earthquake in Japan right now
FYI, another big earthquake in Japan just now. M7.3 Seiichi signature.asc Description: OpenPGP digital signature
Re: earthquake in Japan right now
On 07 Dec 2012, at 10:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Inland or coast?
Re: earthquake in Japan right now
I just heard the same thing on the radio. Tsunami warnings are also in effect. God speed to all in the path. -T On Dec 7, 2012, at 2:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Seiichi This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachments.
Re: earthquake in Japan right now
http://www.google.org/publicalerts/alert?aid=d8c6cebb80c5dbfbhl=engl=USsource=web On Fri, Dec 7, 2012 at 10:36 AM, JP Viljoen froztb...@froztbyte.net wrote: On 07 Dec 2012, at 10:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Inland or coast?
Re: earthquake in Japan right now
See http://earthquake.usgs.gov/earthquakes/eventpage/usc000e5n4#summary and http://ptwc.weather.gov/ On Fri, Dec 7, 2012 at 9:36 PM, JP Viljoen froztb...@froztbyte.net wrote: On 07 Dec 2012, at 10:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Inland or coast?
Re: earthquake in Japan right now
Off coast. Pretty close to the 311 quake. I'm not hearing any major circuit outages here yet but it seems like traffic to social sites are rising. Seiichi (2012/12/07 17:36), JP Viljoen wrote: On 07 Dec 2012, at 10:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Inland or coast? signature.asc Description: OpenPGP digital signature
Re: earthquake in Japan right now
On Fri, 7 Dec 2012, JP Viljoen wrote: On 07 Dec 2012, at 10:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Inland or coast? http://earthquake.usgs.gov/earthquakes/eventpage/usc000e5n4#summary -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: earthquake in Japan right now
250 or so km east of Sendai, near the big offshore quake zone from last year. CNN and the USGS have the basic info but no tsunami warning or damage info yet as fas as I saw. George William Herbert Sent from my iPhone On Dec 7, 2012, at 12:36 AM, JP Viljoen froztb...@froztbyte.net wrote: On 07 Dec 2012, at 10:33 AM, Seiichi Kawamura kawamu...@mesh.ad.jp wrote: FYI, another big earthquake in Japan just now. M7.3 Inland or coast?
Re: earthquake in Japan right now
FYI, another big earthquake in Japan just now. M7.3 it kept going for a good while. we went for cover.
Re: earthquake in Japan right now
fwiw, i watch http://twitter.com/quake_alert_en randy
Re: Solutions for DoS DDoS
I can think of few options here (basically restating what has been said already) : - Black hole routing on ISP side - just makes the client unreachable outside ISP , available everywhere, free. Not really a protection as aids the attacker in achieving his goal - shutting down the client - Managed DDOS As a Service on ISP side - ISP has a dedicated solution to stop attacks on ISP premises (by dedicated I mean some hardware installed) . Vendors vary (Arbor/Radware/etc..) and actually are not of much importance to the end client - only SLA should be in place. Costs money, advisable when undergoing non-stop/frequent attacks of moderate severity. If an attack reaches gigabits bandwidth consumption the ISP may revert back to Black Hole to protect its backbone and other clients. - If speaking of web/email services - hosted solution is viable to some degree (e..g Amazon AWS Cloudfront, Google Apps, CDNs etc) . IT is not a DEDICATED hosted solution against DDOS, so be prepared for the provider to shut down the client if the attack gets heavy enough - Hosted web/email solutions WITH dedicated DDOS protection included, including insurance that client will not be shut down on heavy load attack (Prolexic etc) . Costs money (not cheap at all) and if your site is not to be attacked like krebsonsecurity.com or fbi.gov probably an overkill. HTH -- Taking challenges one by one. http://yurisk.info
Re: PHP library for IOS devices
I can imagine this could be very powerful tool if completed. Just wondering, is there any existing Cisco libraries/tools in any languages? Pearl maybe? https://plus.google.com/communities/107233969484096327465 CCIEhelp On Wed, Nov 28, 2012 at 11:35 PM, Ray Soucy r...@maine.edu wrote: Quick note as many on-list may find this useful. I've maintained a PHP class to connect to IOS devices over telnet and parse the output into something useful for various internal tools for a few years now. I've recently worked with the author of phpseclib to create an SSH version of the library. It's still in a pre-release state until I have time to clean it up, but I've uploaded an archive of the SSH version and the modified phpseclib for anyone who needs in the meantime. You can find it at the bottom of the Cisco for PHP page: http://soucy.org/project/cisco/ -- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net
RE: PHP library for IOS devices
Heaps, but I started my search here: http://sourceforge.net/projects/cosi-nms/files/ --jm -Original Message- From: ku po [mailto:cciehe...@gmail.com] Sent: Friday, 7 December 2012 9:05 PM To: NANOG Subject: Re: PHP library for IOS devices I can imagine this could be very powerful tool if completed. Just wondering, is there any existing Cisco libraries/tools in any languages? Pearl maybe? https://plus.google.com/communities/107233969484096327465 CCIEhelp On Wed, Nov 28, 2012 at 11:35 PM, Ray Soucy r...@maine.edu wrote: Quick note as many on-list may find this useful. I've maintained a PHP class to connect to IOS devices over telnet and parse the output into something useful for various internal tools for a few years now. I've recently worked with the author of phpseclib to create an SSH version of the library. It's still in a pre-release state until I have time to clean it up, but I've uploaded an archive of the SSH version and the modified phpseclib for anyone who needs in the meantime. You can find it at the bottom of the Cisco for PHP page: http://soucy.org/project/cisco/ -- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net
SSL on Juniper.net
Yes, semi off/on topic I am aware, but because there are many here who visit the site, figured I'd ask. Anyone else having certificate issues on Juniper.net their support login? This just started today. www.juniper.net is pushing an Akamai cert, support.j* is pushing a Comodo cert. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM Where ignorance is our master, there is no possibility of real peace - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x2BF7D83F210A95AF
Re: SSL on Juniper.net
Hi, On Fri, Dec 7, 2012 at 3:28 PM, J. Oquendo joque...@e-fensive.net wrote: Yes, semi off/on topic I am aware, but because there are many here who visit the site, figured I'd ask. Anyone else having certificate issues on Juniper.net their support login? This just started today. www.juniper.net is pushing an Akamai cert, support.j* is pushing a Comodo cert. When having to diagnose HTTPS problems, I've found the automated tests from Qualys SSL Labs to be a handy first step to save time. In this instance it appears that www.juniper.net is a standard Akamai setup (nothing special there, fairly OKish), but somebody has put the wrong certificate at support.juniper.net (the certificate presented there is for ipv6.juniper.net, origin-www.juniper.net and www.juniper.net only). https://sslcheck.globalsign.com/en_GB/sslcheck?host=www.juniper.net and https://sslcheck.globalsign.com/en_GB/sslcheck?host=support.juniper.net if anyone wants to have a look Alex
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 08 Dec, 2012 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 436440 Prefixes after maximum aggregation: 180518 Deaggregation factor: 2.42 Unique aggregates announced to Internet: 213616 Total ASes present in the Internet Routing Table: 42792 Prefixes per ASN: 10.20 Origin-only ASes present in the Internet Routing Table: 33895 Origin ASes announcing only one prefix: 15847 Transit ASes present in the Internet Routing Table:5707 Transit-only ASes present in the Internet Routing Table:135 Average AS path length visible in the Internet Routing Table: 4.6 Max AS path length visible: 40 Max AS path prepend of ASN ( 28730) 25 Prefixes from unregistered ASNs in the Routing Table: 1150 Unregistered ASNs in the Routing Table: 420 Number of 32-bit ASNs allocated by the RIRs: 3560 Number of 32-bit ASNs visible in the Routing Table:3190 Prefixes from 32-bit ASNs in the Routing Table:8632 Special use prefixes present in the Routing Table: 15 Prefixes being announced from unallocated address space:153 Number of addresses announced to Internet: 2618209004 Equivalent to 156 /8s, 14 /16s and 178 /24s Percentage of available address space announced: 70.7 Percentage of allocated address space announced: 70.7 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 94.0 Total number of prefixes smaller than registry allocations: 153938 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 105256 Total APNIC prefixes after maximum aggregation: 32667 APNIC Deaggregation factor:3.22 Prefixes being announced from the APNIC address blocks: 106149 Unique aggregates announced from the APNIC address blocks:43289 APNIC Region origin ASes present in the Internet Routing Table:4803 APNIC Prefixes per ASN: 22.10 APNIC Region origin ASes announcing only one prefix: 1250 APNIC Region transit ASes present in the Internet Routing Table:793 Average APNIC Region AS path length visible:4.6 Max APNIC Region AS path length visible: 26 Number of APNIC region 32-bit ASNs visible in the Routing Table:383 Number of APNIC addresses announced to Internet: 715881888 Equivalent to 42 /8s, 171 /16s and 125 /24s Percentage of available APNIC address space announced: 83.7 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:155641 Total ARIN prefixes after maximum aggregation:78471 ARIN Deaggregation factor: 1.98 Prefixes being announced from the ARIN address blocks: 156370 Unique aggregates announced from the ARIN address blocks: 70031 ARIN Region origin ASes present in the Internet Routing Table:15331 ARIN Prefixes per ASN:10.20 ARIN Region origin
Re: Google Fiber - keeps you regular
There's one tiny detail: Published on Apr 1, 2012... It's April fool... :-) - Daniel On 12/07/2012 12:53 AM, Otis L. Surratt, Jr. wrote: Yep. But you know I wouldn't be surprised if Google entered that market. That's why I was asking. You never know these days. From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:36 PM To: Otis L. Surratt, Jr. Cc: nanog@nanog.org Subject: Re: Google Fiber - keeps you regular All jokes about crappy Internet service aside, that is? On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote: Why does the youtube video link lead back to their Fiber Internet/TV offering? Maybe I'm lost but the video is about a Google Fiber Bar right? Otis -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:31 AM To: nanog@nanog.org Subject: Google Fiber - keeps you regular Introducing the Google Fiber Bar you'll probably laugh so hard you won't even need the fiber
[NANOG-announce] Best Current Operational Practices Working Group
CALL FOR VOLUNTEERS The NANOG Best Current Operational Practices Working Group is seeking volunteers to take part in the creation of official best practices documents. We are also looking for a co-Chairman to assist NANOG WG, Chair Aaron Hughes. The goal of the BCOP-WG is to produce professional Best Practices documents that can be used globally by the network engineering community. The NANOG BCOP-WG works together with other operator forums, ARIN, and ISOC. The NANOG organization will support the BCOP-WG through professional resources, web sites, meeting space, and financial support. A mailing list is being set up and an organizational meeting will occur at NANOG 57 in Orlando in February 2013. Some areas for BCOP development include: - Address Assignment - Routing Protocol implementation - Routing Policy - Network Security Policy - Network Deployment - DNS Operations - and more! Please volunteer if you are able to devote some time to the effort and have a willingness to write and edit BCOP documents. The plan is to publish numerous official BCOP documents each year with significant professional exposure for authors and editors. This is a great way to get involved in the NANOG organization, to develop yourself professionally, and to serve the larger Internet community. If interested, please reply to be...@nanog.org. Daniel Golding and Betty Burke Members of the NANOG Board of Directors -- Betty Burke NANOG Executive Director 48377 Fremont Boulevard, Suite 117 Fremont, CA 94538 Tel: +1 510 492 4030 ___ NANOG-announce mailing list nanog-annou...@mailman.nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: TCP time_wait and port exhaustion for servers
On Thu, Dec 06, 2012 at 08:58:10AM -0500, Ray Soucy wrote: net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_time = 90 net.ipv4.tcp_fin_timeout = 30 As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't just Google for 5 min. and chime in with a solution that you haven't verified yourself. We can expand the ephemeral port range to be a full 60K (and we have as a band-aid), but that only delays the issue as use grows. I can verify that changing it via: echo 1025 65535 /proc/sys/net/ipv4/ip_local_port_range Does work for the full range, as a spot check shows ports as low as 2000 and as high as 64000 being used. I can attest to the effectiveness of this method, however be sure and add any ports in that range that you use as incoming ports for services to /proc/sys/net/ipv4/ip_local_reserved_ports, otherwise the first time you restart a service that uses a high port (*cough*NRPE*cough*), its port will probably get snarfed for an outgoing connection and then you're in a sad, sad place. - Matt -- [An ad for Microsoft] uses the musical theme of the Confutatis Maledictis from Mozart's Requiem. Where do you want to go today? is on the screen, while the chorus sings Confutatis maledictis, flammis acribus addictis,. Translation: The damned and accursed are convicted to the flames of hell.
The Cidr Report
This report has been generated at Fri Dec 7 21:13:08 2012 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
30-11-12435823 252122
01-12-12436665 250891
02-12-12436407 251001
03-12-12436577 251165
04-12-12437029 251157
05-12-12437195 252441
06-12-12437689 251620
07-12-12438154 251279
AS Summary
42907 Number of ASes in routing system
17844 Number of ASes announcing only one prefix
3197 Largest number of prefixes announced by an AS
AS7029 : WINDSTREAM - Windstream Communications Inc
115225824 Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 07Dec12 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 439125 251228 18789742.8% All ASes
AS6389 3132 145 298795.4% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS28573 2199 72 212796.7% NET Servicos de Comunicao S.A.
AS4766 2932 920 201268.6% KIXS-AS-KR Korea Telecom
AS17974 2432 558 187477.1% TELKOMNET-AS2-AP PT
Telekomunikasi Indonesia
AS22773 1940 132 180893.2% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS7029 3197 1456 174154.5% WINDSTREAM - Windstream
Communications Inc
AS18566 2082 423 165979.7% COVAD - Covad Communications
Co.
AS10620 2263 653 161071.1% Telmex Colombia S.A.
AS2118 1424 51 137396.4% RELCOM-AS OOO NPO Relcom
AS7303 1671 397 127476.2% Telecom Argentina S.A.
AS4323 1594 401 119374.8% TWTC - tw telecom holdings,
inc.
AS4755 1664 556 110866.6% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS7552 1140 207 93381.8% VIETEL-AS-AP Vietel
Corporation
AS8151 1609 702 90756.4% Uninet S.A. de C.V.
AS18101 1017 173 84483.0% RELIANCE-COMMUNICATIONS-IN
Reliance Communications
Ltd.DAKC MUMBAI
AS7545 1817 1032 78543.2% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS17908 841 60 78192.9% TCISL Tata Communications
AS4808 1126 350 77668.9% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS1785 1934 1159 77540.1% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS9808 775 32 74395.9% CMNET-GD Guangdong Mobile
Communication Co.Ltd.
AS13977 857 118 73986.2% CTELCO - FAIRPOINT
COMMUNICATIONS, INC.
AS855715 56 65992.2% CANET-ASN-4 - Bell Aliant
Regional Communications, Inc.
AS17676 709 89 62087.4% GIGAINFRA Softbank BB Corp.
AS3356 1116 499 61755.3% LEVEL3 Level 3 Communications
AS3549 1055 442 61358.1% GBLX Global Crossing Ltd.
AS22561 1038 431 60758.5% DIGITAL-TELEPORT - Digital
Teleport Inc.
AS19262 1000 405 59559.5% VZGNI-TRANSIT - Verizon Online
LLC
AS24560 1035 446 58956.9% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS36998 772 203 56973.7% SDN-MOBITEL
AS18881 602 41 56193.2% Global Village Telecom
Total 45688122093347973.3% Top 30 total
BGP Update Report
BGP Update Report Interval: 29-Nov-12 -to- 06-Dec-12 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS840258444 1.4% 26.1 -- CORBINA-AS OJSC Vimpelcom 2 - AS37113 52105 1.3%1132.7 -- tangerine-ug-as 3 - AS390941215 1.0%1248.9 -- QWEST-AS-3908 - Qwest Communications Company, LLC 4 - AS982941144 1.0% 29.1 -- BSNL-NIB National Internet Backbone 5 - AS10620 36921 0.9% 16.3 -- Telmex Colombia S.A. 6 - AS35228 32854 0.8% 80.7 -- BEUNLIMITED Avatar Broadband Limited 7 - AS702932543 0.8% 9.8 -- WINDSTREAM - Windstream Communications Inc 8 - AS28573 26684 0.7% 12.1 -- NET Servicos de Comunicao S.A. 9 - AS37044 23979 0.6%1199.0 -- Tangerine-AS 10 - AS755222587 0.6% 19.7 -- VIETEL-AS-AP Vietel Corporation 11 - AS930421100 0.5% 18.9 -- HUTCHISON-AS-AP Hutchison Global Communications 12 - AS22561 18513 0.5% 17.8 -- DIGITAL-TELEPORT - Digital Teleport Inc. 13 - AS381617912 0.4% 26.9 -- COLOMBIA TELECOMUNICACIONES S.A. ESP 14 - AS815117419 0.4% 10.8 -- Uninet S.A. de C.V. 15 - AS13118 16341 0.4% 333.5 -- ASN-YARTELECOM OJSC Rostelecom 16 - AS269716336 0.4% 78.9 -- ERX-ERNET-AS Education and Research Network 17 - AS36915 16239 0.4% 477.6 -- AFOL-KE-AS 18 - AS638916140 0.4% 5.1 -- BELLSOUTH-NET-BLK - BellSouth.net Inc. 19 - AS754514892 0.4% 8.9 -- TPG-INTERNET-AP TPG Internet Pty Ltd 20 - AS476614868 0.4% 5.0 -- KIXS-AS-KR Korea Telecom TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS436959611 0.2%9611.0 -- LISNER_AS UNIQ LISNER Sp. z o.o. 2 - AS240577789 0.2%7789.0 -- AIGL-AS-AP PT. AIA FINANCIAL, Insurance company, Indonesia 3 - AS331582650 0.1%2650.0 -- DATA-SERVICES-INC - Data Services Incorporated 4 - AS146806754 0.2%2251.3 -- REALE-6 - Auction.com 5 - AS41801 0.0% 333.0 -- COMUNICALO DE MEXICO S.A. DE C.V 6 - AS267993535 0.1%1767.5 -- DKR - DKR CAPITAL 7 - AS579181622 0.0%1622.0 -- ACOD-AS ACOD CJSC 8 - AS390941215 1.0%1248.9 -- QWEST-AS-3908 - Qwest Communications Company, LLC 9 - AS29039 11195 0.3%1243.9 -- AFRICAONLINE-UG Africa Online Uganda 10 - AS371151218 0.0%1218.0 -- TMP-UG 11 - AS511221215 0.0%1215.0 -- SIT-CORP-AS Sitronics, AO 12 - AS37044 23979 0.6%1199.0 -- Tangerine-AS 13 - AS37113 52105 1.3%1132.7 -- tangerine-ug-as 14 - AS2033 8998 0.2%1124.8 -- PANIX - Panix Network Information Center 15 - AS372733083 0.1%1027.7 -- BCS 16 - AS371564888 0.1% 977.6 -- XTRANET 17 - AS6174 1852 0.1% 926.0 -- SPRINTLINK8 - Sprint 18 - AS3 13728 0.3% 460.0 -- CMED-AS Cmed Technology Ltd 19 - AS49677 851 0.0% 851.0 -- MAEHDROS-AS Maehdros SPRL 20 - AS4 724 0.0% 665.0 -- COMUNICALO DE MEXICO S.A. DE C.V TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 93.181.254.0/23 15963 0.4% AS13118 -- ASN-YARTELECOM OJSC Rostelecom 2 - 151.118.254.0/24 13701 0.3% AS3909 -- QWEST-AS-3908 - Qwest Communications Company, LLC 3 - 151.118.255.0/24 13701 0.3% AS3909 -- QWEST-AS-3908 - Qwest Communications Company, LLC 4 - 178.248.238.0/24 13612 0.3% AS3 -- CMED-AS Cmed Technology Ltd 5 - 151.118.18.0/24 13611 0.3% AS3909 -- QWEST-AS-3908 - Qwest Communications Company, LLC 6 - 91.198.110.0/249611 0.2% AS43695 -- LISNER_AS UNIQ LISNER Sp. z o.o. 7 - 209.48.168.0/248963 0.2% AS2033 -- PANIX - Panix Network Information Center 8 - 202.14.255.0/247789 0.2% AS24057 -- AIGL-AS-AP PT. AIA FINANCIAL, Insurance company, Indonesia 9 - 192.58.232.0/247472 0.2% AS6629 -- NOAA-AS - NOAA 10 - 184.159.130.0/23 6913 0.2% AS22561 -- DIGITAL-TELEPORT - Digital Teleport Inc. 11 - 184.157.224.0/19 5896 0.1% AS22561 -- DIGITAL-TELEPORT - Digital Teleport Inc. 12 - 12.139.133.0/245618 0.1% AS14680 -- REALE-6 - Auction.com 13 - 194.63.9.0/24 4608 0.1% AS1273 -- CW Cable and Wireless Worldwide plc 14 - 123.252.208.0/24 4440 0.1% AS17762 -- HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd 15 - 49.248.72.0/21 4152 0.1% AS17762 -- HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd 16 - 69.38.178.0/24 4151 0.1% AS19406 -- TWRS-MA - Towerstream I, Inc. 17 - 139.139.19.0/243704 0.1% AS1562 -- DNIC-ASBLK-01550-01601 - DoD Network
Re: NANOG Digest, Vol 59, Issue 30
Looking for a sales engineer seeking a new challenge in 2013 in Sydney.. The new Silicon Valley Would anyone know of anyone looking for a cloud/infrastructure sales engineering role or is currently out of work? Just doing my bit to keep unemployment levels down ! [carl gough] founder and CEO +61 425 266 764 mobsource.com defined by benefits not by technology Skype – mobsource Follow @mobsource Facebook – mobsource . mobsource Network as a Service (NaaS) is a pay as you go point to point data connection between international markets – With 99.% availability, NO long term contracts, and NO minimum usage, business can now connect to London, USA, Singapore or Sydney, more reliably, on demand and up to 80% cheaper than traditional telco's. On 08/12/2012, at 9:00 AM, nanog-requ...@nanog.org wrote: Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than Re: Contents of NANOG digest... Today's Topics: 1. Re: Google Fiber - keeps you regular (Daniel Suchy) 2. [NANOG-announce] Best Current Operational Practices Working Group (Betty Burke be...@nanog.org) 3. Re: TCP time_wait and port exhaustion for servers (Matthew Palmer) 4. The Cidr Report (cidr-rep...@potaroo.net) 5. BGP Update Report (cidr-rep...@potaroo.net) -- Message: 1 Date: Fri, 07 Dec 2012 20:13:27 +0100 From: Daniel Suchy da...@danysek.cz To: nanog@nanog.org Subject: Re: Google Fiber - keeps you regular Message-ID: 50c23fd7.2070...@danysek.cz Content-Type: text/plain; charset=UTF-8 There's one tiny detail: Published on Apr 1, 2012... It's April fool... :-) - Daniel On 12/07/2012 12:53 AM, Otis L. Surratt, Jr. wrote: Yep. But you know I wouldn't be surprised if Google entered that market. That's why I was asking. You never know these days. From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:36 PM To: Otis L. Surratt, Jr. Cc: nanog@nanog.org Subject: Re: Google Fiber - keeps you regular All jokes about crappy Internet service aside, that is? On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote: Why does the youtube video link lead back to their Fiber Internet/TV offering? Maybe I'm lost but the video is about a Google Fiber Bar right? Otis -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Thursday, December 06, 2012 5:31 AM To: nanog@nanog.org Subject: Google Fiber - keeps you regular Introducing the Google Fiber Bar you'll probably laugh so hard you won't even need the fiber -- Message: 2 Date: Fri, 7 Dec 2012 15:20:09 -0500 From: Betty Burke be...@nanog.org be...@newnog.org To: nanog-annou...@nanog.org Subject: [NANOG-announce] Best Current Operational Practices Working Group Message-ID: CABhExix=eq49fzto_e351+ank5ts5cbv81+f69dvue3vnyh...@mail.gmail.com Content-Type: text/plain; charset=iso-8859-1 CALL FOR VOLUNTEERS The NANOG Best Current Operational Practices Working Group is seeking volunteers to take part in the creation of official best practices documents. We are also looking for a co-Chairman to assist NANOG WG, Chair Aaron Hughes. The goal of the BCOP-WG is to produce professional Best Practices documents that can be used globally by the network engineering community. The NANOG BCOP-WG works together with other operator forums, ARIN, and ISOC. The NANOG organization will support the BCOP-WG through professional resources, web sites, meeting space, and financial support. A mailing list is being set up and an organizational meeting will occur at NANOG 57 in Orlando in February 2013. Some areas for BCOP development include: - Address Assignment - Routing Protocol implementation - Routing Policy - Network Security Policy - Network Deployment - DNS Operations - and more! Please volunteer if you are able to devote some time to the effort and have a willingness to write and edit BCOP documents. The plan is to publish numerous official BCOP documents each year with significant professional exposure for authors and editors. This is a great way to get involved in the NANOG organization, to develop yourself professionally, and to serve the larger Internet community. If interested, please reply to be...@nanog.org. Daniel Golding and Betty Burke Members of the NANOG Board of Directors -- Betty Burke NANOG Executive Director 48377 Fremont Boulevard, Suite 117 Fremont, CA 94538 Tel: +1 510 492 4030 -- next part
Re: NANOG Digest, Vol 59, Issue 30
On Sat, 08 Dec 2012 10:34:07 +1100, Carl Gough said: Looking for a sales engineer I doubt NANOG is the place for you to find sales engineers to work for a company where the CEO is clueless enough to do all of the following in 1 email: 1) Reply to a digest, and not fix the Subject: 2) Not clean up the References: and In-Reply-To:, which means that anybody who uses a threaded mail reader may not have seen your message. 3) Put in a To: nanog@nanog.org nanog@nanog.org - that's ugly and redundant. 4) Put it in the cc: as well. That's even more ugly and doubly redundant. 5) Spamming NANOG looking for engineers. Best of luck to you in your future endeavors... pgpkTuNqafhiz.pgp Description: PGP signature
Re: TCP time_wait and port exhaustion for servers
+1 Thanks for the tip, this looks very useful. Looks like it was only introduced in 2.6.35, we're still on 2.6.32 ... might be worth the upgrade, it just takes so long to test new kernel versions in this application. We ended up dropping TCP_TIMEWAIT_LEN to 30 seconds as a band-aid for now, along with the expanded port range. In talking to others 20 seconds seems to be 99%+ safe, with the sweet spot seeming to be 24 seconds or so. So we opted to just go with 30 seconds and be cautious, even though others claim going as low as 10 or 5 seconds without issue. I'll let people know if it introduces any problems. In talking with the author of HAproxy, he seems to be in the camp that using SO_LINGER of 0 might be the way to go, but is unsure of how servers would respond to it; we'll likely try a build with that method and see what happens at some point. On Fri, Dec 7, 2012 at 4:51 PM, Matthew Palmer mpal...@hezmatt.org wrote: On Thu, Dec 06, 2012 at 08:58:10AM -0500, Ray Soucy wrote: net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_time = 90 net.ipv4.tcp_fin_timeout = 30 As discussed, those do not affect TCP_TIMEWAIT_LEN. There is a lot of misinformation out there on this subject so please don't just Google for 5 min. and chime in with a solution that you haven't verified yourself. We can expand the ephemeral port range to be a full 60K (and we have as a band-aid), but that only delays the issue as use grows. I can verify that changing it via: echo 1025 65535 /proc/sys/net/ipv4/ip_local_port_range Does work for the full range, as a spot check shows ports as low as 2000 and as high as 64000 being used. I can attest to the effectiveness of this method, however be sure and add any ports in that range that you use as incoming ports for services to /proc/sys/net/ipv4/ip_local_reserved_ports, otherwise the first time you restart a service that uses a high port (*cough*NRPE*cough*), its port will probably get snarfed for an outgoing connection and then you're in a sad, sad place. - Matt -- [An ad for Microsoft] uses the musical theme of the Confutatis Maledictis from Mozart's Requiem. Where do you want to go today? is on the screen, while the chorus sings Confutatis maledictis, flammis acribus addictis,. Translation: The damned and accursed are convicted to the flames of hell. -- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net
Why do some providers require IPv6 /64 PA space to have public whois?
Hello, I personally don't understand this policy. I've signed up with hetzner.de, and I'm trying to get IPv6; however, on the supplementary page where the complementary IPv6 /64 subnet can be requested (notice that it's not even a /48, and not even the second, routed, /64), after I change the selection from requesting one additional IPv4 address to requesting the IPv6 /64 subnet (they offer no other IPv6 options in that menu), they use DOM to remove the IP address justification field (Purpose of use), and instead statically show my name, physical street address (including the apartment number), email address and phone number, and ask to confirm that all of this information can be submitted to RIPE. They offer no option of modifying any of this; they also offer no option of hiding the street address and showing it as Private Address instead; they also offer no option of providing contact information different from the contact details for the main profile or keeping a separate set of contact details in the main profile specifically for RIPE; they also offer no option of providing a RIPE handle instead (dunno if one can be registered with a Private Address address, showing only city/state/country and postal code; I do know that with ARIN and PA IPv4 subnets you can do Private Address in the Address field); they also don't let you submit the form unless you agree for the information shown to be passed along to RIPE for getting IPv6 connectivity (again, no IPv6 is provided by default or otherwise). Is this what we're going towards? No probable cause and no court orders for obtaining individually identifying information about internet customers with IPv6 addresses? In the future, will the copyright trolls be getting this information directly from public whois, bypassing the internet provider abuse teams and even the most minimal court supervision? Is this really the disadvantage of IPv4 that IPv6 proudly fixes? I certainly have never heard of whois entries for /32 IPv4 address allocations! Anyhow, just one more provider where it's easier to use HE's tunnelbroker.net instead of obtaining IPv6 natively; due to the data-mining and privacy concerns now. What's the point of native IPv6 connectivity again? In hetzner.de terms, tunnelbroker.net even provides you with the failover IPv6 address(es), something that they themselves only offer for IPv4! Is it just me, or are there a lot of other folks who use tunnelbroker.net even when their ISP offers native IPv6 support? Might be interesting for HE.net to make some kind of a study. :-) Cheers, Constantine.
