Information Request
Hello, I am in load d' to study the establishment in North America a company specialized in: Mpls Networks Internet Access Housing/Colloc This establishment must this make is by a creation of a new structure at New York or Washington and at Montreal, or by the acquisition of a holding in a small local operator. Then i write in this list since qu' it touches a great number of professional. Except companies, interested by a bringing together with a European operator has human size, I seek has to know how this master key the collection of T1, DSL and other near the carriers in the USA and Canada. If you could give me ideas of how that this master key, I am taking Thank you Stephane Magand
Re: news from Google
So, why do I have a creeping feeling that google is just running software on level3's servers? Isn't 8.0.0.0/8 announced by level3. Wouldn't that suck up 8.8.8.0/24 and 8.8.4.0/24? On Thu, Dec 3, 2009 at 3:09 PM, Scott Berkman sc...@sberkman.net wrote: Also reminds me of the Level 3 DNS servers in the 4.2.2.[1-8++] range. -Scott -Original Message- From: Jonathan Lassoff [mailto:j...@thejof.com] Sent: Thursday, December 03, 2009 1:51 PM To: nanog Subject: Re: news from Google Excerpts from Charles Wyble's message of Thu Dec 03 10:44:49 -0800 2009: 8.8.8.8 6.6.6.6 would have been really really funny. :) Nice IPs from Level 3, huh? 6.6.6.6 belongs to the US Army. --j -- Andrew Euell andyzweb [at] gmail [dot] com
Re: Optical fiber question
On 11/12/2009, at 4:58 AM, Jared Mauch wrote: You can reach much further on this, but the optics tend to be more expensive. If you are going a short distance (eg: 2km or less) multi-mode is the way. I can buy LH GigE SFPs for AU$67 each, MM GigE SFPs for AU$61.AU$6 difference is really noise. Bring on Vendor equipment with SFP+ optic support for 10G - AU$1199 for 10G-LR SFP+! ($AU = Australian Dollar which is about US 91c) MMC -- Matthew Moyle-Croft Peering Manager and Team Lead - Commercial and DSLAMs Internode /Agile
Re: Is there anyone from ASPEWS on this list?
John R. Levine wrote: So write to her from a gmail account. APEWS is pretty kooky, and I'm kind of surprised if SORBS is using it. We use ASPEWS not APEWS (there is a vast cookiness difference). Shells
Re: Is there anyone from ASPEWS on this list?
Seth Mattinen wrote: You should still be able to submit a ticket to SORBS, no? I was always under the impression that it was open a ticket and wait or you are moved to the back of the line with SORBS. That is correct on all counts. The ticket engine is web based and has an interface to email, so anyone listed on ASPEWS (or any other DNSbl we use) can still report issues with ASPEWS (for our continual evaluation on whether to use it) as well as log support tickets and issues about SORBS listings. The initial reply from the support ticket will give you an email and password that will allow you to login to the support interface. Regards, Michelle
Re: Is there anyone from ASPEWS on this list?
John Levine wrote: ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. Since nobody but the occasional highly vocal GWL uses ASPEWS, Guess I'm a highly vocal GWL then .. ;-) (what ever GWL means) Shells
Re: Data Centre - Advice? (Shenzhen, China)
1) Define tier one. NTT got some IDC in China (Beijing, Guangzhou, Hong Kong, Shanghai, Suzhou), but not in Shenzhen. Chinanetcenter would be there: http://www.chinanetcenter.com/wangsu/english/co/Shenzhen_Banxuegang_IDC.htm Remember Hong Kong is well served in Datacenters and upstream providers, and well, just next to Shenzhen. 2) Define technology foot print =) Couldn't respecting RFC be a foot print already? No joke, please give more details about your technology. Best, Benjamin Le 10/12/2009 05:57, Scott E. MacKenzie a écrit : Hi, Does anyone have any great websites to share or advice where I can locate all the tier one Internet Data Centre (IDC) providers in Shenzhen China? My second question would be on any advice that anyone can offer about the problems that can be faced operating your technology foot print inside the PRC, if there are any? Warm Regards, Scott
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On Fri, 2009-12-11 at 21:45 -0800, Roger Marquis wrote: If you're going to implement statefulness there is no technical downside to implementing NAT as well. No downside, plenty of upsides, no brainer... Of course there are downsides to implementing NAT - adding any feature to a device increases its complexity and affects its expense, time to market, MTBF etc. And there is certainly a downside to *deploying* NAT: NAT removes end-to-end transparency. Gotta keep those SOHO users in their cages, don't want them becoming independent producers of digital value, no sir! Seriously - by all means keep NAT as a technology for those who want to deploy it; we can't uninvent it anyway. It just shouldn't be imposed on others. I would argue that an ISP requiring of a customer that they use a NATted solution with IPv6 *is* imposing it on others. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF signature.asc Description: This is a digitally signed message part
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On 12/12/2009 01:55 AM, Mark Newton wrote: Would you be using Consumer Grade - IPV6 Enabled Router Firewalls in the enterprise? 'cos if you would, I think I might have entered the wrong thread :) Yeah, I think I did. Sorry for the noise. Simon -- DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server-- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: news from Google
On Sat, Dec 12, 2009 at 4:39 AM, Andrew Euell andyz...@gmail.com wrote: So, why do I have a creeping feeling that google is just running software on level3's servers? Isn't 8.0.0.0/8 announced by level3. Wouldn't that suck up 8.8.8.0/24 and 8.8.4.0/24? On Thu, Dec 3, 2009 at 3:09 PM, Scott Berkman sc...@sberkman.net wrote: Also reminds me of the Level 3 DNS servers in the 4.2.2.[1-8++] range. -Scott -Original Message- From: Jonathan Lassoff [mailto:j...@thejof.com] Sent: Thursday, December 03, 2009 1:51 PM To: nanog Subject: Re: news from Google Excerpts from Charles Wyble's message of Thu Dec 03 10:44:49 -0800 2009: 8.8.8.8 6.6.6.6 would have been really really funny. :) Nice IPs from Level 3, huh? 6.6.6.6 belongs to the US Army. --j -- Andrew Euell andyzweb [at] gmail [dot] com 8.8.8.0/24 and 8.8.4.0/24 are being announced by AS15169. That is a more specific route than 8.0.0.0/8. inet.0: 309980 destinations, 1777244 routes (309955 active, 17 holddown, 9 hidden) + = Active Route, - = Last Active, * = Both 8.8.8.0/24 *[BGP/170] 8w4d 00:05:54, MED 0, localpref 100 AS path: 3356 15169 I [BGP/170] 5w2d 20:30:42, MED 0, localpref 100 AS path: 3356 15169 I [BGP/170] 3d 04:32:51, localpref 100 AS path: 7843 15169 I [BGP/170] 6w4d 21:27:00, MED 0, localpref 100 AS path: 3549 15169 I [BGP/170] 4w2d 03:31:39, MED 2, localpref 100 AS path: 2828 7018 15169 I [BGP/170] 1w1d 06:31:35, MED 4, localpref 100 AS path: 1239 3356 15169 I inet.0: 309984 destinations, 1777256 routes (309970 active, 6 holddown, 9 hidden) + = Active Route, - = Last Active, * = Both 8.8.4.0/24 *[BGP/170] 4w4d 16:27:35, MED 0, localpref 100 AS path: 3549 15169 I [BGP/170] 4w1d 21:57:42, MED 0, localpref 100 AS path: 3356 15169 I [BGP/170] 3d 04:36:18, localpref 100 AS path: 7843 15169 I [BGP/170] 4w4d 16:27:48, MED 0, localpref 100 AS path: 7922 15169 I [BGP/170] 5d 02:13:20, MED 3, localpref 100 AS path: 2828 3356 15169 I [BGP/170] 1w1d 06:35:02, MED 4, localpref 100 AS path: 1239 3356 15169 I -Josh
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Frank Bulk a écrit : I think they're (all) listed here: http://www.getipv6.info/index.php/Broadband_CPE And from an operators perspective (not manufacturer): Free ISP ADSL (and fiber) operator in France does IPv6 natively to the end user with Router Advertisement since 2 years now. I think these CPE (Customer Premises Equipment) are called simply box in France (freebox, livebox, dartybox, and more). Between the Free box and the core network there is proprietary IPv6-in-IPv4 encapsualtion, not 6to4. No DHCPv6-PD, which I feel as a big restriction. Plans for livebox and 9box IPv6 do exist if not already deployed. Spanish FON Fonera based on openwrt, when I checked 2008, did IPv6 somehow, not sure whether natively. http://boards.fon.com/viewtopic.php?f=1t=4532view=previous From memory, at least one Japanese residential operator did IPv6 to the home several years ago, with explicit IPv6 advertisement on TV during prime time. Alex Frank -Original Message- From: Wade Peacock [mailto:wade.peac...@sunwave.net] Sent: Wednesday, December 02, 2009 5:16 PM To: nanog@nanog.org Subject: Consumer Grade - IPV6 Enabled Router Firewalls. We had a discussion today about IPv6 today. During our open thinking the topic of client equipment came up. We all commented that we have not seen any consumer grade IPv6 enable internet gateways (routers/firewalls), a kin to the ever popular Linksys 54G series, DLinks , SMCs or Netgears. Does anyone have any leads to information about such products (In production or planned production)? We are thinking that most vendors are going to wait until Ma and Pa home user are screaming for them. Thoughts?
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Mohacsi Janos a écrit : On Thu, 3 Dec 2009, Matthew Moyle-Croft wrote: Mohacsi Janos wrote: According to Apple the latest Apple Airport Extreme does support DHCPv6 prefix delegation and native IPv6 uplink not only 6to4. Airports don't support DHCPv6 PD yet. I'm led to believe that they may in the future from my Apple friends but not yet. It does in a limited extent: http://lists.apple.com/archives/Ipv6-dev/2009/Oct/msg00086.html Not sure that is DHCPv6 PD (Prefix Delegation), the discussion doesn't seem to say so. If it is it would be wonderful. I will check soon the hardware. Great, please report, thanks, Alex Best Regards, Janos Mohacsi
Re: Is there anyone from ASPEWS on this list?
Michelle Sullivan wrote: Seth Mattinen wrote: You should still be able to submit a ticket to SORBS, no? I was always under the impression that it was open a ticket and wait or you are moved to the back of the line with SORBS. That is correct on all counts. Oh and to re-iterate a point made so many times in so many forums and so often ignored. Posting to any of my email personal addresses will not help your case at all.. ever.. in any way... and in fact posting to some of the old and disused ones will likely cause a spamtrap listing. SORBS Support is done through the SORBS support system (which is what it is there fore funnily enough!) Posting on mailing lists, or emailing to me, other SORBS staff, or GFI will result in various responses from completely ignoring you to sending you a PDF that tells you that you can only gain support through the SORBS support system - NO EXCEPTIONS. The only thing my email address is valid for is if the SORBS Support system is down for telling me such (and I have plenty of systems monitoring all components of it so an email is pretty pointless in most cases.) Robot rejection and refusal to delist is not a failure in the support system... Read the response and act upon the contents if you want a review. Sorry if that sounds harsh, but when you had seen even a couple of the idiotic messages I get, you'll understand why. Logging a ticket is simple if a little ownerous (it takes 7 clicks to get a ticket logged, 3 if you use the contact form!) Michelle PS: Here is an example or 5 of tickets logged in the support system (unedited except for the last) and all in the queue that specifically states do not send listing or delisting requests here... Name: Yiannos Efthymiou Company: AT Multitech Corporation Type: company Primary OS: windows Skill Level: admin DB: Yes a windows admin logged a support ticket with no IP address or domain, or well.. anything... Name: Andrzej Wojciechowski Type: person Primary OS: windows Skill Level: luser DB: And another .. these are the total contents of the tickets (email addresses are stored in the headers which I haven't reproduced for privacy... Name: german perez Company: roulette partners s.a. Type: company Primary OS: unix Skill Level: admin DB: Number 3.. ok now I'm going to skip down tickets until I find something other than just the auto-inserted stuff... This one logged no less than 3 of the same tickets... Name: Danilo Jaramillo Company: sistemas inalambricos Type: company Primary OS: unix Skill Level: admin DB: Additional Information: why if the ip it's not used, you do not delist automatically??? ... thought: If it is not used how did it get listed in the first place?...and another... Name: Vladimir Goloshchuk Type: na Primary OS: windows Skill Level: admin DB: Additional Information: Our ip used to be listed in more than 10 blacklists due to the spam breaks. We have cleaned our system and most of email blacklist databases have white listed us. There are only 3 databases left that still have our IP blacklisted. your database is one of them. Please white list our IP as email is a vital part of our customers business and this prevents from sending/receiving legitimate emails with other clients. Regards, Vladimir Each of these have gone to http://www.sorbs.net/cgi-bin/support and clicked No to the question Do you need help or support about a listing, delisting, or blocked IP address? (it defaults to Yes)* * They have also clicked through the following text: Please Note: Logging a support ticket about a listing using this form will result in nothing happening; you will not receive a reply from the support staff; nor will the request result in a listing or delisting. This form is for all the requests other than those for listing and delisting addresses, domains or mail servers. We also receive delisting request via the same method * *Name: Chris ** Company: Communications Type: company Primary OS: windows Skill Level: admin DB: Additional Information: We currentlym have a router with in our network that has its NAT listed with you. We have recently taken steps to elimanate this probelm. The IPs in question are within this subnet 24.***.***.225/29. Please let me know if we could have these delisted. Best Regards, Chris * Communications Inc. ***-***- **...@**.ca This one I did edit to remove the identifying details. It's obvious the person speaks English, so there is not the defense that they didn't understand the STOP sign or the text I have already posted. NO I DO NOT ACCEPT DELISTING REQUESTS OUT OF THE SUPPORT SYSTEM! Michelle
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
You're correct, out of the box there aren't many. The first couple that come to mind are the Apple Airport Express and Airport Extreme, but I don't believe Linksys/Netgear/etc. have support out of the box. The Apple products do 6to4 out of the box, but don't support v6 natively. Apple seems to have ideological objections to DHCPv6, so at the moment there's little hope at all that prefix delegation will work on any of their CPE products. Can Airport relay the DHCPv6 request to the service provider ? Rubens
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
I challenge the usual suspects to deliver actual working dual stack IPv6 ADSL CPE rather than feigning interest. None of the major CPE vendors appear to have a v6 plan despite your claims. We have an IPv6 dual stack trial for ADSL going on and not a single CPE from the _major consumer CPE vendors_. I've saw some ADSL CPEs that could bridge specific frame types. It would be feasible to think of an ADSL CPE that would simply bridge IPv4/ARP and IPv6 ethertypes and have a dual-stack BRAS service the users, or bridge IPv4/ARP to a VC(Virtual Circuit) and IPv6 to another VC, or NAT+Route IPv4 to a VC and bridge IPv6 to other VC. In an IPv6 world where NAT is not a requirement (paranoids are welcome to buy their own IPv6 firewalls), bridging with some L4 intelligence might be all that a CPE needs to do. The IPv6 idea of letting end-nodes have more work and intermediate nodes have less work also applies to CPEs. Rubens
Re: Is there anyone from ASPEWS on this list?
On Fri, Dec 11, 2009 at 3:35 PM, William Pitcock
neno...@systeminplace.net wrote:
Name: www.googleadservices.com
Address: 67.210.14.113
That is Cernal, and it is hosted in Russia now.
not unless 'russia' moved a whole lot closer to 'ashburn,va' in the
last little while (or wormhole network technology is available)
4 0.xe-4-2-0.BR1.IAD8.ALTER.NET (152.63.32.161) 8 ms
0.xe-7-3-0.BR1.IAD8.ALTER.NET (152.63.32.158) 6 ms
0.xe-4-2-0.BR1.IAD8.ALTER.NET (152.63.32.161) 10 ms
5 194.25.211.17 (194.25.211.17) 7 ms 8 ms 7 ms
6 217.239.40.38 (217.239.40.38) 13 ms 12 ms 24 ms
7 217.6.49.126 (217.6.49.126) 12 ms 15 ms 12 ms
8 67-210-14-113-rev.ineting.net (67.210.14.113) 15 ms 14 ms 15 ms
(note upstream here is DT)
Cernal and Atrivo are two different entities, Atrivo used to host
Cernal, but now they have different hosting arrangements.
85.255.114.0/24 today routes:
5 0.xe-9-0-0.BR1.IAD8.ALTER.NET (152.63.41.49) 8 ms 6 ms
0.xe-10-0-0.BR1.IAD8.ALTER.NET (152.63.41.149) 8 ms
6 dcp-brdr-02.inet.qwest.net (63.146.26.105) 9 ms 9 ms 10 ms
7 dcx-core-01.inet.qwest.net (205.171.251.33) 10 ms 14 ms 10 ms
8 cer-core-01.inet.qwest.net (67.14.8.202) 30 ms
cer-core-02.inet.qwest.net (67.14.8.22) 28 ms
cer-core-01.inet.qwest.net (67.14.8.202) 29 ms
9 chx-edge-02.inet.qwest.net (205.171.139.61) 172 ms 32 ms
chx-edge-02.inet.qwest.net (205.171.139.57) 30 ms
10 63.146.238.218 (63.146.238.218) 29 ms 29 ms 30 ms
(note QWest is the upstream)
Right, two different ASN's originating prefixes, they seem to have
different 'locations' (or connections to networks in two different
tier-1 cities (chicago based on naming vs nyc-area based upon rtt)
The two entities seem to have a very tightly linked business though,
and have for quite some time.
Can people get a clue and understand this very critical difference?
sure, the difference being the act of changing names on top level
entities every period of time ('names will be changed to protect the
innocent') and providers as the providers notice sales folk did 'bad'
things..
It doesn't help to say things like: Thats hosted in russia when
clearly it is not... it also doesn't help to try and separate the 2
clearly inseparable entities.
-chris
Re: Is there anyone from ASPEWS on this list?
Hi, On Sat, 2009-12-12 at 18:02 +0100, Michelle Sullivan wrote: Michelle Sullivan wrote: Seth Mattinen wrote: You should still be able to submit a ticket to SORBS, no? I was always under the impression that it was open a ticket and wait or you are moved to the back of the line with SORBS. That is correct on all counts. Oh and to re-iterate a point made so many times in so many forums and so often ignored. Posting to any of my email personal addresses will not help your case at all.. ever.. in any way... and in fact posting to some of the old and disused ones will likely cause a spamtrap listing. SORBS Support is done through the SORBS support system (which is what it is there fore funnily enough!) Posting on mailing lists, or emailing to me, other SORBS staff, or GFI will result in various responses from completely ignoring you to sending you a PDF that tells you that you can only gain support through the SORBS support system - NO EXCEPTIONS. The only thing my email address is valid for is if the SORBS Support system is down for telling me such (and I have plenty of systems monitoring all components of it so an email is pretty pointless in most cases.) Robot rejection and refusal to delist is not a failure in the support system... Read the response and act upon the contents if you want a review. Sorry if that sounds harsh, but when you had seen even a couple of the idiotic messages I get, you'll understand why. Logging a ticket is simple if a little ownerous (it takes 7 clicks to get a ticket logged, 3 if you use the contact form!) Perhaps people wouldn't have to email you if the robot actually did what it said it was going to do. Your website promises that the robot will get things delisted out of the DUHL zone in 3 to 5 hours. It has been more than 3 to 5 hours, and it is costing me money. Considering that you shouldn't have listed the space to begin with, I think it would be fantastic if you updated the website to reflect the reality of the situation. While I am sorry to hear that most of the people you deal with are morons, it does not change the facts that SORBS listed IP address space for no valid reason, other than the first version of the RDNS not having .static. in it. Perhaps if this sort of thing didn't keep happening, on a regular basis, we would never hear about SORBS, MAPS, or any other RBLs on NANOG in a bad light. Personally, I like SORBS. I would like to continue to be able to use SORBS on my mail servers. The fact that my addresses are listed as being dynamic in SORBS when they are not, and it hasn't been fixed in the timeframe that the website promises it would be fixed in, is making me re-evaluate whether or not I should use SORBS and recommend it to people looking for good DNSBLs to use on their mailservers. NO I DO NOT ACCEPT DELISTING REQUESTS OUT OF THE SUPPORT SYSTEM! Then you should make your delisting process more streamlined. You already have a robot for most things, make it do the next step and just delist the IP ranges it is given. William
RE: Consumer Grade - IPV6 Enabled Router Firewalls.
Unless I haven't put the full picture together, yet, but for my PPPoA/E environment I would like a DSL CPE that: - on the WAN interface does IPv4 (with NAT support) and IPv6 over PPPoE combined with DHCP-PD (with a stateful firewall). - on the LAN interface does the regular IPv4 stuff, Link-Local only, static IPv6, and stateful and stateless DHCPv6. - allows me to run IPv4, IPv6, or both For my bridged environments (whether that be DSL or FTTH) I would like a CPE that - on the WAN interface does IPv4 (with NAT support), IPv6 with Link-Local only, static IPv6, and IPv6 with DHCP-PD (with a stateful firewall). - on the LAN interface does the regular IPv4 stuff, Link-Local only, static IPv6, and stateful and stateless DHCPv6. - allows me to run IPv4, IPv6, or both While the support burden will be raised, I think the network needs to be dual-stack from end-to-end if SPs want to keep middle-boxes out. But for those who really do run out of IPv4 addresses, I'm not sure how middle-boxes can be avoided. Kind of hard to tell customer n+1 that they can only visit the IPv6 part of the web. Perhaps new customers will have to use a service provider's CGN and share IPv4 addresses until enough of the internet is dual-stack. Frank -Original Message- From: Rubens Kuhl [mailto:rube...@gmail.com] Sent: Saturday, December 12, 2009 12:48 PM To: nanog@nanog.org Subject: Re: Consumer Grade - IPV6 Enabled Router Firewalls. I challenge the usual suspects to deliver actual working dual stack IPv6 ADSL CPE rather than feigning interest. None of the major CPE vendors appear to have a v6 plan despite your claims. We have an IPv6 dual stack trial for ADSL going on and not a single CPE from the _major consumer CPE vendors_. I've saw some ADSL CPEs that could bridge specific frame types. It would be feasible to think of an ADSL CPE that would simply bridge IPv4/ARP and IPv6 ethertypes and have a dual-stack BRAS service the users, or bridge IPv4/ARP to a VC(Virtual Circuit) and IPv6 to another VC, or NAT+Route IPv4 to a VC and bridge IPv6 to other VC. In an IPv6 world where NAT is not a requirement (paranoids are welcome to buy their own IPv6 firewalls), bridging with some L4 intelligence might be all that a CPE needs to do. The IPv6 idea of letting end-nodes have more work and intermediate nodes have less work also applies to CPEs. Rubens
