Re: Yahoo and IPv6
* Tony Hain So take the relays out of the path by putting up a 6to4 router and a 2002:: prefix address on the content servers. Longest match will cause 6to4 connected systems to prefer that prefix while native connected systems will prefer the current prefix. The resulting IPv4 path will be exactly what it is today door-to-door. Forcing traffic through a third party by holding to a purity principle for dns, and then complaining about the results is not exactly the most productive thing one could do. If you add a 6to4 record to your domain name, you'll attract 6to4 traffic from a lot of systems that would earlier have used IPv4. This is because 6to4-6to4 is preferred above IPv4-IPv4 in RFC 3484 (which in turn is preferred aboue 6to4-NativeV6). This in turn results in a net decrease of reliability, as 6to4 is extremely unreliable, even in the situation where the relays are known to work correctly - the failure rate in this case has been indepentently verified by Emile Aben of the RIPE NCC (https://labs.ripe.net/Members/emileaben/6to4-how-bad-is-it-really) and Geoff Huston of APNIC (http://www.potaroo.net/ispcol/2010-12/6to4fail.html) to be in the 15% ballpark. Also, I actually tried it myself, by «triple-stacking» (adding a 6to4 ) the dual-stack measurement point in my own brokenness experiment (http://fud.no/ipv6). Overall brokenness increased about ten-fold, from around 0.03% to 0.3%, so the change was reverted the next day. In conclusion, publishing 6to4 records is a terrible idea if you're concerned about reliability. The argument is that enterprise firewalls are blocking it, but that makes no sense because many/most enterprises are in 1918 space so 6to4 will not be attempted to begin with, and for those that have public space internally the oft-cited systems that are domain members will have 6to4 off by default. To get them to turn it on would require the IT staff to explicitly enable it for the end systems but then turn around and block it at the firewall ... Not exactly a likely scenario. Perhaps most enterprises are in 1918 space, but I don't the reasoning why an enterprise that are not using 1918 space would be more likely to use Active Directory than those that are using 1918 space. I would have thought that the use of AD is completely orthogonal the use of 1918 space? In any case, there's no shortage of 6to4 implementations in the wild that will happily enable 6to4 from 1918 addresses even though it cannot possibly work. The most likely source of public space for non-domain joined systems would be universities, My data shows that university networks are overrepresented with broken end-users, yes. but no one that is complaining about protocol 41 filtering has shown that the source addresses are coming from those easily identifiable places. http://www.fud.no/ipv6/snapshot-20101221/gnuplot/nouninett-t10-historic.png The red line is the overall internet brokenness I measured. The green line is the overall brokenness for the internet *except* UNINETT, the Norwegian University and Research Network, which filters proto-41. So that particular network with some tens of thousands of end users are responsible for around one-third of all failed dual-stack connection attempts, in a country that has around five million citizens. The sharp drop at the end is when they finally deployed native IPv6 at certain proto-41-filtered problem spots in their network, by the way. That leaves the case of networks that use public addresses internally, but nat those at the border. This would confuse the client into thinking 6to4 should be viable, only to have protocol 41 blocked by the nat. These networks do exist, End users in such networks are likely to increase sharply in numbers, thanks to IPv4 depletion and the inevitable deployment of CGNs using bogon or unrouted public addresses. The 6rd hack is nothing more than 6to4 in a different prefix to get around the one-liner that should be ignored in the original RFC that said to only publish the /16 into IPv6 bgp. I can already hear the screams about routing table, but there is no difference between the impact of a 6rd specific announcement and a deaggregate of 2002:: Only in the case that the 2002::/16-deaggregating ISP only has *one* IPv4 PA allocation, and that the 6RD using ISP you're comparing it to gets a *separate* IPv6 PA allocation dedicated to 6RD end users, something which I don't believe will be granted in the RIPE region at least. The only well-known deployment of 6RD (Free.fr / AS12322) currently originate 18 IPv4 prefixes and a single IPv6 prefix. With your solution they would need to originate 18 deaggregates of 2002::/16 instead, in addition to their single IPv6 PA allocation for native deployments. -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com Tel: +47 21 54 41 27
Re: Yahoo and IPv6
On 11 mei 2011, at 2:39, Karl Auer wrote: On Wed, 2011-05-11 at 10:19 +1000, Mark Andrews wrote: For the record Apple's current iChat (the OS (10.6.7) is completely up to date) fails such a test. It will try IPv6 and not fallback to IPv4. End users shouldn't be seeing these sorts of errors. Hm, I've had a very hard time finding any IPv6-capable servers to let my iChat talk to... Is that possibly a failure of the underlying resolver library? Do other applications on the same platform behave correctly? Apple's Mail application used to do this, but after many years they fixed this, it will now fall back to IPv4 without trouble. This isn't a resolver issue, as the resolver can't know whether IPv6 connectivity does or doesn't work. The resolver simply gives applications that don't explicitly ask for a particular address type all of the addresses of all types for which the system currently has connectivity, I think as determined by the presence of a default route, maybe the presence of an address also matters. What applications need to do when they connect to a remote server is to try the next address when the first one fails and cycle through all addresses before giving up. Of course with IPv4 having multiple addresses is extremely rare so IPv4 applications typically don't bother with this, so it has to be addressed when IPv6ifying applications.
RE: Yahoo and IPv6
On Tue, 10 May 2011, Frank Bulk wrote: :: If I can anticipate Igor's response, he'll say that he'll whitelist those :: IPv6-only networks and so he's just help 182,000 people. That's a very good guess as to what I was going to say :) -igor :: -Original Message- :: From: Owen DeLong [mailto:o...@delong.com] :: Sent: Tuesday, May 10, 2011 1:23 PM :: To: Igor Gashinsky :: Cc: nanog@nanog.org :: Subject: Re: Yahoo and IPv6 :: :: On May 10, 2011, at 9:32 AM, Igor Gashinsky wrote: :: :: On Tue, 10 May 2011, valdis.kletni...@vt.edu wrote: :: :: :: On Tue, 10 May 2011 02:17:46 EDT, Igor Gashinsky said: :: :: :: :: The time for finger-pointing is over, period, all we are all trying :: to do :: :: now is figure out how to deal with the present (sucky) situation. The :: :: :: current reality is that for a non-insignificant percentage of users :: when :: :: you enable dual-stack, they are gong to drop off the face of the :: planet. :: :: Now, for *you*, 0.026% may be insignificant (and, standalone, that :: number :: :: is insignificant), but for a global content provider that has ~700M :: users, :: :: that's 182 *thousand* users that *you*, *through your actions* just :: took :: :: out.. 182,000 - that is *not* insignificant :: :: :: :: At any given instant, there's a *lot* more than 182,000 users who are :: cut off :: :: due to various *IPv4* misconfigurations and issues. :: :: Yes, but *these* 182,000 users have perfectly working ipv4 connectivity, :: and you are asking *me* to break them through *my* actions. Sorry, that's :: simply too many to break for me, without a damn good reason to do so. :: :: In other words, Igor can't turn on records generally until there are :: 182,001 IPv6-only users that are broken from his lack of records. :: :: Given IP address consumption rates in Asia and the lack of available IPv4 :: resources in Asia, with a traditional growth month to month of nearly :: 30 million IPv4 addresses consumed, I suspect it will not be long before :: the 182,001 broken IPv6 users become relevant. :: :: Doing that on world ipv6 day, when there is a lot of press, and most other :: :: large content players doing the same, *is* a good reason - it may actually :: :: has a shot of accomplishing some good, since it may get those users to :: realize that they are broken, and fix their systems, but outside of flag :: day, if I enabled by default for all users, all I'm going to do is :: send those broken users to my competitors who chose not to enable :: on their sites. :: :: Agreed. I think IPv6 day is a great plan for this very reason. I also hope :: that :: a lot of organizations that try things out on IPv6 day will decide that the :: brokenness that has been so hyped wasn't actually noticeable and then :: leave their records in place. I do not expect Yahoo or Google to :: be among them, but, hopefully a lot of other organizations will do so. :: :: This is why I think automatic, measurement-based whitelisting/blacklisting :: :: to minimize the collateral damage of enabling is going to be :: inevitable (with the trigger set to something around 99.99%), and about :: the only way we see wide-scale IPv6 adoption by content players, outside :: events like world ipv6 day. :: :: This will be interesting. Personally, I think it will be more along the :: lines :: of when there are more IPv6 only eye-balls with broken IPv4 than there :: are IPv4 eye-balls with broken IPv6, will become the obvious :: solution. :: :: In my opinion, this is just a matter of time and will happen much sooner :: than :: I think most people anticipate. :: :: Owen :: ::
RE: 23,000 IP addresses
Luis Marta wrote on 2011-05-10: In the EU you have Directive 2006/24/EC: http://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF Article 6 - Periods of retention Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. Article 5 - Categories of data to be retained 1. Member States shall ensure that the following categories of data are retained under this Directive: (a) data necessary to trace and identify the source of a communication: (...) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication; The real problem is in the stupid wording. The IP Address is not allocated to a subscriber or registered user. It is handed out for use on an authorized circuit. That circuit is being paid for by someone. There is no nexus between a circuit number and a subscriber or user (or there should not be -- and there only is if YOU CHOOSE TO CREATE SUCH). If network operators behaved rationally, the proper response to any request to divulge information related to an IP address would be limited to the Account Number which was paying for the circuit on which the IP Address was allocated WITH NO IDENTIFICATION OF ANY INDIVIDUAL WHATSOEVER. The entire problem is being created by Network Operators who are making up answers that they cannot prove are true, and causing grief to their customers. Eventually some customer will decide to challenge the Network Operator to prove their allegations of misfeasance. The result will be that the Network Operators will lose, and lose big time. After all, it is the Network Operators who are the accusers -- not the media mafia. Each member state creates its own law, according to the directive. In Portugal, you have to retain the data for one year. Best Regards, Luís Marta. --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: 23,000 IP addresses
In article 5f713bd4b694ac42a8bb61aa6001a...@mail.dessus.com, Keith Medcalf kmedc...@dessus.com writes Article 5 - Categories of data to be retained 1. Member States shall ensure that the following categories of data are retained under this Directive: (a) data necessary to trace and identify the source of a communication: (...) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication; The real problem is in the stupid wording. The IP Address is not allocated to a subscriber or registered user. It is handed out for use on an authorized circuit. That circuit is being paid for by someone. There is no nexus between a circuit number and a subscriber or user (or there should not be -- and there only is if YOU CHOOSE TO CREATE SUCH). While there's an argument that the circuit number doesn't identify the user, it most certainly identifies the Subscriber, who is the person who has the legal contract for supply of the circuit. If network operators behaved rationally, the proper response to any request to divulge information related to an IP address would be limited to the Account Number which was paying for the circuit on which the IP Address was allocated WITH NO IDENTIFICATION OF ANY INDIVIDUAL WHATSOEVER. So you'd give out the bank/credit card number, but not the name? The legislation above asks for the name and address, and in many jurisdictions revealing the credit card number or bank account number would be regarded as *more* intrusive, not less. -- Roland Perry
Re: 23,000 IP addresses
I wonder how things go if you challenge them in court. This is surely a topic for another list, but it seems to me it'd be fairly difficult to prove unless they downloaded part of the movie from your IP and verified that what they got really was a part of the movie. I have the netflow records to prove this is NOT the case. All MediaSentry (et.al.) do is scrape the tracker. We have also received a number of takedown notices that have numbers transposed, involve parts of our netblock that were not in use at the time in question, etc. I would think that whole penalty of perjury thing would have some weight behind it. Stanford (in)famously managed to get DMCA notices for all the printers on campus, just by faking a client into putting the printer's IP into the tracker as a seed. Cheers, Michael Holstein Cleveland State University
Re: Yahoo and IPv6
In message 03c70cde-8169-437b-8394-26f839413...@muada.com, Iljitsch van Beijn um writes: On 11 mei 2011, at 2:39, Karl Auer wrote: On Wed, 2011-05-11 at 10:19 +1000, Mark Andrews wrote: For the record Apple's current iChat (the OS (10.6.7) is completely up to date) fails such a test. It will try IPv6 and not fallback to IPv4. End users shouldn't be seeing these sorts of errors. Hm, I've had a very hard time finding any IPv6-capable servers to let my = iChat talk to... Well I found this bug because the jabber server was IPv4 only and the box it is on got a address. The jabber server is now running dual stack with the IPv6 ports being forwarded to the IPv4 ports. It's not optimal but it works. Is that possibly a failure of the underlying resolver library? Do = other applications on the same platform behave correctly? Apple's Mail application used to do this, but after many years they = fixed this, it will now fall back to IPv4 without trouble. This isn't a = resolver issue, as the resolver can't know whether IPv6 connectivity = does or doesn't work. The resolver simply gives applications that don't = explicitly ask for a particular address type all of the addresses of all = types for which the system currently has connectivity, I think as = determined by the presence of a default route, maybe the presence of an = address also matters. What applications need to do when they connect to a remote server is to = try the next address when the first one fails and cycle through all = addresses before giving up. Of course with IPv4 having multiple = addresses is extremely rare so IPv4 applications typically don't bother = with this, so it has to be addressed when IPv6ifying applications.= This is basic RFC 1123 multihome support. Also see https://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Japan electrical power?
Hello, This is sort of off-topic, but no where near as much as half of the topics on NANOG. It is relevant to netops for anyone who has a presence in Japan. Does anyone on NANOG have firsthand in-depth knowledge of the electrical system in Japan? I know voltage varies from town to town and prefecture to prefecture. It seems most is 90V-110V. Do most homes and businesses have a single leg or do they have 200-220V available? Are most circuit breakers 15A? Do they use 20A anywhere? What is used in commercial settings? What is the typical service to a home? 60A, 100A, 200A? I have searched, but haven't found enough definitive info to be useful. I am designing some new equipment and Japan is the worst case scenario from a power standpoint because they use such a low line voltage. If my gear works in rocky mountainous low-voltage Japan, it will work anywhere. Any information or good links would be appreciated. I can't give out any info on the new gear yet until some key IP is protected. It doesn't compete with anything on the market today. Thanks for any help anyone can give. Domo arigato! -Robert Well done is better than well said. - Benjamin Franklin
Re: 23,000 IP addresses
On Wed, May 11, 2011 at 09:56:56AM +0800, Ong Beng Hui said: while, I am not a lawyer, so what after they know who is using that broadband connection for that IP. So, they have identified the 80yr old, what next ? and what if i have a free-for-all wireless router in my house which anyone can tap on, which i regularly switch off during nighttime for energy saving reason. :) Simple. Just make having clue on configuring your wifi AP a legal requirement. :) Sides, since WPA is cracked now too, to some extent, i dont think most APs have any sort of guaranteed protection. Hell, it's better to leave it wide open, as having the prosecution accuse you of child porn because you used a hard-but-crackable WPA2 (it's one in a billion to crack it! beyond a reasonable doubt! we dont have anyone anywhere in our IT who could possibly crack it!) instead of WEP or wide open seems like a greater pitfall. What about projects like http://NoCat.net - will they be made illegal? That's going to be an awesome can of worms. /kc -- Ken Chase - k...@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: 23,000 IP addresses
On Wed, May 11, 2011 at 8:48 AM, Michael Holstein michael.holst...@csuohio.edu wrote: I wonder how things go if you challenge them in court. This is surely a topic for another list, but it seems to me it'd be fairly difficult to prove unless they downloaded part of the movie from your IP and verified that what they got really was a part of the movie. I have the netflow records to prove this is NOT the case. All MediaSentry (et.al.) do is scrape the tracker. We have also received a number of takedown notices that have numbers transposed, involve parts of our netblock that were not in use at the time in question, etc. this is exactly the same situation I outlined previously... darknet/tcdump can't be a bittorrent user. I would think that whole penalty of perjury thing would have some weight behind it. apparently not :( (I'd say something about lobbyists et.al, but...) -chris
Re: .io registrar
Jeremy Kister wrote: Does anyone know of a competent .io registrar who charges in the = $75/yr area ? I've been using tierra.net (domaindiscover.com) but they continually break my domains. this year, although their website says my domain expires 4/2012, my domain stopped working today. the .io servers aren't serving records, and nic.io says the domain expired 4/8/2011. i got a hold of them this morning got a ticket -- but after 4 hours still no response. also, although nic.io lists a bunch of .io registrars, when I called them they almost all say we don't register .io :D I have a .io domain with Moniker and have not had any problems. - Kevin
Re: IPv6 foot-dragging
On 11 mei 2011, at 16:39, William Astle wrote: I think the above two points illustrate precisely why so many networks in North America simply cannot deploy IPv6 whether they want to or not. We simply cannot obtain IPv6 transit from our upstreams. It's just not available. And the old line about vote with your money doesn't work when you have limited choices. Apparently the need for IPv6 isn't yet high enough to consider adding a transit provider. I've seen enough press releases from NTT and HE to know there's at least two that can do this out there.
Re: IPv6 foot-dragging
On 2011-May-11 16:39, William Astle wrote: [..] I think the above two points illustrate precisely why so many networks in North America simply cannot deploy IPv6 whether they want to or not. We simply cannot obtain IPv6 transit from our upstreams. It's just not available. And the old line about vote with your money doesn't work when you have limited choices. And you have just found out why transition technologies exist. They are called 'transition' for a reason: during the time that you cannot get (proper) native connectivity you can set up a tunnel to an entity that can provide you with proper IPv6. The same way you can also set up a IPv6-only transit session with a party that is located at an IX or such you are at. Might just be to cover the time till your current transits do support IPv6. It is just a way around the problem, it might not be nice but it can work and you can get ready, and might get enough insight on why not to use that organization any more who is causing all the feet to be dragged. Greets, Jeroen
Re: 23,000 IP addresses
(it's one in a billion to crack it! beyond a reasonable doubt! we dont have anyone anywhere in our IT who could possibly crack it!) A billion iterations takes what fraction of a second using a high-end multi-card gamer rig and CUDA? (or for the cheap/lazy, a S3/Tesla instance). Even for brute-force, although WPA2 is salted with the SSID, 95% of the time it's still Linksys. Rainbow tables for the ~140 most common SSIDs are already available. I once used GPS and a wifi analyizer to show a map of how large the possible cloud around a standard WRT54G and 2nd floor installation of the accused's router really was. To make it dumb enough, I used the pringle's cantenna (literally) instead of a commercial antenna. The CSI effect works when the defense does it too. Juries love to hear techie stuff these days, it's just that the defense usually can't afford it. If a sizable community of technical folks were to pro-bono as expert witnesses, the presumption of innocence would return pretty fast. Cheers, Michael Holstein Cleveland State University
Re: IPv6 foot-dragging
On 05/11/2011 09:50 AM, Iljitsch van Beijnum wrote: On 11 mei 2011, at 16:39, William Astle wrote: I think the above two points illustrate precisely why so many networks in North America simply cannot deploy IPv6 whether they want to or not. We simply cannot obtain IPv6 transit from our upstreams. It's just not available. And the old line about vote with your money doesn't work when you have limited choices. Apparently the need for IPv6 isn't yet high enough to consider adding a transit provider. I've seen enough press releases from NTT and HE to know there's at least two that can do this out there. Funny, I was just involved in a discussion on IPv6 in Canada yesterday, and this link came up from multiple people: http://bgpmon.net/blog/?p=382 . There's also http://www.vyncke.org/ipv6status/detailed.php?country=catype=ISP , but I've seen some indications that there may be some inaccuracies (Allstream announcing 2001:04c8::/33, for instance). Jima
Re: IPv6 foot-dragging
I have had similar problems with our providers, and these are tier 1 companies that should have already been full deployed. These are also some of the more expensive providers on a per Mb basis. The one provider that was full IPv6 ready was Cogent. HE is also IPv6 (although we don't use them atm.) Sent from my “contract free” BlackBerry® smartphone on the WIND network. -Original Message- From: William Astle l...@l-w.ca Date: Wed, 11 May 2011 08:39:43 To: nanog@nanog.org Subject: IPv6 foot-dragging There has been much talk about IPv6 lately, and for good reason. Whatever your opinion on whether IPv6 is a good solution to IPv4 address exhaustion, it's the only solution we have. Yet deployment, at least in North America, has been ridiculously slow. I have just been informed by a sales rep for AS852 that they are not deploying IPv4 until 2012. 2012? Really? I've heard statements that AS701 has deployed IPv6 on their network but I've yet to see any evidence of that in my area of Canada. Apparently they forgot Canada when they did it. Now I'm informed, unofficially, that they might maybe have it deployed, if I'm lucky, some time before the end of 2011. I think the above two points illustrate precisely why so many networks in North America simply cannot deploy IPv6 whether they want to or not. We simply cannot obtain IPv6 transit from our upstreams. It's just not available. And the old line about vote with your money doesn't work when you have limited choices.
Re: IPv6 foot-dragging
On 5/11/2011 11:03 AM, ja...@jamesstewartsmith.com wrote: I have had similar problems with our providers, and these are tier 1 companies that should have already been full deployed. These are also some of the more expensive providers on a per Mb basis. The one provider that was full IPv6 ready was Cogent. HE is also IPv6 (although we don't use them atm.) There are a number of networks in Canada that provide v6 transit both big and small. I have v6 transit from TATA, HE and Cogent out of Toronto. Many Canadian networks peer at Torix which also lists their v6 status. http://www.torix.net/peers.php ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Re: 23,000 IP addresses
On May 10, 2011, at 8:30 PM, Jimmy Hess wrote: On Tue, May 10, 2011 at 8:54 AM, Mark Radabaugh m...@amplex.net wrote: On 5/10/11 9:07 AM, Marshall Eubanks wrote: A good reason why every ISP should have a published civil subpoena compliance fee. 23,000 * $150 each should only cost them $3.45M to get the information. Seems like that would take the profit out pretty quickly. +1. But don't the fees actually have to be reasonable? If you say your fee is $150 per IP address, I think they might bring it to the judge and claim the ISP is attempting to avoid subpoena compliance by charging an unreasonable fee. They can point to all the competitors charging $40 per IP. I am not a lawyer, and you would be a fool to use NANOG for legal advice, but if I were to charge something for this, I would want to be able to justify the charge in front of a judge, regardless of what anyone else charges. In other words, something like we find it typically takes $ 100 to get the backups out of storage, 15 minutes @ $X per minute for a tech to find the right backup disk and 10 minutes at $Y per minute for a network engineer to review the dump. Regards Marshall This would be very interesting with IPv6 though, and customers assigned /56s. You want all the records for every IP in this /56, really? -- -JH
Re: 23,000 IP addresses
On Wed, May 11, 2011 at 11:16 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: Courts like precedent. I choose Facebook's precedent. Seems reasonable to me. That's also roughly in line with Nextel and others for CALEA. Hrm, I had thought that CALEA specifically removed the ability of the Provider to charge for the 'service'? Though there is always the case where the Provider can say: Yes, this doesn't fall into the CALEA relevant requests, we can do this for you though it will cost time/materials to do, here's our schedule... or that's the stance a previous employer was taking... (at the direction of their lawyer-catzen)
Re: IPv6 foot-dragging
On 2011-05-11 09:10, Mike Tancsa wrote: On 5/11/2011 11:03 AM, ja...@jamesstewartsmith.com wrote: I have had similar problems with our providers, and these are tier 1 companies that should have already been full deployed. These are also some of the more expensive providers on a per Mb basis. The one provider that was full IPv6 ready was Cogent. HE is also IPv6 (although we don't use them atm.) There are a number of networks in Canada that provide v6 transit both big and small. I have v6 transit from TATA, HE and Cogent out of Toronto. Many Canadian networks peer at Torix which also lists their v6 status. http://www.torix.net/peers.php That highlights another problem I have. I have no presence in Toronto, nor do I have a business case (or resources) to build a presence there. The same applies to Vancouver which is the other popular city for such things. I do currently employ a tunnel from HE's tunnel broker and, as a result, I'm reasonably sure I can make IPv6 work when I have proper transit for it. However, it would be impolite at best to turn up any sort of production service over such a tunnel. Speaking from the perspective of a *small* network with very limited resources, adding a transit provider, even if one is available, is very expensive. Installation costs tend to dwarf any business gain, often running well into the 5 figure range. The same applies to switching transit providers. (Install costs are the same in either case.)
Re: 23,000 IP addresses
On 5/11/11 11:19 AM, Marshall Eubanks wrote: On May 10, 2011, at 8:30 PM, Jimmy Hess wrote: On Tue, May 10, 2011 at 8:54 AM, Mark Radabaughm...@amplex.net wrote: On 5/10/11 9:07 AM, Marshall Eubanks wrote: A good reason why every ISP should have a published civil subpoena compliance fee. 23,000 * $150 each should only cost them $3.45M to get the information. Seems like that would take the profit out pretty quickly. +1. But don't the fees actually have to be reasonable? If you say your fee is $150 per IP address, I think they might bring it to the judge and claim the ISP is attempting to avoid subpoena compliance by charging an unreasonable fee. They can point to all the competitors charging $40 per IP. I am not a lawyer, and you would be a fool to use NANOG for legal advice, but if I were to charge something for this, I would want to be able to justify the charge in front of a judge, regardless of what anyone else charges. In other words, something like we find it typically takes $ 100 to get the backups out of storage, 15 minutes @ $X per minute for a tech to find the right backup disk and 10 minutes at $Y per minute for a network engineer to review the dump. Regards Marshall Don't forget to include your attorneys time to verify that the subpoena is actually legal. That would add another $100 to the cost at a minimum. We recently almost released information on a customer in an attempt to comply with what appeared to be a valid subpoena. The subpoena was invalid and thankfully our attorney noticed it. I fully expect the bill for the legal advice to be at least $100.00 Really the point though is to charge *some* fee for complying. It doesn't really matter what the fee is. The reason they sue 10,000 defendants in one case is to avoid having to pay the $350 (or similar) fee to the court for each defendant. If the ISP's don't charge for providing this information a copyright holder can file a civil suit, issue subpoena's based on the filing, and intimidate defendants with settlement offers before the case gets thrown out of court for improperly joining defendants. http://houstonlawyer.wordpress.com/2011/03/18/over-1-internet-users-dismissed-from-copyright-infringement-lawsuit-in-a-slight-of-hand-letter-to-the-court/ Add any significant cost to the process of figuring out who the actual customers are and the profit motive goes out the window. -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015
RE: IPv6 foot-dragging
Apparently the need for IPv6 isn't yet high enough to consider adding a transit provider. I've seen enough press releases from NTT and HE to know there's at least two that can do this out there. I believe the major holdup at this point is lack of v6 eyeballs. End user CPE, particularly DSL CPE, has been lagging in v6 capability. As for v6 upstreams, I have native v6 with both InterNAP (may not be available at ALL POPs yet) and HE. Savvis has yet to deploy it in the US at the POP pertinent to our operatons. The big push for v6 eyeballs at the current time are the mobile operators. We are seeing activity that would indicate there are mobile devices out there that are native v6 at this time. Content providers who have a lot of mobile clients might find they have more native v6 eyeballs than they think they have. A couple of things you can do to check. First of all look for requests to your DNS servers for records and note where those are coming from. That doesn't prove a lot but it gives some indication of who might have v6 someplace in their network. If you are seeing a significant number of these, the next thing I would do is get a dns server on your network working with v6 and get that IP address in whois even if all you are serving is v4 A records. Then note who is arriving over v6 asking for records. Those are the best candidates for enabling v6 services. Note which services those are asking for, pick one, and if you have gear capable of it (say, for example, a load balancer), configure a v6 VIP for that service balancing to v4 servers behind it. Place the record for this service in the zone handed out via v6 requests (ONLY!) and watch the service VIP and see if clients are connecting. So at this point you are handing out records for a v6 service but ONLY for DNS requests that arrive via IPv6 asking for it. Any requests arriving via v4 asking for an record would get the NOERROR response and an A record for the resource (client might have IPv6 internally but doesn't have v6 all the way to the Internet or their Internet coverage might be spotty and doesn't include you coughCogentcough).
Re: Japan electrical power?
On Wednesday, May 11, 2011 10:08:00 AM Robert Boyle wrote: I know voltage varies from town to town and prefecture to prefecture. It seems most is 90V-110V. Also, part of the country is 50Hz and part is 60Hz.
Re: IPv6 foot-dragging
On 11 mei 2011, at 19:01, George Bonser wrote: A couple of things you can do to check. First of all look for requests to your DNS servers for records and note where those are coming from. Firefox has for a long time done both A and lookups even if the system doesn't have IPv6. I believe MacOS does this too, now. Don't know about other apps/OSes, but for sure you'll see tons of lookups from people who have no IPv6 connectivity. Then note who is arriving over v6 asking for records. Those are the best candidates for enabling v6 services. Now you're counting DNS servers. Because the provisioning of IPv6 DNS addresses has been such a mess and still is problematic, many dual stack systems do this over IPv4. And the DNS servers they talk to may be IPv4-only, or IPv4-only users may talk to dual stack DNS servers. In my opinion, looking at this kind of stuff in order to draw conclusions about what you should do is a waste of time. It just means more work for everyone and it doesn't fix any of the broken stuff that's out there. If the results of world IPv6 day are as we expect and only 0.1 - 0.2 % or less of all people have problems, I think the best way forward would be to have a second world IPv6 day where we again enable IPv6 industry-wide but this time we don't turn it off again.
Re: IPv6 foot-dragging
On May 11, 2011, at 1:12 PM, Iljitsch van Beijnum wrote: On 11 mei 2011, at 19:01, George Bonser wrote: A couple of things you can do to check. First of all look for requests to your DNS servers for records and note where those are coming from. Firefox has for a long time done both A and lookups even if the system doesn't have IPv6. I believe MacOS does this too, now. Don't know about other apps/OSes, but for sure you'll see tons of lookups from people who have no IPv6 connectivity. It is still a way to measure it, even if it's not that accurate. Then note who is arriving over v6 asking for records. Those are the best candidates for enabling v6 services. Now you're counting DNS servers. Because the provisioning of IPv6 DNS addresses has been such a mess and still is problematic, many dual stack systems do this over IPv4. And the DNS servers they talk to may be IPv4-only, or IPv4-only users may talk to dual stack DNS servers. In my opinion, looking at this kind of stuff in order to draw conclusions about what you should do is a waste of time. It just means more work for everyone and it doesn't fix any of the broken stuff that's out there. If the results of world IPv6 day are as we expect and only 0.1 - 0.2 % or less of all people have problems, I think the best way forward would be to have a second world IPv6 day where we again enable IPv6 industry-wide but this time we don't turn it off again. I'd like to see a repeat but with a week timescale. If you parse carefully, if all the $major sites are broken in the same way at the same time, it's easier to justify leaving it broken. (eg: if Google, Yahoo and Bing all do IPv6 at once, neither has to worry about losing market share to the other due to misbehaving ipv6. That's how I read igor's email about the 182k users, even if I still think we would be served with a longer test). The most interesting data for me is looking at the sites that have 'majorly' broken IPv6 dns. I count 600+ sites that are returning weird things like ::1 or ::: addresses. My favorites are the .gov site on the list and the city of albany. Here's a pointer to the list: http://puck.nether.net/~jared//very-broken-dns.txt - Jared
Re: IPv6 foot-dragging
* Iljitsch van Beijnum Firefox has for a long time done both A and lookups even if the system doesn't have IPv6. They fixed that in version 4.0, by calling getaddrinfo() with the AI_ADDRCONFIG flag (like most other browsers do). https://bugzilla.mozilla.org/show_bug.cgi?id=614526 -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27
RE: IPv6 foot-dragging
Now you're counting DNS servers. Because the provisioning of IPv6 DNS addresses has been such a mess and still is problematic, many dual stack systems do this over IPv4. And the DNS servers they talk to may be IPv4-only, or IPv4-only users may talk to dual stack DNS servers. Which is why I suggested trying it on ONE service and watching it closely. What I have done is selected a best candidate for a test. I am not implying that this is guaranteed to work. If the results of world IPv6 day are as we expect and only 0.1 - 0.2 % or less of all people have problems, I think the best way forward would be to have a second world IPv6 day where we again enable IPv6 industry- wide but this time we don't turn it off again. 0.1% of users is a HUGE number if you have 1,000,000 subscribers. Are you prepared to field 1,000 helpdesk calls or lose 1,000 customers? Now imagine 100,000,000 subscribers. Are you ready for 10,000 support calls or the loss of 10,000 paying customers? It isn't something you just throw out there on a whim and tell people to like it or lump it if there are potentially a lot of people involved.
Re: IPv6 foot-dragging
On 11 mei 2011, at 19:32, George Bonser wrote: If the results of world IPv6 day are as we expect and only 0.1 - 0.2 % or less of all people have problems, I think the best way forward would be to have a second world IPv6 day where we again enable IPv6 industry- wide but this time we don't turn it off again. 0.1% of users is a HUGE number if you have 1,000,000 subscribers. Are you prepared to field 1,000 helpdesk calls or lose 1,000 customers? Apparently we are, at least for the former, otherwise there wouldn't be an IPv6 day. It isn't something you just throw out there on a whim and tell people to like it or lump it if there are potentially a lot of people involved. So what's the alternative? Never change anything? Remember, this is al extremely trivial stuff: most things won't even completely stop working. And a few mouseclicks (yes, you have to know which ones so the helpdesks better start figuring that out) and you're back to normal. Compare this to turning off analog TV transmitters that have been running for decades where people have to buy converter boxes and sometimes even install antennas on their roof to keep using the service.
Re: Japan electrical power?
On May 11, 2011 10:09 AM, Robert Boyle rob...@tellurian.com wrote: Hello, I know voltage varies from town to town and prefecture to prefecture. No, it doesn't. Japan has two systems, both 100v, western Japan has 60Hz, eastern Japan has 50Hz.
Re: IPv6 foot-dragging
On Wed, 11 May 2011 10:32:54 PDT, George Bonser said: 0.1% of users is a HUGE number if you have 1,000,000 subscribers. Are you prepared to field 1,000 helpdesk calls or lose 1,000 customers? Now imagine 100,000,000 subscribers. Are you ready for 10,000 support calls or the loss of 10,000 paying customers? Unless you have a captive audience for customers, you probably have a churn rate higher than 0.1% *anyhow*. And if you *do* have a captive audience, you won't lose customers. I would be interested in knowing if those people who say they can measure these 0.1% dips noticed anything due to the flooding and severe weather in the midwest and southeast US in the past few weeks. pgp7YJ43BdUNw.pgp Description: PGP signature
OT: Jay Adelson Keynote Video?
Folks, At NANOG 43, Jay Adelson had a video clip in his presentation which celebrated the hilarity that customers create for network engineers. Does anyone have a link to the video? A review of the abstract (http://nanog.org/meetings/nanog43/abstracts.php?pt=NDMmbmFub2c0Mw==nm=nanog43) and google'ing high and low yielding no results. I seem to recall it being on BitGravity, but I don't have the URL. Tom -- Tom Daly, CTO, Dynamic Network Services, Inc. ### We're hiring software engineers, network engineers, and web developers. Learn more at http://dyn.com/why-dyn/careers. ###
Re: 23,000 IP addresses
On 5/11/11 8:26 AM, Christopher Morrow wrote: On Wed, May 11, 2011 at 11:16 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: Courts like precedent. I choose Facebook's precedent. Seems reasonable to me. That's also roughly in line with Nextel and others for CALEA. Hrm, I had thought that CALEA specifically removed the ability of the Provider to charge for the 'service'? Though there is always the case where the Provider can say: Yes, this doesn't fall into the CALEA relevant requests, we can do this for you though it will cost time/materials to do, here's our schedule... or that's the stance a previous employer was taking... (at the direction of their lawyer-catzen) A civil subpeona is not a calea request. This thread has done a fair bit of intermingling of the two things to the detriment of it's utility. While I'm sure facebook is served with plenty of valid search warrants, I'm reasonably unsure that they meet the definition of telecommunications carrier. there's some discussion in the light of recent hearings, here: http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html
Re: Japan electrical power?
On Wed, May 11, 2011 at 10:08 AM, Robert Boyle rob...@tellurian.com wrote: Does anyone on NANOG have firsthand in-depth knowledge of the electrical system in Japan? I do not. However: http://www.japan-guide.com/e/e2225.html The voltage in Japan is 100 Volt The frequency of electric current is 50 Hertz in Eastern Japan and 60 Hertz in Western Japan http://www.japaneselawtranslation.go.jp/law/detail/?ft=1re=01dn=1co=01ky=%E9%9B%BB%E6%B0%97%E7%94%A8%E5%93%81%E5%AE%89%E5%85%A8%E6%B3%95page=2 Electrical Appliance and Material Safety Act (Japan) Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: IPv6 foot-dragging
On 05/11/2011 11:21, valdis.kletni...@vt.edu wrote: Unless you have a captive audience for customers, you probably have a churn rate higher than 0.1%*anyhow*. This argument has already been refuted many times. Let's assume that you're right about the churn rate. The issue is enterprises not wanting to take affirmative steps to knock N% *more* customers off the site than whatever the current churn rate is by enabling IPv6. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Re: OT: Jay Adelson Keynote Video?
http://bitcast-b.bitgravity.com/bitgravity/nanog_5Mbit_720p_30fps.mov I believe this is it -- kris On May 11, 2011, at 11:23 AM, Tom Daly wrote: Folks, At NANOG 43, Jay Adelson had a video clip in his presentation which celebrated the hilarity that customers create for network engineers. Does anyone have a link to the video? A review of the abstract (http://nanog.org/meetings/nanog43/abstracts.php?pt=NDMmbmFub2c0Mw==nm=nanog43) and google'ing high and low yielding no results. I seem to recall it being on BitGravity, but I don't have the URL. Tom -- Tom Daly, CTO, Dynamic Network Services, Inc. ### We're hiring software engineers, network engineers, and web developers. Learn more at http://dyn.com/why-dyn/careers. ###
Re: IPv6 foot-dragging
On 5/11/11 11:39 AM, George Bonser wrote: It depends. There are other things to take into account. If you increase the time it takes a mobile device to complete a transaction by only a couple of seconds, if you multiply those couple of seconds by all of the users in a large metro area, you end up with devices increased use of network resources (and increased battery drain on the devices themselves). Anything that can be done to speed transactions up and get those transmitters shut off as quickly as possible is a win. If you don't have a lot of mobile clients hitting your site, then maybe that isn't a problem. Every network has their own set of resources and their own set of challenges and all of that has to fit within the network architecture they have deployed and their business model. So in our environment reducing the load time on an application by a couple seconds nets out to several human lifetimes a month, so people count seconds and fractions of seconds like they're precious. Basically, there is no magic bullet. indeed, it has to be applied systemically.
RE: IPv6 foot-dragging
So what's the alternative? Never change anything? Of course not. But the best course forward is going to be different for different folks. What might work best for me might not (probably WILL not) work best for everyone else. One has to look at their situation and plan the best path for their business with their architecture and the resources they have available to them. I suggested one option but that might not work for others. Others might see a strict white listing, or maybe some combination of the two. But there is so much brokenness out there right now that I would hesitate to trust an request that arrives over v4 when there is a v6 name server available. Remember, this is al extremely trivial stuff: most things won't even completely stop working. And a few mouseclicks (yes, you have to know which ones so the helpdesks better start figuring that out) and you're back to normal. Compare this to turning off analog TV transmitters that have been running for decades where people have to buy converter boxes and sometimes even install antennas on their roof to keep using the service. It depends. There are other things to take into account. If you increase the time it takes a mobile device to complete a transaction by only a couple of seconds, if you multiply those couple of seconds by all of the users in a large metro area, you end up with devices increased use of network resources (and increased battery drain on the devices themselves). Anything that can be done to speed transactions up and get those transmitters shut off as quickly as possible is a win. If you don't have a lot of mobile clients hitting your site, then maybe that isn't a problem. Every network has their own set of resources and their own set of challenges and all of that has to fit within the network architecture they have deployed and their business model. Basically, there is no magic bullet.
Re: 23,000 IP addresses
On Wed, May 11, 2011 at 2:26 PM, Joel Jaeggli joe...@bogus.com wrote: On 5/11/11 8:26 AM, Christopher Morrow wrote: On Wed, May 11, 2011 at 11:16 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: Courts like precedent. I choose Facebook's precedent. Seems reasonable to me. That's also roughly in line with Nextel and others for CALEA. Hrm, I had thought that CALEA specifically removed the ability of the Provider to charge for the 'service'? Though there is always the case where the Provider can say: Yes, this doesn't fall into the CALEA relevant requests, we can do this for you though it will cost time/materials to do, here's our schedule... or that's the stance a previous employer was taking... (at the direction of their lawyer-catzen) A civil subpeona is not a calea request. This thread has done a fair bit of intermingling of the two things to the detriment of it's utility. yes, sorry... I got confused by william's interjection of calea... While I'm sure facebook is served with plenty of valid search warrants, I'm reasonably unsure that they meet the definition of telecommunications carrier. there's some discussion in the light of recent hearings, here: http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html there's been a push (or was a while ago) to change the calea requirements such that 'service provider' was the application service provider as well. AOL IM, Facebook, Google-Search... etc. with calea-like exfil of relevant data in 'near realtime' and 'at no cost to LEA'. -chris
Re: Japan electrical power?
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Wed May 11 13:22:18 2011 Date: Wed, 11 May 2011 14:21:30 -0400 Subject: Re: Japan electrical power? From: Jay Nakamura zeusda...@gmail.com To: Robert Boyle rob...@tellurian.com Cc: nanog@nanog.org On May 11, 2011 10:09 AM, Robert Boyle rob...@tellurian.com wrote: Hello, I know voltage varies from town to town and prefecture to prefecture. No, it doesn't. Japan has two systems, both 100v, western Japan has 60Hz, eastern Japan has 50Hz. 'Nominal' voltage, that is. with relatively poor regulation. 'local' variation +/-10% (or more) is the norm. Handling +/-15% will cover practically all 'routine' volatage excursions. If I was designing, I'd spec for at least 25%, and probably 30% plus, variance.
Re: IPv6 foot-dragging
On Wed, May 11, 2011 at 11:39 AM, George Bonser gbon...@seven.com wrote: There are other things to take into account. If you increase the time it takes a mobile device to complete a transaction by only a couple of seconds, if you multiply those couple of seconds by all of the users in a large metro area, you end up with devices increased use of network resources (and increased battery drain on the devices themselves). Anything that can be done to speed transactions up and get those transmitters shut off as quickly as possible is a win. I agree that seconds sometimes matters, but the latency of a transaction doesn't have a linear relationship with radio or battery usage on a mobile device. Because of the timers involved in the state transitions (eg CELL_FACH - CELL_DCH), a few seconds of extra latency often is inconsequential because there is a minimum duration for which the radio will stay awake anyways. Coalescing techniques like Android's setInexactRepeating method of the Alarm Manager also optimize radio access across multiple apps. And if I'm not mistaken, it's the transition to/from CELL_DCH which is the most expensive resource-wise for network operators, not the duration of keeping this state. The argument that IPv6-induced latency is going to affect mobile devices disproportionally doesn't seem especially compelling. -Nick
RE: IPv6 foot-dragging
I agree that seconds sometimes matters, but the latency of a transaction doesn't have a linear relationship with radio or battery usage on a mobile device. Because of the timers involved in the state transitions (eg CELL_FACH - CELL_DCH), a few seconds of extra latency often is inconsequential because there is a minimum duration for which the radio will stay awake anyways. Coalescing techniques like Android's setInexactRepeating method of the Alarm Manager also optimize radio access across multiple apps. Not every device out there is an android. Not every OS on every device handles connections the same way. Problems can compound if several different names must be looked up in order to get a complete page view. Are your images served from a different name? Do you have short TTLs that require names to be looked up frequently? Again, every network is going to have their own unique sets of issues. But until there are more eyeballs out there that are native v6, we aren't going to see a lot of movement.
Re: IPv6 foot-dragging
On 11 mei 2011, at 20:39, George Bonser wrote: So what's the alternative? Never change anything? Of course not. But the best course forward is going to be different for different folks. What might work best for me might not (probably WILL not) work best for everyone else. One has to look at their situation and plan the best path for their business with their architecture and the resources they have available to them. I suggested one option but that might not work for others. I find it strange that you approach this issue as one of the great questions of our time. If you don't want to enable IPv6 for your service at this time, then don't enable IPv6 for your service at this time. But you'll have to do it at some point, so doing it together with your competitors and/or big players seems like a good choice. Going through huge lengths to optimize for a problem that will only exist for a couple of years or so doesn't make sense to me. Also, all this special case logic has a nasty tendency to create all kinds of unexpected problems down the road. I'm sure that the people at Microsoft thought it was a swell idea to enable 6to4 by default. If they hadn't done that, they'd saved us all a lot of wasted time.
Re: How do you put a TV station on the Mbone?
On Wed, May 4, 2011 at 7:19 PM, Tim Durack tdur...@gmail.com wrote: On Wed, May 4, 2011 at 6:20 PM, Jay Ashworth j...@baylink.com wrote: No business is entitled to protection of its business model. Unless it has a market monopoly, deep pockets, and lobbyist friends. http://arstechnica.com/tech-policy/news/2011/05/after-approving-comcastnbc-deal-fcc-commish-becomes-comcast-lobbyist.ars I rest my case. -- Tim:
Re: 23,000 IP addresses
On Wed, May 11, 2011 at 7:48 AM, Michael Holstein michael.holst...@csuohio.edu wrote: I have the netflow records to prove this is NOT the case. All MediaSentry (et.al.) do is scrape the tracker. We have also received a number of takedown notices that have numbers transposed, involve parts Seems really prone to failure. I wonder does IANA frequently receive legal papers demanding the name and street address of the customer at 127.0.0.1 ? :) -- -JH
Re: How do you put a TV station on the Mbone?
Tim Durack wrote: On Wed, May 4, 2011 at 7:19 PM, Tim Durack tdur...@gmail.com wrote: On Wed, May 4, 2011 at 6:20 PM, Jay Ashworth j...@baylink.com wrote: No business is entitled to protection of its business model. Unless it has a market monopoly, deep pockets, and lobbyist friends. http://arstechnica.com/tech-policy/news/2011/05/after-approving-comcastnbc-deal-fcc-commish-becomes-comcast-lobbyist.ars I rest my case. Check out the movie, 'Casino Jack', about Jack Abramoff. My favorite line is when he's in the slammer and telling another inmate what he does for a living, the inmate says, Lobbyist... is that illegal?.
Re: IPv6 foot-dragging
On 5/11/2011 11:03 AM, ja...@jamesstewartsmith.com wrote: I have had similar problems with our providers, and these are tier 1 companies that should have already been full deployed. These are also some of the more expensive providers on a per Mb basis. The one provider that was full IPv6 ready was Cogent. HE is also IPv6 (although we don't use them atm.) The same Cogent that asked me to pay extra for IPv6 and in return I get an incomplete IPv6 routing table?
Re: Routing study
At 21:43 11/05/2011 -0400, Vytautas Valancius wrote: Hi NANOG, From May 18th to June 18th Georgia Tech will conduct an Internet routing study using AS-PATH poisoning. We will insert AS numbers into one of our announcements to route around some networks. The study will *only* affect the the Georgia Tech prefix 168.62.16.0/24. The prefix serves *no active users* for the duration of study. We will always start AS-PATH with our own AS 47065. We will limit ourselves to 10 announcement changes per hour. If, for any reason, you want us not to poison our prefix with you AS number, please opt-out at any time at: http://www.surveymonkey.com/s/WGLV6QR Kudos for doing the right thing. -Hank Regards, Vytautas Valancius http://valas.gtnoise.net/ Georgia Tech