BOF at NANOG 54 - IPV4 runout, doing more with less.
Greetings, The BOF topic that I proposed during the recent thread: Re: Sad IPv4 story? Got approved, I'm still looking for 1-2 additional speakers to round out the agenda. To recap: * IPV4 run-out means new entrants will from the outset deploy techniques the present operators consider undesirable. * IPV6 should be appearing as part and parcel of new greenfield projects I would think. * On the vendor side CGN hardware is becoming a mature product space. * Datacenter/ICP operators confront a similar set of problems both supporting outgoing connections for large pools and incoming termination. I you have thoughts on any or all of these subjects your fellow NANOG participants are likely to be a receptive audience. In particular I think our colleagues running access networks would be potentially interested in thoughtful commentary on some of the following: * Port constrained or determistic nat mappings e.g. draft-donley-behave-deterministic-cgn-00 * What the near term state of residential/small business cpe are, and what if anything they're still missing to be suitable for ipv6 deployment. * What scaling properties pitfalls have been encountered with big stateful translation systems either nat44 or nat64. If you like a formal slot on the agenda, please reach out to me. If you simply have an interest in this area let me know and we'll see if we can fit your topic in the plan. Thanks joel
Re: Comcast DNSSEC
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Wed Jan 11 00:02:13 > 2012 > Date: Wed, 11 Jan 2012 00:58:31 -0500 > From: Scott Schmit > To: nanog@nanog.org > Subject: Re: Comcast DNSSEC > > On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote: > > Hadn't seen this mentioned yet. > > > > http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html > > > > Comcast has signed all their managed domains, as well as deployed > > DNSSEC resolvers for their customers. And they're encouraging > > others to make the jump to DNSSEC now as well, especially > > e-comm/banking sites. > > Very cool, but they haven't signed *all* of them. comcast.net still > isn't signed, nor are any of the reverse zones, nor is comcastonline.com > (in Comcast's SOAs). > > You can probably quibble about whether the reverse zones are important, > but comcast.net is quite a significant miss. (Email, DNS, their "more > information links", etc.) > > Still, I'm glad they're doing it, and hopefully reality will catch up > with their announcement soon. :-) > > -- > Scott Schmit >
Re: Comcast DNSSEC
On Tue, Jan 10, 2012 at 05:24:47PM -0600, Jeremy Bresley wrote: > Hadn't seen this mentioned yet. > > http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html > > Comcast has signed all their managed domains, as well as deployed > DNSSEC resolvers for their customers. And they're encouraging > others to make the jump to DNSSEC now as well, especially > e-comm/banking sites. Very cool, but they haven't signed *all* of them. comcast.net still isn't signed, nor are any of the reverse zones, nor is comcastonline.com (in Comcast's SOAs). You can probably quibble about whether the reverse zones are important, but comcast.net is quite a significant miss. (Email, DNS, their "more information links", etc.) Still, I'm glad they're doing it, and hopefully reality will catch up with their announcement soon. :-) -- Scott Schmit
Re: bgp question
On Tue, 10 Jan 2012, Deric Kwok wrote: When we get newip, we should let the upstream know to expor it as there should have rule in their side. Correct. Ideally, two things happen: 1. You tell your upstreams and peers about the new space, and they update whatever prefix filters they have in place for your network. 2. You update you own outbound BGP filters wherever necessary so that you can announce the new prefix, aggregated to the extent possible, when you're ready. how about upstream provider, does they need to let their all bgp interconnect to know those our newip? They might. It depends on the relationship your upstreams have with their neighbors. Different providers have different criteria for what they'll accept and how they manage their filters. If your upstreams need to have their upstreams and/or peers update their BGP filters, it is their responsibility to notify them. Note that this can add to the amount of time it will take before your direct upstreams are ready to accept and propagate your new prefix. Some providers might require that your new prefix be registered in one of several routing registries, and they'll update their filters based on your new registry data. jms
Re: Comcast DNSSEC
On Jan 10, 2012 5:11 PM, "Peter Kristolaitis" wrote: > > Wow! Congrats to the Comcast crew, that's absolutely awesome! > +1 Between dnssec and ipv6 Comcast has shown true internet evolution leadership in their *actions*, which really stands out in an industry full of talk. Cb > Definitely interested in hearing any "lessons learned" that you can share from the exercise. > > - Pete > > > > > On 1/10/2012 6:24 PM, Jeremy Bresley wrote: >> >> Hadn't seen this mentioned yet. >> >> http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html >> >> Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites. >> >> Nice work guys, any of the Comcast guys on the list want to give us an idea how much work is involved in this from a large-scale service provider perspective to do it? Any big caveats you encountered that people should watch out for? >> >> Jeremy "TheBrez" Bresley >> b...@brezworks.com >> >
Re: Comcast DNSSEC
Wow! Congrats to the Comcast crew, that's absolutely awesome! Definitely interested in hearing any "lessons learned" that you can share from the exercise. - Pete On 1/10/2012 6:24 PM, Jeremy Bresley wrote: Hadn't seen this mentioned yet. http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites. Nice work guys, any of the Comcast guys on the list want to give us an idea how much work is involved in this from a large-scale service provider perspective to do it? Any big caveats you encountered that people should watch out for? Jeremy "TheBrez" Bresley b...@brezworks.com smime.p7s Description: S/MIME Cryptographic Signature
Comcast DNSSEC
Hadn't seen this mentioned yet. http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html Comcast has signed all their managed domains, as well as deployed DNSSEC resolvers for their customers. And they're encouraging others to make the jump to DNSSEC now as well, especially e-comm/banking sites. Nice work guys, any of the Comcast guys on the list want to give us an idea how much work is involved in this from a large-scale service provider perspective to do it? Any big caveats you encountered that people should watch out for? Jeremy "TheBrez" Bresley b...@brezworks.com
Re: bgp question
On Tue, Jan 10, 2012 at 2:43 PM, Deric Kwok wrote: > Hi all > > When we get newip, we should let the upstream know to expor it as > there should have rule in their side. > > how about upstream provider, does they need to let their all bgp > interconnect to know those our newip? > > If no, Can I know how it works? > > If they don't have rules each other, ls it any problems? > It depends on your upstream ISPs. Conventionally, some choose to place exact filters in place on BGP announcements that exactly match IP space that is registered with a RIR or LIR, some build those filters from IRR sources, and others just filter on the number of prefixes your sending (to avoid sending a whole table out on accident). I'm sure there are some other filtering schemes in place around the world. In the case of exact filters, you'll need to contact your upstream ISPs and ask them to update their filters. In the case of IRR-sourced filtering information, update the prefixes that you originate with your IRR provider. And in the case of max-prefix filtering, ask your ISP what they have their equipment set to. Cheers, jof
bgp question
Hi all When we get newip, we should let the upstream know to expor it as there should have rule in their side. how about upstream provider, does they need to let their all bgp interconnect to know those our newip? If no, Can I know how it works? If they don't have rules each other, ls it any problems? Thank you so much
Re: So... my colo was just bought.
On 01/10/2012 12:31 PM, Patrick Giagnocavo wrote: Expect all the local guys you dealt with to be gone in 6 months. --Patrick It's unfortunate just how true this will be. Bret
Re: So... my colo was just bought.
darn... and I was going to sublease some rack space in my sub-basement... /bill On Tue, Jan 10, 2012 at 06:58:33PM +, Paul WALL wrote: > George, > > We appreciate your sponsorship but using the NANOG mailing list to > sell your colo is inappropriate. > > Best Regards, > Paul > > On Tue, Jan 10, 2012 at 6:20 PM, George Fitzpatrick > wrote: > > If folks are having colo. issues please take a look at Telx. > > We will be in San Diego as well. > > In the meantime let's talk. > > > > Thanks, > > George > > 917.371.7257 > > > > -Original Message- > > From: Patrick Giagnocavo [mailto:patr...@zill.net] > > Sent: Tuesday, January 10, 2012 12:31 PM > > To: nanog@nanog.org > > Subject: Re: So... my colo was just bought. > > > > On 1/10/2012 10:58 AM, Jay Ashworth wrote: > >> By Knology. > >> > >> Should I be scared? > >> > >> My experiences with Knology have been fairly thin, but uniformly > >> negative, for at least the last 5 years. But I know that the plural > >> of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. > >> :-) > >> > >> Cheers, > >> -- jra > > > > You have to read the contract you signed. If it is still valid > > ("survivable" I think is the phrase?) then you have less to worry about. > > If not, they can mess with you a lot. > > > > Expect all the local guys you dealt with to be gone in 6 months. > > > > --Patrick > > > > > > __ > > This email has been scanned by the Symantec Email Security.cloud service. > > __ >
RE: So... my colo was just bought.
Yes sorry for the post, Thanks. -Original Message- From: Paul WALL [mailto:pauldotw...@gmail.com] Sent: Tuesday, January 10, 2012 1:59 PM To: George Fitzpatrick Cc: nanog@nanog.org Subject: Re: So... my colo was just bought. George, We appreciate your sponsorship but using the NANOG mailing list to sell your colo is inappropriate. Best Regards, Paul On Tue, Jan 10, 2012 at 6:20 PM, George Fitzpatrick wrote: > If folks are having colo. issues please take a look at Telx. > We will be in San Diego as well. > In the meantime let's talk. > > Thanks, > George > 917.371.7257 > > -Original Message- > From: Patrick Giagnocavo [mailto:patr...@zill.net] > Sent: Tuesday, January 10, 2012 12:31 PM > To: nanog@nanog.org > Subject: Re: So... my colo was just bought. > > On 1/10/2012 10:58 AM, Jay Ashworth wrote: >> By Knology. >> >> Should I be scared? >> >> My experiences with Knology have been fairly thin, but uniformly >> negative, for at least the last 5 years. But I know that the plural >> of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. >> :-) >> >> Cheers, >> -- jra > > You have to read the contract you signed. If it is still valid ("survivable" > I think is the phrase?) then you have less to worry about. > If not, they can mess with you a lot. > > Expect all the local guys you dealt with to be gone in 6 months. > > --Patrick > > > __ > This email has been scanned by the Symantec Email Security.cloud service. > __ __ This email has been scanned by the Symantec Email Security.cloud service. __
Re: So... my colo was just bought.
George, We appreciate your sponsorship but using the NANOG mailing list to sell your colo is inappropriate. Best Regards, Paul On Tue, Jan 10, 2012 at 6:20 PM, George Fitzpatrick wrote: > If folks are having colo. issues please take a look at Telx. > We will be in San Diego as well. > In the meantime let's talk. > > Thanks, > George > 917.371.7257 > > -Original Message- > From: Patrick Giagnocavo [mailto:patr...@zill.net] > Sent: Tuesday, January 10, 2012 12:31 PM > To: nanog@nanog.org > Subject: Re: So... my colo was just bought. > > On 1/10/2012 10:58 AM, Jay Ashworth wrote: >> By Knology. >> >> Should I be scared? >> >> My experiences with Knology have been fairly thin, but uniformly >> negative, for at least the last 5 years. But I know that the plural >> of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. >> :-) >> >> Cheers, >> -- jra > > You have to read the contract you signed. If it is still valid ("survivable" > I think is the phrase?) then you have less to worry about. > If not, they can mess with you a lot. > > Expect all the local guys you dealt with to be gone in 6 months. > > --Patrick > > > __ > This email has been scanned by the Symantec Email Security.cloud service. > __
RE: So... my colo was just bought.
If folks are having colo. issues please take a look at Telx. We will be in San Diego as well. In the meantime let's talk. Thanks, George 917.371.7257 -Original Message- From: Patrick Giagnocavo [mailto:patr...@zill.net] Sent: Tuesday, January 10, 2012 12:31 PM To: nanog@nanog.org Subject: Re: So... my colo was just bought. On 1/10/2012 10:58 AM, Jay Ashworth wrote: > By Knology. > > Should I be scared? > > My experiences with Knology have been fairly thin, but uniformly > negative, for at least the last 5 years. But I know that the plural > of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. > :-) > > Cheers, > -- jra You have to read the contract you signed. If it is still valid ("survivable" I think is the phrase?) then you have less to worry about. If not, they can mess with you a lot. Expect all the local guys you dealt with to be gone in 6 months. --Patrick __ This email has been scanned by the Symantec Email Security.cloud service. __
Re: So... my colo was just bought.
On 1/10/2012 10:58 AM, Jay Ashworth wrote: > By Knology. > > Should I be scared? > > My experiences with Knology have been fairly thin, but uniformly negative, > for at least the last 5 years. But I know that the plural of 'anecdote' is > not 'data'. That said, I'm accepting all anecdotes. :-) > > Cheers, > -- jra You have to read the contract you signed. If it is still valid ("survivable" I think is the phrase?) then you have less to worry about. If not, they can mess with you a lot. Expect all the local guys you dealt with to be gone in 6 months. --Patrick
RE: So... my colo was just bought.
In the 2002-2003 time frame I worked for a company that colo'd strategic business servers in various telco facilities (big names, some that are still in business today), but these telco's had no problem with closing down the colo and giving 6 months notice to all tenants, with very little advanced notice. So this created a situation where a replacement site had to be found, space leased, equipment purchased, network bandwidth negotiated and purchased, etc. within that 6 month timeframe, or face the consequences of being essentially out of business. I can't speak for the company that is the subject of the email though, only of what has happened to me in the past. -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, January 10, 2012 7:58 AM To: NANOG Subject: So... my colo was just bought. By Knology. Should I be scared? My experiences with Knology have been fairly thin, but uniformly negative, for at least the last 5 years. But I know that the plural of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 This communication, together with any attachments or embedded links, is for the sole use of the intended recipient(s) and may contain information that is confidential or legally protected. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by return e-mail message and delete the original and all copies of the communication, along with any attachments or embedded links, from your system.
RE: So... my colo was just bought.
Jay- We experianced a similar situation 5 or 6 years ago. We were in a SAS70-II colo that had great staff and an impressive track record. They were national, but not huge. When we picked them, we had two colo providers that were competing for our business. The other was the company that bought our colo. In the end, we made our decision not on price/options, but we felt the smaller company would give us better service. We were right. The new owners are enormous and corprate thinks they are the best thing since sliced bread. I can tell you they are not. Since the buyout, we have had too many account reps to count on one hand, they are never local and they never seem to care. Getting anything done inside the DC is so complicated we almost never use our remote hands. Even getting into the DC now takes 15 minutes because of all the checks we have to go through. Unfortuneatly where I am located there are only 2 colos that can provide 15kw/rack reliably, and one company owns both of them. -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, January 10, 2012 9:58 AM To: NANOG Subject: So... my colo was just bought. By Knology. Should I be scared? My experiences with Knology have been fairly thin, but uniformly negative, for at least the last 5 years. But I know that the plural of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: So... my colo was just bought.
Jay, Do you know if they'll be keeping/maintaining your colo? Or is it too early for that kind of information? -Hammer- "I was a normal American nerd" -Jack Herer On 1/10/2012 9:58 AM, Jay Ashworth wrote: By Knology. Should I be scared? My experiences with Knology have been fairly thin, but uniformly negative, for at least the last 5 years. But I know that the plural of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. :-) Cheers, -- jra
So... my colo was just bought.
By Knology. Should I be scared? My experiences with Knology have been fairly thin, but uniformly negative, for at least the last 5 years. But I know that the plural of 'anecdote' is not 'data'. That said, I'm accepting all anecdotes. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274