ouch..
http://www.overpromisesunderdelivers.net/ -- Martin Hepworth Oxford, UK
Re: ouch..
On Sep 14, 2011, at 12:42 PM, Martin Hepworth wrote: http://www.overpromisesunderdelivers.net/ Saying the other brand sucks doesn't make yours any better. Besides, there are other big players on the market. Terribly lame of Cisco... Vlad Galu g...@packetdam.com
Re: ouch..
On 14/09/2011 11:42, Martin Hepworth wrote: http://www.overpromisesunderdelivers.net/ Wow, classy. Nick
Re: ouch..
Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. whois overpromisesunderdelivers.net Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: OVERPROMISESUNDERDELIVERS.NET Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-sep-2011 Creation Date: 05-sep-2011 Expiration Date: 05-sep-2012 Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: OVERPROMISESUNDERDELIVERS.NET Created on: 05-Sep-11 Expires on: 05-Sep-12 Last Updated on: 05-Sep-11 Administrative Contact: Private, Registration overpromisesunderdelivers@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Technical Contact: Private, Registration overpromisesunderdelivers@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Domain servers in listed order: NS35.DOMAINCONTROL.COM NS36.DOMAINCONTROL.COM braaen@brian:~$ dig OVERPROMISESUNDERDELIVERS.NET ; DiG 9.7.3 OVERPROMISESUNDERDELIVERS.NET ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 40339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;OVERPROMISESUNDERDELIVERS.NET. IN A ;; ANSWER SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN A 98.129.229.190 ;; AUTHORITY SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns36.domaincontrol.com. OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns35.domaincontrol.com. ;; ADDITIONAL SECTION: ns35.domaincontrol.com. 3046IN A 216.69.185.18 ns36.domaincontrol.com. 3046IN A 208.109.255.18 braaen@brian:~$ dig -x 98.129.229.190 ; DiG 9.7.3 -x 98.129.229.190 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26507 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;190.229.129.98.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 229.129.98.in-addr.arpa. 300IN SOA ns.rackspace.com. hostmaster.rackspace.com. 1314291452 3600 300 1814400 300 --- Brian Raaen Network Architect Zcorum On Wed, Sep 14, 2011 at 11:42:35AM +0100, Martin Hepworth wrote: http://www.overpromisesunderdelivers.net/ -- Martin Hepworth Oxford, UK
Re: ouch..
On Wed, 2011-09-14 at 07:15 -0400, Brian Raaen wrote: Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. (1) If Cisco were responsible, would they want to advertise the fact ? (2) If Cisco feel their intellectual and copyright property is being abused, Cisco lawyers would have the Cisco name and branding removed in seconds ! Paul, England, EU.
Re: ouch..
Main cisco page has a link to it... Frank On 9/14/2011 2:15 PM, Brian Raaen wrote: Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. whois overpromisesunderdelivers.net Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: OVERPROMISESUNDERDELIVERS.NET Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-sep-2011 Creation Date: 05-sep-2011 Expiration Date: 05-sep-2012 Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: OVERPROMISESUNDERDELIVERS.NET Created on: 05-Sep-11 Expires on: 05-Sep-12 Last Updated on: 05-Sep-11 Administrative Contact: Private, Registration overpromisesunderdelivers@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Technical Contact: Private, Registration overpromisesunderdelivers@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Domain servers in listed order: NS35.DOMAINCONTROL.COM NS36.DOMAINCONTROL.COM braaen@brian:~$ dig OVERPROMISESUNDERDELIVERS.NET ; DiG 9.7.3 OVERPROMISESUNDERDELIVERS.NET ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 40339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;OVERPROMISESUNDERDELIVERS.NET. IN A ;; ANSWER SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN A 98.129.229.190 ;; AUTHORITY SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns36.domaincontrol.com. OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns35.domaincontrol.com. ;; ADDITIONAL SECTION: ns35.domaincontrol.com. 3046IN A 216.69.185.18 ns36.domaincontrol.com. 3046IN A 208.109.255.18 braaen@brian:~$ dig -x 98.129.229.190 ; DiG 9.7.3 -x 98.129.229.190 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26507 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;190.229.129.98.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 229.129.98.in-addr.arpa. 300IN SOA ns.rackspace.com. hostmaster.rackspace.com. 1314291452 3600 300 1814400 300 --- Brian Raaen Network Architect Zcorum On Wed, Sep 14, 2011 at 11:42:35AM +0100, Martin Hepworth wrote: http://www.overpromisesunderdelivers.net/ -- Martin Hepworth Oxford, UK
Re: ouch..
On 09/14/2011 07:58 AM, Brian Raaen wrote: Nice, I didn't see that. Then I guess whoever set up this site was a shill for Cisco, I just love how instead of focusing on developing better products, that they are more about marketing now. --- Brian Raaen Network Architect Cisco has always been about marketing from since Chambers took over way back when!
Re: what about the users re: NAT444 or ?
On Sep 13, 2011, at 10:18 PM, Dan Wing wrote: One can do that with or without NAT. This claim that one cannot keep a network running without a service provider connected if you don't run NAT is a myth of dubious origin. If the hosts are running DHCP, and the ISP is running the DHCP server? I guess they will fall back (after a while) to link-local and continue on their merry way. That's some pretty big IFs. Even if I were using DHCP to get the prefix from my service provider via DHCP-PD, I'd back-stop that with some form of local DHCP server and deal with the need for manual intervention when the provider renumbered me. In my experience, getting renumbered is a rare enough experience that I don't pay Comcast $60/year for a static address. Owen can accomplish this pretty easily, because the IPv4 addresses in the home can be any IPv4 address whatsoever -- which allows the in-home CPE (B4, in Dual Stack-Lite parlance) to assign any address it wants with its built-in DHCP server.) There are other ways to accomplish this as well. -d -d and less technically but relevant I think is to ask about cost? who pays? In some cases, ISPs will provide new CPE to their end users. In other cases, end-users will be expected to pay to upgrade their own. Owen Christian On 8 Sep 2011, at 15:02, Cameron Byrne wrote: On Sep 8, 2011 1:47 AM, Leigh Porter leigh.por...@ukbroadband.com wrote: -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: 08 September 2011 01:22 To: Leigh Porter Cc: Seth Mos; NANOG Subject: Re: NAT444 or ? Considering that offices, schools etc regularly have far more than 10 users per IP, I think this limit is a little low. I've happily had around 300 per public IP address on a large WiFi network, granted these are all different kinds of users, it is just something that operational experience will have to demonstrate. Yes, but, you are counting individual users whereas at the NAT444 level, what's really being counted is end-customer sites not individual users, so the term users is a bit misleading in the context. A given end-customer site may be from 1 to 50 or more individual users. Indeed, my users are using LTE dongles mostly so I expect they will be single users. At the moment on the WiMAX network I see around 35 sessions from a WiMAX modem on average rising to about 50 at peak times. These are a combination of individual users and home modems. We had some older modems that had integrated NAT that was broken and locked up the modem at 200 sessions. Then some old base station software died at about 10K sessions. So we monitor these things now.. I would love to avoid NAT444, I do not see a viable way around it at the moment. Unless the Department of Work and Pensions release their /8 that is ;-) The best mitigation really is to get IPv6 deployed as rapidly and widely as possible. The more stuff can go native IPv6, the less depends on fragile NAT444. Absolutely. Even things like google maps, if that can be dumped on v6, it'll save a load of sessions from people. The sooner services such as Microsoft Update turn on v6 the better as well. I would also like the CDNs to be able to deliver content in v6 (even if the main page is v4) which again will reduce the traffic that has to traverse any NAT. Soon, I think content providers (and providers of other services on the 'net) will roll v6 because of the performance increase as v6 will not have to traverse all this NAT and be subject to session limits, timeouts and such. What do you mean by performance increase? If performance equals latency, v4 will win for a long while still. Cgn does not add measurable latency. Cb -- Leigh __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
RE: ouch..
-Original Message- From: Erik Bais [mailto:eb...@a2b-internet.com] Sent: Wednesday, September 14, 2011 7:56 AM To: 'Frank Habicht'; nanog@nanog.org Subject: RE: ouch.. Personally I think this is a pathetic action from Cisco, however I'm not surprised by them doing it ... Regards, Erik Bais Does seem odd that Cisco would use Go Daddy. My first thought was a disgruntled (ex) Juniper Employee. Then again, Juniper did bash Cisco in its cartoon strips all those years. Payback???
Re: ouch..
On Sep 14, 2011, at 3:54 AM, Nick Hilliard wrote: On 14/09/2011 11:42, Martin Hepworth wrote: http://www.overpromisesunderdelivers.net/ Wow, classy. Nick Wow... If Cisco slides any further into mudslinging, I'll expect the company to run for president. Owen
Re: ouch..
Or possibly Cisco is trying to cover their tracks. Owen On Sep 14, 2011, at 4:15 AM, Brian Raaen wrote: Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. whois overpromisesunderdelivers.net Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: OVERPROMISESUNDERDELIVERS.NET Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-sep-2011 Creation Date: 05-sep-2011 Expiration Date: 05-sep-2012 Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: OVERPROMISESUNDERDELIVERS.NET Created on: 05-Sep-11 Expires on: 05-Sep-12 Last Updated on: 05-Sep-11 Administrative Contact: Private, Registration overpromisesunderdelivers@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Technical Contact: Private, Registration overpromisesunderdelivers@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Domain servers in listed order: NS35.DOMAINCONTROL.COM NS36.DOMAINCONTROL.COM braaen@brian:~$ dig OVERPROMISESUNDERDELIVERS.NET ; DiG 9.7.3 OVERPROMISESUNDERDELIVERS.NET ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 40339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;OVERPROMISESUNDERDELIVERS.NET. IN A ;; ANSWER SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN A 98.129.229.190 ;; AUTHORITY SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns36.domaincontrol.com. OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns35.domaincontrol.com. ;; ADDITIONAL SECTION: ns35.domaincontrol.com. 3046IN A 216.69.185.18 ns36.domaincontrol.com. 3046IN A 208.109.255.18 braaen@brian:~$ dig -x 98.129.229.190 ; DiG 9.7.3 -x 98.129.229.190 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26507 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;190.229.129.98.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 229.129.98.in-addr.arpa. 300IN SOA ns.rackspace.com. hostmaster.rackspace.com. 1314291452 3600 300 1814400 300 --- Brian Raaen Network Architect Zcorum On Wed, Sep 14, 2011 at 11:42:35AM +0100, Martin Hepworth wrote: http://www.overpromisesunderdelivers.net/ -- Martin Hepworth Oxford, UK
Re: ouch..
One: Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. Another: Does seem odd that Cisco would use Go Daddy. My first thought was a disgruntled (ex) Juniper Employee. Then again, Juniper did bash Cisco in its cartoon strips all those years. Payback??? I'm bit surprised people actually think where campaign site is hosted and who has registered domain can be used to predict who is responsible for it. Cisco marketing probably have tons of webshops from whom they buy campaigns, what ever company was responsibly for winning this bid happens to use godaddy and rackspace. Our marketing has bought campaigns which have been hosted in our competitors networks, they don't understand to ask from the bidder where and how will the pages be hosted. -- ++ytti
Re: ouch..
Check out the White Papar referenced http://www.overpromisesunderdelivers.net/pdfs/Why_Cisco_Not_Juniper.pdf It has Cisco's usual White Paper format and their copyright stamped on the bottom which is also dates 9/11. If it's not Cisco or one of it's affiliates, I would expect them to be contacting their so called Marketing folks anytime now. If this really is Cisco i'm with Owen and expect a presidential bid announcement any second now Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) - Max On Wed, Sep 14, 2011 at 7:56 AM, Saku Ytti s...@ytti.fi wrote: One: Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. Another: Does seem odd that Cisco would use Go Daddy. My first thought was a disgruntled (ex) Juniper Employee. Then again, Juniper did bash Cisco in its cartoon strips all those years. Payback??? I'm bit surprised people actually think where campaign site is hosted and who has registered domain can be used to predict who is responsible for it. Cisco marketing probably have tons of webshops from whom they buy campaigns, what ever company was responsibly for winning this bid happens to use godaddy and rackspace. Our marketing has bought campaigns which have been hosted in our competitors networks, they don't understand to ask from the bidder where and how will the pages be hosted. -- ++ytti
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
On Tue, Sep 13, 2011 at 11:55 PM, Ted Cooper ml-nanog0903...@elcsplace.com wrote: As claimed by the DigiNotar hacker - He compromised their servers but Eddy was manually approving certs at the time and so no certs were signed. There was information about it on the site, but it seems to be gone now. Articles still show a screenshot of the message you're talking about [1] , but the site was back alive in July when I needed a certificate. A separate notice on another part of the company's site says that its services would be unavailable until June 20, [2] I've certainly been able to issue certificates for myself since then. indeed, cool! I was able to have a site cert issued lastnight as well. This is (for me) good news :) -chris
Re: ouch..
On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU.
Re: ouch..
Define Cisco in your context please. Cisco marketing?? Cisco sales?? Cisco TAC? Cisco product development?? I've been told several lies by some Cisco SE's that have worked with me, but I wouldn't go as far to say Cisco lies. - Max On Wed, Sep 14, 2011 at 8:36 AM, Always Learning na...@u61.u22.net wrote: On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU.
Re: ouch..
On Wed, 14 Sep 2011 08:44:10 CDT, N. Max Pierson said: Define Cisco in your context please. Cisco marketing?? Cisco sales?? Cisco TAC? Cisco product development?? Cisco outsourced PR campaign? Wouldn't be the first time a company has hired a shop, stuck a link to the result on their home page, and then been surprised by what they linked to. In any case, I'm sure *somebody* is having an uncomfortable conversation in their supervisor's office this morning. ;) pgpZSBaqeud2w.pgp Description: PGP signature
RE: ouch..
-Original Message- From: Always Learning [mailto:na...@u61.u22.net] Sent: 14 September 2011 14:39 To: N. Max Pierson Cc: nanog@nanog.org Subject: Re: ouch.. On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU. Lies? So who has 100G MX series cards then..? -- Leigh __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: ouch..
Funny they forget to mention that Cisco doesn't have 100g any where. Sent from my iPhone On Sep 14, 2011, at 7:41 AM, Leigh Porter leigh.por...@ukbroadband.com wrote: -Original Message- From: Always Learning [mailto:na...@u61.u22.net] Sent: 14 September 2011 14:39 To: N. Max Pierson Cc: nanog@nanog.org Subject: Re: ouch.. On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU. Lies? So who has 100G MX series cards then..? -- Leigh __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
RE: NANOG Digest, Vol 44, Issue 55 - Re: ouch..
Well, I'm not surprised at all, being that Cisco also does this to Alcatel-Lucent: http://www.youtube.com/watch?v=uX3zvjX3c5Q I think Cisco is just running scared now. If they didn't charge so much for their products, they wouldn't have this problem. In addition, I think they also thought that they would be # 1 forever and that nobody could touch them, so they just stopped trying to stay ahead of the competition. _ Allen -Original Message- From: nanog-requ...@nanog.org [mailto:nanog-requ...@nanog.org] Sent: Wednesday, September 14, 2011 7:56 AM To: nanog@nanog.org Subject: NANOG Digest, Vol 44, Issue 55 Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than Re: Contents of NANOG digest... Today's Topics: 1. RE: NAT444 or ? (Dan Wing) 2. ouch.. (Martin Hepworth) 3. Re: ouch.. (Vlad Galu) 4. Re: ouch.. (Nick Hilliard) 5. Re: ouch.. (Brian Raaen) 6. Re: ouch.. (Always Learning) 7. Re: ouch.. (Frank Habicht) 8. HP A-series, H3C, Huawei and their capabilities in real-life (Mark Smith) 9. RE: ouch.. (Erik Bais) -- Message: 1 Date: Tue, 13 Sep 2011 22:28:17 -0700 From: Dan Wing dw...@cisco.com To: 'Owen DeLong' o...@delong.com Cc: nanog@nanog.org Subject: RE: NAT444 or ? Message-ID: 0a4d01cc729f$1bc0abc0$53420340$@com Content-Type: text/plain; charset=us-ascii -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: Tuesday, September 13, 2011 9:43 PM To: Dan Wing Cc: 'Leigh Porter'; 'David Israel'; nanog@nanog.org Subject: Re: NAT444 or ? Good point, but aside from these scaling issues which I expect can be resolved to a point, the more serious issue, I think, is applications that just do not work with double NAT. Now, I have not conducted any serious research into this, but it seems that draft-donley-nat444- impacts does appear to have highlight issues that may have been down to implementation. Draft-donley-nat444-impacts conflates bandwidth constraints with CGN with in-home NAT. Until those are separated and then analyzed carefully, it is harmful to draw conclusions such as NAT444 bad; NAT44 good. Continuing to make this claim does not make it any more true. Draft-donley took networks and measured their real-world functionality without NAT444, then, added NAT444 and repeated the same tests. Regardless of the underlying issue(s), the addition of NAT444 to the mix resulted in the forms of service degradation enumerated in the draft. I disagree it reached that conclusion. That may have been its intent. Further, I would not ever say NAT444 bad; NAT44 good. I would say, rather, NAT44 bad, NAT444 worse. I think that's a pretty safe and non-harmful thing to say. Yes, your statement is completely accurate. I agree that IPv4 address sharing causes additional problems (which encompasses all forms of IPv4 address sharing), and CGN causes additional problems. Other simple tricks such as ensuring that your own internal services such as DNS are available without traversing NAT also help. Yep. But some users want to use other DNS servers for performance (e.g., Google's or OpenDNS servers, especially considering they could point the user at a 'better' (closer) CDN based on Client IP), to avoid ISP DNS hijacking, or for content control (e.g., parental control of DNS hostnames). That traffic will, necessarily, traverse the CGN. To avoid users burning through their UDP port allocation for those DNS queries it is useful for the CGN to have short timeouts for port 53. If the user chooses to use a DNS server on the other side of a NAT, then, they are choosing to inflict whatever damage upon themselves. I'm not saying that short UDP/53 timeouts are a bad idea, but, I am saying that the more stuff you funnel through an LSN at the carrier, the more stuff you will see break. This would lead me to want to avoid funneling anything through said NAT which I could avoid. Then again, I run my own authoritative and recursive nameservers in my home and don't use any NAT at all, so, perhaps my perspective is different from others. Yeah, you are probably of about 1000 or maybe 3000 people in the world that do that. Seems to be a minority. Certainly some more work can be done in this area, but I fear that the only way a real idea as to how much NAT444 really doe break things will be operational experience. Yep. (Same as everything else.) I'm sure that will happen soon enough. I, for one, am
Re: ouch..
http://www.cisco.com/en/US/prod/collateral/routers/ps5763/CRS-1x100GE_DS.html ? James Jones ja...@freedomnet.co.nz wrote: Funny they forget to mention that Cisco doesn't have 100g any where. Sent from my iPhone On Sep 14, 2011, at 7:41 AM, Leigh Porter leigh.por...@ukbroadband.com wrote: -Original Message- From: Always Learning [mailto:na...@u61.u22.net] Sent: 14 September 2011 14:39 To: N. Max Pierson Cc: nanog@nanog.org Subject: Re: ouch.. On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU. Lies? So who has 100G MX series cards then..? -- Leigh __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: ouch..
http://www.overpromisesunderdelivers.net/ amazingly professional. not. but lead contestant for pathetic jealousy post of the year
RE: ouch..
Great, can you actually order one and really have it delivered? Not that you would really want to I guess, but if you were into that kind of thing.. Point me to it if I am wrong, but I still do not see an MX-series 100G interface even on the Juniper site.. http://www.juniper.net/us/en/products-services/routing/mx-series/mx960/#modules -- Leigh -Original Message- From: Paul [mailto:p...@paulgraydon.co.uk] Sent: 14 September 2011 16:48 To: James Jones; Leigh Porter Cc: nanog@nanog.org; Always Learning Subject: Re: ouch.. http://www.cisco.com/en/US/prod/collateral/routers/ps5763/CRS- 1x100GE_DS.html ? James Jones ja...@freedomnet.co.nz wrote: Funny they forget to mention that Cisco doesn't have 100g any where. Sent from my iPhone On Sep 14, 2011, at 7:41 AM, Leigh Porter leigh.por...@ukbroadband.com wrote: -Original Message- From: Always Learning [mailto:na...@u61.u22.net] Sent: 14 September 2011 14:39 To: N. Max Pierson Cc: nanog@nanog.org Subject: Re: ouch.. On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU. Lies? So who has 100G MX series cards then..? -- Leigh __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: ouch..
I stand corrected. I willing to admit when I am wrong. So do that only have 100Gb on the carrier routers? Sent from my iPhone On Sep 14, 2011, at 8:46 AM, Paul p...@paulgraydon.co.uk wrote: http://www.cisco.com/en/US/prod/collateral/routers/ps5763/CRS-1x100GE_DS.html ? James Jones ja...@freedomnet.co.nz wrote: Funny they forget to mention that Cisco doesn't have 100g any where. Sent from my iPhone On Sep 14, 2011, at 7:41 AM, Leigh Porter leigh.por...@ukbroadband.com wrote: -Original Message- From: Always Learning [mailto:na...@u61.u22.net] Sent: 14 September 2011 14:39 To: N. Max Pierson Cc: nanog@nanog.org Subject: Re: ouch.. On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? -- With best regards, Paul. England, EU. Lies? So who has 100G MX series cards then..? -- Leigh __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: ouch..
On 9/14/2011 10:41 AM, Leigh Porter wrote: On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? Lies? So who has 100G MX series cards then..? That's disingenuous. The question was not whether Cisco has ever lied, but whether the web page lies. The web page very carefully picks and chooses facts, but I don't think it actually lies. Therefore, it isn't slander. It's just mudslinging. Also, on another note, nobody should be surprised that the registration information doesn't say Cisco. Think about it: would they want whois overpromisesunderdelivers.com to say Cisco all over it?
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
The problem that I see with browser response to self-signed (or org generated) certs is not the warning(s) but the assertion that the cert is invalid. Not issued by one of the players in the Protection Racket does not make the cert invalid. It may be untrustable, unreliable, from an unknown and/or unverifiable source, but it IS a valid cert. Certs in a revocation list or malformed certs are invalid. After all, the Diginotar certs were 'valid', until revoked. Apparently the (arbitrary) inclusion or exclusion of a root cert by each browser creator or distributer is equated with validity. By removing the Diginotar root cert, suddenly ALL Diginotar certs are now reported to end users as Invalid? By refusing to include a CACert root certificate, no CACert certificate is 'valid'? I think not. -- -=[L]=- Hand typed on my Remington portable
Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)
And to end this thread as this effectively ends Diginotar troubles for the Interwebz: Dutch official statement: http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3469 English Summary OPTA revokes Diginotar License as TTP: http://www.circleid.com/posts/opta_revokes_diginotar_license_as_ttp/ Greets, Jeroen
Re: Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)
On Wed, 2011-09-14 at 19:16 +0200, Jeroen Massar wrote: And to end this thread as this effectively ends Diginotar troubles for the Interwebz: Dutch official statement: http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3469 Bedankt. Vertaling (my own translation, niet slecht voor een buitenlander) OPTA regulates the Dutch communications market including consumer protection. OPTA has now ended the registration of Diginotar as a supplier of authorised certificates for electronic signatures. An investigation by OPTA revealed the trustworthiness of approved certificates from Diginotar can no longer be guaranteed. This means the business of issuing authorised certificates must stop and no new authorised certificates must be issued. -- With best regards, Paul. England, EU.
Re: ouch..
On Wed, Sep 14, 2011 at 11:02 AM, David Israel da...@otd.com wrote: On 9/14/2011 10:41 AM, Leigh Porter wrote: On Wed, 2011-09-14 at 08:33 -0500, N. Max Pierson wrote: Either way, it's pathetic. If someone is going to slander in the fashion the site has done, they should at least put a contact form somewhere for some feedback :) Slander means falsehood. Cisco tells lies ? Lies? So who has 100G MX series cards then..? That's disingenuous. The question was not whether Cisco has ever lied, but whether the web page lies. The web page very carefully picks and chooses facts, but I don't think it actually lies. Therefore, it isn't slander. It's just mudslinging. Also, on another note, nobody should be surprised that the registration information doesn't say Cisco. Think about it: would they want whois overpromisesunderdelivers.com to say Cisco all over it? Juniper: Who needs to waste time with pathetic marketing videos when you're gear just works. -- Brandon Galbraith US Voice: 630.492.0464
Re: ouch..
--- brandon.galbra...@gmail.com wrote: From: Brandon Galbraith brandon.galbra...@gmail.com Juniper: Who needs to waste time with pathetic marketing videos when you're gear just works. --- Unless it's the ERX series. Blech, it puts a bad taste in my mouth just writing the acronym ERX. Thank $deity that I don't have to work on those anymore... scott
Re: ouch..
You seem to have accidentally put an 'R' between your E and X ;) On 9/14/2011 4:05 PM, Scott Weeks wrote: --- brandon.galbra...@gmail.com wrote: From: Brandon Galbraithbrandon.galbra...@gmail.com Juniper: Who needs to waste time with pathetic marketing videos when you're gear just works. --- Unless it's the ERX series. Blech, it puts a bad taste in my mouth just writing the acronym ERX. Thank $deity that I don't have to work on those anymore... scott
Re: ouch..
Well... Seems to be popping up on global NOG lists today. When you're already in trouble with the wife you go have a beer with your mates. This campaign got all of you to stop talking about NAT444 and focused on talking about Cisco and Juniper gear. Hell, if I put my tinfoil hat on, I'd say this was a joint venture by both vendors to get you all to focus on their kit and stop looking at other brands or talking about technology standards. How many of you have sat and thought about the merit of this web site? * Does Juniper break promises? * Does Cisco break them? * What bad things and experiences have you had with Cisco, Juniper? * What is the best technology for each company? * Did you know that Cisco has a 100Gb solution? ...I could go on... It's 9:20am here and I woke up to a flurry of the worlds leading IP people talking about Cisco and Juniper - To: TheMarketingGuysFromCiscoJuniper From: OtherBrandUser Subject: Global brand awareness Marketing campaign Body: Job well done. D On 15/09/2011 9:05 a.m., Scott Weeks wrote: --- brandon.galbra...@gmail.com wrote: From: Brandon Galbraithbrandon.galbra...@gmail.com Juniper: Who needs to waste time with pathetic marketing videos when you're gear just works. --- Unless it's the ERX series. Blech, it puts a bad taste in my mouth just writing the acronym ERX. Thank $deity that I don't have to work on those anymore... scott
Re: ouch..
In a message written on Thu, Sep 15, 2011 at 09:24:25AM +1200, Don Gould wrote: How many of you have sat and thought about the merit of this web site? Ok, I'll take a swing at your list... * Does Juniper break promises? Yes. * Does Cisco break them? Yes. * What bad things and experiences have you had with Cisco, Juniper? It might take me several days, and many pages to compile that list. * What is the best technology for each company? Cisco: The AGS+ was ahead of its time. Jiniper: The Olive is quite nifty. * Did you know that Cisco has a 100Gb solution? Yes, but I can't afford it. Now, with that out of the way, how much does everyone else hate even the thought of NAT444? :) :) :) -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpEPzh82PK9Q.pgp Description: PGP signature
Summary: US Colo transit pricing
My apologies; I was just too damned tired to do this last night, by which time I had gotten my answer: $17 for a 5 way blend based on L3 and GBLX, in Tampa, isn't really all that bad. (100mbs commit; GigE fiber redundant) City PipeCommitCarrier(s) $/mbs === various 1G+ unk Cogent/HE 1 various 1G 1GHE 1 for 3yr cont. various 1G+ unk carriers not spec 2-3 multi 10G/agg 10G carrier not spec 3 various unk 1Gcarrier not spec 3-20[1] LAmetro 4x1G250-500M carriers not spec 5 NYC/colo 1G 500M carrier not spec 5 var/colo 1G 100-1Gblend not spec 15-20 down to 8 Portland 1G 100M AboveNet 9 various unk 700Magg Internap 9 var/colo unk unk blend not spec.10 various unk 50-100M carriers not spec 20-10 unk/colo 1G 150Magg Tier2 not spec 15 renego from *50* SF/colo unk small carriers not spec 45 Those are sorted in ascending order by the lowest rate quoted; where I could discern that it was for colo delivery, I've said so. Some commits (and hence rates) were aggregated over pipes or sites; if it was clear that the price applied to multiple quotes or blended bandwidth I've noted that too. My thanks to the folks who took a moment to contribute; the outcome of my inquiry was nah; I guess the price I got quoted really isn't all that bad, given the quality of the datacenter involved (which is quite nicely done). Cheers, -- jra [1]depending on how many beers we'd had together at NANOG meetings -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: ouch..
On 15/09/2011 9:46 a.m., Leo Bicknell wrote: Now, with that out of the way, how much does everyone else hate even the thought of NAT444? Clearly some hate it enough to go to the trouble of making a 'we think they suck' web site in an attempt to draw readers in a different direction. Now with respect to your list... I'm sure there will be many that will be quite interested to see it, so Monday? :) Beer D
Re: ouch..
On 9/14/11 2:46 PM, Leo Bicknell wrote: In a message written on Thu, Sep 15, 2011 at 09:24:25AM +1200, Don Gould wrote: How many of you have sat and thought about the merit of this web site? Ok, I'll take a swing at your list... * Does Juniper break promises? Yes. * Does Cisco break them? Yes. * What bad things and experiences have you had with Cisco, Juniper? It might take me several days, and many pages to compile that list. * What is the best technology for each company? Cisco: The AGS+ was ahead of its time. Jiniper: The Olive is quite nifty. * Did you know that Cisco has a 100Gb solution? Yes, but I can't afford it. Now, with that out of the way, how much does everyone else hate even the thought of NAT444? :) :) :) Just the thought of NAT444 makes my stomach turn.
Re: ouch..
Nat444 or frontal labotomy hmm let's see at least with the second I would still be able to make a living as a micro soft network admin;) Sent from my iPhone On 2011-09-14, at 6:07 PM, James Jones ja...@freedomnet.co.nz wrote: On 9/14/11 2:46 PM, Leo Bicknell wrote: In a message written on Thu, Sep 15, 2011 at 09:24:25AM +1200, Don Gould wrote: How many of you have sat and thought about the merit of this web site? Ok, I'll take a swing at your list... * Does Juniper break promises? Yes. * Does Cisco break them? Yes. * What bad things and experiences have you had with Cisco, Juniper? It might take me several days, and many pages to compile that list. * What is the best technology for each company? Cisco: The AGS+ was ahead of its time. Jiniper: The Olive is quite nifty. * Did you know that Cisco has a 100Gb solution? Yes, but I can't afford it. Now, with that out of the way, how much does everyone else hate even the thought of NAT444? :) :) :) Just the thought of NAT444 makes my stomach turn.
