Re: IP4 Space

[Christopher Morrow]

On Tue, Mar 23, 2010 at 7:59 PM, Mark Newton  wrote:
>
> On 24/03/2010, at 4:10 AM, Christopher Morrow wrote:
>>
>> it seems to me that we'll have widespread ipv4 for +10 years at least,
>
> How many 10 year old pieces of kit do you have on your network?

it's not my network anymore (or not the one I work on anymore) but...
702 had +400 7500's of 1996 vintage when I left, 703 had somewhere
near 200 or so of similar vintage 7500's and 7200's... Sprint still
does T1 agg on 7500's. ATT I'm sure has 75's in the network as well.

If there's low margin and no 'cost' to run the gear, why would I upgrade??

> Ten years ago we were routing appletalk and IPX.  Still doing that
> now?

apples and oranges.

> I'd expect that v4 will still exist in legacy form behind firewalls,
> but I think its deprecation on the public internet will happen a lot
> faster than anyone expects.

maybe you're right, but... I doubt it.

>> I agree that v6 deployments seem to be getting
>> better/faster/stronger... I think that's good news, but we'll still be
>> paying the v4 piper for a while.
>
> Only until v4 becomes more expensive (using whatever metric matters to
> you) than v6.

I have v4, it's not going to be anymore expensive than it is today for
me... for new folks sure, but I've got mine.

> After you pass that tipping point, v4 deployment will stop dead.

doubtful. we could go back and forth with this pingpong ball for ...
ever, but the point here is no one knows, it's likely different than
either of us think, and in the mean time fun will ensue!

-chris

>  - mark
>
> --
> Mark Newton                               Email:  new...@internode.com.au (W)
> Network Engineer                          Email:  new...@atdot.dotat.org  (H)
> Internode Pty Ltd                         Desk:   +61-8-82282999
> "Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223
>
>
>
>
>
>

Re: IP4 Space

[bmanning]

On Wed, Mar 24, 2010 at 02:24:45PM +1030, Mark Newton wrote:
> 
> On 24/03/2010, at 1:46 PM,  wrote:
> 
> > 
> > tell me Mark,
> > 
> > when will you turn off -all- IPv4 in your network?
> 
> I don't imagine there'll be a date as such;  We'll just enable
> IPv6 versions of the services you've mentioned on equipment which
> supports it, and note that over time the number of systems still
> using v6 to perform those functions diminishes.

so 10+ years then... since most of those systems are not ported
to IPv6 yet, even in alpha-stage software.  I still am interested
in what the AU legal requirements for data retention are regarding
traceablity of records.  Seven years?  or was it ten?  Can you afford
to purge legally mandated data records just because you move to new
transport?

> 
> > simple switching of datagrams over non-v4 transport is trivial.  th O&M 
> > behnd
> > running production is a slightly longer path and the legal requirements 
> > these
> > days didn't exisit a decade ago.  Chris was optimistic at 10+ years.
> 
> There seems to be an assumption that continuing to run v4 on a v6 internet
> will be free, or at least cheap.
> 
> I don't think it will be.  I think it'll rapidly become horrendously expensive
> in operational support terms, and that we'll all see significant pressure from
> our CFOs and CTOs to get rid of it well before the ten-year estimate expires.

perhaps - the horrendously expensive costs come with dual-stacking.
and it is true that the least costly systems will gain market share,
be it v6 or v4...  both will be using NAT and NAT-like technologies
(reference the doubleNAT discourse from our friend Nathan Ward and the
active discussion in the IETF on "simple security")

> ... and if we don't, our customers will.

in my experience with networks running IPX, Appletalk, DECnet, 
DECnet-PhaseV,
VTAM and IP... customers could cre less about the transport protocol.  
Can
they get to the things they want and in a timely fashion is the obvious
criteria.
 
>   - mark
> 
> --
> Mark Newton   Email:  new...@internode.com.au (W)
> Network Engineer  Email:  new...@atdot.dotat.org  (H)
> Internode Pty Ltd Desk:   +61-8-82282999
> "Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223
> 
> 
> 
> 
> 

Re: IP4 Space

[Mark Newton]

On 24/03/2010, at 1:46 PM,  wrote:

> 
> tell me Mark,
> 
>   when will you turn off -all- IPv4 in your network?

I don't imagine there'll be a date as such;  We'll just enable
IPv6 versions of the services you've mentioned on equipment which
supports it, and note that over time the number of systems still
using v6 to perform those functions diminishes.

>   simple switching of datagrams over non-v4 transport is trivial.  th O&M 
> behnd
>   running production is a slightly longer path and the legal requirements 
> these
>   days didn't exisit a decade ago.  Chris was optimistic at 10+ years.


There seems to be an assumption that continuing to run v4 on a v6 internet
will be free, or at least cheap.

I don't think it will be.  I think it'll rapidly become horrendously expensive
in operational support terms, and that we'll all see significant pressure from
our CFOs and CTOs to get rid of it well before the ten-year estimate expires.

... and if we don't, our customers will.

  - mark

--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223

Re: IP4 Space

[William Herrin]

On Tue, Mar 23, 2010 at 10:59 PM, Mark Newton  wrote:
> Only until v4 becomes more expensive (using whatever metric matters to
> you) than v6.
>
> After you pass that tipping point, v4 deployment will stop dead.

Mark,

You offer an accurate but incomplete assessment. IPv4 allocation's
upcoming transition to a zero-sum game might not push it above the
"cost" of IPv6. The economics in play haven't ruled out the
possibility. Should that occur, IPv6 will tend to fade to the
background during the following table-size driven router upgrade
cycle.

Regards,
Bill Herrin

-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: IP4 Space

[bmanning]

 tell me Mark,

when will you turn off -all- IPv4 in your network?
no snmp/aaa, no syslog, no radius, no licensed s/w keyed to a v4 
address,
no need to keep logs for leos' (whats the data retention law in your 
jurisdiction?)
etc...

simple switching of datagrams over non-v4 transport is trivial.  th O&M 
behnd
running production is a slightly longer path and the legal requirements 
these
days didn't exisit a decade ago.  Chris was optimistic at 10+ years.

imho

--bill



On Wed, Mar 24, 2010 at 01:29:31PM +1030, Mark Newton wrote:
> 
> On 24/03/2010, at 4:10 AM, Christopher Morrow wrote:
> > 
> > it seems to me that we'll have widespread ipv4 for +10 years at least,
> 
> How many 10 year old pieces of kit do you have on your network?
> 
> Ten years ago we were routing appletalk and IPX.  Still doing that
> now?
> 
> Ten years ago companies were still selling ISDN routers which still
> insisted on classful addressing.  Got any of them left on the network?
> 
> I'd expect that v4 will still exist in legacy form behind firewalls, 
> but I think its deprecation on the public internet will happen a lot
> faster than anyone expects.
> 
> > I agree that v6 deployments seem to be getting
> > better/faster/stronger... I think that's good news, but we'll still be
> > paying the v4 piper for a while.
> 
> Only until v4 becomes more expensive (using whatever metric matters to
> you) than v6.
> 
> After you pass that tipping point, v4 deployment will stop dead.
> 
>   - mark
> 
> --
> Mark Newton   Email:  new...@internode.com.au (W)
> Network Engineer  Email:  new...@atdot.dotat.org  (H)
> Internode Pty Ltd Desk:   +61-8-82282999
> "Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223
> 
> 
> 
> 
> 
> 

Re: IP4 Space

[Mark Newton]

On 24/03/2010, at 4:10 AM, Christopher Morrow wrote:
> 
> it seems to me that we'll have widespread ipv4 for +10 years at least,

How many 10 year old pieces of kit do you have on your network?

Ten years ago we were routing appletalk and IPX.  Still doing that
now?

Ten years ago companies were still selling ISDN routers which still
insisted on classful addressing.  Got any of them left on the network?

I'd expect that v4 will still exist in legacy form behind firewalls, 
but I think its deprecation on the public internet will happen a lot
faster than anyone expects.

> I agree that v6 deployments seem to be getting
> better/faster/stronger... I think that's good news, but we'll still be
> paying the v4 piper for a while.

Only until v4 becomes more expensive (using whatever metric matters to
you) than v6.

After you pass that tipping point, v4 deployment will stop dead.

  - mark

--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223

Experiences with A10 AX series Load Balancers?

[Welch, Bryan]

Does anyone have any experiences good/bad/indifferent with this company and 
their products?  They claim 2x the performance at ½ the cost and am a bit leery 
as you can imagine.

We are looking to replace our aging F5 BigIP LTM's and will be evaluating these 
along with the Netscaler and new generation F5 boxes.




Regards,

Bryan

Re: 2009 IPv4 Address Use Report

[Jeroen van Aart]

Christopher Morrow wrote:

it's not clear that 1.1.1.0/24 is actually assigned to anyone,
RIPE/APNIC were just using for some experiments. Did you actually mean
1.0.0.0/8?


Uhm, yes of course. Thanks :-)

Re: AOL Postmaster

[J.D. Falk]

On Mar 22, 2010, at 12:23 PM, Larry Sheldon wrote:

> On 3/22/2010 14:03, Mark Keymer wrote:
>> Hi,
>> 
>> If at all possible can a AOL Postmaster please get a hold of me. I have
>> a client that co-lo's with use and we do the support for them and we
>> need some help on getting mail to be delivering again to AOL.
> 
> Didn't I read that all of the AOL Postmasters had beenwhat is the
> word this week...made redundant?

Most, but not all.  You can reach those who remain via 
http://postmaster.aol.net/, just as before.

--
J.D. Falk 
Return Path Inc

Re: 2009 IPv4 Address Use Report

[Christopher Morrow]

On Tue, Mar 23, 2010 at 2:43 PM, Jeroen van Aart  wrote:

> Interesting statistics.
>
> It'd be interesting to know what % of newly assigned addresses are used for
> fraudulent and illegal purposes such as spam and scamming (how soon and how
> frequently will the newly assigned 1.1.1.0/8 block start appearing in block
> lists and spam reports?).

it's not clear that 1.1.1.0/24 is actually assigned to anyone,
RIPE/APNIC were just using for some experiments. Did you actually mean
1.0.0.0/8?

Re: 2009 IPv4 Address Use Report

[Jeroen van Aart]

Iljitsch van Beijnum wrote:

[ (Non-cross)posted to NANOG, PPML, RIPE IPv6 wg, Dutch IPv6 TF. Web version 
for the monospace font impaired and with some links:
http://www.bgpexpert.com/addrspace2009.php ]

2009 IPv4 Address Use Report

As of January first, 2010, the number of unused IPv4 addresses is 722.18 
million. On January 1, 2009, this was 925.58 million. So in 2009, 203.4 million 
addresses were used up. This is the first time since the introduction of CIDR 
in 1993 that the number of addresses used in a year has topped 200 million. 
With 3706.65 million usable addresses, 80.5% of the available IPv4 addresses 
are now in some kind of use, up from 75.3% a year ago. So the depletion of the 
IPv4 address reserves is continuing in much the same way as in previous years:

Date Addresses free   Used up
2006-01-01  1468.61 M
2007-01-01  1300.65 M167.96 M
2008-01-01  1122.85 M177.80 M (with return of 16.78 M to IANA)
2009-01-01   925.58 M197.27 M
2010-01-01   722.18 M203.40 M

These figures are derived from from the Internet Assigned Numbers Authority's 
IANA IPv4 Address Space Registry page and the records published on the FTP 
servers of the five Regional Internet Registries (RIRs): AfriNIC, which gives 
out address space in Africa, APNIC (Asia-Pacific region), ARIN (North America), 
LACNIC (Latin American and the Caribbean) and the RIPE NCC (Europe, the former 
Soviet Union and the Middle East).

The IANA list shows the status of all 256 blocks of 16777216 addresses 
identified by the first 8-bit number in the IPv4 address.
http://www.bgpexpert.com/ianaglobalpool.php is a graphical representation of 
the IANA global pool (updated weekly). The RIR data indicates how much address 
space the RIRs have delegated to internet service providers (and sometimes 
end-users). The changes over the course of 2009 are as follows:


Interesting statistics.

It'd be interesting to know what % of newly assigned addresses are used 
for fraudulent and illegal purposes such as spam and scamming (how soon 
and how frequently will the newly assigned 1.1.1.0/8 block start 
appearing in block lists and spam reports?).

Re: IP4 Space

[David Conrad]

On Mar 23, 2010, at 10:27 AM, Owen DeLong wrote:
> With 30,000 active AS right now, assuming an average of 2 instead of 9.5,

You appear to be assuming ISPs (like the ones that have received /18s, /19s, 
/20s, etc.) aren't going to deaggregate for traffic engineering purposes.  Or 
do I misunderstand?

Regards,
-drc

Re: IP4 Space

[Owen DeLong]

On Mar 23, 2010, at 10:40 AM, Christopher Morrow wrote:

> On Tue, Mar 23, 2010 at 10:27 AM, Owen DeLong  wrote:
> 
>> I think that the additive nature of the IPv6/IPv4 routing tables  will be the
>> driving factor for deprecation of IPv4 pretty quickly once IPv6 starts to
>> reach critical mass.  The problem is that we are so early on the IPv6
>> adoption curve right now that nobody believes IPv6 will become
>> ubiquitous fast enough to be relevant.
> 
> it seems to me that we'll have widespread ipv4 for +10 years at least,
> potentially there will be enough ipv4 alive in 20 years to still
> consider it 'widespread'. I also think we'll see more v4 routes
> (longer prefixes) show up in the first 10yrs, before it gets better :(
> 
I think the pressure to start deprecating IPv4 will start in approximately
11-12 years...

Now = T0
T+3 years -- IPv4 runs out  - Completely, not just IANA or RIRs, but, ISPs, too.
T+8 years -- IPv6 nears ubiquity at least on the public internet
T+11 years -- Economic pressures begin to drive the deprecation of IPv4.

> I could be wrong, I hope I am, but...
> 
>> I think that IPv6 deployment is already showing signs of acceleration.
>> I think that it will lurch forward suddenly shortly after (~6-12 months)
>> IPv4 finally hits the runout wall in a couple of years.
> 
> I agree that v6 deployments seem to be getting
> better/faster/stronger... I think that's good news, but we'll still be
> paying the v4 piper for a while.
> 
Yep. I completely agree.

Owen

Re: IP4 Space

[Christopher Morrow]

On Tue, Mar 23, 2010 at 10:27 AM, Owen DeLong  wrote:

> I think that the additive nature of the IPv6/IPv4 routing tables  will be the
> driving factor for deprecation of IPv4 pretty quickly once IPv6 starts to
> reach critical mass.  The problem is that we are so early on the IPv6
> adoption curve right now that nobody believes IPv6 will become
> ubiquitous fast enough to be relevant.

it seems to me that we'll have widespread ipv4 for +10 years at least,
potentially there will be enough ipv4 alive in 20 years to still
consider it 'widespread'. I also think we'll see more v4 routes
(longer prefixes) show up in the first 10yrs, before it gets better :(

I could be wrong, I hope I am, but...

> I think that IPv6 deployment is already showing signs of acceleration.
> I think that it will lurch forward suddenly shortly after (~6-12 months)
> IPv4 finally hits the runout wall in a couple of years.

I agree that v6 deployments seem to be getting
better/faster/stronger... I think that's good news, but we'll still be
paying the v4 piper for a while.

-Chris
> Owen
>
>
>

CHINANET-JX Contact

[Mehmet Akcin]

inetnum:  59.52.0.0 - 59.55.255.255
netname:  CHINANET-JX
descr:CHINANET Jiangxi province network
descr:China Telecom

Anyone from China Telecom , can you please contact me off-list?

Thanks

Mehmet

Re: IP4 Space

[Owen DeLong]

On Mar 23, 2010, at 5:17 AM, William Herrin wrote:

> On Tue, Mar 23, 2010 at 3:40 AM, Owen DeLong  wrote:
>> On Mar 22, 2010, at 10:27 PM, Mark Newton wrote:
>>> On 23/03/2010, at 3:43 PM, Owen DeLong wrote:
 With the smaller routing table afforded by IPv6, this will be less 
 expensive. As a result, I suspect there will be more IPv6 small 
 multihomers.
 That's generally a good thing.
>>> 
>>> Puzzled:  How does the IPv6 routing table get smaller?
>>> 
>> Compared to IPv4?  Because we don't do slow start, so, major providers won't 
>> be
>> advertising 50-5,000 prefixes for a single autonomous system.
> 
> On the other hand, smaller ASes still announce the same number, the
> hardware resource consumption for an IPv6 route is at least double
> that of an IPv4 entry, RIR policy implies more bits for TE
> disaggregation than is often possible in IPv4 and dual-stack means
> that the IPv6 routing table is strictly additive to the IPv4 routing
> table for the foreseeable future. Your thesis has some weaknesses.
> 
With 30,000 active AS right now, assuming an average of 2 instead of 9.5,
even if we double the number of active AS every 5 years, we're still looking
at 10 years for the IPv6 routing table to catch up.

30,000 * 2 = 60,000 prefixes today
120,000 prefixes in 5 years (60,000 active AS)
240,000 prefixes in 10 years (120,000 active AS)

I think that the additive nature of the IPv6/IPv4 routing tables  will be the
driving factor for deprecation of IPv4 pretty quickly once IPv6 starts to
reach critical mass.  The problem is that we are so early on the IPv6
adoption curve right now that nobody believes IPv6 will become
ubiquitous fast enough to be relevant.

I think that IPv6 deployment is already showing signs of acceleration.
I think that it will lurch forward suddenly shortly after (~6-12 months)
IPv4 finally hits the runout wall in a couple of years.

Owen

Re: IP4 Space

[isabel dias]

"IPv6 routing table 7-10 times smaller than the IPv4 routing table"
http://lists.arin.net/pipermail/arin-ppml/2009-May/014240.html


:-)
  

a bit of old stuff to get to the bottom line  

http://www.ripe.net/ripe/meetings/ripe-49/presentations/ripe49-plenary-bgp.pdf

 


- Original Message 
From: Mark Newton 
To: Owen DeLong 
Cc: NANOG list 
Sent: Tue, March 23, 2010 5:27:27 AM
Subject: Re: IP4 Space


On 23/03/2010, at 3:43 PM, Owen DeLong wrote:
> 
> With the smaller routing table afforded by IPv6, this will be less expensive. 
> As a result, I suspect there will be more IPv6 small multihomers.
> That's generally a good thing.

Puzzled:  How does the IPv6 routing table get smaller?

There's currently social pressure against deaggregation, but given time
why do you think the same drivers that lead to v4 deaggregation won't also
lead to v6 deaggregation?

(small multihomers means more discontiguous blocks of PI space too, right?)

  - mark

--
Mark Newton                              Email:  new...@internode.com.au (W)
Network Engineer                          Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd                        Desk:  +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223

Re: MPLS Provider at New York ?

[Paul WALL]

On Tue, Mar 23, 2010 at 6:43 AM, Stephane MAGAND
 wrote:
> I don't see on google a list of MPLS Provider at New York City.
>
> Anyone know a small mpls provider in this city ?

It would probably help if you'd provide particulars such as desired
A/Z locations and connection speeds.

Drive Slow,
Paul WALL

Cisco Unified Computing System

[Claudia de Luna]

Hello,

Does anyone have any hands on experience with Cisco's Unified Computing System? 
 Knowing some of the issues it purports to address the solution seems 
compelling but the devil is in the details.  I generally lean towards the "best 
of breed" approach and am wary of any solution that claims to do many things 
(often poorly) vs. one thing very well.  I'm particularly interested in the 
hooks that the system is supposed to have for 3rd party tools.  In my 
experience Cisco has not led the way in network management and a large part of 
this solution is the management system to provision end to end services.

Any experience with this solution would be most welcome, on or off list.

Thank You,

Claudia

Re: NSP-SEC

[Nick Hilliard]

On 23/03/2010 12:59, valdis.kletni...@vt.edu wrote:
> And now, you're still acting like you've got new unique insights and going out
> of your way to irritate the very same more experienced people that you 
> probably
> should be trying to learn from, when you haven't bothered to find out that
> you're once again 10 and 20 years behind the curve:

Do not feed the troll.

Nick

Re: IP4 Space

[Tim Durack]

On Tue, Mar 23, 2010 at 8:17 AM, William Herrin  wrote:
> On Tue, Mar 23, 2010 at 3:40 AM, Owen DeLong  wrote:
>> On Mar 22, 2010, at 10:27 PM, Mark Newton wrote:
>>> On 23/03/2010, at 3:43 PM, Owen DeLong wrote:
 With the smaller routing table afforded by IPv6, this will be less 
 expensive. As a result, I suspect there will be more IPv6 small 
 multihomers.
 That's generally a good thing.
>>>
>>> Puzzled:  How does the IPv6 routing table get smaller?
>>>
>> Compared to IPv4?  Because we don't do slow start, so, major providers won't 
>> be
>> advertising 50-5,000 prefixes for a single autonomous system.
>
> On the other hand, smaller ASes still announce the same number, the
> hardware resource consumption for an IPv6 route is at least double
> that of an IPv4 entry, RIR policy implies more bits for TE
> disaggregation than is often possible in IPv4 and dual-stack means
> that the IPv6 routing table is strictly additive to the IPv4 routing
> table for the foreseeable future. Your thesis has some weaknesses.

Plus the RIRs are currently applying pressure to assign only the bare
minimum IPv6 address space to PI multi-homers (at least, the RIR I
deal with.) I can see this quickly leading to non-contiguous
assignments in the not to distant future.

Today I have enough address space to easily allocate /48s per site,
assuming a /64 per VLAN. But I can see the need to assign /56s per
switch port for dhcp-pd. If I were to assign a /48 per switch stack
(seems like a reasonable engineering decision), I'm quickly going to
burn through lots of /48s. I'm sure I could come up with clever ways
to save address space, but I'm wondering why when one of the promises
of IPv6 is to avoid having to think too hard about individual
assignments.

-- 
Tim:>

Re: NSP-SEC

[Valdis . Kletnieks]

On Tue, 23 Mar 2010 11:13:48 BST, Guillaume FORTAINE said:

> I have read with interest this document.

(lots of irrelevant commentary elided - the vast majority of which merely
confirms the point that a lot of people have been doing further research on
issues that we identified a decade and more ago)

> In 1991, I was in primary school. In 2000, the date of your link, I got 
> my first access to Internet. And now ? ;) !

And now, you're still acting like you've got new unique insights and going out
of your way to irritate the very same more experienced people that you probably
should be trying to learn from, when you haven't bothered to find out that
you're once again 10 and 20 years behind the curve:

http://en.wikipedia.org/wiki/Plonk_%28Usenet%29

Wow. Rich Sexton really *did* contribute something important to the Net.


pgp2gUu5cXeJ9.pgp
Description: PGP signature

Re: IP4 Space

[William Herrin]

On Tue, Mar 23, 2010 at 3:40 AM, Owen DeLong  wrote:
> On Mar 22, 2010, at 10:27 PM, Mark Newton wrote:
>> On 23/03/2010, at 3:43 PM, Owen DeLong wrote:
>>> With the smaller routing table afforded by IPv6, this will be less 
>>> expensive. As a result, I suspect there will be more IPv6 small multihomers.
>>> That's generally a good thing.
>>
>> Puzzled:  How does the IPv6 routing table get smaller?
>>
> Compared to IPv4?  Because we don't do slow start, so, major providers won't 
> be
> advertising 50-5,000 prefixes for a single autonomous system.

On the other hand, smaller ASes still announce the same number, the
hardware resource consumption for an IPv6 route is at least double
that of an IPv4 entry, RIR policy implies more bits for TE
disaggregation than is often possible in IPv4 and dual-stack means
that the IPv6 routing table is strictly additive to the IPv4 routing
table for the foreseeable future. Your thesis has some weaknesses.

Regards,
Bill Herrin




-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

MPLS Provider at New York ?

[Stephane MAGAND]

Hi

I don't see on google a list of MPLS Provider at New York City.

Anyone know a small mpls provider in this city ?

Bye
Stephane

Re: NSP-SEC

[Guillaume FORTAINE]

Conclusion : if you can't reply to these fundamental questions, hire a
CISO and build a CSIRT.
 

  I *so* hate making an argument from authority (other than "I think smb
published a paper on that already"), but in your case I'll make an exception.

Go read http://www.sans.org/dosstep/roadmap.php

Read the date, read the signatories.


I have read with interest this document.

1) Remarks :

-Bill Clinton is no longer the president of USA . Howard Schmidt is the 
new cybersecurity czar :


http://www.facebook.com/howardas

(By the way, Gadi Evron is in his Facebook friends ?!?)


2) Notes :

a) Problem 1: Spoofing & Problem 2: Broadcast Amplification

http://docs.google.com/viewer?url=http://www.dca.fee.unicamp.br/~chesteve/pubs/LIPSIN_sigcomm2009_jokela.pdf



b) Problem 3: Lack of Appropriate Response To Attacks

http://docs.google.com/viewer?url=http://nanog.org/meetings/nanog47/presentations/Sunday/Green_Top10_Security_N47_Sun.pdf



c) Problem 4: Unprotected Computers

http://docs.google.com/viewer?url=http://www.whitehouse.gov/files/documents/cyber/Gourley_Bob_Open_Source_Software_and_Cyber_Defense_01_April_2009.pdf



Ask yourself if you *really* want to be
telling me that we need to build a CSIRT. (Answer - our CIRT was up and
running back in 1991, and was well-known in 2000. So no, we don't need advice
on how to start one.


VT-CIRT :

http://docs.google.com/viewer?url=http://www.it.vt.edu/publications/annualreports/annualreport2007-2008.pdf

o Students designed, built, and are maintaining the vulnerability scan 
engines that are

the core of the www.ids.cirt.vt.edu site.



CSIRT-MU :

http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/03/02-celeda_rehak_CAMNEP_no_video.pdf

Project Results

Further Information:

3 Journal papers, including IEEE Intelligent Systems
20+ conference papers (RAID, AAMAS, IAT, FloCon,...)

How to get it?

University startups:

-INVEA-TECH a.s. - FlowMon probes, collectors for high-speed data 
monitoring (with MU, VUT and CESNET)
-Cognitive Security s.r.o. - CAMNEP system for real-time data mining 
(with CTU)


Supported by:

U.S. ARMY RDECOM-CERDEC, CESNET, Czech MOD



  We've got literally man-centuries of experience in running
one already. By the way, where were you in 1991?)

   


In 1991, I was in primary school. In 2000, the date of your link, I got 
my first access to Internet. And now ? ;) !



Best Regards,

Guillaume FORTAINE

Re: IP4 Space

[Owen DeLong]

On Mar 22, 2010, at 10:27 PM, Mark Newton wrote:

> 
> On 23/03/2010, at 3:43 PM, Owen DeLong wrote:
>> 
>> With the smaller routing table afforded by IPv6, this will be less 
>> expensive. As a result, I suspect there will be more IPv6 small multihomers.
>> That's generally a good thing.
> 
> Puzzled:  How does the IPv6 routing table get smaller?
> 
Compared to IPv4?  Because we don't do slow start, so, major providers won't be
advertising 50-5,000 prefixes for a single autonomous system.

> There's currently social pressure against deaggregation, but given time
> why do you think the same drivers that lead to v4 deaggregation won't also
> lead to v6 deaggregation?
> 
I think that the same drivers will apply, but, think of IPv6 as a Big 10->1
reset button on those drivers.  Sure, in 30 years, we may be back to
a 300,000 prefix table, but, in 30 years, a 300,000 prefix table will be
well within the hardware capabilities instead of on the ragged edge
we face today.

> (small multihomers means more discontiguous blocks of PI space too, right?)
> 
Yep.  It does.  However, IPv6 gives us a 30-50,000 prefix table now (when
we get there) and 10-30 years to solve either the TCAM scaling issue or
come up with a better routing paradigm.

I think that eventually an ID/Locator split paradigm will emerge that is 
deployable. I think that SHIM6 and the others proposed so far are far
too complex and end-host dependent to ever be deployable.

Likely we will need to modify the packet header to be able to incorporate
a locator in the header in the DFZ and do some translation at the edge.
I haven't fully figured out the ideal solution, but, I think several others
are working on it, too.

Owen