hello all, My company is searching for some Ethernet over DS3 converters / adaptors for a specific installation. I see several options from Adtran, RAD-Direct, and a couple other (smaller) vendors and was wondering if anyone out there has suggestions or insights. Our needs are pretty simple: We'll need to pass multiple VLANs unless that's simply not possible. We'll need copper 10/100 interfaces on each side. Here are the two main products we're currently eyeing Adtran Product: http://www.adtran.com/web/page/portal/Adtran/group/3024 RAD-Direct Product: http://www.rad.com/10/Fast_Ethernet_over_T3_NTU/2480/ Thanks very much for any suggestions. -- Brad Fleming Network Engineer Kansas Research and Education Network Office:785-856-9800 x.222 Moblie: 785-865-7231 NOC: 866-984-3662
Re: Ethernet over DS3 Converters
On Mon, Nov 23, 2009 at 3:25 PM, Brad Fleming bdflem...@kanren.net wrote: Hello all, My company is searching for some Ethernet over DS3 converters / adaptors for a specific installation. I see several options from Adtran, RAD-Direct, and a couple other (smaller) vendors and was wondering if anyone out there has suggestions or insights. Our needs are pretty simple: We'll need to pass multiple VLANs unless that's simply not possible. We'll need copper 10/100 interfaces on each side. +1 for Overture. We have a pretty large deployment of 5100s and ISG45s. Be aware on the 5100 and lower, that if you run MPLS over it, it cannot currently put that traffic in the appropriate queues. They're working on that feature (fingers crossed for Q1). We work around that by setting ToS bits on outgoing interfaces and configuring the switch rule to look at that instead. The 5000/5100 and 6000 does have a CLI and SNMP, but lacks the queue details that the 45+ has. They just tell you something dropped, not which queue had the drop. The MPLS limitation also applies to bundling multiple DS3s (if you can't get GFP bonding to work due to differential delay limitations). That traffic gets stuffed onto one DS3. Non MPLS traffic appears to be hashed pretty evenly across multiple DS3s on the newer code. Also, the hash is dynamically sized based on # of DS3s in the bundle. Again, hopefully Q1 for MPLS capabilities. It is my understanding (haven't tested them for that purpose) that the 6000 can see into MPLS headers and properly queue today based off of DSCP markings. However, they are a bit pricier. Their TAC is also fantastic if you ever need them. jason
Re: Tucows vs Postini
Paul Stewart escreveu: Hi folks... Anyone have much experience with outsourcing antispam/antivirus to Tucows? We use Postini today and are overall pleased. The Tucows pricing seems to be MUCH lower so curious on any feedback... Thanks, Paul I personally run Postini, Tucows' and MailFoundry on the clowd (hosted) for some of my customers, so, its all about my very own personal experience. Tucows has a way better ROI rates, however they used to be very, very unstable, with really higher outages than any other of the mentioned players. Nowadays things just seems to be pretty much improved. However, when downtime is not a problem anymore with Tucows, sometimes messages just happen to take real longer to show up in the inbox. Seems like large mail queue or alike (information-less diagnostics, in other words just a feeling). Therefore performance is still lacking from Tucows compared to Postini and MailFoundry. I dont see any of those problems with Postini. Now, MailFoundry seems to be the most feature-rich option. Specially needed for companies with special security policy needs. Performance and availability is just as good as Postini. Ask your financial people to check out the pricing conditions for MailFoundry, if they believe it worths the TCO, I honestly suggest some attention on this SaaS provider. -- Patrick Tracanelli
Re: Who has AS 1712?
At 0:32 -0500 11/24/09, Jon Lewis wrote: Lots of ASNs have been assigned but aren't visible in the global table. And not all global networks (needing unique numbering) connect to the global public internet. At 8:36 +0100 11/24/09, Stephane Bortzmeyer wrote: Yes, very good idea. And to check the BGP public routing table also (belts and suspenders...) That's a good check, but not sufficient. When last we fixed an ASN registration, the check showed that other ASN's we had were not seen in that table. We just mentioned they are used on another inter-network and passed. Kinda like belts and suspenders but let's make sure the fly is shut too. ;) At 15:58 +0900 11/24/09, Randy Bush wrote: owned resources may not be announced or visible universally. Right...or maybe in a different universe. existing data sources deeply suck. rir source data are in different formats, owner identies are not even unique in one rir (how many names does goog have in arin?), let alone coordinated across rirs, much historical data is missing, ... This is why an inter-registry database inspection tool is needed. The traditional one is WhoIs - which as Randy mentions is too vague in content. (The WhoIs spec only says something about TCP to port 43...and nothing about the query/response formats.) A tool like IRIS is on the shelf that could be a platform from which to build something better. Checking the global public internet tables is a good first step, but that's not all that is needed. Such a step only gives credence to uniqueness, but it doesn't guarantee it. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction.
Re: Ethernet over DS3 Converters
Long time ago I assited on consultation for this device. Probably provide what you are looking for: http://www.zhone.com/products/ETHX-2200-DS3/ On Tue, 2009-11-24 at 07:31 -0500, Jason Rowley wrote: On Mon, Nov 23, 2009 at 3:25 PM, Brad Fleming bdflem...@kanren.net wrote: Hello all, My company is searching for some Ethernet over DS3 converters / adaptors for a specific installation. I see several options from Adtran, RAD-Direct, and a couple other (smaller) vendors and was wondering if anyone out there has suggestions or insights. Our needs are pretty simple: We'll need to pass multiple VLANs unless that's simply not possible. We'll need copper 10/100 interfaces on each side.
RE: Ethernet over DS3 Converters
Here is another product family that supports also GE over PDH. http://telrad.com/pages/products/eopdh-cpe.aspx Regards, Uri Joskovitch VP Product Management Telrad Products Division Telrad Networks Office:+972-73-2467-195 Fax: +972-73-2467-592 Assistant: +972-73-2467-750 Cell (IL): +972-52-2467195 Email: uri.joskovi...@telrad.com Website: www.telrad.com Check out our *NEW* website, www.telrad.com Playing to Win... -Original Message- From: Bret Clark [mailto:bcl...@spectraaccess.com] Sent: Tuesday, November 24, 2009 5:11 PM To: nanog@nanog.org Subject: Re: Ethernet over DS3 Converters Long time ago I assited on consultation for this device. Probably provide what you are looking for: http://www.zhone.com/products/ETHX-2200-DS3/ On Tue, 2009-11-24 at 07:31 -0500, Jason Rowley wrote: On Mon, Nov 23, 2009 at 3:25 PM, Brad Fleming bdflem...@kanren.net wrote: Hello all, My company is searching for some Ethernet over DS3 converters / adaptors for a specific installation. I see several options from Adtran, RAD-Direct, and a couple other (smaller) vendors and was wondering if anyone out there has suggestions or insights. Our needs are pretty simple: We'll need to pass multiple VLANs unless that's simply not possible. We'll need copper 10/100 interfaces on each side.
Help -- Having trouble trying to activate a GigE connection
Group, I am having an issue with activating a Gige interface between a Cisco 7206 VXR w/IO-1GE module to a 7606 w/sup720-3bxls connecting to a line module WS-X6416-GBIC. I have verified that the GBIC-MMF have good light reading and the MMF fiber jumper are not reversed. The GigE connection comes up briefly for about a few seconds, takes a burst of errors and goes down. I have tried to set the speed to nonegotiate on both ends, set one end to speed auto. No dice. Here is the copy of the configuration. On my 7606 I show that the GigE interface is up/up but on the 7206vxr I show down/down. Any help will be greatly appreciated. Thanks! This is the Cisco 7206VXR configuration. interface GIabitEthernet0/0 no ip address duplex full speed 1000 media-type gbic no negotiation auto This is the Cisco 7606 configuration. interface GigabitEthernet1/8 description AR4-DLLSTXHW-GE0/0 no ip address speed nonegotiate Michael Ruiz Network Engineer
Re: Smartcard and non-password methods (was Re: Password repository)
If memory serves me right, Randy Bush wrote: is there a freebsd pam tacacs+ hack? Yep. Haven't actually used it though. PAM_TACPLUS(8) FreeBSD System Manager's Manual PAM_TACPLUS(8) NAME pam_tacplus -- TACACS+ authentication PAM module Bruce. signature.asc Description: OpenPGP digital signature
RE: Help -- Having trouble trying to activate a GigE connection
Hello Michael: -Original Message- From: Michael Ruiz [mailto:mr...@telwestservices.com] Sent: Tuesday, November 24, 2009 8:02 AM To: nanog@nanog.org Subject: Help -- Having trouble trying to activate a GigE connection Group, I am having an issue with activating a Gige interface between a Cisco 7206 VXR w/IO-1GE module to a 7606 w/sup720-3bxls connecting to a line module WS-X6416-GBIC. I have verified that the GBIC-MMF have good light reading and the MMF fiber jumper are not reversed. The GigE connection comes up briefly for about a few seconds, takes a burst of errors and goes down. I have tried to set the speed to nonegotiate on both ends, set one end to speed auto. No dice. Here is the copy of the configuration. On my 7606 I show that the GigE interface is up/up but on the 7206vxr I show down/down. Any help will be greatly appreciated. Thanks! I don't think there is any reason to have hard-set speed and duplex, particularly between two Cisco's. Why not just set *both* sides (you can't set just one) to auto-negotation - 'no speed nonegotiate' on the 7606 side. Is this a straight shot, single fiber pair between the two or are there intermediate junctions or optics? It sounds like you have questionable fiber or optics in the path. It could be the fiber itself or the GBICs on either side. Regards, Mike
Re: ATT SMTP Admin contact?
Patrick Tracanelli wrote: Brad Laue escreveu: Hi all, Would I be able to get an ATT mail administrator to contact me off-list? We've recently moved our mailservers to a new IP address range, and the standard CGI forms haven't produced any progress for us in over a week now. Unfortunately this affects dozens of hosted clients... The CGI form at http://wn.att.net/cgi-bin/block_admin.cgi has also got a dead link at the bottom, which shakes my confidence in its level of maintenance a little. Thanks in advance, Any success? I have been trying to mail @bellsouth for a while now, and I am stuckd into this RBL. Filling the CGI form or mailing abuse@, postmaster, or this address: http://worldnet.att.net/global-images/general-info/abuse_mail.gif Never helped. My IP address, which has very good reputation on mail delivery on many other public RBLs, btw, is still blocked reason-less. No luck as yet. I've sent an e-mail to postmaster@ and abuse_rbl@, hopefully I'll receive a reply from these. Exclusionary blocklists are a great idea if they're constantly maintained. I'm unclear as to why mail administrators don't work more proactively with things like SenderID and SPF, as these seem to be far more maintainable in the long-run than an ever-growing list of IP address ranges.
RE: Help -- Having trouble trying to activate a GigE connection
I actually have seen where you have to hard set to speed 1000 to get this type of link up, even Cisco to Cisco. -Scott -Original Message- From: Michael K. Smith - Adhost [mailto:mksm...@adhost.com] Sent: Tuesday, November 24, 2009 11:25 AM To: Michael Ruiz; nanog@nanog.org Subject: RE: Help -- Having trouble trying to activate a GigE connection Hello Michael: -Original Message- From: Michael Ruiz [mailto:mr...@telwestservices.com] Sent: Tuesday, November 24, 2009 8:02 AM To: nanog@nanog.org Subject: Help -- Having trouble trying to activate a GigE connection Group, I am having an issue with activating a Gige interface between a Cisco 7206 VXR w/IO-1GE module to a 7606 w/sup720-3bxls connecting to a line module WS-X6416-GBIC. I have verified that the GBIC-MMF have good light reading and the MMF fiber jumper are not reversed. The GigE connection comes up briefly for about a few seconds, takes a burst of errors and goes down. I have tried to set the speed to nonegotiate on both ends, set one end to speed auto. No dice. Here is the copy of the configuration. On my 7606 I show that the GigE interface is up/up but on the 7206vxr I show down/down. Any help will be greatly appreciated. Thanks! I don't think there is any reason to have hard-set speed and duplex, particularly between two Cisco's. Why not just set *both* sides (you can't set just one) to auto-negotation - 'no speed nonegotiate' on the 7606 side. Is this a straight shot, single fiber pair between the two or are there intermediate junctions or optics? It sounds like you have questionable fiber or optics in the path. It could be the fiber itself or the GBICs on either side. Regards, Mike
RE: Help -- Having trouble trying to activate a GigE connection
I don't think there is any reason to have hard-set speed and duplex, particularly between two Cisco's. Why not just set *both* sides (you can't set just one) to auto-negotation - 'no speed nonegotiate' on the 7606 side. Is this a straight shot, single fiber pair between the two or are there intermediate junctions or optics? It sounds like you have questionable fiber or optics in the path. It could be the fiber itself or the GBICs on either side. Mike, I tried setting the 7206 to auto, and the 7606 to nonnegtiate, however, no dice. We put light meter on both ends of the GBIC and light readings are at -20, which are applicable. Between the two routers are MMF and it is straight shot with no transport equipment in between. -Original Message- From: Michael K. Smith - Adhost [mailto:mksm...@adhost.com] Sent: Tuesday, November 24, 2009 10:25 AM To: Michael Ruiz; nanog@nanog.org Subject: RE: Help -- Having trouble trying to activate a GigE connection Hello Michael: -Original Message- From: Michael Ruiz [mailto:mr...@telwestservices.com] Sent: Tuesday, November 24, 2009 8:02 AM To: nanog@nanog.org Subject: Help -- Having trouble trying to activate a GigE connection Group, I am having an issue with activating a Gige interface between a Cisco 7206 VXR w/IO-1GE module to a 7606 w/sup720-3bxls connecting to a line module WS-X6416-GBIC. I have verified that the GBIC-MMF have good light reading and the MMF fiber jumper are not reversed. The GigE connection comes up briefly for about a few seconds, takes a burst of errors and goes down. I have tried to set the speed to nonegotiate on both ends, set one end to speed auto. No dice. Here is the copy of the configuration. On my 7606 I show that the GigE interface is up/up but on the 7206vxr I show down/down. Any help will be greatly appreciated. Thanks! I don't think there is any reason to have hard-set speed and duplex, particularly between two Cisco's. Why not just set *both* sides (you can't set just one) to auto-negotation - 'no speed nonegotiate' on the 7606 side. Is this a straight shot, single fiber pair between the two or are there intermediate junctions or optics? It sounds like you have questionable fiber or optics in the path. It could be the fiber itself or the GBICs on either side. Regards, Mike
Re: ATT SMTP Admin contact?
On Tue, 24 Nov 2009 11:50:54 EST, Brad Laue said: maintained. I'm unclear as to why mail administrators don't work more proactively with things like SenderID and SPF, as these seem to be far more maintainable in the long-run than an ever-growing list of IP address ranges. There's a difference between maintainable and usable. Yes, letting the remote end maintain their SenderID and SPF is more scalable, and both do at least a plausible job of answering Is this mail claiming to be from foobar.com really from foobar.com?. However, there's like 140M+ .coms now, and neither of them actually tell you what you really want to know, which is do I want e-mail from foobar.com or not?. Especially when the spammer is often in cahoots with the DNS admins... On the other hand, I can, by looking at my logs, develop a fairly good sense of do I have any real non-spam traffic from that address range?. Yes, it's more work, but it's also more likely to actually answer the question that I wanted answered. pgpotvUZ4Gy0j.pgp Description: PGP signature
Re: OT: VSS + MEC - port-channel dynamically cloned?
On Tue, Nov 24, 2009 at 07:51:29AM +0100, Leland Vandervort wrote: Essentially, for all of the MEC connections, the VSS has created a clone of the configured port-channel to bind the actual physical connections, rather than binding them under the configured port-channel (and suffixed the port-channel number with A or B depending on which chassis was first to bind). IOS does this when ethernet channel members cannot join the bundle due to negotiation mismatch. If the currently active elements are incompatible with a new element, the A/B interfaces are created. These are called secondary aggregators in IOS-speak. http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml#po1a -- Ross Vandegrift r...@kallisti.us If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher. --Woody Guthrie signature.asc Description: Digital signature
Re: Who has AS 1712?
On Nov 24, 2009, at 1:57 PM, Tony Finch wrote: On Mon, 23 Nov 2009, Jared Mauch wrote: I don't see operators jumping at the idea of central trust anchor myself, no more than I see everyone ready to sign the root zone. You know the root zone is supposed to be signed next week? http://www.ripe.net/ripe/meetings/ripe-59/presentations/uploads//presentations/Tuesday/Plenary%2014:00/Abley-DNSSEC_for_the_Root_Zone.mId7.pdf Yes. I also saw the presentation at IETF in Hiroshima on this. The issue of zone signing is going to be interesting as some nation-states (ccTLD) have been known to speak-up about their issues with the signing of the zone. I'm not saying these things will never happen, just they won't happen on a timescale that some would prefer (or would have preferred, eg: last summer or earlier). - Jared
Re: Who has AS 1712?
John Curran wrote: On Nov 23, 2009, at 10:50 AM, Christopher Morrow wrote: In all seriousness though, how does this get fixed? It's being addressed now, but requires both RIPE and ARIN to work with the respective ASN holders. Standby for an update once that step has been completed. The more interesting question is how this could happen, and we're busy looking into that at present. The AS 1707 assignment goes back to Internic days (i.e. pre-1997) but the remainder of the ASN block (AS 1708 to AS 1728) is marked assigned by ARIN at the IANA but had not actually been assigned until very recently. (ARIN did a reconciliation in July 2009 of all ASNs marked as “assigned by ARIN” with our own internal records to find out whether any holes existed, and began assigning such ASNs in August 2009, including AS numbers in the range 1708 thru 1726). We're working with RIPE to determine how these numbers were put into usage via the RIPE DB, and will come up with appropriate steps to prevent recurrence once we fully understand the root cause. /John John Curran President and CEO ARIN FWIW, I searched for any historical registrations from this block in the RADB and found a number of routes with an origin of AS1717. They date from 1995 and were registered for the Université Pierre et Marie Curie by Renater. They have long since been removed from the RADB. Here's an example -- route: 132.166.0.0/15 descr: RENATER_CIDR descr: Universite Pierre et Marie Curie descr: 4 place Jussieu 75252 PARIS CEDEX 05 descr: FRANCE origin: AS1717 advisory: AS690 1:1800 2:1239(144) 3:1133 4:1674 comm-list: COMM_NSFNET mnt-by: MAINT-AS1717 changed: ren...@renater.fr 950510 source: RADB -Larry Blunk Merit
Re: ip capacity provider
On Mon, Nov 23, 2009 at 3:01 PM, sfou...@shortestpathfirst.net wrote: AS 701 Verizon Business (formerly UUNet) has a POP in Miami I believe, and they connect directly into their AS in LatAm. of course showing up at terramark's NoTA would also get you lots of options (and I think 701 has one pop at NoTA) --Original Message-- From: Beavis To: nanog@nanog.org Subject: ip capacity provider Sent: Nov 23, 2009 2:47 PM All, I know this is a long shot, but can anyone help me out on getting in touch with carriers in Miami FL. one that can pass ip traffic into latin america?. any help would be greatly appreciated. thanks, -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Sent from my Verizon Wireless BlackBerry
Re: Recomended data cabling contractors in Bay Area/Peninsula?
On Mon, 23 Nov 2009, Darren Bolding wrote: I need to identify a quality data cabling contractor in the Bay Area Kray Cabling. http://kraycablinginc.com/ -Bill
Re: Who has AS 1712?
Hank Nussbacher wrote: At 18:29 24/11/2009 +0900, Randy Bush wrote: RIS Routing History for AS1712 since 2001: on what date was AS1712 assigned to the current RIPE holder? Based on: ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest it doesn't show AS1712 ever being allocated to Renater (probably why the inter-RIR mistake happened) but the surrounding ASNs give you an idea of the timeframe: ripencc|IL|asn|1680|1|19930901|allocated ripencc|EU|asn|1707|1|19930901|allocated ripencc|EU|asn|1729|1|19930901|allocated ripencc|EU|asn|1732|1|19930901|allocated Since IANA says that the ASN is ARIN's to assign wouldn't that preclude another RIR from assigning it? http://www.iana.org/assignments/as-numbers/ Of course if it was already assigned when IANA said that (no dates on the link above) then maybe the fault is more IANA's for telling another RIR that they could allocate an ASN that another RIR already allocated. Who knows. It should be an interesting one to watch play out though. Justin
Re: OT: VSS + MEC - port-channel dynamically cloned?
Thanks Ross, In this case, though I cannot see where the mismatch is given that the encapsulation, trunking (vlans allowed, etc.) and channel mode (LACP) are all configured identically across all ports and the channel itself. Just wondering if it's a left-over from before the VSS migration when the original trunks were two separate etherchannels and then migrated them live to MEC... L. On Tue, 2009-11-24 at 13:57 -0500, Ross Vandegrift wrote: On Tue, Nov 24, 2009 at 07:51:29AM +0100, Leland Vandervort wrote: Essentially, for all of the MEC connections, the VSS has created a clone of the configured port-channel to bind the actual physical connections, rather than binding them under the configured port-channel (and suffixed the port-channel number with A or B depending on which chassis was first to bind). IOS does this when ethernet channel members cannot join the bundle due to negotiation mismatch. If the currently active elements are incompatible with a new element, the A/B interfaces are created. These are called secondary aggregators in IOS-speak. http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml#po1a
Re: Who has AS 1712?
Of course if it was already assigned when IANA said that (no dates on the link above) then maybe the fault is more IANA's for telling another RIR that they could allocate an ASN that another RIR already allocated. i suspect that, in the erx project, there may have been more than one case of the iana saying ok, X now manages this block, excpet of course for those pieces already allocated by Y and Z. and the latter were not always well defined or easily learnable, and were not registered directly with the iana, but other rirs. rant and the data are all buried in whois, which is not well-defined, stats files, which are not defined, etc. the rirs, in the thrall of nih (you did know that ripe/ncc invented the bicycle), spent decades not agreeing on common formats, protocols, or code. this is one result thereof. testosterone kills, and the community gets the collateral damage. randy
Re: ATT SMTP Admin contact?
valdis.kletni...@vt.edu wrote: On Tue, 24 Nov 2009 11:50:54 EST, Brad Laue said: maintained. I'm unclear as to why mail administrators don't work more proactively with things like SenderID and SPF, as these seem to be far more maintainable in the long-run than an ever-growing list of IP address ranges. There's a difference between maintainable and usable. Yes, letting the remote end maintain their SenderID and SPF is more scalable, and both do at least a plausible job of answering Is this mail claiming to be from foobar.com really from foobar.com?. However, there's like 140M+ .coms now, and neither of them actually tell you what you really want to know, which is do I want e-mail from foobar.com or not?. Especially when the spammer is often in cahoots with the DNS admins... identify framework with trust anchors and reputation management are not things that spf or pra actually solve. spammers can publish spf and senderid records and in fact arguably have more incentive to do so if it can be demonstrated that your mail is more likely to be accepted on the basis of their existence. On the other hand, I can, by looking at my logs, develop a fairly good sense of do I have any real non-spam traffic from that address range?. Yes, it's more work, but it's also more likely to actually answer the question that I wanted answered.
Re: Who has AS 1712?
Justin Shore wrote: Hank Nussbacher wrote: At 18:29 24/11/2009 +0900, Randy Bush wrote: RIS Routing History for AS1712 since 2001: on what date was AS1712 assigned to the current RIPE holder? Based on: ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest it doesn't show AS1712 ever being allocated to Renater (probably why the inter-RIR mistake happened) but the surrounding ASNs give you an idea of the timeframe: ripencc|IL|asn|1680|1|19930901|allocated ripencc|EU|asn|1707|1|19930901|allocated ripencc|EU|asn|1729|1|19930901|allocated ripencc|EU|asn|1732|1|19930901|allocated Since IANA says that the ASN is ARIN's to assign wouldn't that preclude another RIR from assigning it? ARIN didn't exist when those ASN's were assigned, RIPE NCC did. http://www.iana.org/assignments/as-numbers/ Of course if it was already assigned when IANA said that (no dates on the link above) then maybe the fault is more IANA's for telling another RIR that they could allocate an ASN that another RIR already allocated. Who knows. It should be an interesting one to watch play out though. Justin
Re: Who has AS 1712?
the joys of non-uniqueness. ULAs are (going to be) your friends. :) back in the day, the IANA was pretty careful. the contractors less so. SRI had the connected and unconnected databases - duplications abounded and when interconnection occured... renumbering ensued. this is not a new or even recent problem. It is certainly compounded by multiple actors and lack of clean slate. Yet, I beleive that there will be a desire to do the right thing and this will get fixed. It might even lead to better tools and inter-actor releationships. Or it could melt into a pile of goo... --bill On Wed, Nov 25, 2009 at 06:21:00AM +0900, Randy Bush wrote: Of course if it was already assigned when IANA said that (no dates on the link above) then maybe the fault is more IANA's for telling another RIR that they could allocate an ASN that another RIR already allocated. i suspect that, in the erx project, there may have been more than one case of the iana saying ok, X now manages this block, excpet of course for those pieces already allocated by Y and Z. and the latter were not always well defined or easily learnable, and were not registered directly with the iana, but other rirs. rant and the data are all buried in whois, which is not well-defined, stats files, which are not defined, etc. the rirs, in the thrall of nih (you did know that ripe/ncc invented the bicycle), spent decades not agreeing on common formats, protocols, or code. this is one result thereof. testosterone kills, and the community gets the collateral damage. randy
Re: ATT SMTP Admin contact?
On November 24, 2009, Brad Laue wrote: True, but wouldn't a blacklist of SPF records for known spam issuing domains be a more maintainable list than an IP block whitelist? (I'm no doubt missing something very obvious with this question) Brad Yes, I think you are :) First of all, domains are easier to throw away than IP Addresses, IP Lookups are more efficient than DNS SPF records, and SPF is not really meant to address Spam problems, although it can address some forgeries. SPF works best to identify forgeries of large well known domains, but I think you do not really understand what SPF records do, or how they work. Don't worry, many email operators don't either, and simply put in an SPF record that says that every IP can send email for that domain ;) And think how large the theoretical database size would be for every domain, compared to the limited size of the IPv4 space.. But this is better taken off list you want to discuss SPF's usage in combatting spam. -- -- Catch the Magic of Linux... Michael Peddemors - President/CEO - LinuxMagic Products, Services, Support and Development Visit us at http://www.linuxmagic.com A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic is a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-589-0037 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
Re: Ethernet over DS3 Converters
Brad Fleming wrote: My company is searching for some Ethernet over DS3 converters / adaptors for a specific installation. I see several options from Adtran, RAD-Direct, and a couple other (smaller) vendors and was wondering if anyone out there has suggestions or insights. Our needs are pretty simple: We'll need to pass multiple VLANs unless that's simply not possible. We'll need copper 10/100 interfaces on each side. Hey Brad. We're doing this with Overture 2200s and 5100s. However, as others have pointed out, they have some issues. Their redundant PSUs for models below the 5x00s are a joke. A single DC PSU for those models requires 1U of space. The PSU has 2 power sources but is still a single PSU. A redundant PSU requires another 1U of space. Inside the 19 x roughly 8 1U chassis is a PCB that's about the size of a wallet. Why they couldn't incorporate that into a modular PSU or make the external PSU chassis modular so a 2nd PSU didn't take up any more space I do not know. The CLI in the 2200 and 5100 can do a lot. I must admit that I still do not understand it. They just work and I don't have to mess with them very often so I struggle each time I get into one. I found their VLAN grooming to be confusing. Even tech support wasn't able to help in some cases. The ISG models (34, 45, 140, 180 for example) are completely different than the 2200s and 5x000s (I don't know about the ISG 2x models). They were an acquired from another company. What the others said about there being no CLI is right. They only have a web GUI. You can't pull off their config with common CLI tools like RANCID, CatTools, COSI tools, etc. That's a big deal for us. That to me makes them feel like non-telco grade equipment. You can certainly book-end the back to back but be absolutely certain that you get a config dump from each end every time a tech gets into one. I believe the 34, 45 and 140 models use the same PSU as the 2200 above. They can only connect to a single PSU though (the 180 supports 2). Same caveats as above. They are generally feature rich; I'll give that to them. They could be an excellent solution if the product was more mature and honed. Anyone wanting to bond T1s with MLPPP on the 140 and 180 back to a router BEWARE. They require BCP. On most platforms (anything that doesn't use a SPA) that requires disabling routing (research BCP configs on Cisco.com). They will work but understand the caveats before trying them. I'm sure that OV will send you demo units if you ask. I'll send you a picture of a 2200 with the PSU setup later tonight. Justin
Re: OT: VSS + MEC - port-channel dynamically cloned?
On Tue, Nov 24, 2009 at 10:19:33PM +0100, Leland Vandervort wrote: In this case, though I cannot see where the mismatch is given that the encapsulation, trunking (vlans allowed, etc.) and channel mode (LACP) are all configured identically across all ports and the channel itself. Just wondering if it's a left-over from before the VSS migration when the original trunks were two separate etherchannels and then migrated them live to MEC... Check flow control between all of the elements. The only time I've seen this was inconsistent flow control settings between different media types on an F5 BIG-IP - 6500 bundle. show interfaces flowcontrol Ross -- Ross Vandegrift r...@kallisti.us If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher. --Woody Guthrie signature.asc Description: Digital signature
Re: ATT SMTP Admin contact?
On Tue, 24 Nov 2009 16:38:33 EST, Brad Laue said: True, but wouldn't a blacklist of SPF records for known spam issuing domains be a more maintainable list than an IP block whitelist? (I'm no doubt missing something very obvious with this question) 140M+ .com where a malicious DNS server in East Podunk can be authoritative for a domain actually in Bratslavia and domains are cheap and throw-away. 16M /24's, where you (mostly(*)) need to be able to actually route the packets, so if you have a /24 in Bratslavia, you need something resembling a router in Bratslavia as well, and somebody willing to light up the other end of the cable, and you need a way to make BGP announcements (legal or otherwise ;) to be able to exploit it. Choose wisely which you'd rather use for defense. (*) Mostly - though the BGP hack demonstrated at last year's DefCon did qualify as an Epic Win for kewl presentations. ;) pgp2ppxrVX7XD.pgp Description: PGP signature
I got a live one! - Spam source
Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host. Reverse DNS for most of the /24 are suspicious domains. Each domain used in the message-id forwards to a single .net which lists their mailing address as a PO box an single link to an unsubscribe field. I've contacted at least three known contacts for the customer about the abuse without a single response. It would seem there are many layers to this entity: The domains are registered to one business Our billing information for the customer has one name, they colo with another person (whom the cross connect reaches) Our customer has an IT solutions person working for them (Strange since our customer and their colo provider are IT solutions people themselves. Abuse handle phone #s are supposedly incorrect (I called it) Besides the obvious of me at the minimum filtering port tcp/25 is their an organization that tracks businesses like these who seem like they are building a web of insulation in which to move? I think this case might interest them.
Re: I got a live one! - Spam source
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Nov 24, 2009 at 7:22 PM, Russell Myba rusm...@gmail.com wrote: Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host. Reverse DNS for most of the /24 are suspicious domains. Each domain used in the message-id forwards to a single .net which lists their mailing address as a PO box an single link to an unsubscribe field. I've contacted at least three known contacts for the customer about the abuse without a single response. It would seem there are many layers to this entity: The domains are registered to one business Our billing information for the customer has one name, they colo with another person (whom the cross connect reaches) Our customer has an IT solutions person working for them (Strange since our customer and their colo provider are IT solutions people themselves. Abuse handle phone #s are supposedly incorrect (I called it) Besides the obvious of me at the minimum filtering port tcp/25 is their an organization that tracks businesses like these who seem like they are building a web of insulation in which to move? I think this case might interest them. Can you name the /24? I can't say that this sound unfamiliar -- we are seeing an increase in facilitated criminal activity across the board... - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLDKPkq1pz9mNUZTMRAg4pAKCZK6srbs1H2zp2FwKvB+T1xe3eKQCfSNFC Gv0xuZ7Lc0q94Yet+xUD3GY= =3sfS -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: I got a live one! - Spam source
On Tue, 24 Nov 2009, Russell Myba wrote: Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host. Reverse DNS for most of the /24 are suspicious domains. Each domain used in the message-id forwards to a single .net which lists their mailing address as a PO box an single link to an unsubscribe field. I've contacted at least three known contacts for the customer about the abuse without a single response. I've found that in cases like this, the best way to get in contact with the customer is to interrupt their service. Suddenly, they'll go from being too busy to take/return your call to calling you. It would seem there are many layers to this entity: The domains are registered to one business Our billing information for the customer has one name, they colo with another person (whom the cross connect reaches) Our customer has an IT solutions person working for them (Strange since our customer and their colo provider are IT solutions people themselves. Abuse handle phone #s are supposedly incorrect (I called it) I'm confused. Who are you billing and for what services? Besides the obvious of me at the minimum filtering port tcp/25 is their an organization that tracks businesses like these who seem like they are building a web of insulation in which to move? I think this case might interest them. Spamhaus is the first one that comes to mind. From what I understand of your description, this doesn't sound all that different from typical spammer behavior. Multiple layers of indirection seems to be the latest thing for spammers. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Who has AS 1712?
On 2009-11-23, at 21:32, Jon Lewis wrote: Checking global BGP only works if the ASN is being announced at that instant. How do you announce an ASN? Are you suggesting that I should be able to block the assignment of particular ASNs by simply including them in an AS_PATH attribute on a route I originate, and making sure that route shows up in route-views? Cool. :-) Joe
Re: I got a live one! - Spam source
Russell Myba wrote: Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host. Reverse DNS for most of the /24 are suspicious domains. Each domain used in the message-id forwards to a single .net which lists their mailing address as a PO box an single link to an unsubscribe field. I've contacted at least three known contacts for the customer about the abuse without a single response. It would seem there are many layers to this entity: The domains are registered to one business Our billing information for the customer has one name, they colo with another person (whom the cross connect reaches) Our customer has an IT solutions person working for them (Strange since our customer and their colo provider are IT solutions people themselves. Abuse handle phone #s are supposedly incorrect (I called it) Besides the obvious of me at the minimum filtering port tcp/25 is their an organization that tracks businesses like these who seem like they are building a web of insulation in which to move? I think this case might interest them. From principle, I want to jump up and down and say zap `em!. However, I also make several assumption which need to be clearned, pragmatically. I assume you have authority over the decision of what to do with them, and I also assume that your contract with them does not bind you in some fashion, can get you in trouble with the business side of the business, or can introduce *liability* issues. And naturally, that if you are not the decision maker, that you are synched with whomever it is. These assumptions aside, kicking them might not be the best solution. Starving them out by blocking port 25, as an example you gave, or following some of the other suggestions in this thread, may be workable. Which brings me three very important questions: 1. How much intelligence can you collect if you let them stay? 2. Have you considered legal action against them? 3. Did you consult with legal about possible law enforcement involvement? As to the intricate web of who they are and where their resources lie, these are usually cases where the more you dig, the more you find -- ad infinitum. Me? I'd just kick them after verifying they are not victims themselves. I hope this helps, Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/
Re: Who has AS 1712?
Checking global BGP only works if the ASN is being announced at that instant. How do you announce an ASN? read a basic bgp primer and look at as-path attribute frackin' intentionally silly questions
Re: I got a live one! - Spam source
I'm confused. Who are you billing and for what services? Let's say our direct customer is CustomerA. They seem to buy rackspace from BusinessB. CustomerA seem to retain BusinessC for IT Solutions even though all three entities purport to be IT solutions providers. BusinessC came into the picture after the spamming started saying a wholly different /24 (Different from the spam source) doesn't work. It routes fine on our end. I have a feeling they've been added to some RBLs but I haven't found them listed yet. Just a simple ethernet handoff in a colo. We delegated rDNS to the servers of their choice and haven't heard a peep out of them until now. Spamhaus is the first one that comes to mind. From what I understand of your description, this doesn't sound all that different from typical spammer behavior. Multiple layers of indirection seems to be the latest thing for spammers. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgphttp://www.lewis.org/%7Ejlewis/pgpfor PGP public key_
Re: Who has AS 1712?
On 2009-11-24, at 20:02, Randy Bush wrote: Checking global BGP only works if the ASN is being announced at that instant. How do you announce an ASN? read a basic bgp primer and look at as-path attribute Right. You can't advertise an ASN; you can only advertise a route and include an AS_PATH attribute on it which makes mention of a particular AS number. My point is that in the absence of any mechanism for announcing an ASN, a plan to gate assignment of numbers based on an announcement doesn't make any sense. Even in the loose sense of the phrase that you seem to prefer it's trivial (and arguably legitimate, although I appreciate that not everybody shares my libertarian views on AS_PATH attribute construction) for anybody at all to insert an AS number into an AS_PATH, and for the route bearing that AS_PATH attribute to propagate globally, whatever that means. So automated checking of the BGP tables for existing announcements of an ASN doesn't seem very helpful. frackin' intentionally silly questions Apologies for expecting anybody to read beyond the first line of my reply. Joe
fight club :) richard bennett vs various nanogers, on paid peering
http://gigaom.com/2009/11/22/how-video-is-changing-the-internet/ Does the FTC's question 106 hurt paid peering or not? 88 comments. Makes real interesting reading, I must say. srs
Re: fight club :) richard bennett vs various nanogers, on paid peering
Yes, it's a good old-fashioned Usenet-style flame-fest. Sort of. It turns out you can say any damn thing you want about peering since nobody has any facts. RB Suresh Ramasubramanian wrote: http://gigaom.com/2009/11/22/how-video-is-changing-the-internet/ Does the FTC's question 106 hurt paid peering or not? 88 comments. Makes real interesting reading, I must say. srs -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
Re: Who has AS 1712?
Right. You can't advertise an ASN you can only advertise a route and include an AS_PATH attribute on it which makes mention of a particular AS number. that bit of biff-like pedantry quickly leads to you can't advertise a prefix. a bgp announcement has, in the case of ip unicast, an nlri and, among other things, an as-path. see rfc 1771 4.3 on Path Attributes. as to what is being announced and what is merely loitering waiting for a hot pick-up, you can work that out with your mullah, priest, rabbi, spouse, ... for unusual utility of intentionally announcing a particular asn, see as-path poisoning, e.g. lorenzo's thesis [0], the talk which was banned at nanog [1], or the full paper [2]. My point is that in the absence of any mechanism for announcing an ASN, a plan to gate assignment of numbers based on an announcement doesn't make any sense. seeing if an asn is in a currently-announced as-path is useful, as has been pointed out in this discussion. and it very well might have caught the problem at hand. the problem is that it is far from definitive as bgp presents a highly biased view (see [1] and [2]), and an asn may be held but not announced. but, as chris morrow said, every little bit helps. randy -- [0] - http://www.colitti.com/lorenzo/publications/phdthesis/thesis.pdf [1] - http:archive.psg.com/091006.nag-default.pdf [2] - http://portal.acm.org/citation.cfm?id=1644893.1644923coll=portaldl=ACMtype=seriesidx=SERIES10693part=seriesWantType=Proceedingstitle=IMC acm member portal, sorry. those really interested, email me for a copy
Re: fight club :) richard bennett vs various nanogers, on paid peering
* rich...@bennett.com (Richard Bennett) [Wed 25 Nov 2009, 05:56 CET]: It turns out you can say any damn thing you want about peering since nobody has any facts. You're projecting. -- Niels.
Re: Who has AS 1712?
On Tue, 24 Nov 2009, Joe Abley wrote: On 2009-11-23, at 21:32, Jon Lewis wrote: Checking global BGP only works if the ASN is being announced at that instant. How do you announce an ASN? Ok...bad wording. s/announced/used to announce or propagate one or more routes/ Are you suggesting that I should be able to block the assignment of particular ASNs by simply including them in an AS_PATH attribute on a route I originate, and making sure that route shows up in route-views? No...but that would hopefully be cause for further investigation before an ASN is assigned. With multiple orgs assigning from the same small pool of numbers, and an early history of, shall we say, incomplete record keeping, a little extra caution could avoid a lot of pain. I would hope the number of orgs that would pollute the global table with bogus AS Paths for the purpose of making more work for ARIN/RIPE/APNIC/etc. is not very large. If you want to announce certain routes with bogus AS Paths to keep certain networks from seeing them, that's one thing, but why would you do this with ASNs not currently assigned? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: fight club :) richard bennett vs various nanogers, on paid peering
It turns out you can say any damn thing you want about peering since nobody has any facts. not really. it's just that those with the facts have no reason to blab them and reasons not to do so. randy
Re: I got a live one! - Spam source
On Wed, Nov 25, 2009 at 8:52 AM, Russell Myba rusm...@gmail.com wrote: Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host. Reverse DNS for most of the /24 are suspicious domains. Each domain used in the message-id forwards to a single .net which lists their mailing address as a PO box an single link to an unsubscribe field. Sounds like what spamhaus.org calls snowshoe. What /24 would this be?
Re: fight club :) richard bennett vs various nanogers, on paid peering
I haven't found a good source who knows what's going on outside his own network. Randy Bush wrote: It turns out you can say any damn thing you want about peering since nobody has any facts. not really. it's just that those with the facts have no reason to blab them and reasons not to do so. randy -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
Re: fight club :) richard bennett vs various nanogers, on paid peering
On 11/25/09, Richard Bennett rich...@bennett.com wrote: It turns out you can say any damn thing you want about peering since nobody has any facts. Indeed you can. This is one of things where the people with the hard facts aren't talking due to NDA, regard for their pride, or both. In the absence of solid data, most journalists (and I use the term loosely) take the high road, writing on only what they know about and can back up with fact. It is unfortunate that you approach this differently, attempting to pass off Bill Norton's blog, itself very flawed and comprised of error upon error which he simply refuses to acknowledge or correct, as the new gospel. You write that the shift of an enormous amount of Internet traffic from transit to paid peering is new, that’s what the data in the Arbor Networks study shows. Nowhere in the Arbor study is there any analysis of where money is passing hands, or any settlement-based vs. settlement-free interconnection arrangement. The report is a scientific one based upon aggregated netflow/sflow data, which doesn't take layers 8 and above into account. Also suspiciously absent is any disclosure of employer affiliations and biases. You write that [you're] opposed to the anti-discrimination rule that the FCC is considering. What you fail to mention is that you work for the ITIF, a Washington think-tank allegedly funded by big cable. Is it really any surprise that you want to preserve this revenue stream? Likewise, Norton neglects to mention that he works for NuMetra, a company going around to content and broadband operators trying to pitch a some black box which will enforce last-mile QoS and automatically pay the friendly local Internet monopoly/duopoly in settlement fees *on top* of your regular transit costs. Of course he wants Uncle Sam to back off; that's how his employer benefits. It is also important to consider Mr. Norton's role in Equinix, where he worked in MARKETING, far distanced from the establishment of actual peering agreements. The real co-founders were Jay Adelson and Al Avery. It is sad to see that Mr. Norton, once a valued member of the community, so blatantly favoring the green stuff over fact-checking and journalistic integrity. One can only hope Om Malik will carry out better due diligence in the future when hiring industry experts to write for him. Drive Slow, Paul Wall
Re: fight club :) richard bennett vs various nanogers, on paid peering
Speculation about how the money flows is a worthwhile activity. Paul Wall wrote: On 11/25/09, Richard Bennett [1]rich...@bennett.com wrote: It turns out you can say any damn thing you want about peering since nobody has any facts. Indeed you can. This is one of things where the people with the hard facts aren't talking due to NDA, regard for their pride, or both. In the absence of solid data, most journalists (and I use the term loosely) take the high road, writing on only what they know about and can back up with fact. It is unfortunate that you approach this differently, attempting to pass off Bill Norton's blog, itself very flawed and comprised of error upon error which he simply refuses to acknowledge or correct, as the new gospel. You write that the shift of an enormous amount of Internet traffic from transit to paid peering is new, that's what the data in the Arbor Networks study shows. Nowhere in the Arbor study is there any analysis of where money is passing hands, or any settlement-based vs. settlement-free interconnection arrangement. The report is a scientific one based upon aggregated netflow/sflow data, which doesn't take layers 8 and above into account. Also suspiciously absent is any disclosure of employer affiliations and biases. You write that [you're] opposed to the anti-discrimination rule that the FCC is considering. What you fail to mention is that you work for the ITIF, a Washington think-tank allegedly funded by big cable. Is it really any surprise that you want to preserve this revenue stream? Likewise, Norton neglects to mention that he works for NuMetra, a company going around to content and broadband operators trying to pitch a some black box which will enforce last-mile QoS and automatically pay the friendly local Internet monopoly/duopoly in settlement fees *on top* of your regular transit costs. Of course he wants Uncle Sam to back off; that's how his employer benefits. It is also important to consider Mr. Norton's role in Equinix, where he worked in MARKETING, far distanced from the establishment of actual peering agreements. The real co-founders were Jay Adelson and Al Avery. It is sad to see that Mr. Norton, once a valued member of the community, so blatantly favoring the green stuff over fact-checking and journalistic integrity. One can only hope Om Malik will carry out better due diligence in the future when hiring industry experts to write for him. Drive Slow, Paul Wall -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC References 1. mailto:rich...@bennett.com
Re: Who has AS 1712?
On 2009-11-24, at 20:58, Randy Bush wrote: Right. You can't advertise an ASN you can only advertise a route and include an AS_PATH attribute on it which makes mention of a particular AS number. that bit of biff-like pedantry quickly leads to you can't advertise a prefix. Apologies if the pedantry seems unnecessary. I think the parallel between the announcement of a route (which has inherent reachability information contained within it) and use of an ASN in an AS_PATH attribute (which doesn't always) are different with respect to identifying use of a resource. Overloading advertise for both suggests you can identify use of a resource elsewhere using the same measurement technique, which I think is broken logic. a bgp announcement has, in the case of ip unicast, an nlri and, among other things, an as-path. see rfc 1771 4.3 on Path Attributes. I used the word route in the sense that it's defined in 4271. as to what is being announced and what is merely loitering waiting for a hot pick-up, you can work that out with your mullah, priest, rabbi, spouse, ... As a divorced atheist I guess I'll just read RFCs :-) for unusual utility of intentionally announcing a particular asn, see as-path poisoning, e.g. lorenzo's thesis [0], the talk which was banned at nanog [1], or the full paper [2]. Josh and I also talked about it at NANOG 24. I remember using it to poison routes advertised through certain edges of AS 1221 a decade ago after the idea was suggested to me by Geoff Huston, and I'm sure it was probably old news then. My point is that in the absence of any mechanism for announcing an ASN, a plan to gate assignment of numbers based on an announcement doesn't make any sense. seeing if an asn is in a currently-announced as-path is useful, as has been pointed out in this discussion. I don't think it's as simple as people have suggested. The fact that nobody has ever seen a particular number present in an AS_PATH attribute might mean that the ASN has never been configured on a router, or it might mean that nobody has ever taken a measurement from a router who has seen such a route. The fact that someone has seen a particular number present in an AS_PATH attribute might mean that that number has been used for a particular autonomous system, or it might mean that someone is doing something (intentional or otherwise) with AS_PATHs for their own personal reasons. The topic of this thread is really concerned with database hygiene in a distributed system which, as you have pointed out repeatedly, lacks procedural or mathematical rigour. Checking whether or not a particular AS_PATH regex matches anything in one or more RIBs might tell you something, or it might give you clues as to who to call to find out more, but it can never tell you anything definitively. Definitive knowledge sure seems like it's what you want if your job is to guarantee uniqueness. It seems to me that at some point we need to stop trying to put dresses on the pig. Joe
Re: fight club :) richard bennett vs various nanogers, on paid peering
Of course, the FCC/FTC could always get involved and mandate full disclosure and peering neutrality. That might be fun. RB Richard Bennett wrote: Speculation about how the money flows is a worthwhile activity. Paul Wall wrote: On 11/25/09, Richard Bennett [1]rich...@bennett.com wrote: It turns out you can say any damn thing you want about peering since nobody has any facts. Indeed you can. This is one of things where the people with the hard facts aren't talking due to NDA, regard for their pride, or both. In the absence of solid data, most journalists (and I use the term loosely) take the high road, writing on only what they know about and can back up with fact. It is unfortunate that you approach this differently, attempting to pass off Bill Norton's blog, itself very flawed and comprised of error upon error which he simply refuses to acknowledge or correct, as the new gospel. You write that the shift of an enormous amount of Internet traffic from transit to paid peering is new, that's what the data in the Arbor Networks study shows. Nowhere in the Arbor study is there any analysis of where money is passing hands, or any settlement-based vs. settlement-free interconnection arrangement. The report is a scientific one based upon aggregated netflow/sflow data, which doesn't take layers 8 and above into account. Also suspiciously absent is any disclosure of employer affiliations and biases. You write that [you're] opposed to the anti-discrimination rule that the FCC is considering. What you fail to mention is that you work for the ITIF, a Washington think-tank allegedly funded by big cable. Is it really any surprise that you want to preserve this revenue stream? Likewise, Norton neglects to mention that he works for NuMetra, a company going around to content and broadband operators trying to pitch a some black box which will enforce last-mile QoS and automatically pay the friendly local Internet monopoly/duopoly in settlement fees *on top* of your regular transit costs. Of course he wants Uncle Sam to back off; that's how his employer benefits. It is also important to consider Mr. Norton's role in Equinix, where he worked in MARKETING, far distanced from the establishment of actual peering agreements. The real co-founders were Jay Adelson and Al Avery. It is sad to see that Mr. Norton, once a valued member of the community, so blatantly favoring the green stuff over fact-checking and journalistic integrity. One can only hope Om Malik will carry out better due diligence in the future when hiring industry experts to write for him. Drive Slow, Paul Wall -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC References 1. mailto:rich...@bennett.com -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
Re: fight club :) richard bennett vs various nanogers, on paid peering
and in the absence of source routing, why would I care what happens past the first hop? to the extent I can know, document, and prove my internal network and its connectivity to its peers, that becomes the item of value, the reputation of the network and its treatment of its peers, clients and providers. and the funny thing about reputation. its so hard to build a good one and so easy to lose. the second odd thing about reputation, its nearly impossible to quantify. --bill (pre-dating norton and woodcock in the peering game) On Tue, Nov 24, 2009 at 10:00:52PM -0800, Richard Bennett wrote: I haven't found a good source who knows what's going on outside his own network. Randy Bush wrote: not really. it's just that those with the facts have no reason to blab them and reasons not to do so. randy -- Richard Bennett
Re: I got a live one! - Spam source
On November 24, 2009, Russell Myba wrote: Spamhaus is the first one that comes to mind. From what I understand of your description, this doesn't sound all that different from typical spammer behavior. Multiple layers of indirection seems to be the latest thing for spammers. Depends on the activity, but this re-iterates the importance of maintaining correct SWIP, so that only the offenders get listed, and not bordering customers. But if you give the info on the listed company and range, we might be able to give you a lot more information.. I was just reading the latest spam auditors report, and it is always amazing how the same guys keep finding new colo's to work out of .. -- -- Catch the Magic of Linux... Michael Peddemors - President/CEO - LinuxMagic Products, Services, Support and Development Visit us at http://www.linuxmagic.com A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic is a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-589-0037 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
Re: Who has AS 1712?
On Wed, Nov 25, 2009 at 1:34 AM, Joe Abley jab...@hopcount.ca wrote: It seems to me that at some point we need to stop trying to put dresses on the pig. how, given where we are today, do you do that? I agree that presence of an ASN in routing data (in as_paths really) isn't proof of existence/use/abuse but not checking is not helping. 100% perfect would be awesome, today we have less than 100%, we could be doing a job closer to 100% by acting on some low-hanging fruit. To really move forward and get to 100% (or as near as we can hope for) what steps/actions/changes do you propose? It seems that at least RIPE/ARIN have their attentioned aimed this way now :) -Chris
Re: I got a live one! - Spam source
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Nov 24, 2009 at 10:55 PM, Michael Peddemors mich...@linuxmagic.com wrote: Depends on the activity, but this re-iterates the importance of maintaining correct SWIP, so that only the offenders get listed, and not bordering customers. Right. There are *so many* loopholes in this entire process, Bad Guys are waltzing through it. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLDNofq1pz9mNUZTMRAgNrAKDz6JwFqBG3gvXEIKo1UVrJSTmxDQCfadqV Ph3qt/qPDze8Z5tsRP7LgSw= =gQrR -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: I got a live one! - Spam source
Russell Myba wrote: Let's say our direct customer is CustomerA. They seem to buy rackspace from BusinessB. CustomerA seem to retain BusinessC for IT Solutions even though all three entities purport to be IT solutions providers. BusinessC came into the picture after the spamming started saying a wholly different /24 (Different from the spam source) doesn't work. It routes fine on our end. I have a feeling they've been added to some RBLs but I haven't found them listed yet. Just a simple ethernet handoff in a colo. We delegated rDNS to the servers of their choice and haven't heard a peep out of them until now. I think it's an absolute crying shame that a freak bolt of lighting somehow fried their rackspace in the colo and didn't affect any of the surrounding neighbors. I hate it when that happens. It's karma I think... Justin
Re: Who has AS 1712?
On 25.11 06:21, Randy Bush wrote: Of course if it was already assigned when IANA said that (no dates on the link above) then maybe the fault is more IANA's for telling another RIR that they could allocate an ASN that another RIR already allocated. i suspect that, in the erx project, there may have been more than one case of the iana saying ok, X now manages this block, excpet of course for those pieces already allocated by Y and Z. and the latter were not always well defined or easily learnable, and were not registered directly with the iana, but other rirs. rant and the data are all buried in whois, which is not well-defined, stats files, which are not defined, etc. the rirs, in the thrall of nih (you did know that ripe/ncc invented the bicycle), spent decades not agreeing on common formats, protocols, or code. this is one result thereof. testosterone kills, and the community gets the collateral damage. [Excuse the length of this. Randy just overloaded my patience circuit and I need to dissipate some testosterone induced energy. If you are only interested in details about the issue at hand, skip this message. If you are interested in a different view on (history of) the RIRs, read on.] Randy, it is absolutely unfair to shout at the RIRs and particularly at the RIPE NCC in this context and I take offence. This particular problem is caused by a record keeping error back in the days when RIRs did not even exist! So these resources never went through the hands of the RIPE NCC and were not conisdered by ERX at all. I'll leave it to ARIN to publish the detailed analysis once it is complete, but this is the essence of it. Back when I was responsible for the RIPE NCC in the 1990s, I personally spent considerable time developing and proposing exchange formats and database synchronisation tools. The RIPE NCC proposed close synchronisation of Internet number resource databases several times. This never got done because InterNIC and later ARIN resisted. It was quite frustrating. You can find polite expressions of my frustration in early RIPE NCC quarterly and annual reports if you look carefully. When APNIC was established, the RIPE NCC had close database synchroninsation with them from the start; the same occurred with AfriNIC later; both of these were achieved by definite *lack* of NIH and 'testosterone'. So if you cannot resist the urge to shout, please re-direct your shouting. This is all water under the bridge of course and we are moving on; but blaming the RIPE NCC in particular for NIH and 'testosterone' is just unfair! And no, we did not invent the bicycle, but in moments of hybris I do claim that we did in fact invent the RIR as such. ;-) I do not say everything is ideal now. However the RIRs are actively working to publish a complete set of stats files which also includes unallocated resources. This is the next best thing to full database synchronisation. APNIC and the RIPE NCC are driving this effort. In fact the track record of the RIRs is excellent so far, given the number of different resource blocks and the number of resource users. Yes, errors in historical records from two decades ago *should* be caught and all RIRs will certainly learn from this unfortunate episode. But the blanket shouting of the kind you did here is unfair, offensive and unwarranted. Respectfully Daniel