Re: Multicast over GRE between Linux server and Cisco Router

[Brian Christopher Raaen]

Just a quick note. I do have multicast enabled on the server gre1
interface.  A tshark capture shows the igmp group queries from the router
and the igmp join reply from the server.


On Wed, Jan 9, 2013 at 10:51 AM, Brian Christopher Raaen 
mailing-li...@brianraaen.com wrote:

 I am trying to set up multicast between a Linux server and Router using
 GRE.  The GRE tunnel is up fine and I can see traffic go across it, but the
 router is not indicating it is receiving the IGMP joins that the server is
 sending.  I have identical setting with another server attached to
 fastethernet0/1 and it is joined to the group fine, but I am not able to
 get the server to link to the router via GRE interface.  Note that I have
 another server behind another router where the two routers do GRE and PIM
 and that on is working fine.  Is there some reason that IGMP joins would
 not work across the GRE link, but another router using PIM would?

 --
 Brian Christopher Raaen
 Network Architect
 Zcorum




-- 
Brian Christopher Raaen
Network Architect
Zcorum

Re: [SHAME] Spam Rats

[Tony Finch]

John Levine jo...@iecc.com wrote:

 *.4.4.3.0.5.a.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR a.node.on.vlan344.namn.se.
 ...will work just fine, for instance.

 Since there is no  record for a.node.on.vlan344.namn.se., this
 won't work fine in any rDNS check I'm aware of.

I believe it's relatively common for mail servers to just check the
existence of a PTR record without any further sanity checking, e.g.
Postfix's reject_unknown_reverse_client_hostname smtpd_client_restrictions
option.

Tony.
-- 
f.anthony.n.finch  d...@dotat.at  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

Team Cymru contact

[J. Oquendo]

Can one of you guys contact me of list. (Sorry for the noise
list... Best place for me to definitively the right person)

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

Where ignorance is our master, there is no possibility of
real peace - Dalai Lama

42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x2BF7D83F210A95AF

Dreamhost hijacking my prefix...

[Jeff Kell]

Not sure how widespread their leakage may be, but Dreamhost just
hijacked one of my prefixes...

 
 Possible Prefix Hijack (Code: 10)
 
 Your prefix:  150.182.192.0/18: 
 Update time:  2013-01-11 14:14 (UTC)
 Detected by #peers:   11
 Detected prefix:  150.182.208.0/20 
 Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
 Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
 ASpath:   8331 42861 42861 42861 26347 

Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
have submitted a report, but so far no joy...

Jeff

Re: Dreamhost hijacking my prefix...

[Kenneth McRae]

Jeff,

We are not announcing the prefix in question nor do we peer with AS42861.


-- 
Best Regards,



Kenneth McRae
*Director, Network Operations*
kenneth.mc...@dreamhost.com
Ph: 818-447-2589
www.dreamhost.com



On Fri, Jan 11, 2013 at 7:23 AM, Jeff Kell jeff-k...@utc.edu wrote:

 Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...

  
  Possible Prefix Hijack (Code: 10)
  
  Your prefix:  150.182.192.0/18:
  Update time:  2013-01-11 14:14 (UTC)
  Detected by #peers:   11
  Detected prefix:  150.182.208.0/20
  Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
  Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
  ASpath:   8331 42861 42861 42861 26347

 Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
 have submitted a report, but so far no joy...

 Jeff






-- 
Best Regards,



Kenneth McRae
*Sr. Network Engineer*
kenneth.mc...@dreamhost.com
Ph: 323-375-3814
www.dreamhost.com

Re: Dreamhost hijacking my prefix...

[Jeff Kell]

Robtex would beg to differ... you show peered with AS42861, perhaps
someone (else) is looping their advertisements?

_R_egistered
_O_ther side
_B_GP visible   Peer
OB  AS174 COGENT /PSI
B   AS4323 TWTC Autonomous system for tw telecom .
B   AS4826 VOCUS-BACKBONE-AS Vocus Connect International Backbone Vocus
Communications Level 2, Vocus House 189 Miller Street North Sydney NSW 2060
B   AS5580 ATRATO-IP / Atrato IP Networks
B   AS6461 MFNX MFN - Metromedia Fiber Network
B   AS6939 HURRICANE Electric
B   AS7575 AARNET-AS-AP Australia's Research and Education Network (AARNet3)
B   AS7922 COMCAST-IBONE Comcast Cable Communications, Inc. 1800 Bishops
Gate Blvd Mt Laurel, NJ 08054 US
B   AS8359 MTS Dummy description for
B   AS10912 INTERNAP-BLK Internap Network Services
B   AS10913 INTERNAP-BLK Internap Network Services
B   AS12989 HWNG Eweka Internet Services B.V.
B   AS36351 SOFTLAYER Technologies Inc.
B   AS42861 PRIME-LINE-AS Dummy description for



On 1/11/2013 10:42 AM, Kenneth McRae wrote:
 Jeff,

 We are not announcing the prefix in question nor do we peer with AS42861.


 -- 
 Best Regards,



 Kenneth McRae
 *Director, Network Operations*
 kenneth.mc...@dreamhost.com
 Ph: 818-447-2589
 www.dreamhost.com



 On Fri, Jan 11, 2013 at 7:23 AM, Jeff Kell jeff-k...@utc.edu wrote:

 Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...

  
  Possible Prefix Hijack (Code: 10)
  
  Your prefix:  150.182.192.0/18:
  Update time:  2013-01-11 14:14 (UTC)
  Detected by #peers:   11
  Detected prefix:  150.182.208.0/20
  Announced by: AS26347 (DREAMHOST-AS - New Dream Network,
 LLC)
  Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
  ASpath:   8331 42861 42861 42861 26347

 Anyone have a contact there?  ASinfo gives net...@dreamhost.com
 where I
 have submitted a report, but so far no joy...

 Jeff






 -- 
 Best Regards,



 Kenneth McRae
 *Sr. Network Engineer*
 kenneth.mc...@dreamhost.com
 Ph: 323-375-3814
 www.dreamhost.com

Re: Dreamhost hijacking my prefix...

[Jon Lewis]

Sounds like someone in Russia is having some fun with as-path prepending 
and prefix hijacking.


On Fri, 11 Jan 2013, Kenneth McRae wrote:


Jeff,

We are not announcing the prefix in question nor do we peer with AS42861.


--
Best Regards,



Kenneth McRae
*Director, Network Operations*
kenneth.mc...@dreamhost.com
Ph: 818-447-2589
www.dreamhost.com



On Fri, Jan 11, 2013 at 7:23 AM, Jeff Kell jeff-k...@utc.edu wrote:


Not sure how widespread their leakage may be, but Dreamhost just
hijacked one of my prefixes...



Possible Prefix Hijack (Code: 10)

Your prefix:  150.182.192.0/18:
Update time:  2013-01-11 14:14 (UTC)
Detected by #peers:   11
Detected prefix:  150.182.208.0/20
Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
ASpath:   8331 42861 42861 42861 26347


Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
have submitted a report, but so far no joy...

Jeff







--
Best Regards,



Kenneth McRae
*Sr. Network Engineer*
kenneth.mc...@dreamhost.com
Ph: 323-375-3814
www.dreamhost.com



--
 Jon Lewis, MCP :)   |  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Dreamhost hijacking my prefix...

[Kenneth McRae]

Just checked all BGP speakers again and I show no peering with AS42861.

On Fri, Jan 11, 2013 at 7:49 AM, Jeff Kell jeff-k...@utc.edu wrote:

  Robtex would beg to differ... you show peered with AS42861, perhaps
 someone (else) is looping their advertisements?

   *R*egistered
 *O*ther side
 *B*GP visible Peer  OB AS174 COGENT /PSI  B AS4323 TWTC Autonomous system
 for tw telecom .  B AS4826 VOCUS-BACKBONE-AS Vocus Connect International
 Backbone Vocus Communications Level 2, Vocus House 189 Miller Street North
 Sydney NSW 2060  B AS5580 ATRATO-IP / Atrato IP Networks  B AS6461 MFNX
 MFN - Metromedia Fiber Network  B AS6939 HURRICANE Electric  B AS7575
 AARNET-AS-AP Australia's Research and Education Network (AARNet3)  B AS7922
 COMCAST-IBONE Comcast Cable Communications, Inc. 1800 Bishops Gate Blvd Mt
 Laurel, NJ 08054 US  B AS8359 MTS Dummy description for  B AS10912
 INTERNAP-BLK Internap Network Services  B AS10913 INTERNAP-BLK Internap
 Network Services  B AS12989 HWNG Eweka Internet Services B.V.  B AS36351
 SOFTLAYER Technologies Inc.  B AS42861 PRIME-LINE-AS Dummy description for


 On 1/11/2013 10:42 AM, Kenneth McRae wrote:

 Jeff,

  We are not announcing the prefix in question nor do we peer with AS42861.


  --
 Best Regards,



  Kenneth McRae
 *Director, Network Operations*
 kenneth.mc...@dreamhost.com
 Ph: 818-447-2589
  www.dreamhost.com



 On Fri, Jan 11, 2013 at 7:23 AM, Jeff Kell 
 jeff-k...@utc.edujeff-k...@utc.eduwrote:

 Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...

  
  Possible Prefix Hijack (Code: 10)
  
  Your prefix:  150.182.192.0/18:
  Update time:  2013-01-11 14:14 (UTC)
  Detected by #peers:   11
  Detected prefix:  150.182.208.0/20
  Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
  Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
  ASpath:   8331 42861 42861 42861 26347

 Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
 have submitted a report, but so far no joy...

 Jeff






  --
 Best Regards,



  Kenneth McRae
 *Sr. Network Engineer*
 kenneth.mc...@dreamhost.com
 Ph: 323-375-3814
  www.dreamhost.com







-- 
Best Regards,



Kenneth McRae
*Sr. Network Engineer*
kenneth.mc...@dreamhost.com
Ph: 323-375-3814
www.dreamhost.com

Re: Dreamhost hijacking my prefix...

[Kenneth McRae]

That would be my guess.  We have had some issues with this in the past with
operators from China and Russia.

On Fri, Jan 11, 2013 at 7:51 AM, Jon Lewis jle...@lewis.org wrote:

 Sounds like someone in Russia is having some fun with as-path prepending
 and prefix hijacking.


 On Fri, 11 Jan 2013, Kenneth McRae wrote:

  Jeff,

 We are not announcing the prefix in question nor do we peer with AS42861.


 --
 Best Regards,



 Kenneth McRae
 *Director, Network Operations*
 kenneth.mc...@dreamhost.com
 Ph: 818-447-2589
 www.dreamhost.com




 On Fri, Jan 11, 2013 at 7:23 AM, Jeff Kell jeff-k...@utc.edu wrote:

  Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...

  ==**==**
 
 Possible Prefix Hijack (Code: 10)
 ==**==**
 
 Your prefix:  150.182.192.0/18:
 Update time:  2013-01-11 14:14 (UTC)
 Detected by #peers:   11
 Detected prefix:  150.182.208.0/20
 Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
 Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
 ASpath:   8331 42861 42861 42861 26347


 Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
 have submitted a report, but so far no joy...

 Jeff






 --
 Best Regards,



 Kenneth McRae
 *Sr. Network Engineer*
 kenneth.mc...@dreamhost.com
 Ph: 323-375-3814
 www.dreamhost.com


 --**--**--
  Jon Lewis, MCP :)   |  I route
  Senior Network Engineer |  therefore you are
  Atlantic Net|
 _ 
 http://www.lewis.org/~jlewis/**pgphttp://www.lewis.org/~jlewis/pgpfor PGP 
 public key_




-- 
Best Regards,



Kenneth McRae
*Director, Network Operations*
kenneth.mc...@dreamhost.com
Ph: 818-447-2589
www.dreamhost.com

Re: Dreamhost hijacking my prefix...

[Jeroen Wunnink | Atrato IP Networks]

Here at/as AS5580 I no longer see it announced as a /20, only your own /18:

#sh ip bgp routes 150.182.192.0 255.255.192.0 longer-prefixes
Number of BGP Routes matching display condition : 4
Searching for matching routes, use ^C to quit...
Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
   E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH 
m:NOT-INSTALLED-MULTIPATH

   S:SUPPRESSED F:FILTERED s:STALE
   Prefix Next HopMEDLocPrf Weight Status
1  150.182.192.0/18   80.94.64.10400 0  BMI
 AS_PATH: 11164 10490 3450 14209
2  150.182.192.0/18   80.94.64.10400 0  MI
 AS_PATH: 11164 10490 3450 14209
3  150.182.192.0/18   80.94.64.10400 0  MI
 AS_PATH: 11164 10490 3450 14209
4  150.182.192.0/18   80.94.64.10400 0  MI
 AS_PATH: 11164 10490 3450 14209


On 1/11/13 4:49 PM, Jeff Kell wrote:

Robtex would beg to differ... you show peered with AS42861, perhaps
someone (else) is looping their advertisements?

_R_egistered
_O_ther side
_B_GP visible   Peer
OB  AS174 COGENT /PSI
B   AS4323 TWTC Autonomous system for tw telecom .
B   AS4826 VOCUS-BACKBONE-AS Vocus Connect International Backbone Vocus
Communications Level 2, Vocus House 189 Miller Street North Sydney NSW 2060
B   AS5580 ATRATO-IP / Atrato IP Networks
B   AS6461 MFNX MFN - Metromedia Fiber Network
B   AS6939 HURRICANE Electric
B   AS7575 AARNET-AS-AP Australia's Research and Education Network (AARNet3)
B   AS7922 COMCAST-IBONE Comcast Cable Communications, Inc. 1800 Bishops
Gate Blvd Mt Laurel, NJ 08054 US
B   AS8359 MTS Dummy description for
B   AS10912 INTERNAP-BLK Internap Network Services
B   AS10913 INTERNAP-BLK Internap Network Services
B   AS12989 HWNG Eweka Internet Services B.V.
B   AS36351 SOFTLAYER Technologies Inc.
B   AS42861 PRIME-LINE-AS Dummy description for



On 1/11/2013 10:42 AM, Kenneth McRae wrote:

Jeff,

We are not announcing the prefix in question nor do we peer with AS42861.


--
Best Regards,



Kenneth McRae
*Director, Network Operations*
kenneth.mc...@dreamhost.com
Ph: 818-447-2589
www.dreamhost.com



On Fri, Jan 11, 2013 at 7:23 AM, Jeff Kell jeff-k...@utc.edu wrote:

 Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...

  
  Possible Prefix Hijack (Code: 10)
  
  Your prefix:  150.182.192.0/18:
  Update time:  2013-01-11 14:14 (UTC)
  Detected by #peers:   11
  Detected prefix:  150.182.208.0/20
  Announced by: AS26347 (DREAMHOST-AS - New Dream Network,
 LLC)
  Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
  ASpath:   8331 42861 42861 42861 26347

 Anyone have a contact there?  ASinfo gives net...@dreamhost.com
 where I
 have submitted a report, but so far no joy...

 Jeff






--
Best Regards,



Kenneth McRae
*Sr. Network Engineer*
kenneth.mc...@dreamhost.com
Ph: 323-375-3814
www.dreamhost.com






--

Jeroen Wunnink
Network Engineer
Atrato IP Networks
jeroen.wunn...@atrato-ip.com
Phone: +31 20 82 00 623

Re: Dreamhost hijacking my prefix...

[Andree Toonk]

Hi,
Here's a quick summary of what we saw at BGPMon.net.

At 2013-01-11 14:14:13 we saw announcements (seemingly) originated by
26347, for prefixes normally announced by other ASn's (origin change /
hijack).

This seems to have affected 112 prefixes for 110 ASn's [1], including
Rogers, Tata, Sprint, Ziggo, Verizon, KPN, Vodafone, CloudFlare, XS4ALL,
ATT, Bell Canada and many more.
Most of these were new more specific(!) announcements.

With regards to next-hop ASN's (peers). It seems this hijack was
propagated via 12 unique (AS26347) peers [1]

A quick look at the prefix that was mentioned by Jeff, 150.182.208.0/20
(more specific of 50.182.192.0/18)
The first announcement for this prefix was seen at 2013-01-11 14:14:28
and withdrawn at 2013-01-11 15:20:57.  It was detected by 42 unique peers.

some example paths:
271 6939 26347
5580 26347|
37312 5713 6939 26347
1126 24785 12989 26347

[1] I've posted some details  (Unique next-hop ASN's and affected origin
ASN's), check if your AS was affected here:
http://portal.bgpmon.net/data/hijack20130111.txt

Cheers,
 Andree




.-- My secret spy satellite informs me that at 2013-01-11 7:23 AM  Jeff
Kell wrote:
 Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...
 
 
 Possible Prefix Hijack (Code: 10)
 
 Your prefix:  150.182.192.0/18: 
 Update time:  2013-01-11 14:14 (UTC)
 Detected by #peers:   11
 Detected prefix:  150.182.208.0/20 
 Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
 Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
 ASpath:   8331 42861 42861 42861 26347 
 
 Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
 have submitted a report, but so far no joy...
 
 Jeff
 
 
 

Re: OOB core router connectivity wish list

[Nikolay Shopik]

Also getting POTS line in your pop sometimes get tricky. 2G/3G modems
with cheap plans cost like 10$/month (dunno about US though), thats
almost same as POTS line.

On 10/01/13 20:18, William Herrin wrote:
 Dial up with PPP and then cross the ethernet? Drop off a cellular
 modem with IP service instead of a dialup modem? Perhaps you haven't
 noticed but IP over circuit-switched voice lines is giving way to
 voice over IP packet switched systems. That POTS line the dialup modem
 needs doesn't have a lot of future left.

Re: Dreamhost hijacking my prefix...

[Tony McCrory]

Jeff:

150.182.208.0/20 is not visible from AS702 in Germany.
150.182.192.0/18 path is 702 701 209 26827 14209

Tony


On 11 January 2013 15:23, Jeff Kell jeff-k...@utc.edu wrote:

 Not sure how widespread their leakage may be, but Dreamhost just
 hijacked one of my prefixes...

  
  Possible Prefix Hijack (Code: 10)
  
  Your prefix:  150.182.192.0/18:
  Update time:  2013-01-11 14:14 (UTC)
  Detected by #peers:   11
  Detected prefix:  150.182.208.0/20
  Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
  Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
  ASpath:   8331 42861 42861 42861 26347

 Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
 have submitted a report, but so far no joy...

 Jeff

Re: Dreamhost hijacking my prefix...

[Kenneth McRae]

Thanks for that info Andree.  The only valid peer I see on the list would
be HE.  We do not peer with any of the others listed.

Kenneth

On Fri, Jan 11, 2013 at 8:46 AM, Andree Toonk andree+na...@toonk.nl wrote:

 Hi,
 Here's a quick summary of what we saw at BGPMon.net.

 At 2013-01-11 14:14:13 we saw announcements (seemingly) originated by
 26347, for prefixes normally announced by other ASn's (origin change /
 hijack).

 This seems to have affected 112 prefixes for 110 ASn's [1], including
 Rogers, Tata, Sprint, Ziggo, Verizon, KPN, Vodafone, CloudFlare, XS4ALL,
 ATT, Bell Canada and many more.
 Most of these were new more specific(!) announcements.

 With regards to next-hop ASN's (peers). It seems this hijack was
 propagated via 12 unique (AS26347) peers [1]

 A quick look at the prefix that was mentioned by Jeff, 150.182.208.0/20
 (more specific of 50.182.192.0/18)
 The first announcement for this prefix was seen at 2013-01-11 14:14:28
 and withdrawn at 2013-01-11 15:20:57.  It was detected by 42 unique peers.

 some example paths:
 271 6939 26347
 5580 26347|
 37312 5713 6939 26347
 1126 24785 12989 26347

 [1] I've posted some details  (Unique next-hop ASN's and affected origin
 ASN's), check if your AS was affected here:
 http://portal.bgpmon.net/data/hijack20130111.txt

 Cheers,
  Andree




 .-- My secret spy satellite informs me that at 2013-01-11 7:23 AM  Jeff
 Kell wrote:
  Not sure how widespread their leakage may be, but Dreamhost just
  hijacked one of my prefixes...
 
  
  Possible Prefix Hijack (Code: 10)
  
  Your prefix:  150.182.192.0/18:
  Update time:  2013-01-11 14:14 (UTC)
  Detected by #peers:   11
  Detected prefix:  150.182.208.0/20
  Announced by: AS26347 (DREAMHOST-AS - New Dream Network, LLC)
  Upstream AS:  AS42861 (PRIME-LINE-AS JSC Prime-Line)
  ASpath:   8331 42861 42861 42861 26347
 
  Anyone have a contact there?  ASinfo gives net...@dreamhost.com where I
  have submitted a report, but so far no joy...
 
  Jeff
 
 
 

Re: Microsoft Product Activation server reachability

[Yang Yu]

communication prohibited by filter is just an ICMP response code,
sadly Windows does not under it..
Type 3 (Destination unreachable)
Code 13 (Communication Administratively Prohibited - generated if a
router cannot forward a packet due to administrative filtering;)

ICMP echo request for this ip seems to be filtered by Microsoft. TCP
connection to port 80 is working fine.

tcping wpa.one.microsoft.com

Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms


Yang

On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson nath...@fsr.com wrote:

 So the ICMP message communication prohibited by filter must be a normal 
 response to ICMP ping through that gateway.

 Unfortunately, it's not completely fixed yet, but I'm guessing by this 
 measure of progress that they must be working on it.  I now get HTTP 403 in 
 response to any request I send to it.  Tried to reactive this copy of Windows 
 Server once more anyway, and now get Online activation cannot be completed 
 at this time. (Message number: 24579)  Before, it simply claimed I must not 
 have working internet connectivity.

 -- Nathan

 -Original Message-
 From: Scott Howard [mailto:sc...@doc.net.au]
 Sent: Thursday, January 10, 2013 10:55 PM
 To: Ben Carleton
 Cc: Nathan Anderson; nanog@nanog.org
 Subject: Re: Microsoft Product Activation server reachability

 Working now, tested from 3 hosts on different networks on both 80 and 443 :

 $ telnet wpa.one.microsoft.com 443
 Trying 94.245.126.107...
 Connected to wpa.one.microsoft.com.
 Escape character is '^]'.


   Scott



 On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote:


 - Original Message -
  From: Nathan Anderson nath...@fsr.com
  To: nanog@nanog.org nanog@nanog.org
  Sent: Thursday, January 10, 2013 11:24:16 PM
  Subject: Microsoft Product Activation server reachability
 
  Anybody else having a problem reaching (what appears to be) the sole
  Microsoft Product Activation server (wpa.one.microsoft.com)?
 
  $ ping wpa.one.microsoft.com
  PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes
  36 bytes from 213.199.189.41: Communication prohibited by filter
 
  I get this sourcing from our network, from ATT 3G, and from ye 
 residential
  DSL connection located in the greater Seattle area. They aren't 
 simply
  source-filtering. Either that or they are source-filtering for 
 0.0.0.0/0.
 
  This is apparently the only server/IP they have set up to respond 
 to these
  requests. wpa.one.microsoft.com resolves to that IP via every DNS 
 server
  I've tried (so no round-robin A records), Microsoft products that 
 need to
  activate over the internet only try to resolve that FQDN, and I've 
 looked
  for others without success (wpa.two.microsoft.com isn't valid, for 
 example).
 
  --
  Nathan Anderson
  First Step Internet, LLC
  nath...@fsr.com
 
 


 I am seeing the same from NYC metro. According to MS 
 (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to 
 that host on 80 and 443 is all that should be required to activate. (and 
 wpa.one.microsoft.com has no , go figure)

 [ben@razor ~]$ ping wpa.one.microsoft.com

 PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data.

 From 213.199.189.41 icmp_seq=2 Packet filtered
 ^C
 --- wpa.one.microsoft.com ping statistics ---
 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 
 5260ms

 [ben@razor ~]$ telnet wpa.one.microsoft.com 80
 Trying 94.245.126.107...
 ^C
 [ben@razor ~]$ telnet wpa.one.microsoft.com 443
 Trying 94.245.126.107...
 ^C

 -- Ben

Re: OOB core router connectivity wish list

[Jay Ashworth]

- Original Message -
 From: William Herrin b...@herrin.us

 On Thu, Jan 10, 2013 at 11:41 AM, Randy Whitney
 randy.whit...@verizon.com wrote:
  Nothing beats POTS in a broad power outage scenario. Numerous power
  outages
  have taken down mobile service completely while the POTS lines
  stayed up as
  it carries its own power by design.
 
 Carries it from somewhere that has to remain powered which typically
 isn't a building with an automatic generator any more. Access to the
 POTS lines of yesteryear is dwindling and not all that slowly.

Oh, I dunno, Bill.  Sure there are lots more RSUs than there used to be,
but at least it's not all *that* hard to tell if you're connected to one. 

Much easier than, say, finding out if both sides of your loop have been 
groomed into the same cable.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: Dreamhost hijacking my prefix...

[Andree Toonk]

Hi Kenneth,

.-- My secret spy satellite informs me that at 2013-01-11 8:54 AM
Kenneth McRae wrote:
 Thanks for that info Andree.  The only valid peer I see on the list
 would be HE.  We do not peer with any of the others listed.

Could it be these ASns receive your routes via an IX route-server?

Below some examples that show a peering between 26347 and
5580 as well as 12989

5580 26347
http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC031query=12arg=5580+26347

12989 26347:
http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC031query=12arg=12989+26347

And route views:

route-viewssh ip bgp regex 12989_26347
BGP table version is 427410275, local router ID is 128.223.51.103
Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal,
  r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
*  64.111.96.0/19   208.74.64.40   0 19214 12989
26347 i
*  66.33.192.0/19   208.74.64.40   0 19214 12989
26347 i
*  67.205.0.0/18208.74.64.40   0 19214 12989
26347 i
*  69.163.128.0/17  208.74.64.40   0 19214 12989
26347 i
*  75.119.192.0/19  208.74.64.40   0 19214 12989
26347 i
*  173.236.128.0/17 208.74.64.40   0 19214 12989
26347 i
*  205.196.208.0/20 208.74.64.40   0 19214 12989
26347 i
*  208.97.128.0/18  208.74.64.40   0 19214 12989
26347 i
*  208.113.128.0/17 208.74.64.40   0 19214 12989
26347 i
*  208.113.200.0208.74.64.40   0 19214 12989
26347 i



Cheers,
 Andree

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith pfsi...@gmail.com.

Routing Table Report   04:00 +10GMT Sat 12 Jan, 2013

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  437884
Prefixes after maximum aggregation:  181348
Deaggregation factor:  2.41
Unique aggregates announced to Internet: 215724
Total ASes present in the Internet Routing Table: 43020
Prefixes per ASN: 10.18
Origin-only ASes present in the Internet Routing Table:   34017
Origin ASes announcing only one prefix:   15902
Transit ASes present in the Internet Routing Table:5722
Transit-only ASes present in the Internet Routing Table:138
Average AS path length visible in the Internet Routing Table:   4.5
Max AS path length visible:  31
Max AS path prepend of ASN ( 28730)  25
Prefixes from unregistered ASNs in the Routing Table:   373
Unregistered ASNs in the Routing Table: 127
Number of 32-bit ASNs allocated by the RIRs:   3639
Number of 32-bit ASNs visible in the Routing Table:3281
Prefixes from 32-bit ASNs in the Routing Table:8953
Special use prefixes present in the Routing Table:   17
Prefixes being announced from unallocated address space:173
Number of addresses announced to Internet:   2624098700
Equivalent to 156 /8s, 104 /16s and 145 /24s
Percentage of available address space announced:   70.9
Percentage of allocated address space announced:   70.9
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   94.1
Total number of prefixes smaller than registry allocations:  154190

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   105545
Total APNIC prefixes after maximum aggregation:   32889
APNIC Deaggregation factor:3.21
Prefixes being announced from the APNIC address blocks:  106522
Unique aggregates announced from the APNIC address blocks:43560
APNIC Region origin ASes present in the Internet Routing Table:4811
APNIC Prefixes per ASN:   22.14
APNIC Region origin ASes announcing only one prefix:   1246
APNIC Region transit ASes present in the Internet Routing Table:808
Average APNIC Region AS path length visible:4.5
Max APNIC Region AS path length visible: 23
Number of APNIC region 32-bit ASNs visible in the Routing Table:405
Number of APNIC addresses announced to Internet:  717167616
Equivalent to 42 /8s, 191 /16s and 28 /24s
Percentage of available APNIC address space announced: 83.8

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 131072-133119
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:155202
Total ARIN prefixes after maximum aggregation:78549
ARIN Deaggregation factor: 1.98
Prefixes being announced from the ARIN address blocks:   155836
Unique aggregates announced from the ARIN address blocks: 70811
ARIN Region origin ASes present in the Internet Routing Table:15378
ARIN Prefixes per ASN:10.13
ARIN Region origin 

Re: Dreamhost hijacking my prefix...

[Job Snijders]

Hi all,

Atrato / 5580 here. 

We don't have direct peering with AS26347, although we learn the AS26347 
prefixes through the 206.223.143.253 (AS 19996) routeserver in LAX. 

So in a sense we are peering :-)

Kind regards,

Job

On Jan 11, 2013, at 7:31 PM, Andree Toonk andree+na...@toonk.nl wrote:

 Hi Kenneth,
 
 .-- My secret spy satellite informs me that at 2013-01-11 8:54 AM
 Kenneth McRae wrote:
 Thanks for that info Andree.  The only valid peer I see on the list
 would be HE.  We do not peer with any of the others listed.
 
 Could it be these ASns receive your routes via an IX route-server?
 
 Below some examples that show a peering between 26347 and
 5580 as well as 12989
 
 5580 26347
 http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC031query=12arg=5580+26347
 
 12989 26347:
 http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC031query=12arg=12989+26347
 
 And route views:
 
 route-viewssh ip bgp regex 12989_26347
 BGP table version is 427410275, local router ID is 128.223.51.103
 Status codes: s suppressed, d damped, h history, * valid,  best, i -
 internal,
  r RIB-failure, S Stale
 Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network  Next HopMetric LocPrf Weight Path
 *  64.111.96.0/19   208.74.64.40   0 19214 12989
 26347 i
 *  66.33.192.0/19   208.74.64.40   0 19214 12989
 26347 i
 *  67.205.0.0/18208.74.64.40   0 19214 12989
 26347 i
 *  69.163.128.0/17  208.74.64.40   0 19214 12989
 26347 i
 *  75.119.192.0/19  208.74.64.40   0 19214 12989
 26347 i
 *  173.236.128.0/17 208.74.64.40   0 19214 12989
 26347 i
 *  205.196.208.0/20 208.74.64.40   0 19214 12989
 26347 i
 *  208.97.128.0/18  208.74.64.40   0 19214 12989
 26347 i
 *  208.113.128.0/17 208.74.64.40   0 19214 12989
 26347 i
 *  208.113.200.0208.74.64.40   0 19214 12989
 26347 i
 
 
 
 Cheers,
 Andree
 
 
 

-- 
AS5580 - Atrato IP Networks

Re: Dreamhost hijacking my prefix...

[Kenneth McRae]

Yes, now that is possible (just no direct peering).  So that takes me back
to my original statement about not announcing the 150.182.208.0/20 prefix
to begin with.

Kenneth

On Fri, Jan 11, 2013 at 10:31 AM, Andree Toonk andree+na...@toonk.nlwrote:

 Hi Kenneth,

 .-- My secret spy satellite informs me that at 2013-01-11 8:54 AM
 Kenneth McRae wrote:
  Thanks for that info Andree.  The only valid peer I see on the list
  would be HE.  We do not peer with any of the others listed.

 Could it be these ASns receive your routes via an IX route-server?

 Below some examples that show a peering between 26347 and
 5580 as well as 12989

 5580 26347

 http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC031query=12arg=5580+26347

 12989 26347:

 http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC031query=12arg=12989+26347

 And route views:

 route-viewssh ip bgp regex 12989_26347
 BGP table version is 427410275, local router ID is 128.223.51.103
 Status codes: s suppressed, d damped, h history, * valid,  best, i -
 internal,
   r RIB-failure, S Stale
 Origin codes: i - IGP, e - EGP, ? - incomplete

Network  Next HopMetric LocPrf Weight Path
 *  64.111.96.0/19   208.74.64.40   0 19214 12989
 26347 i
 *  66.33.192.0/19   208.74.64.40   0 19214 12989
 26347 i
 *  67.205.0.0/18208.74.64.40   0 19214 12989
 26347 i
 *  69.163.128.0/17  208.74.64.40   0 19214 12989
 26347 i
 *  75.119.192.0/19  208.74.64.40   0 19214 12989
 26347 i
 *  173.236.128.0/17 208.74.64.40   0 19214 12989
 26347 i
 *  205.196.208.0/20 208.74.64.40   0 19214 12989
 26347 i
 *  208.97.128.0/18  208.74.64.40   0 19214 12989
 26347 i
 *  208.113.128.0/17 208.74.64.40   0 19214 12989
 26347 i
 *  208.113.200.0208.74.64.40   0 19214 12989
 26347 i



 Cheers,
  Andree

Re: Dreamhost hijacking my prefix...

[Andree Toonk]

.-- My secret spy satellite informs me that at 2013-01-11 10:44 AM
Kenneth McRae wrote:
 Yes, now that is possible (just no direct peering).  So that takes me
 back to my original statement about not announcing the 150.182.208.0/20
 http://150.182.208.0/20 prefix to begin with.

Here's some more data showing an announcement for
150.182.208.0/20 originated by 26347

http://www.ris.ripe.net/mt/rissearch-result.html?aspref=150.182.208.0%2F20preftype=EMATCHrrc_id=1000peer=ALLstartday=20130111starthour=00startmin=00startsec=00endday=20130111endhour=19endmin=16endsec=26outype=htmlsubmit=Search.submit=type

I can send you more data if you need it.
Just contact me off-list.

Cheers,
 Andree

Re: Dreamhost hijacking my prefix...

[Scott Weeks]

--- andree+na...@toonk.nl wrote:
From: Andree Toonk andree+na...@toonk.nl

Here's some more data showing an announcement for
150.182.208.0/20 originated by 26347

http://www.ris.ripe.net/mt/rissearch-result.html?aspref=150.182.208.0%2F20preftype=EMATCHrrc_id=1000peer=ALLstartday=20130111starthour=00startmin=00startsec=00endday=20130111endhour=19endmin=16endsec=26outype=htmlsubmit=Search.submit=type
-


RIPE needs to fix on their web site:

Please turn on the cookies on your browser to view this site.

It doesn't have to be this way...

scott

Re: OOB core router connectivity wish list

[William Herrin]

On Fri, Jan 11, 2013 at 1:26 PM, Jay Ashworth j...@baylink.com wrote:
 Oh, I dunno, Bill.  Sure there are lots more RSUs than there used to be,
 but at least it's not all *that* hard to tell if you're connected to one.

 Much easier than, say, finding out if both sides of your loop have been
 groomed into the same cable.

In the same sense that the number of real numbers is a larger infinity
than the number of integers. Best of luck with either mission.

Regards,
Bill Herrin

-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: OOB core router connectivity wish list

[Jay Ashworth]

- Original Message -
 From: William Herrin b...@herrin.us

 On Fri, Jan 11, 2013 at 1:26 PM, Jay Ashworth j...@baylink.com wrote:
  Oh, I dunno, Bill. Sure there are lots more RSUs than there used to be,
  but at least it's not all *that* hard to tell if you're connected to one.
 
  Much easier than, say, finding out if both sides of your loop have
  been groomed into the same cable.
 
 In the same sense that the number of real numbers is a larger infinity
 than the number of integers. Best of luck with either mission.

You are suggesting that it is *at all* difficult for a technically competent
end-user to determine whether a given new POTS line will go to a CO or to an 
RSU?

Really?

Do we work in *that different* corners of the world?

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth  Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

The Cidr Report

[cidr-report]

This report has been generated at Fri Jan 11 21:13:09 2013 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
04-01-13441064  252885
05-01-13441037  252521
06-01-13439953  252454
07-01-13439940  252796
08-01-13440013  253058
09-01-13440542  253131
10-01-13439993  253231
11-01-13440154  253575


AS Summary
 43122  Number of ASes in routing system
 17950  Number of ASes announcing only one prefix
  3109  Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
  115815136  Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 11Jan13 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 440568   253558   18701042.4%   All ASes

AS6389  3109  131 297895.8%   BELLSOUTH-NET-BLK -
   BellSouth.net Inc.
AS28573 2278   79 219996.5%   NET Servicos de Comunicao S.A.
AS17974 2484  454 203081.7%   TELKOMNET-AS2-AP PT
   Telekomunikasi Indonesia
AS4766  2952  938 201468.2%   KIXS-AS-KR Korea Telecom
AS22773 1956  188 176890.4%   ASN-CXA-ALL-CCI-22773-RDC -
   Cox Communications Inc.
AS18566 2081  423 165879.7%   COVAD - Covad Communications
   Co.
AS10620 2275  658 161771.1%   Telmex Colombia S.A.
AS7303  1674  398 127676.2%   Telecom Argentina S.A.
AS4323  1603  401 120275.0%   TWTC - tw telecom holdings,
   inc.
AS4755  1662  552 111066.8%   TATACOMM-AS TATA
   Communications formerly VSNL
   is Leading ISP
AS7029  2288 1277 101144.2%   WINDSTREAM - Windstream
   Communications Inc
AS2118  1052   53  99995.0%   RELCOM-AS OOO NPO Relcom
AS7552  1128  181  94784.0%   VIETEL-AS-AP Vietel
   Corporation
AS18101 1016  170  84683.3%   RELIANCE-COMMUNICATIONS-IN
   Reliance Communications
   Ltd.DAKC MUMBAI
AS8151  1551  709  84254.3%   Uninet S.A. de C.V.
AS1785  1945 1161  78440.3%   AS-PAETEC-NET - PaeTec
   Communications, Inc.
AS4808  1124  352  77268.7%   CHINA169-BJ CNCGROUP IP
   network China169 Beijing
   Province Network
AS13977  848  118  73086.1%   CTELCO - FAIRPOINT
   COMMUNICATIONS, INC.
AS7545  1823 1103  72039.5%   TPG-INTERNET-AP TPG Internet
   Pty Ltd
AS18881  750   35  71595.3%   Global Village Telecom
AS855719   52  66792.8%   CANET-ASN-4 - Bell Aliant
   Regional Communications, Inc.
AS17676  715   95  62086.7%   GIGAINFRA Softbank BB Corp.
AS3356  1113  504  60954.7%   LEVEL3 Level 3 Communications
AS24560 1037  434  60358.1%   AIRTELBROADBAND-AS-AP Bharti
   Airtel Ltd., Telemedia
   Services
AS22561 1043  445  59857.3%   DIGITAL-TELEPORT - Digital
   Teleport Inc.
AS19262 1001  405  59659.5%   VZGNI-TRANSIT - Verizon Online
   LLC
AS3549  1021  435  58657.4%   GBLX Global Crossing Ltd.
AS9808   606   36  57094.1%   CMNET-GD Guangdong Mobile
   Communication Co.Ltd.
AS36998  774  221  55371.4%   SDN-MOBITEL
AS22047  583   31  55294.7%   VTR BANDA ANCHA S.A.

Total  44211120393217272.8%   Top 30 total


Possible 

BGP Update Report

[cidr-report]

BGP Update Report
Interval: 03-Jan-13 -to- 10-Jan-13 (7 days)
Observation Point: BGP Peering with AS131072

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS982975137  4.5%  45.2 -- BSNL-NIB National Internet 
Backbone
 2 - AS755248042  2.9%  51.5 -- VIETEL-AS-AP Vietel Corporation
 3 - AS390940204  2.4%2680.3 -- QWEST-AS-3908 - Qwest 
Communications Company, LLC
 4 - AS48159   35237  2.1% 110.8 -- TIC-AS Telecommunication 
Infrastructure Company
 5 - AS840234442  2.1%  46.0 -- CORBINA-AS OJSC Vimpelcom
 6 - AS163729389  1.8% 337.8 -- DNIC-AS-01637 - Headquarters, 
USAISC
 7 - AS45528   27382  1.6%  39.9 -- TDN Tikona Digital Networks Pvt 
Ltd.
 8 - AS24560   17596  1.1%  18.6 -- AIRTELBROADBAND-AS-AP Bharti 
Airtel Ltd., Telemedia Services
 9 - AS19361   15978  1.0% 469.9 -- Atrium Telecomunicacoes Ltda
10 - AS29256   14327  0.9% 213.8 -- INT-PDN-STE-AS Syrian 
Telecommunications Establishment
11 - AS453814240  0.8%  28.2 -- ERX-CERNET-BKB China Education 
and Research Network Center
12 - AS413413926  0.8%  18.2 -- CHINANET-BACKBONE 
No.31,Jin-rong Street
13 - AS476613770  0.8%   6.3 -- KIXS-AS-KR Korea Telecom
14 - AS483713501  0.8%  22.5 -- CHINA169-BACKBONE CNCGROUP 
China169 Backbone
15 - AS44244   12762  0.8% 172.5 -- IRANCELL-AS Iran Cell Service 
and Communication Company
16 - AS462312418  0.7%4139.3 -- CHEVALIER-AS01 Chevalier 
(Internet) Limited autonomous system #1
17 - AS12880   11753  0.7%  73.0 -- DCI-AS Information Technology 
Company (ITC)
18 - AS702911620  0.7%   5.2 -- WINDSTREAM - Windstream 
Communications Inc
19 - AS28573   10851  0.7%  20.2 -- NET Servicos de Comunicao S.A.
20 - AS2697 9378  0.6% 110.3 -- ERX-ERNET-AS Education and 
Research Network


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS2033 7091  0.4%7091.0 -- PANIX - Panix Network 
Information Center
 2 - AS194064273  0.3%4273.0 -- TWRS-MA - Towerstream I, Inc.
 3 - AS462312418  0.7%4139.3 -- CHEVALIER-AS01 Chevalier 
(Internet) Limited autonomous system #1
 4 - AS579183491  0.2%3491.0 -- ACOD-AS ACOD CJSC
 5 - AS6174 5745  0.3%2872.5 -- SPRINTLINK8 - Sprint
 6 - AS390940204  2.4%2680.3 -- QWEST-AS-3908 - Qwest 
Communications Company, LLC
 7 - AS275944842  0.3%2421.0 -- UTSA - University of Texas at 
San Antonio
 8 - AS4748 7104  0.4%2368.0 -- RESOLINK-AS-AP Resources Link 
Network Limited
 9 - AS427056461  0.4%2153.7 -- TALIA Talia provides VSAT 
network and hosting services worldwide.
10 - AS9950 4049  0.2%2024.5 -- PUBNETPLUS2-AS-KR DACOM
11 - AS146804706  0.3%1568.7 -- REALE-6 - Auction.com
12 - AS172933422  0.2%1140.7 -- VTXC - VTX Communications
13 - AS11253 998  0.1% 998.0 -- BMWNYAS01 - BMW of Manahattan, 
Inc
14 - AS47316 942  0.1% 942.0 -- ENGINE-NETWORKS-AS Engine 
Networks S.R.L.
15 - AS28722 898  0.1% 898.0 -- ENERGETYKA-KALISKA-AS 
ENERGA-OPERATOR SA
16 - AS53700 835  0.1% 835.0 -- DRANGRID - DRAN Grid Networks, 
LLC
17 - AS33976 782  0.1% 782.0 -- AFTONBLADET-SE aftonbladet.se
18 - AS8382  623  0.0% 623.0 -- IRTEL-AS Irkutsk Central 
Telegraph autonomous system
19 - AS409311675  0.1% 558.3 -- MOBITV - MobiTV, Inc
20 - AS6197 1070  0.1% 535.0 -- BATI-ATL - BellSouth Network 
Solutions, Inc


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 151.118.255.0/24  13330  0.8%   AS3909  -- QWEST-AS-3908 - Qwest 
Communications Company, LLC
 2 - 151.118.254.0/24  13330  0.8%   AS3909  -- QWEST-AS-3908 - Qwest 
Communications Company, LLC
 3 - 151.118.18.0/24   13327  0.8%   AS3909  -- QWEST-AS-3908 - Qwest 
Communications Company, LLC
 4 - 209.48.168.0/247091  0.4%   AS2033  -- PANIX - Panix Network 
Information Center
 5 - 182.64.0.0/16  6552  0.4%   AS24560 -- AIRTELBROADBAND-AS-AP Bharti 
Airtel Ltd., Telemedia Services
 6 - 80.251.10.0/24 6455  0.4%   AS42705 -- TALIA Talia provides VSAT 
network and hosting services worldwide.
 7 - 2.187.202.0/24 6084  0.3%   AS48159 -- TIC-AS Telecommunication 
Infrastructure Company
 8 - 2.187.120.0/22 5975  0.3%   AS48159 -- TIC-AS Telecommunication 
Infrastructure Company
 9 - 2.181.0.0/16   5965  0.3%   AS12880 -- DCI-AS Information Technology 
Company (ITC)
10 - 178.251.210.0/24   5943  0.3%   AS48159 -- TIC-AS Telecommunication 
Infrastructure Company
11 - 178.251.209.0/24   5934  0.3%   AS48159 -- 

RE: Microsoft Product Activation server reachability

[Nathan Anderson]

TCP 80 is working fine now; wasn't last night, though.  In the past, my 
recollection is that ICMP ping to actual Microsoft IP space (not simply Akamai) 
would have simply been blackholed/dropped with no response, so seeing packet 
filtered come back + no response on any TCP ports made it seem like it could 
be an issue upstream of the actual server itself.

But I can now activate/reactivate products today, so all[1] is right with the 
world.

-- Nathan

[1] It's Friday and we are only a few days into 2013, so I'm trying to remain 
upbeat.

-Original Message-
From: Yang Yu [mailto:yang.yu.l...@gmail.com] 
Sent: Friday, January 11, 2013 9:13 AM
To: nanog@nanog.org
Subject: Re: Microsoft Product Activation server reachability

communication prohibited by filter is just an ICMP response code,
sadly Windows does not under it..
Type 3 (Destination unreachable)
Code 13 (Communication Administratively Prohibited - generated if a
router cannot forward a packet due to administrative filtering;)

ICMP echo request for this ip seems to be filtered by Microsoft. TCP
connection to port 80 is working fine.

tcping wpa.one.microsoft.com

Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms


Yang

On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson nath...@fsr.com wrote:

 So the ICMP message communication prohibited by filter must be a normal 
 response to ICMP ping through that gateway.

 Unfortunately, it's not completely fixed yet, but I'm guessing by this 
 measure of progress that they must be working on it.  I now get HTTP 403 in 
 response to any request I send to it.  Tried to reactive this copy of Windows 
 Server once more anyway, and now get Online activation cannot be completed 
 at this time. (Message number: 24579)  Before, it simply claimed I must not 
 have working internet connectivity.

 -- Nathan

 -Original Message-
 From: Scott Howard [mailto:sc...@doc.net.au]
 Sent: Thursday, January 10, 2013 10:55 PM
 To: Ben Carleton
 Cc: Nathan Anderson; nanog@nanog.org
 Subject: Re: Microsoft Product Activation server reachability

 Working now, tested from 3 hosts on different networks on both 80 and 443 :

 $ telnet wpa.one.microsoft.com 443
 Trying 94.245.126.107...
 Connected to wpa.one.microsoft.com.
 Escape character is '^]'.


   Scott



 On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote:


 - Original Message -
  From: Nathan Anderson nath...@fsr.com
  To: nanog@nanog.org nanog@nanog.org
  Sent: Thursday, January 10, 2013 11:24:16 PM
  Subject: Microsoft Product Activation server reachability
 
  Anybody else having a problem reaching (what appears to be) the sole
  Microsoft Product Activation server (wpa.one.microsoft.com)?
 
  $ ping wpa.one.microsoft.com
  PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes
  36 bytes from 213.199.189.41: Communication prohibited by filter
 
  I get this sourcing from our network, from ATT 3G, and from ye 
 residential
  DSL connection located in the greater Seattle area. They aren't 
 simply
  source-filtering. Either that or they are source-filtering for 
 0.0.0.0/0.
 
  This is apparently the only server/IP they have set up to respond 
 to these
  requests. wpa.one.microsoft.com resolves to that IP via every DNS 
 server
  I've tried (so no round-robin A records), Microsoft products that 
 need to
  activate over the internet only try to resolve that FQDN, and I've 
 looked
  for others without success (wpa.two.microsoft.com isn't valid, for 
 example).
 
  --
  Nathan Anderson
  First Step Internet, LLC
  nath...@fsr.com
 
 


 I am seeing the same from NYC metro. According to MS 
 (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to 
 that host on 80 and 443 is all that should be required to activate. (and 
 wpa.one.microsoft.com has no , go figure)

 [ben@razor ~]$ ping wpa.one.microsoft.com

 PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data.

 From 213.199.189.41 icmp_seq=2 Packet filtered
 ^C
 --- wpa.one.microsoft.com ping statistics ---
 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 
 5260ms

 [ben@razor ~]$ telnet wpa.one.microsoft.com 80
 Trying 94.245.126.107...
 ^C
 [ben@razor ~]$ telnet wpa.one.microsoft.com 443
 Trying 94.245.126.107...
 ^C

 -- Ben

Re: OOB core router connectivity wish list

[William Herrin]

On Fri, Jan 11, 2013 at 4:43 PM, Jay Ashworth j...@baylink.com wrote:
 You are suggesting that it is *at all* difficult for a technically competent
 end-user to determine whether a given new POTS line will go to a CO or to an 
 RSU?

Well, let me treat this as an opportunity to learn. How does one
arrange for a POTS line ordered from the telco to travel its own
dedicated copper pair all the way back to the central office building
if the the tech tells you he only built it from one of the local holes
in the ground?

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: OOB core router connectivity wish list

[Joel jaeggli]

On 1/11/13 02:44 , Nikolay Shopik wrote:
 Also getting POTS line in your pop sometimes get tricky. 2G/3G modems
 with cheap plans cost like 10$/month (dunno about US though), thats
 almost same as POTS line.

They don't generally have public IPs (that can be arranged). verizon 4G
cards have ipv6 now but cradlepoint routers for example don't support that.

I had reverse tunnel from one of our DC's over a 3/4g usb dongle that
had a measured availability of less than 50% which oddly I didn't
consider acceptable.

 On 10/01/13 20:18, William Herrin wrote:
 Dial up with PPP and then cross the ethernet? Drop off a cellular
 modem with IP service instead of a dialup modem? Perhaps you haven't
 noticed but IP over circuit-switched voice lines is giving way to
 voice over IP packet switched systems. That POTS line the dialup modem
 needs doesn't have a lot of future left.
 

Re: OOB core router connectivity wish list

[Walter Keen]

I work for a rural Telecom in northwest US. 


Typically when I hear statements like that, it's that the tech built (strung 
aerially, trenched through ground, or through buried conduit) from a pedestal 
or other copper splice point to the customer premise. 


I would only expect this to go to the nearest remote terminal, or central 
office if there is no remote terminal. In a lot of (rural) cases, there is no 
direct copper between most houses and the central office, instead they have to 
(in most cases, depending on what copper cabling is available you are only able 
to reach one remote) cable you to the closest remote that has equipment, where 
you are aggregated and back-hauled (typically via fiber, but sometimes by T1) 
to the central office. 


If someone wanted completely physical diversity, up to the point of the CO, you 
would have to ask (likely a few times, and possibly being escalated to an 
engineering department of sorts) if your new POTS line can be homed to a 
different remote, or directly to the CO, ideally on a different physical cable 
route, assuming your goal is backhoe diversity. 


For a business line, they may be willing to work with you on diversity 
requirements. 


About the only way to guess if you're connected to a RSU or directly to the CO, 
you would have to know where the CO is, guess the approximate copper distance 
to it (which may involve guessing the approximate path the cable goes) and then 
hook up some equipment to your POTS line that measures and estimates the 
distance of that copper pair. Then you can guess where you might be connected 
to. 




- Original Message -

From: William Herrin b...@herrin.us 
To: Jay Ashworth j...@baylink.com 
Cc: NANOG nanog@nanog.org 
Sent: Friday, January 11, 2013 2:30:48 PM 
Subject: Re: OOB core router connectivity wish list 

On Fri, Jan 11, 2013 at 4:43 PM, Jay Ashworth j...@baylink.com wrote: 
 You are suggesting that it is *at all* difficult for a technically competent 
 end-user to determine whether a given new POTS line will go to a CO or to an 
 RSU? 

Well, let me treat this as an opportunity to learn. How does one 
arrange for a POTS line ordered from the telco to travel its own 
dedicated copper pair all the way back to the central office building 
if the the tech tells you he only built it from one of the local holes 
in the ground? 

Regards, 
Bill Herrin 


-- 
William D. Herrin  her...@dirtside.com b...@herrin.us 
3005 Crane Dr. .. Web: http://bill.herrin.us/ 
Falls Church, VA 22042-3004 

Re: OOB core router connectivity wish list

[Jay Ashworth]

The issue wasn't diversity, it was is my POTS on Central Battery; sorry for 
the comparative red herring.
- jra

Walter Keen walter.k...@rainierconnect.net wrote:

I work for a rural Telecom in northwest US. 


Typically when I hear statements like that, it's that the tech built
(strung aerially, trenched through ground, or through buried conduit)
from a pedestal or other copper splice point to the customer premise. 


I would only expect this to go to the nearest remote terminal, or
central office if there is no remote terminal. In a lot of (rural)
cases, there is no direct copper between most houses and the central
office, instead they have to (in most cases, depending on what copper
cabling is available you are only able to reach one remote) cable you
to the closest remote that has equipment, where you are aggregated and
back-hauled (typically via fiber, but sometimes by T1) to the central
office. 


If someone wanted completely physical diversity, up to the point of the
CO, you would have to ask (likely a few times, and possibly being
escalated to an engineering department of sorts) if your new POTS line
can be homed to a different remote, or directly to the CO, ideally on a
different physical cable route, assuming your goal is backhoe
diversity. 


For a business line, they may be willing to work with you on diversity
requirements. 


About the only way to guess if you're connected to a RSU or directly to
the CO, you would have to know where the CO is, guess the approximate
copper distance to it (which may involve guessing the approximate path
the cable goes) and then hook up some equipment to your POTS line that
measures and estimates the distance of that copper pair. Then you can
guess where you might be connected to. 




- Original Message -

From: William Herrin b...@herrin.us 
To: Jay Ashworth j...@baylink.com 
Cc: NANOG nanog@nanog.org 
Sent: Friday, January 11, 2013 2:30:48 PM 
Subject: Re: OOB core router connectivity wish list 

On Fri, Jan 11, 2013 at 4:43 PM, Jay Ashworth j...@baylink.com wrote: 
 You are suggesting that it is *at all* difficult for a technically
competent 
 end-user to determine whether a given new POTS line will go to a CO
or to an RSU? 

Well, let me treat this as an opportunity to learn. How does one 
arrange for a POTS line ordered from the telco to travel its own 
dedicated copper pair all the way back to the central office building 
if the the tech tells you he only built it from one of the local holes 
in the ground? 

Regards, 
Bill Herrin 


-- 
William D. Herrin  her...@dirtside.com b...@herrin.us 
3005 Crane Dr. .. Web: http://bill.herrin.us/ 
Falls Church, VA 22042-3004 

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: OOB core router connectivity wish list

[Walter Keen]

In the US, any incumbent phone carrier (ILEC), is required to have POTS lines 
on a power infrastructure capable of sustaining at least an 8 hour interruption 
in commercial power, whether it's in a remote or central office. Most companies 
use batteries at remotes (and put portable generators out when needed) and have 
permanent generators at central offices 


I know this is not the exact wording, but in the US at least, it's required by 
the FCC. I can't remember if competitive local exchange carriers (CLEC) have 
the same requirements. 

Your local carrier may or may not be in compliance with having 
(battery/generator) there to sustain 8 hours of operation, and I doubt they 
would tell you details of their power systems. 




- Original Message -

From: Jay Ashworth j...@baylink.com 
To: Walter Keen walter.k...@rainierconnect.net, William Herrin 
b...@herrin.us 
Cc: NANOG nanog@nanog.org 
Sent: Friday, January 11, 2013 4:09:25 PM 
Subject: Re: OOB core router connectivity wish list 

The issue wasn't diversity, it was is my POTS on Central Battery; sorry for 
the comparative red herring. 
- jra 


Walter Keen walter.k...@rainierconnect.net wrote: 


I work for a rural Telecom in northwest US. 


Typically when I hear statements like that, it's that the tech built (strung 
aerially, trenched through ground, or through buried conduit) from a pedestal 
or other copper splice point to the customer premise. 


I would only expect this to go to the nearest remote terminal, or central 
office if there is no rem ote terminal. In a lot of (rural) cases, there is no 
direct copper between most houses and the central office, instead they have to 
(in most cases, depending on what copper cabling is available you are only able 
to reach one remote) cable you to the closest remote that has equipment, where 
you are aggregated and back-hauled (typically via fiber, but sometimes by T1) 
to the central office. 


If someone wanted completely physical diversity, up to the point of the CO, you 
would have to ask (likely a few times, and possibly being escalated to an 
engineering department of sorts) if your new POTS line can be homed to a 
different remote, or directly to the CO, ideally on a different physical cable 
route, assuming your goal is backhoe diversity. 


For a business line, they may be willing to work with you on diversity 
requirements. 


About the only way to guess if you're connected to a RSU or directly to the CO, 
you would have to know where the CO is, guess the approximate copper distance 
to it (which may involve guessing the approximate path the cable goes) and then 
hook up some equipment to your POTS line that measures and estimates the 
distance of that copper pair. Then you can guess where you might be connected 
to. 




- Original Message -

From: William Herrin b...@herrin.us 
 bTo: Jay Ashworth j...@baylink.com 
Cc: NANOG nanog@nanog.org 
Sent: Friday, January 11, 2013 2:30:48 PM 
Subject: Re: OOB core router connectivity wish list 

On Fri, Jan 11, 2013 at 4:43 PM, Jay Ashworth j...@baylink.com wrote: 
 You are suggesting that it is *at all* difficult for a technically competent 
 end-user to determine whether a given new POTS line will go to a CO or to an 
 RSU? 

Well, let me treat this as an opportunity to learn. How does one 
arrange for a POTS line ordered from the telco to travel its own 
dedicated copper pair all the way back to the central office building 
if the the tech tells you he only built it from one of the local holes 
in the ground? 

Regards, 
Bill Herrin 




-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity. 

Re: OOB core router connectivity wish list

[Jay Ashworth]

A POTS circuit necessarily terminates on a piece of gear with a specific CLLI, 
generally discernable at order time.

What that gear will be, and if it's in a CO with a real battery plant is also 
known in advance.

And, to tie it back on topic, the odds of a core router being in a place where 
its serving switch is /not/ a real CO are, I speculate, comfortably below 10%.

- jra

William Herrin b...@herrin.us wrote:

On Fri, Jan 11, 2013 at 4:43 PM, Jay Ashworth j...@baylink.com wrote:
 You are suggesting that it is *at all* difficult for a technically
competent
 end-user to determine whether a given new POTS line will go to a CO
or to an RSU?

Well, let me treat this as an opportunity to learn. How does one
arrange for a POTS line ordered from the telco to travel its own
dedicated copper pair all the way back to the central office building
if the the tech tells you he only built it from one of the local holes
in the ground?

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: OOB core router connectivity wish list

[Jay Ashworth]

Sure.  I assume it on real wire centers, I don't on RSUs or carrier.  Luckily 
it's easy to tell which is which, in most cases.

Walter Keen walter.k...@rainierconnect.net wrote:

In the US, any incumbent phone carrier (ILEC), is required to have POTS
lines on a power infrastructure capable of sustaining at least an 8
hour interruption in commercial power, whether it's in a remote or
central office. Most companies use batteries at remotes (and put
portable generators out when needed) and have permanent generators at
central offices 


I know this is not the exact wording, but in the US at least, it's
required by the FCC. I can't remember if competitive local exchange
carriers (CLEC) have the same requirements. 

Your local carrier may or may not be in compliance with having
(battery/generator) there to sustain 8 hours of operation, and I doubt
they would tell you details of their power systems. 




- Original Message -

From: Jay Ashworth j...@baylink.com 
To: Walter Keen walter.k...@rainierconnect.net, William Herrin
b...@herrin.us 
Cc: NANOG nanog@nanog.org 
Sent: Friday, January 11, 2013 4:09:25 PM 
Subject: Re: OOB core router connectivity wish list 

The issue wasn't diversity, it was is my POTS on Central Battery;
sorry for the comparative red herring. 
- jra 


Walter Keen walter.k...@rainierconnect.net wrote: 


I work for a rural Telecom in northwest US. 


Typically when I hear statements like that, it's that the tech built
(strung aerially, trenched through ground, or through buried conduit)
from a pedestal or other copper splice point to the customer premise. 


I would only expect this to go to the nearest remote terminal, or
central office if there is no rem ote terminal. In a lot of (rural)
cases, there is no direct copper between most houses and the central
office, instead they have to (in most cases, depending on what copper
cabling is available you are only able to reach one remote) cable you
to the closest remote that has equipment, where you are aggregated and
back-hauled (typically via fiber, but sometimes by T1) to the central
office. 


If someone wanted completely physical diversity, up to the point of the
CO, you would have to ask (likely a few times, and possibly being
escalated to an engineering department of sorts) if your new POTS line
can be homed to a different remote, or directly to the CO, ideally on a
different physical cable route, assuming your goal is backhoe
diversity. 


For a business line, they may be willing to work with you on diversity
requirements. 


About the only way to guess if you're connected to a RSU or directly to
the CO, you would have to know where the CO is, guess the approximate
copper distance to it (which may involve guessing the approximate path
the cable goes) and then hook up some equipment to your POTS line that
measures and estimates the distance of that copper pair. Then you can
guess where you might be connected to. 




- Original Message -

From: William Herrin b...@herrin.us 
 bTo: Jay Ashworth j...@baylink.com 
Cc: NANOG nanog@nanog.org 
Sent: Friday, January 11, 2013 2:30:48 PM 
Subject: Re: OOB core router connectivity wish list 

On Fri, Jan 11, 2013 at 4:43 PM, Jay Ashworth j...@baylink.com wrote: 
 You are suggesting that it is *at all* difficult for a technically
competent 
 end-user to determine whether a given new POTS line will go to a CO
or to an RSU? 

Well, let me treat this as an opportunity to learn. How does one 
arrange for a POTS line ordered from the telco to travel its own 
dedicated copper pair all the way back to the central office building 
if the the tech tells you he only built it from one of the local holes 
in the ground? 

Regards, 
Bill Herrin 




-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity. 

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: OOB core router connectivity wish list

[William Herrin]

On Fri, Jan 11, 2013 at 7:09 PM, Jay Ashworth j...@baylink.com wrote:
 The issue wasn't diversity, it was is my POTS on Central Battery; sorry
 for the comparative red herring.

The issue was: is my POTS going to survive an extended regional power
outage that my cellular/DSL/cable modem doesn't, making it a superior
OOB channel to something purely IP based during difficult conditions.
A central office line will be backed by the CO's generator. An RSU
line won't be, so it may give out during the outage. Could be a couple
hours later but it'll still run out of power. And you don't have a
whole lot of choice about which one you get.

That's one reliability measure.

Another reliability measure is testability: can you easily monitor
whether your POTS-based OOB is operational or do you discover that Bob
in accounting failed to pay the bill only when you actually need it?
What about your IP-based OOB? Same? Different?

Regards,
Bill Herrin

-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Question about DOCSIS DHCP vs ARP

[Jean-Francois Mezei]

In the old days of DOCSIS, I was able, during failures of DHCP (for
various reasons) to self assign a nearby IP address in the same subnet
and this worked fine as long as that IP wasn't being used by someone
else at the time.

While this was done to cope with some failures or bad policy at the
cable company with no ill intent, I realise that I could have used this
technique to do bad stuff on the internet with DHCP logs pointing to
some neighbour (or poiting to nothing).

Has this loophole been plugged with the advent of DOCSIS2 and now
DOCSYS3 software ? Or is DHCP still just a suggestion of what IP to
use, with ARP being the authoritative mechanism used by the CMTS to know
the MAC address associated with an IP address ?

If this has been solved, at what level was it done ? is it the DOCSYS
modem that sets up a filter based on a DHCP response to only let traffic
from the assigned IP address through ?  Or would it be done at the
CMTS (again based on the DHCP response being recorded) ?


I ask this in the context of the law where one party tries to sue
another based on IP address (such as Voltage Pictures suing thousands of
IP addresses). If B can use the IP address that DHCP assigned to A and A
gets sued, it becomes rather difficult to prove.

Re: Question about DOCSIS DHCP vs ARP

[Jean-Francois Mezei]

On 13-01-11 19:59, Karl Brumund wrote:
 JF,
 
 Long ago been fixed. Look at Cisco CMTS config documentation, particularly 
 cable-source-verify.

Many thanks. In particular, you need cable-source-verify dhcp to
prevent self assigned IPs that are unused by neighbours.

Is this something that is now basically a default for all cable
operators ? Or does this command add sufficient load to the CMTS that
some cable operators choose to not use it for performance purposes ?


What happens when a CMTS reboots and has an enpty database of DHCP
leases ? Does it then query the DHCP server for every IP/MAC it sees
that it doesn't yet know about ?

[NANOG-announce] NANOG 57 Update

[Betty Burke be...@nanog.org]

Colleagues:

I write to share a few NANOG
57http://www.nanog.org/meetings/nanog57/index.html,
February 4-5, 2013, meeting updates with you.

The NANOG Program Committee, once again, delivered a NANOG program full of
great content.  The NANOG 57
agendahttp://www.nanog.org/meetings/nanog57/agenda.php will
continue to be updated and complete links will be in place shortly.  The
new NANOG Monday, Tuesday, Wednesday program is now in place.

If you have not yet secured your room, do not delay.  The Renaissance
Orlando at Seaworld, *NANOG
blockhttps://resweb.passkey.com/Resweb.do?mode=welcome_gi_newgroupID=10487120
Group
Rate Expires Saturday, January 19, 2013.*

Register today, and take advantage of registration fee savings.  *The
current registration rate will expire on Friday, January 18, 2013.*  You
can register, manage your registration, and retrieve receipts from the NANOG
portal (ARO) http://nanog.org/login.
To create a new account, or recover your password, click
herehttps://secretariat.nanog.org/ibin/c5i?rid=48
.

Be sure to Join NANOG http://www.nanog.org/membership_main.html today and
receive a $25 discount on standard registration fees for any NANOG
conference as well as  have a voice in guiding future NANOG activities.

Lastly, a few NANOG 57 Sponsorship
opportunitieshttp://www.nanog.org/sponsors/sponsor_opportunities.htmlremain.
Send a note to
market...@nanog.org and secure your sponsorship.

I look forward to seeing many of you in sunny Orlando in February 2013!

Should you have any questions, please send them along to
nanog-supp...@nanog.org.

All best.
Betty

-
Betty Burke
NANOG Executive Director
48377 Fremont Boulevard, Suite 117
Fremont, CA 94538
Tel: +1 510 492 4030
www.nanog.org
___
NANOG-announce mailing list
nanog-annou...@mailman.nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: OOB core router connectivity wish list

[Nikolay Shopik]

On 12.01.2013 3:44, Joel jaeggli wrote:
 On 1/11/13 02:44 , Nikolay Shopik wrote:
 Also getting POTS line in your pop sometimes get tricky. 2G/3G modems
 with cheap plans cost like 10$/month (dunno about US though), thats
 almost same as POTS line.
 
 They don't generally have public IPs (that can be arranged). verizon 4G
 cards have ipv6 now but cradlepoint routers for example don't support that.

Sure, I forgetting this, on 2G/3G modems this just cost additional
4$/month. Otherwise reverse tunnel as you saying. One of 4G operators
here is just giving away internet free for now but only 64Kbits, you
only need modem. But you know coverage outside city not that great
(almost non-existent)

 
 I had reverse tunnel from one of our DC's over a 3/4g usb dongle that
 had a measured availability of less than 50% which oddly I didn't
 consider acceptable.

How is that possible?

 
 On 10/01/13 20:18, William Herrin wrote:
 Dial up with PPP and then cross the ethernet? Drop off a cellular
 modem with IP service instead of a dialup modem? Perhaps you haven't
 noticed but IP over circuit-switched voice lines is giving way to
 voice over IP packet switched systems. That POTS line the dialup modem
 needs doesn't have a lot of future left.