Re: IPV6 in enterprise best practices/white papaers
Subject: Re: IPV6 in enterprise best practices/white papaers Date: Mon, Jan 28, 2013 at 08:45:39PM +0400 Quoting Mukom Akong T. (mukom.ta...@gmail.com): On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.netwrote: I thought about running pure IPv6 inside and do 6to4, but it's too much of a headache, Does an L2 switch really care about IPv6? (except for stuff like DHCPv6 snooping, etc?) For management it does care. NO ipv4 is NO ipv4. As in not even management addresses. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Will the third world war keep Bosom Buddies off the air? signature.asc Description: Digital signature
Re: IPV6 in enterprise best practices/white papaers
On Tue, 2013-01-29 at 09:37 +0100, Måns Nilsson wrote: Subject: Re: IPV6 in enterprise best practices/white papaers Date: Mon, Jan 28, 2013 at 08:45:39PM +0400 Quoting Mukom Akong T. (mukom.ta...@gmail.com): On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.netwrote: Does an L2 switch really care about IPv6? (except for stuff like DHCPv6 snooping, etc?) For management it does care. NO ipv4 is NO ipv4. As in not even management addresses. Also, if a switch does not do MLD snooping, it will flood multicast to all ports. You lose one of the major benefits of IPv6 multicast - less admin traffic. You need to spec new switches with IPv6 capability. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
switch 10G standalone TOR, core to DC
Hello, I looking some 10G switches, it should work as TOR or core in DC. It should have more than 40 port 10G in one unit, wirespeed L2 L3, with virtual routers and some other ip functions like some BGP, OSPF, policy routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ? Other important features are big port buffers ( something similar to Juniper EX8200 - 512 MB per slot), defined counters accessible via snmp (like in junos), L3 statistics accessible via snmp Extreme 670 looks good but they have small port buffers. It can be also some small chassis with line cards but the cost per 10G ports is too big.. What vendor, model You prefer or suggest as a solution ? thanks for help best, Peter
Re: switch 10G standalone TOR, core to DC
On 29/01/2013 11:27, Piotr wrote: Extreme 670 looks good but they have small port buffers. It can be also some small chassis with line cards but the cost per 10G ports is too big.. the extreme x670, juniper ex4550, brocade ICX6550 and arista 7150 will most of this, and probably many others too. None of them will do trill. The Extreme X670 and Juniper EX4550 will both do VPLS, though. The X670 won't do BGP. You won't find a box of this form with large port buffers. There don't appear to be any of these boxes on the market at the moment, probably because none of the switch vendors want to bite the bottom out of their more lucrative chassis-based switches. This is a good market opening for a new vendor - there is no technical reason why this couldn't be done. Nick
Fwd: Re: switch 10G standalone TOR, core to DC
a...@shady.org replied: Subject: Re: switch 10G standalone TOR, core to DC Date: Tue, 29 Jan 2013 12:25:57 + From: andy a...@shady.org To: Nick Hilliard n...@foobar.org CC: Piotr piotr.1...@interia.pl, nanog@nanog.org Force10's S4810 isnt bad, we use these for a 10G 48 port box that doesnt require Ultra Low latency. http://www.scribd.com/doc/90301756/Dell-Force10-S4810-Spec-Sheet Supports TRILL in some way too, Ive not had any major issues with this box, 1 or 2 bugs, but force10 (now dell) seem quick to fix these. They also have the Z9000 series, Ive not looked at this, but it might be worth having a quick look and see if it fits. on the rest, what nick said. :) On Tue, Jan 29, 2013 at 11:58:14AM +, Nick Hilliard wrote: On 29/01/2013 11:27, Piotr wrote: Extreme 670 looks good but they have small port buffers. It can be also some small chassis with line cards but the cost per 10G ports is too big.. the extreme x670, juniper ex4550, brocade ICX6550 and arista 7150 will most of this, and probably many others too. None of them will do trill. The Extreme X670 and Juniper EX4550 will both do VPLS, though. The X670 won't do BGP. You won't find a box of this form with large port buffers. There don't appear to be any of these boxes on the market at the moment, probably because none of the switch vendors want to bite the bottom out of their more lucrative chassis-based switches. This is a good market opening for a new vendor - there is no technical reason why this couldn't be done. Nick -- andya...@shady.org --- Never argue with an idiot. They drag you down to their level, then beat you with experience. JNCIE #742 ---
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/13 1:20 AM, Rob McEwen wrote: [...] the US Federal government: (A) ...cannot do a darn thing without MASSIVE graft corruption... plus massive overruns in costs... including a HEAVY dose of crony capitalism where, often, the companies who get the contracts are the ones who pad the wallets of the politicians in charge. [...] Ummm, this isn't true. As all of us old enough to remember know, the ILECs promised that with *REDUCED* regulation they'd roll out universal broadband IFF they were given the revenues from DSL -- putting the CLECs and small ISPs out of the broadband business. The graft and corruption was in *private* industry, not the Federal government, due to lack of regulation and oversight. (B) In the US, we have this thing called the 4th amendment which ensures a certain level of freedom and civil liberties and privacy. Unfortunately, 4th amendment rights essentially disappear if the US Federal government owns and operates broadband access. [...] No, this isn't true either. The 4th Amendment applies to the US government. What happened is the end-around allowing *private* industry to collect personal data and infringe civil liberties. That should not happen with direct US government ownership. It could be a boon to civil liberties. (C) This allows them to do what the FCC ACTIVELY trying to do recently, but hasn't yet found a way. [...] Here is an article written by 8 former FCC chairmen about the Disclose Act: http://online.wsj.com/article/SB10001424052748703460404575244772070710374.html ...can any sane person read that article... and then trust the US Federal Gov't motives with owning/operating vast amounts of Broadband? Ummm, none of these were on the FCC. Some were on the stacked Republican F*E*C. And nobody trusts Spakovsky, the architect of voter caging, purges, and suppression -- who was (as we now know) illegally recess appointed to the FEC, and whose nomination was withdrawn after disclosure of conflict of interest and the resignation of half the Justice Department voter section staff! Finally, while I've witnessed incompetence amongst certain unnamed baby bells, there ARE... MANY... bright spots in Internet connectivity. Frankly, we're spoiled by our successes. And the worst of the baby bells, like all baby bells, do NOT have a monopoly. [...] You seem to be living in an alternate universe. Those of us who actually owned an ISP know the ILEC oligopolies well. The one bright spot, Google Fiber, does help Internet connectivity, but doesn't help ISPs. And this is the list for operators.
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/2013 7:43 AM, William Allen Simpson wrote: The graft and corruption was in *private* industry, not the Federal government, due to lack of regulation and oversight. I never said there wasn't graft and corruption in private industry... but that is anecdotal... hit and miss. In contrast, graft and corruption in the Federal Government is widespread and rampant. Finding one example of graft and corruption in private industry is a silly way to try to disprove my point. (B) In the US, we have this thing called the 4th amendment which ensures a certain level of freedom and civil liberties and privacy. Unfortunately, 4th amendment rights essentially disappear if the US Federal government owns and operates broadband access. [...] No, this isn't true either. The 4th Amendment applies to the US government. What happened is the end-around allowing *private* industry to collect personal data and infringe civil liberties. That should not happen with direct US government ownership. It could be a boon to civil liberties. (A) If XYZ ISP gets frisky with my data, I can vote with my wallet to another ISP. (B) Furthermore, the Federal Government DOES make an excellent watchdog for policing privacy violations by ISPs... that is, IF they are on the field as referee, and NOT as another player. Plus, them NOT being another player helps them maintain impartiality as their role as referee. (there are ALREADY examples of their role as referee being compromised in the auto industry.. where Government Motors got a break on a certain law, but Honda was slammed hard over the SAME law!) Also, if the Federal Government owns/operates broadband, then there is a high likelihood that their operation is subsidized to a point where it becomes extremely difficult for a private business to compete against them--as happens in area areas where the Federal Government stepped out into the field as player. gravity then pulls the Federal Government into a monopoly position... then, after that happens, if THEY get frisky with my data, the ISPs I would have voted for with my wallet... no longer exist. (C) The fact that the Internet is a series of PRIVATE networks... NOT owned/operated by the Feds... is a large reason why the 4th amendment provides such protections... it becomes somewhat of a firewall of protection against Federal gov't trampling of civil liberties... but if they own the network, then that opens up many doors for them. (D) Finally, the potential damage/intrusion/civil-liberties-violations that can happen from the Feds owning/operating broadband vastly surpasses what generally occurs in the worst-case-instances of private ISPs going too far in selling data to make a buck. There is no comparison. Last I checked, my ISP doesn't have the authority to throw me in jail... or audit my taxes... doesn't control the FBI or ATF, etc. The Federal government has the police state powers to throw me in jail. An ISP cannot. Not that I'm a lawbreaker with things to fear... but there is this really smart guy who wrote a book called Three Felonies A Day: How the Feds Target the Innocent... it basically details how there are so many ridiculous laws on the books that nobody follow (or even know about)... that if the Feds want to make an example out of someone or some business, they can ALWAYS find SOMETHING. Even in fortune 500 companies... if one of them decides to get real serious and follow ALL such laws to a T... then they go out of business because their overhead costs soar beyond their direct competitors, who are then able to sell more products/services at a higher profit. My sister used to work for GE... and she said they had this phrase there called substantial compliance with Federal Laws. They couldn't be totally compliant or they'd go out of business. Ummm, none of these were on the FCC. Some were on the stacked Republican F*E*C. And nobody trusts Spakovsky, the architect of voter caging, purges, and suppression -- who was (as we now know) illegally recess appointed to the FEC, and whose nomination was withdrawn after disclosure of conflict of interest and the resignation of half the Justice Department voter section staff! I think you've gone off topic here. The bottom line is that the FCC of the past few years has TRIED to make a crusade out of supposedly protecting us against those meany ISPs' allegedly unfair bandwidth allocation practices... with their proposed solution of net neutrality... but, in reality, net neutrality is really just a Federal Government power grab where they can then trample the 4th amendment. Why would they do that? Because the current administration is crawling with statist thugs, that is why. They can't help themselves. it is in their blood. (notice that I'm NOT defending the Republican administration FCC, nor do I care to. Your example is besides the point and not relevant to this conversation. But the attempted net neutrality power grab is relevant. Notice ALSO that neither
RE: switch 10G standalone TOR, core to DC
We use IBM networking (used to be BLADE networks) Rackswitch 8264. They will do TRILL, and have multi-chassis link aggregation, they call vLAG. We use this for cross datacenter aggregation. They do have the L3 features you are looking for and BGP as a possibility, but no full tables. It is a cut-through switch (although this can be toggled in software to store and forward in later switch os). I believe, although I can't find the doc where I read this at the moment, the packet buffer is 2G, but shared among ports. Enterasys S-Series is also an option, but the 10G port densities are much lower. S-Series has large packet buffers, chassis bonding, and L3 features (some modules support full bgp tables).
Re: switch 10G standalone TOR, core to DC
although everyone here seems to hold Cisco in contempt, the Nexux 5548 is a rock-solid switch - at least that has been my experience with it. On Tue, Jan 29, 2013 at 6:27 AM, Piotr piotr.1...@interia.pl wrote: Hello, I looking some 10G switches, it should work as TOR or core in DC. It should have more than 40 port 10G in one unit, wirespeed L2 L3, with virtual routers and some other ip functions like some BGP, OSPF, policy routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ? Other important features are big port buffers ( something similar to Juniper EX8200 - 512 MB per slot), defined counters accessible via snmp (like in junos), L3 statistics accessible via snmp Extreme 670 looks good but they have small port buffers. It can be also some small chassis with line cards but the cost per 10G ports is too big.. What vendor, model You prefer or suggest as a solution ? thanks for help best, Peter -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy
Re: IPV6 in enterprise best practices/white papaers
- Original Message - From: Doug Barton do...@dougbarton.us On 1/28/2013 6:23 AM, Jay Ashworth wrote: To paraphrase Guy L Steele: If we are this far on into the new IPv6 world and that question is not one which can be answered by a link on the first page of ghits for 'implementing IPv6', then the IPv6 people have blown it badly. Can you show me the equivalent link for I want to implement IPv4 on my network? IPv4 is mature enough that for small to medium sized networks, the answer is you plug everything in. My appraisal of v6 is that it's an order of magnitude (or two) more complex than that, both in 'attack' surface and interoperability issues. But, I suppose, it took me a couple years to really learn IPv4 well. That said, *having* learned IPv4 relatively well, I remain surprised that there's as much additional (perceived) complexity in v6. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: switch 10G standalone TOR, core to DC
Hi, I do suggest you go over EN offering with a fine tooth comb. We experienced a whole lot of issues with 6 x650: . from hardware licensing (start at shipping from the fab and not when the customers get them); . software licensing (have to license every box even the ones in the labs); . known eeprom defect limiting upgrade from XOS 12 to 15; . 1 vlan-translation causing all sort of head-aches with port-grouping (ether-channel); . EAPS packets being silently filtered out of VMAN's when you do not use the Core license; ( Undocumented and that is not acceptable when trying to transport customers owns EAPS traffic on their VLAN's ) . no VLAN flapping logging; Don't get me wrong, they are good campus switches... just not designed for our L2 Core purposes. And the Licensing is just an exercise in frustration. I can understand the business purpose, just not the way they go about doing it. As for L3 support, it is fine: . include IP tracking in VRRP with is a plus for us . Virtual Routers We don't need them for BGP and we do not have a MPLS network yet. As for the x670, maybe most of the hardware issue has been addressed, but I doubt the licensing and undocumented limitations is better. PS: We're using them (x650), and are planning to keep using/recommending EN products, but it did cost us a lot of man hours and un-planned crashes that could have been prevented with better documentation and support. Good luck with your project =D - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 01/29/13 06:27, Piotr wrote: Hello, I looking some 10G switches, it should work as TOR or core in DC. It should have more than 40 port 10G in one unit, wirespeed L2 L3, with virtual routers and some other ip functions like some BGP, OSPF, policy routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ? Other important features are big port buffers ( something similar to Juniper EX8200 - 512 MB per slot), defined counters accessible via snmp (like in junos), L3 statistics accessible via snmp Extreme 670 looks good but they have small port buffers. It can be also some small chassis with line cards but the cost per 10G ports is too big.. What vendor, model You prefer or suggest as a solution ? thanks for help best, Peter
Muni network ownership and the Fourth
- Original Message - From: Rob McEwen r...@invaluement.com (C) The fact that the Internet is a series of PRIVATE networks... NOT owned/operated by the Feds... is a large reason why the 4th amendment provides such protections... it becomes somewhat of a firewall of protection against Federal gov't trampling of civil liberties... but if they own the network, then that opens up many doors for them. Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Muni network ownership and the Fourth
On 1/29/2013 7:59 AM, Jay Ashworth wrote: - Original Message - From: Rob McEwen r...@invaluement.com (C) The fact that the Internet is a series of PRIVATE networks... NOT owned/operated by the Feds... is a large reason why the 4th amendment provides such protections... it becomes somewhat of a firewall of protection against Federal gov't trampling of civil liberties... but if they own the network, then that opens up many doors for them. Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? The challenge, here, is a classic 'natural monopoly' concern/argument. I don't know the right answer, here, but I think the frame for discussing it has a long history. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/13 7:43 AM, William Allen Simpson wrote: On 1/29/13 1:20 AM, Rob McEwen wrote: [...] the US Federal government: (A) ...cannot do a darn thing without MASSIVE graft corruption... plus massive overruns in costs... including a HEAVY dose of crony capitalism where, often, the companies who get the contracts are the ones who pad the wallets of the politicians in charge. [...] Ummm, this isn't true. As all of us old enough to remember know, the ILECs promised that with *REDUCED* regulation they'd roll out universal broadband IFF they were given the revenues from DSL -- putting the CLECs and small ISPs out of the broadband business. The graft and corruption was in *private* industry, not the Federal government, due to lack of regulation and oversight. The other big problem with putting the government in charge is that it creates too 'big' of a project. Every large contractor wants a piece of it, every vendor wants a part, and the end result is a specification that is expensive and difficult to build. Then the bidding process to build/supply it starts and takes 3 years plus the 5 years for the lawsuits from everyone who didn't win. By now the specification is well out of date but we start building it anyway. Yeah - it's built. But we need to upgrade it Repeat the above. Don't believe it? Take a look at a much smaller Federal system - Air Traffic Control and the attempts to upgrade that system. Why would Federal Internet be any different? -- Mark Radabaugh Amplex m...@amplex.net 419.837.5015
Re: Looking for success stories in Qwest/Centurylink land
On Tue, 29 Jan 2013 01:20:25 -0500, Rob McEwen said: The market will eventually sort this out... and in many cases already has! Meanwhile, Amtrack and the Post Office show no signs of ever making it without their MASSIVE taxpayer subsidies. I can't speak to Amtrack, but a large part of the Post Office's current difficulties is that Congress forced them to pre-fund pensions - which is nothing unusual. Most places are required to pay in now for their current employees so their pensions will be funded when they retire. What's different about the Post Office is that they're required to pre-fund for 75 years. Yes, you read that right - they need to pay in *now* for the pension fund of mail carriers who won't even be born for another decade. Education continues to not know where billions of dollars goes each year... Yet, in contrast, Enron execs in are jail and Enron is no longer in existence So where are all the arrests and convictions for the mortgage games and other Wall Street malfeasance that led to the financial crisis of 2008? Seems that was a tad more egregious than anything Enron did, so there should have been more arrests and convictions? pgppnl5_6t2mX.pgp Description: PGP signature
Re: Muni network ownership and the Fourth
On 1/29/2013 10:59 AM, Jay Ashworth wrote: From: Rob McEwen r...@invaluement.com (C) The fact that the Internet is a series of PRIVATE networks... NOT owned/operated by the Feds... is a large reason why the 4th amendment provides such protections... it becomes somewhat of a firewall of protection against Federal gov't trampling of civil liberties... but if they own the network, then that opens up many doors for them. Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? Good question. Here is another thing to consider regarding SOME muni network... (at least where private citizens/businesses subscribe to that network) When any government entity desires log files from an ISP, and if that ISP is very protective of their customer's privacy and civil liberties, then the ISP typically ONLY complies with the request if there is a proper court order, granted by a judge, after probable cause of some kind of crime has been established, where they are not on a fishing expedition. But, in contrast, if the city government owns the network, it seems like a police detective contacting his fellow city employee in the IT department could easily circumvent the civil liberties protections. Moreover, there is an argument that the ISP being stingy with such data causes them to be heros to the public, and they gain DESIRED press and attention when they refuse to comply with such requests without a court order. In contrast, the city's IT staff and the police detective BOTH share the SAME boss's boss's boss. The IT guy won't get a pat on the back for making life difficult for the police department. He'll just silently lose his job eventually, or get passed up for a promotion. The motivation will be on him to PLEASE his fellow city employees, possibly at the expense of our civil liberties. PS - of course, no problems here if the quest to gain information involves a muni network that is only used by city employees. PPS - then again, maybe my log file example doesn't apply to the particular implementation that Jay described? Regardless, it DOES apply to various government implementations of broadband service. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Muni network ownership and the Fourth
- Original Message - From: Rob McEwen r...@invaluement.com When any government entity desires log files from an ISP, and if that ISP is very protective of their customer's privacy and civil liberties, then the ISP typically ONLY complies with the request if there is a proper court order, granted by a judge, after probable cause of some kind of crime has been established, where they are not on a fishing expedition. But, in contrast, if the city government owns the network, it seems like a police detective contacting his fellow city employee in the IT department could easily circumvent the civil liberties protections. Moreover, there is an argument that the ISP being stingy with such data causes them to be heros to the public, and they gain DESIRED press and attention when they refuse to comply with such requests without a court order. In contrast, the city's IT staff and the police detective BOTH share the SAME boss's boss's boss. The IT guy won't get a pat on the back for making life difficult for the police department. He'll just silently lose his job eventually, or get passed up for a promotion. The motivation will be on him to PLEASE his fellow city employees, possibly at the expense of our civil liberties. PS - of course, no problems here if the quest to gain information involves a muni network that is only used by city employees. PPS - then again, maybe my log file example doesn't apply to the particular implementation that Jay described? Regardless, it DOES apply to various government implementations of broadband service. It would, if I were talking about a situation where the muni *was the ISP*, supplying layer 3+ services. I'm not. I'm purposefully only talking about layer 1 service (where the residents contract with an ISP client of the muni, and that client supplies an ONT and takes an optical handoff) or, my preferred approach, a layer 2 service (where the muni supplies the ONT and the ISP client of the muni takes an aggregated Ethernet handoff (probably 10G fiber, possibly trunked). (Actually, my approach if I was building it would be Layer 2 unless the resident wants a Layer 1 connection to {a properly provisioned ISP,some other location of theirs}. Best of both worlds.) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Muni network ownership and the Fourth
In a message written on Tue, Jan 29, 2013 at 10:59:31AM -0500, Jay Ashworth wrote: Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? I don't, but I'd like to point out here that I've long believed both sides of the muni-network argument are right, and that we the people are losing the baby with the bath water. I am a big proponent of muni-owned dark fiber networks. I want to be 100% clear about what I advocate here: - Muni-owned MMR space, fiber only, no active equipment allowed. A big cross connect room, where the muni-fiber ends and providers are all allowed to colocate their fiber term on non-discriminatory terms. Large munis will need more than one, no run from a particular MMR to a home should exceed 9km, allowing the providers to be within 1km of the MMR and still use 10km optics. - 4-6 strands per home, home run back to the muni-owned MMR space. No splitters, WDM, etc, home run glass. Terminating on an optical handoff inside the home. - Fiber leased per month, per pair, on a cost recovery basis (to include an estimate of OM over time), same price to all players. I do NOT advocate that munis ever run anything on top of the fiber. No IP, no TV, no telephone, not even teleporters in the future. Service Providers of all types can drop a large count fiber from their POP to the muni-owned MMR, request individual customers be connected, and then provide them with any sort of service they like over that fiber pair, single play, double play, triple play, whatever. See, the Comcast's and ATT of the world are right that governments shouldn't be ISP's, that should be left to the private sector. I want a choice of ISP's offering different services, not a single monopoly. In this case the technology can provide that, so it should be available. At the same time, it is very ineffecient to require each provider to build to every house. Not only is it a large capital cost and barrier to entry of new players, but no one wants roads and yards dug up over and over again. Reducing down to one player building the physical in the ground part saves money and saves disruption. Regarding your 4th amendment concerns, almost all the data the government wants is with the Service Provider in my model, same as today. They can't find out who you called last week without going to the CDR or having a tap on every like 24x7 which is not cost effective. Could a muni still optically tap a fiber in this case and suck off all the data? Sure, and I have no doubt some paranoid service provider will offer to encrypt everything at the transport level. Is it perfect? No. However I think if we could adopt this model capital costs would come down (munis can finance fiber on low rate, long term muni-bonds, unlike corporations, plus they only build one network, not N), and competition would come up (small service providers can reach customers only by building to the MMR space, not individual homes) which would be a huge win win for consumers. Maybe that's why the big players want to throw the baby out with the bath water. :P -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgp5AIWIbjcNx.pgp Description: PGP signature
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/2013 11:38 AM, valdis.kletni...@vt.edu wrote: So where are all the arrests and convictions for the mortgage games and other Wall Street malfeasance that led to the financial crisis of 2008? Seems that was a tad more egregious than anything Enron did, so there should have been more arrests and convictions? Not everyone gets caught. But across the board, corrupt private businesses get caught pay a price and/or disappear ...far more often than corrupt government entities. But even with the financial crisis of 2008, there was SOME reckoning. Bernie Madoff is in jail. Lots of CEOs lost their jobs. Boards of Fortune 500 companies are NOW... FINALLY... doing the due diligence that used to not get done. Those things have to be done since everyone if fighting for survival right now. Nobody can afford to do less... except the Feds... who continue to operate/spend like its 1999. More locally, on a smaller scale, I know of specific appraisers real estate investors who are in jail right now because they finally got caught in a scam where (1) the investor would buy a property at a low price, (2) his appraiser, who was in on the scam, would issue an appraisal that was ridiculously high, (3) the real estate investor would then get a LARGE loan on that property, (4) the investor would then spend that money on expenses... showing no money on paper, it was laundered (5) investor would declare bankruptcy and give those properties back to the bank. (6) bank discovers that their collateral on a 200K loan is really worth 40K. (repeat times 10 since the investor did this several times over just before declaring bankruptcy. Again, those guys are in jail. And the rules on preventing that have been tightened. I agree, not enough people like that went to jail... but LESS of this gets caught and punished with regard to the Federal government's graft corruption. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Looking for success stories in Qwest/Centurylink land
- Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edu What's different about the Post Office is that they're required to pre-fund for 75 years. Yes, you read that right - they need to pay in *now* for the pension fund of mail carriers who won't even be born for another decade. And if that had not been passed (by a MUMBLE Congress), then instead of being $6B in the red, they'd be about $1.5B in the black. So let us not hang the need to save USPS on Congress, when they caused the problem in the first place. And let's move this thread to nanog-politics, k? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Muni network ownership and the Fourth
- Original Message - From: Scott Brim s...@internet2.edu (Actually, my approach if I was building it would be Layer 2 unless the resident wants a Layer 1 connection to {a properly provisioned ISP,some other location of theirs}. Best of both worlds.) Right, and a public-private partnership model is more common than having the city actually operate the network at any layer. Oh, sure; most muni's contract out the build, and often the day to day operation and customer support load, to a contractor. But that wouldn't really help as much in this case, I don't think; that contract would create an agency relationship, and the contractor would not protect such log data (if it existed, which for L1 and L2 service, it would not as this argument posits it) *from the responsible IT employees of the municipality*. Cheers, -- jr 'IANAL, I just play one on the Internet' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Muni network ownership and the Fourth
On 01/29/13 12:02, Jay Ashworth allegedly wrote: - Original Message - From: Rob McEwen r...@invaluement.com When any government entity desires log files from an ISP, and if that ISP is very protective of their customer's privacy and civil liberties, then the ISP typically ONLY complies with the request if there is a proper court order, granted by a judge, after probable cause of some kind of crime has been established, where they are not on a fishing expedition. But, in contrast, if the city government owns the network, it seems like a police detective contacting his fellow city employee in the IT department could easily circumvent the civil liberties protections. Moreover, there is an argument that the ISP being stingy with such data causes them to be heros to the public, and they gain DESIRED press and attention when they refuse to comply with such requests without a court order. In contrast, the city's IT staff and the police detective BOTH share the SAME boss's boss's boss. The IT guy won't get a pat on the back for making life difficult for the police department. He'll just silently lose his job eventually, or get passed up for a promotion. The motivation will be on him to PLEASE his fellow city employees, possibly at the expense of our civil liberties. PS - of course, no problems here if the quest to gain information involves a muni network that is only used by city employees. PPS - then again, maybe my log file example doesn't apply to the particular implementation that Jay described? Regardless, it DOES apply to various government implementations of broadband service. It would, if I were talking about a situation where the muni *was the ISP*, supplying layer 3+ services. I'm not. I'm purposefully only talking about layer 1 service (where the residents contract with an ISP client of the muni, and that client supplies an ONT and takes an optical handoff) or, my preferred approach, a layer 2 service (where the muni supplies the ONT and the ISP client of the muni takes an aggregated Ethernet handoff (probably 10G fiber, possibly trunked). (Actually, my approach if I was building it would be Layer 2 unless the resident wants a Layer 1 connection to {a properly provisioned ISP,some other location of theirs}. Best of both worlds.) Right, and a public-private partnership model is more common than having the city actually operate the network at any layer.
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/13 8:30 AM, Rob McEwen wrote: On 1/29/2013 7:43 AM, William Allen Simpson wrote: The graft and corruption was in *private* industry, not the Federal government, due to lack of regulation and oversight. I never said there wasn't graft and corruption in private industry... but that is anecdotal... hit and miss. In contrast, graft and corruption in the Federal Government is widespread and rampant. Finding one example of graft and corruption in private industry is a silly way to try to disprove my point. Actually, graft and corruption in the Federal Government is very rare. State and local government is more common, and the Feds are usually needed to clean up afterward. Note the Kwame Kilpatrick public corruption trial (a big deal around here) And of course, corruption is incredibly common in the private sector, notably the financial services industry, the realty developer industry, etc. Ummm, none of these were on the FCC. Some were on the stacked Republican F*E*C. And nobody trusts Spakovsky, the architect of voter caging, purges, and suppression -- who was (as we now know) illegally recess appointed to the FEC, and whose nomination was withdrawn after disclosure of conflict of interest and the resignation of half the Justice Department voter section staff! I think you've gone off topic here. The bottom line is that the FCC of the past few years has TRIED to make a crusade out of supposedly protecting us against those meany ISPs' allegedly unfair bandwidth allocation practices... with their proposed solution of net neutrality... but, in reality, net neutrality is really just a Federal Government power grab where they can then trample the 4th amendment. Huh? You cited a WSJ opinion piece as from the FCC, when it was FEC, and they are very different entities. Yet you claim I'm off-topic? Net Neutrality has nothing what-so-ever to do with the 4th Amendment. Why would they do that? Because the current administration is crawling with statist thugs, that is why. They can't help themselves. it is in their blood. (notice that I'm NOT defending the Republican administration FCC, nor do I care to. You seem very confused, and have devolved into ill-informed racist anti-Obama diatribe that has no place on this list. Your example is besides the point and not relevant to this conversation. But the attempted net neutrality power grab is relevant. Notice ALSO that neither do I defend all practices of ISPs' bandwidth allocations. But, again, their customers do have the option to vote with their wallets. Such options are lost with a Federal Gov't monopoly.) The Internet was developed by the Federal Government. I started my first TCP/IP implementation in 1979 on a NOAA+EPA grant; I wrote the legislative boilerplate that provided funding for the NSFnet, and convinced Michigan legislators to support it; then went on to write many technical standards; and built an ISP starting in 1994. The NSFnet wouldn't have been possible without a Federal prosecution, and the resulting ATT Green decision. With today's oligopolies, there's no way to vote with your wallet. I'm done with this thread. Please don't feed the troll.
Re: Muni network ownership and the Fourth
I'd like to join Jay, Scott, Leo, and presumably Dave supporting muni network ownership -- or at least a not-for-profit entity. I tried to start one a decade ago, but a lawsuit was threatened by the incumbent cable provider (MediaOne in those days) who claimed an exclusive right. Since then the state law has been changed, so we really ought to look into it again here. Although the 4th Amendment originally applied to only the Federal Government (states routinely violated it), the 14th Amendment applies it to the state (and local) governments now.
Re: Looking for success stories in Qwest/Centurylink land
On 1/29/2013 12:21 PM, William Allen Simpson wrote: ill-informed racist Really? And you call me a troll, too? anti-Obama diatribe that has no place on this list. I never said anything about Obama, but, at face value, the 'Disclose' Act was totalitarian in nature. Something I'd expect to see only seriously proposed in the old Soviet Union. Those who enthusiastically supported it are/were statist thugs. Proposing a bill which limits free political speech by putting ridiculous and hugely-expensive burdens on mom pop bloggers typing from their living room computers is something straight out of East Germany circa 1960 (except with today's technology). If that means I'm talking about Obama, so be at... if the shoe fits... but to say this is racist is laughable. Also, you can try to dismiss the Disclose act critics by throwing labels at them... but interesting that you didn't go on record challenging the facts in that wsj op-ed, or go on record supporting the Disclose act. (attach the messenger as a means of avoiding the actual subject material... much like your 100% baseless racist accusation towards me.) Also, you're right, at a couple of points, I did get FCC and FEC labels mixed up. But my larger points stand. The campaign finance law passed several years ago and the proposed 'Disclose' Act demonstrated less than pure intentions regarding the Federal Government's desire to control information. And the Federal Government's net neutrality proposals ARE 100% all about 4th amendment violations, as a means towards controlling information. Even if I'm wrong and those proposing net neutrality have 100% best intentions (they don't), then a trampling of the 4th amendment would STILL become a law of unintended consequences, at least in the implementation proposes I've read. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Muni fiber: L1 or L2?
- Original Message - From: Leo Bicknell bickn...@ufp.org I am a big proponent of muni-owned dark fiber networks. I want to be 100% clear about what I advocate here: - Muni-owned MMR space, fiber only, no active equipment allowed. A big cross connect room, where the muni-fiber ends and providers are all allowed to colocate their fiber term on non-discriminatory terms. - 4-6 strands per home, home run back to the muni-owned MMR space. No splitters, WDM, etc, home run glass. Terminating on an optical handoff inside the home. Hmmm. I tend to be a Layer-2-available guy, cause I think it lets smaller players play. Does your position (likely more deeply thought out than mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients are *also* permitted to get a Layer 1 patch to a provider in the fashion you suggest? (I concur with your 3-pair delivery, which makes this more practical on an M-A-C basis, even if it might require some users to have multiple ONTs...) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Muni network ownership and the Fourth
On 1/29/13 9:40 AM, William Allen Simpson wrote: I'd like to join Jay, Scott, Leo, and presumably Dave supporting muni network ... +1 i'm indifferent to the public-can't rational as munis appear to do an adequate job of water and power delivery-to-the-curb, in eugene, palo alto, san francisco, ... and the capacity of fiber obsoletes the early telephone and telegraph notion of poll space contention, a basis for an earlier natural monopoly theory. i'm also indifferent to the leo-in-the-noc rational as the separation is presently somewhat fictive and overzealous prosecutions are the norm. -e
Re: Muni network ownership and the Fourth
- Original Message - From: Eric Brunner-Williams brun...@nic-naa.net i'm also indifferent to the leo-in-the-noc rationale, as the separation is presently somewhat fictive and overzealous prosecutions are the norm. So, you're saying muni transport is bad because there's *less* separation is actually a red herring; private transport carriers are little better protected? Yeah, I'll buy that. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Muni network ownership and the Fourth
ifHCin-が64bitでifin-が32bitカウンタのMIBなんですね 勘違いしてました。
MessageLabs/MXLogic issues
Have any of you noticed issued delivering email through MessageLabs to people who use MXLogic for spam/AV filtering? I've seen it more and more over the last month, to the point that I have to call 5-10 people a day to tell them to whitelist our domain in MXLogic. It isn't specific to a certain domain, just to Symantec/MessageLabs IPs. I've also seen this issue once or twice with domains hosted with Gmail, but those have cleared themselves up. -- Thomas York smime.p7s Description: S/MIME cryptographic signature
Re: IPV6 in enterprise best practices/white papaers
On 01/29/2013 09:20 AM, Jay Ashworth wrote: - Original Message - From: Doug Barton do...@dougbarton.us On 1/28/2013 6:23 AM, Jay Ashworth wrote: To paraphrase Guy L Steele: If we are this far on into the new IPv6 world and that question is not one which can be answered by a link on the first page of ghits for 'implementing IPv6', then the IPv6 people have blown it badly. Can you show me the equivalent link for I want to implement IPv4 on my network? IPv4 is mature enough that for small to medium sized networks, the answer is you plug everything in. My appraisal of v6 is that it's an order of magnitude (or two) more complex than that, both in 'attack' surface and interoperability issues. But, I suppose, it took me a couple years to really learn IPv4 well. That said, *having* learned IPv4 relatively well, I remain surprised that there's as much additional (perceived) complexity in v6. Jay, You have perfectly illustrated one of the largest barriers to IPv6 adoption. You of course know that if you were to go into a greenfield IPv4 deployment the answer would not be just plug everything in. You'd have to figure out how to split your allocated space (and/or 1918 space) into reasonable networks, decided which networks get DHCP, assign IP helpers, carve out p-t-p links, etc. etc. But because you've done that a million times, and all the terminology and factors to consider are well known to you, in effect it amounts to, just plug everything in. Whereas, with IPv6 you have most, if not all of the same factors to consider, but there is some marginal added complexity around things like SLAAC/RA, some different terminology, binary math in hex instead of octal, network sizes are many orders of magnitude larger, etc. So the net effect is that even though under the hood it's not all that different, it all feels new and strange. And we all know how humans react to things that are new and strange. :) My point in asking you to provide the equivalent link for IPv4 is to show that there isn't one, nor could there be. You can't give someone a cookie-cutter IPv4 network layout because the unique factors that they have to consider will prevent that. The same is true for IPv6. What you _can_ do, for both protocols, is to teach people best practices around the key issues, and help and guidance along the way. There are lots of lists that exist to do this with v6. One of the best is ipv6-...@lists.cluenet.de. If people are interested in learning more about v6 by osmosis that's a good list to lurk on. It's medium traffic, but high signal::noise, and any discussions you are not interested in you can just delete. hth, Doug
Re: IPV6 in enterprise best practices/white papaers
- Original Message - From: Doug Barton do...@dougbarton.us IPv4 is mature enough that for small to medium sized networks, the answer is you plug everything in. My appraisal of v6 is that it's an order of magnitude (or two) more complex than that, both in 'attack' surface and interoperability issues. But, I suppose, it took me a couple years to really learn IPv4 well. That said, *having* learned IPv4 relatively well, I remain surprised that there's as much additional (perceived) complexity in v6. You have perfectly illustrated one of the largest barriers to IPv6 adoption. You of course know that if you were to go into a greenfield IPv4 deployment the answer would not be just plug everything in. Depends on how big your deployment is. For a small office -- say, 100 PCs or less; something that will fit in what I will catch schidt for referring to as a Class C :-) -- with a single current generation consumer market edge NAT router, then yes, in fact, you Just Plug It All In. Yes, I realize, that approach does not apply to being Road Runner. :-) You'd have to figure out how to split your allocated space (and/or 1918 space) into reasonable networks, decided which networks get DHCP, assign IP helpers, carve out p-t-p links, etc. etc. But because you've done that a million times, and all the terminology and factors to consider are well known to you, in effect it amounts to, just plug everything in. Well, no, not really. As you note, of course, most of those things are reflexes for most network engineering types, but certainly they took a while to get there. Whereas, with IPv6 you have most, if not all of the same factors to consider, but there is some marginal added complexity around things like SLAAC/RA, some different terminology, binary math in hex instead of octal, network sizes are many orders of magnitude larger, etc. So the net effect is that even though under the hood it's not all that different, it all feels new and strange. And we all know how humans react to things that are new and strange. :) I think marginal added complexity is probably a polite understatement; my apprehension of IPv6 is that they decided they had to fix *lots* of problems which almost nobody actually had, *in addition* to fixing the one which actually was a problem: address length. In consequence of that, IPv6 feels to me like it has a bad case of what Fred Brooks would call Second System Syndrome. My point in asking you to provide the equivalent link for IPv4 is to show that there isn't one, nor could there be. You can't give someone a cookie-cutter IPv4 network layout because the unique factors that they have to consider will prevent that. The same is true for IPv6. What you _can_ do, for both protocols, is to teach people best practices around the key issues, and help and guidance along the way. There are lots of lists that exist to do this with v6. One of the best is ipv6-...@lists.cluenet.de. If people are interested in learning more about v6 by osmosis that's a good list to lurk on. It's medium traffic, but high signal::noise, and any discussions you are not interested in you can just delete. You seem to be suggesting, though, to drag the conversation back where I started it, that there is *so much new stuff* with IPv6 that it's difficult *even for old hats with IPv4* to learn it by analogy. If that's what you mean, then I agree with you. :-) (Yes, yes, I am coming late to this argument; the networks I'm responsible are historically relatively small. IPv6 connectivity has been troublesome to acquire except at the last couple.) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: MessageLabs/MXLogic issues
On Tue, Jan 29, 2013 at 01:43:04PM -0500, Thomas York wrote: Have any of you noticed issued delivering email through MessageLabs [...] Better on the mailop list. I believe (but am not certain) that personnel from those operations are present there. ---rsk
Re: IPV6 in enterprise best practices/white papaers
On 01/29/2013 01:09 PM, Jay Ashworth wrote: - Original Message - From: Doug Barton do...@dougbarton.us IPv4 is mature enough that for small to medium sized networks, the answer is you plug everything in. My appraisal of v6 is that it's an order of magnitude (or two) more complex than that, both in 'attack' surface and interoperability issues. But, I suppose, it took me a couple years to really learn IPv4 well. That said, *having* learned IPv4 relatively well, I remain surprised that there's as much additional (perceived) complexity in v6. You have perfectly illustrated one of the largest barriers to IPv6 adoption. You of course know that if you were to go into a greenfield IPv4 deployment the answer would not be just plug everything in. Depends on how big your deployment is. For a small office -- say, 100 PCs or less; something that will fit in what I will catch schidt for referring to as a Class C :-) -- with a single current generation consumer market edge NAT router, then yes, in fact, you Just Plug It All In. Well sure, but the same would be true for the equivalent IPv6 deployment. Yes, I realize, that approach does not apply to being Road Runner. :-) You'd have to figure out how to split your allocated space (and/or 1918 space) into reasonable networks, decided which networks get DHCP, assign IP helpers, carve out p-t-p links, etc. etc. But because you've done that a million times, and all the terminology and factors to consider are well known to you, in effect it amounts to, just plug everything in. Well, no, not really. As you note, of course, most of those things are reflexes for most network engineering types, but certainly they took a while to get there. Yes, that's precisely my point. :) No one learned IPv4 networking overnight. But people who already know IPv4 are complaining that they can't magically come to the same degree of competence with IPv6 without spending any time to learn it. The irony is that people who already know networking will have a much easier time learning IPv6, with a minimal amount of extra work, but minimal != zero. Whereas, with IPv6 you have most, if not all of the same factors to consider, but there is some marginal added complexity around things like SLAAC/RA, some different terminology, binary math in hex instead of octal, network sizes are many orders of magnitude larger, etc. So the net effect is that even though under the hood it's not all that different, it all feels new and strange. And we all know how humans react to things that are new and strange. :) I think marginal added complexity is probably a polite understatement; No, it really isn't. I realize that the IPv6 zealots hate it when I say this, but in many ways you can treat IPv6 just like IPv4 with bigger addresses. 1. Don't filter ICMPv6. 2. Treat a /64 roughly the way you'd treat a /24 in IPv4. 3. Put SLAAC on the networks you have DHCPv4 on. 4. Statically assign addresses and networks for v6 on the systems you statically assign them on v4 (servers, etc.) 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need to worry about it (just like you hardly ever need to worry about arp). Voila! You've just learned 80% of what you need to know to be successful with IPv6. my apprehension of IPv6 is that they decided they had to fix *lots* of problems which almost nobody actually had, *in addition* to fixing the one which actually was a problem: address length. In consequence of that, IPv6 feels to me like it has a bad case of what Fred Brooks would call Second System Syndrome. Your assessment is correct, but the good news is that you can ignore almost all of it. The SLAAC vs. full-featured DHCPv6 thing is still kind of a PITA, but it's working itself out. Beyond that, if there is a feature of IPv6 that you're not interested in, don't use it. :) My point in asking you to provide the equivalent link for IPv4 is to show that there isn't one, nor could there be. You can't give someone a cookie-cutter IPv4 network layout because the unique factors that they have to consider will prevent that. The same is true for IPv6. What you _can_ do, for both protocols, is to teach people best practices around the key issues, and help and guidance along the way. There are lots of lists that exist to do this with v6. One of the best is ipv6-...@lists.cluenet.de. If people are interested in learning more about v6 by osmosis that's a good list to lurk on. It's medium traffic, but high signal::noise, and any discussions you are not interested in you can just delete. You seem to be suggesting, though, to drag the conversation back where I started it, that there is *so much new stuff* with IPv6 that it's difficult *even for old hats with IPv4* to learn it by analogy. No, quite the opposite. What I'm saying is that if you already understand how to run a network with v4 that learning the v6 terminology and
Re: IPV6 in enterprise best practices/white papaers
- Original Message - From: Doug Barton do...@dougbarton.us Depends on how big your deployment is. For a small office -- say, 100 PCs or less; something that will fit in what I will catch schidt for referring to as a Class C :-) -- with a single current generation consumer market edge NAT router, then yes, in fact, you Just Plug It All In. Well sure, but the same would be true for the equivalent IPv6 deployment. Is that in fact true? My takeaway from watching NANOG the last 8 years is that it doesn't always work like that. Well, no, not really. As you note, of course, most of those things are reflexes for most network engineering types, but certainly they took a while to get there. Yes, that's precisely my point. :) No one learned IPv4 networking overnight. But people who already know IPv4 are complaining that they can't magically come to the same degree of competence with IPv6 without spending any time to learn it. The irony is that people who already know networking will have a much easier time learning IPv6, with a minimal amount of extra work, but minimal != zero. Well, this it my point. My integration of the questions I see, and the problems I had trying to even get a first tier grasp of it myself is that I *expect* leverage from understanding v4 which I did not in fact *get*; enough stuff has changed at a fundamental level that my v4 knowledge isn't all that helpful. I think marginal added complexity is probably a polite understatement; No, it really isn't. I realize that the IPv6 zealots hate it when I say this, but in many ways you can treat IPv6 just like IPv4 with bigger addresses. 1. Don't filter ICMPv6. 2. Treat a /64 roughly the way you'd treat a /24 in IPv4. 3. Put SLAAC on the networks you have DHCPv4 on. 4. Statically assign addresses and networks for v6 on the systems you statically assign them on v4 (servers, etc.) 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need to worry about it (just like you hardly ever need to worry about arp). Voila! You've just learned 80% of what you need to know to be successful with IPv6. Great, and now you've answered the OPs question. So where, in fact, *is* the IPv6 primer that says that stuff, with enough backfill that you can do the further research about how and why? In consequence of that, IPv6 feels to me like it has a bad case of what Fred Brooks would call Second System Syndrome. Your assessment is correct, but the good news is that you can ignore almost all of it. The SLAAC vs. full-featured DHCPv6 thing is still kind of a PITA, but it's working itself out. Beyond that, if there is a feature of IPv6 that you're not interested in, don't use it. :) Hmmm... You seem to be suggesting, though, to drag the conversation back where I started it, that there is *so much new stuff* with IPv6 that it's difficult *even for old hats with IPv4* to learn it by analogy. No, quite the opposite. What I'm saying is that if you already understand how to run a network with v4 that learning the v6 terminology and equivalent concepts, plus the few extra things that you actually do need to manage for v6, is not that difficult. It just *seems* hard because before you tackle it, it's all new and strange. Hmmm ^ 2. (Yes, yes, I am coming late to this argument; the networks I'm responsible are historically relatively small. IPv6 connectivity has been troublesome to acquire except at the last couple.) Roger that. Not that I'm trying to toot my own horn, but most of my experience has been with large enterprise networks, often spanning multiple continents, so I tend to think in those terms. The good news for smaller shops is that if you can get it, IPv6 is pretty much just plug it in, very similar to how you described IPv4 for a smaller shop above. You haven't tried to *buy* IPv6 edge transit, have you? Has that gotten any easier than months later, nobody has the first clue what I'm talking about? :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: IPV6 in enterprise best practices/white papaers
On 01/29/2013 01:54 PM, Jay Ashworth wrote: You haven't tried to *buy* IPv6 edge transit, have you? *cough*Implementation detail*cough* :)
Ethernet Service at 150 S. Market Street, SJ
Hello, We're in need of low-bandwidth ethernet service in our cage at Datapipe at 150 S. Market Street for OOB. Any recommendations? TIA -- Christopher Nielsen They who can give up essential liberty for temporary safety, deserve neither liberty nor safety. --Benjamin Franklin The tree of liberty must be refreshed from time to time with the blood of patriots tyrants. --Thomas Jefferson
Re: Muni network ownership and the Fourth
Not to sidestep the conversation here .. but, Leo, I love your concept of the muni network, MMR, etc. What city currently implements this? I want to move there! :) -Zach 2013/1/29 Masatoshi Enomoto masatosh...@is.naist.jp: ifHCin-が64bitでifin-が32bitカウンタのMIBなんですね 勘違いしてました。 -- Zach Giles zgi...@gmail.com
Re: IPV6 in enterprise best practices/white papaers
Also, if a switch does not do MLD snooping, it will flood multicast to all ports. You lose one of the major benefits of IPv6 multicast - less admin traffic. Agreed; but just to be fair: there is still a difference between multicast being flodded everywhere and boradcast being flooded everywhere ... L2 interrupt vs. L2+L3 interrupt; bigger difference than it sounds ;). /TJ
Re: Muni network ownership and the Fourth
On 13-01-29 10:59, Jay Ashworth wrote: Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Is last mile infrastructure really considered internet ? If a GPON system operates as layer 2, it provides no internet connectivity, no IP routing and would/should not implement any IP use policies such as throttling etc. About the only traffic management it would do is provide separate garanteed bandwidth channel for VoIP. (or via QoS) If the last mile is sold only as wholesale (as is the case for Australian NBN), then it is up to each private service provider who buys access to reach homes to implement IP policies and connect to the internet, provide services such as DHCP etc.
Re: Ethernet Service at 150 S. Market Street, SJ
GSM modem? Then you aren't depending on the fiber coming into the building... -Mike On Tue, Jan 29, 2013 at 12:03 PM, Christopher Nielsen cniel...@pobox.comwrote: Hello, We're in need of low-bandwidth ethernet service in our cage at Datapipe at 150 S. Market Street for OOB. Any recommendations? TIA -- Christopher Nielsen They who can give up essential liberty for temporary safety, deserve neither liberty nor safety. --Benjamin Franklin The tree of liberty must be refreshed from time to time with the blood of patriots tyrants. --Thomas Jefferson -- Mike Lyon 408-621-4826 mike.l...@gmail.com http://www.linkedin.com/in/mlyon
Re: Muni network ownership and the Fourth
- Original Message - From: Jean-Francois Mezei jfmezei_na...@vaxination.ca Is last mile infrastructure really considered internet ? If a GPON system operates as layer 2, it provides no internet connectivity, no IP routing and would/should not implement any IP use policies such as throttling etc. About the only traffic management it would do is provide separate garanteed bandwidth channel for VoIP. (or via QoS) If the last mile is sold only as wholesale (as is the case for Australian NBN), then it is up to each private service provider who buys access to reach homes to implement IP policies and connect to the internet, provide services such as DHCP etc. Though I wouldn't pick GPON over home-run, yes, that's roughly the point I and another poster were trying to make in earlier replies: If you're at layer 1, and arguably at layer 2, then move-add-change on physical patches / VLAN assignments is all you would need to log, since you don't actually touch real traffic. One of the major arguments in favor of doing it that way. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Ethernet Service at 150 S. Market Street, SJ
Satellite! ;) From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: Mike Lyon mike.l...@gmail.com Date: 01/29/2013 12:17 PM (GMT-08:00) To: Christopher Nielsen cniel...@pobox.com Cc: nanog@nanog.org Subject: Re: Ethernet Service at 150 S. Market Street, SJ GSM modem? Then you aren't depending on the fiber coming into the building... -Mike On Tue, Jan 29, 2013 at 12:03 PM, Christopher Nielsen cniel...@pobox.comwrote: Hello, We're in need of low-bandwidth ethernet service in our cage at Datapipe at 150 S. Market Street for OOB. Any recommendations? TIA -- Christopher Nielsen They who can give up essential liberty for temporary safety, deserve neither liberty nor safety. --Benjamin Franklin The tree of liberty must be refreshed from time to time with the blood of patriots tyrants. --Thomas Jefferson -- Mike Lyon 408-621-4826 mike.l...@gmail.com http://www.linkedin.com/in/mlyon
Re: Ethernet Service at 150 S. Market Street, SJ
Last I heard, roof rights are pricey down there :) On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Satellite! ;) From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: Mike Lyon mike.l...@gmail.com Date: 01/29/2013 12:17 PM (GMT-08:00) To: Christopher Nielsen cniel...@pobox.com Cc: nanog@nanog.org Subject: Re: Ethernet Service at 150 S. Market Street, SJ GSM modem? Then you aren't depending on the fiber coming into the building... -Mike On Tue, Jan 29, 2013 at 12:03 PM, Christopher Nielsen cniel...@pobox.com wrote: Hello, We're in need of low-bandwidth ethernet service in our cage at Datapipe at 150 S. Market Street for OOB. Any recommendations? TIA -- Christopher Nielsen They who can give up essential liberty for temporary safety, deserve neither liberty nor safety. --Benjamin Franklin The tree of liberty must be refreshed from time to time with the blood of patriots tyrants. --Thomas Jefferson -- Mike Lyon 408-621-4826 mike.l...@gmail.com http://www.linkedin.com/in/mlyon -- Mike Lyon 408-621-4826 mike.l...@gmail.com http://www.linkedin.com/in/mlyon
Re: IPV6 in enterprise best practices/white papaers
Not sure if anyone mentioned Aaron's presentation on this topic from way back... Here's the link: http://www.nanog.org/meetings/nanog47/presentations/Wednesday/Hughes_Kosters_fundamentals_N47_Wed.pdf John Kemp (k...@routeviews.org) On 1/26/13 1:26 AM, Pavel Dimow wrote: Hi, I have read many of those ipv6 documents and they are great but I still luck to find something like real word scenario. What I mean is that for example I want to start implementation of ipv6 in my enterprise according to mu knowledge so far my first step is to create address plan, then implement security on routers/switches then on hosts, and after that I can start to create record and PTR recors in DNS and after that I should configure my dhcp servers and after all has been done I can test ipv6 in LAN and after that I can start configure bgp with ISP. Is this correct procedure? Any thoughts? If all is correct I have a few questions.. Regarding DNS, if I give a /64 to host using SLAAC or DHCP how do I maintain PTR for this /64? I should use DDNS? What do you use in your enterprise SLAAC or DHCP? If SLAAC why not DHCP? Any other hints/tips?
Re: Ethernet Service at 150 S. Market Street, SJ
On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.com wrote: Last I heard, roof rights are pricey down there :) On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Satellite! ;) ...And somewhat silly, given that it's *that* facility. But the roof is mostly clear, if anyone needs to put up a dish. There are a couple of metro wireless providers that can touch that location as well, in case your definition of OOB is pretty robustly out-of-band... But the likely solution is a network provider already there or nearby. -- -george william herbert george.herb...@gmail.com
Re: Ethernet Service at 150 S. Market Street, SJ
I would be more than happy to put an antenna on a data center roof. Depending on throughput requirements, it would probably end up being cheaper to use satellite. Satellite is excellent for actual OOB and obviously much more reliable in a DR scenario. From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: George Herbert george.herb...@gmail.com Date: 01/29/2013 12:33 PM (GMT-08:00) To: Mike Lyon mike.l...@gmail.com Cc: Warren Bailey wbai...@satelliteintelligencegroup.com,nanog@nanog.org Subject: Re: Ethernet Service at 150 S. Market Street, SJ On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.com wrote: Last I heard, roof rights are pricey down there :) On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Satellite! ;) ...And somewhat silly, given that it's *that* facility. But the roof is mostly clear, if anyone needs to put up a dish. There are a couple of metro wireless providers that can touch that location as well, in case your definition of OOB is pretty robustly out-of-band... But the likely solution is a network provider already there or nearby. -- -george william herbert george.herb...@gmail.com
Re: IPV6 in enterprise best practices/white papaers
- Original Message - From: John Kemp k...@network-services.uoregon.edu Not sure if anyone mentioned Aaron's presentation on this topic from way back... Here's the link: http://www.nanog.org/meetings/nanog47/presentations/Wednesday/Hughes_Kosters_fundamentals_N47_Wed.pdf I hadn't, but now that I have, my opinion is it's like most presentation decks: if you don't already understand what they're talking about, then you need the actual presentation to go with it. It's also biased a bit higher in the stack than I live, but that's not the presentation's fault, given it's target audience. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Ethernet Service at 150 S. Market Street, SJ
For typical console access/OOB use cases only or a lot more data? If the former, I can't see any reason to mess with anything more than a telemetry-rate plan SIM card in a 3g/4g console server. Chances are, if you can get cell phone coverage to your cage, it will work fine. They're also very cheap, lower latency, and nothing more than velcro is needed to install them. On Tue, Jan 29, 2013 at 1:36 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: I would be more than happy to put an antenna on a data center roof. Depending on throughput requirements, it would probably end up being cheaper to use satellite. Satellite is excellent for actual OOB and obviously much more reliable in a DR scenario. From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: George Herbert george.herb...@gmail.com Date: 01/29/2013 12:33 PM (GMT-08:00) To: Mike Lyon mike.l...@gmail.com Cc: Warren Bailey wbai...@satelliteintelligencegroup.com,nanog@nanog.org Subject: Re: Ethernet Service at 150 S. Market Street, SJ On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.com wrote: Last I heard, roof rights are pricey down there :) On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Satellite! ;) ...And somewhat silly, given that it's *that* facility. But the roof is mostly clear, if anyone needs to put up a dish. There are a couple of metro wireless providers that can touch that location as well, in case your definition of OOB is pretty robustly out-of-band... But the likely solution is a network provider already there or nearby. -- -george william herbert george.herb...@gmail.com
Re: Muni network ownership and the Fourth
See, the Comcast's and ATT of the world are right that governments shouldn't be ISP's, that should be left to the private sector. I want a choice of ISP's offering different services, not a single monopoly. In this case the technology can provide that, so it should be available. It has been my experience that the incumbents largely give small cities the finger until a muni steps in, and makes a profitable go of it. Then they are all about legislation to protect them from the unfairness of it all. The large incumbents are basically a duopoly as it is, and general are not offering anything innovative until they are forced to. Running an ISP is hard, and most munis have no experience in it. Then only reason to do it, is because the incumbents refuse to provide service. I don't think munis running networks is any sort of threat to free enterprise. I see them more analogous to rural electric cooperatives that provided electric service when incumbents refused to. Legislating that option away, just lets the duopolies serve the dense urban areas and ignore the less dense areas. Elle Plato
Re: Ethernet Service at 150 S. Market Street, SJ
Both. If you're looking for some kind of actual out of band (for disaster recovery scenarios), Satellite is an excellent option. If you just need 100-200kbps for basic console access, you could absolutely accomplish this with satellite. The only real difference between Satellite and Cellular is, if there is any real power at the facility Satellite will be online — I don't think we can say the same for cellular BTS's. Every Cellular installation I have done (over 300) has had a single feed to primary power. Power goes out across several blocks and suddenly the BTS's that are outside of that area are saturated with additional handset registrations. If it were me, I would not rely on 3G/4G for anything that had actual ramifications behind it. If you've got a killer SLA with your customers, the funds to deploy a VSAT solution are minimal at best. 1mbps/1mbps with no SLA across satellite is in the hundreds of dollars per month, and you get a VLAN piped straight back into your gear at your offices. From: PC paul4...@gmail.commailto:paul4...@gmail.com Date: Tue, 29 Jan 2013 13:58:12 -0700 To: User wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com Cc: George Herbert george.herb...@gmail.commailto:george.herb...@gmail.com, Mike Lyon mike.l...@gmail.commailto:mike.l...@gmail.com, nanog@nanog.orgmailto:nanog@nanog.org nanog@nanog.orgmailto:nanog@nanog.org Subject: Re: Ethernet Service at 150 S. Market Street, SJ For typical console access/OOB use cases only or a lot more data? If the former, I can't see any reason to mess with anything more than a telemetry-rate plan SIM card in a 3g/4g console server. Chances are, if you can get cell phone coverage to your cage, it will work fine. They're also very cheap, lower latency, and nothing more than velcro is needed to install them. On Tue, Jan 29, 2013 at 1:36 PM, Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com wrote: I would be more than happy to put an antenna on a data center roof. Depending on throughput requirements, it would probably end up being cheaper to use satellite. Satellite is excellent for actual OOB and obviously much more reliable in a DR scenario. From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: George Herbert george.herb...@gmail.commailto:george.herb...@gmail.com Date: 01/29/2013 12:33 PM (GMT-08:00) To: Mike Lyon mike.l...@gmail.commailto:mike.l...@gmail.com Cc: Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com,nanog@nanog.orgmailto:nanog@nanog.org Subject: Re: Ethernet Service at 150 S. Market Street, SJ On Tue, Jan 29, 2013 at 12:19 PM, Mike Lyon mike.l...@gmail.commailto:mike.l...@gmail.com wrote: Last I heard, roof rights are pricey down there :) On Tue, Jan 29, 2013 at 12:18 PM, Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com wrote: Satellite! ;) ...And somewhat silly, given that it's *that* facility. But the roof is mostly clear, if anyone needs to put up a dish. There are a couple of metro wireless providers that can touch that location as well, in case your definition of OOB is pretty robustly out-of-band... But the likely solution is a network provider already there or nearby. -- -george william herbert george.herb...@gmail.commailto:george.herb...@gmail.com
Re: Muni network ownership and the Fourth
- Original Message - From: Elle Plato techg...@gmail.com [ attribution lost ] See, the Comcast's and ATT of the world are right that governments shouldn't be ISP's, that should be left to the private sector. I want a choice of ISP's offering different services, not a single monopoly. In this case the technology can provide that, so it should be available. It has been my experience that the incumbents largely give small cities the finger until a muni steps in, and makes a profitable go of it. Then they are all about legislation to protect them from the unfairness of it all. The large incumbents are basically a duopoly as it is, and general are not offering anything innovative until they are forced to. Yup. In fact, late last year, it is my understanding that VZN FiOS said *in public, on the record* that they were done with new buildouts; if you didn't have it, tough luck -- canonizing the assertions we'd all been making for a decade that they would cherry pick, even though they claimed they would not. They're a public corporation; they have no real choice. This is why we grant utilities monopoly franchises, with teeth in them to recapture the Public Good we want from them; none of this has been news for 4 decades, but the fix was in. And in fact, yes, VZN left behind state laws in several states forbidding municipal ownership of communications facilities, which they, effectively, purchased. (The laws, not the facilities) Running an ISP is hard, and most munis have no experience in it. Then only reason to do it, is because the incumbents refuse to provide service. I don't think munis running networks is any sort of threat to free enterprise. I see them more analogous to rural electric cooperatives that provided electric service when incumbents refused to. Legislating that option away, just lets the duopolies serve the dense urban areas and ignore the less dense areas. FWIW, the posting to which you're replying assumed that we were talking about municipal service at layer 3+; we weren't, as we later corrected. What we're talking about is acknowledging the high cost of fiber plant buildout, and the natural monopoly it encompasses... and thus the municipal involvement it encourages, in an open access design. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: IPV6 in enterprise best practices/white papaers
In article xs4all.12519635.4213.1359489253787.javamail.r...@benjamin.baylink.com you write: - Original Message - From: Doug Barton do...@dougbarton.us Depends on how big your deployment is. For a small office -- say, 100 PCs or less; something that will fit in what I will catch schidt for referring to as a Class C :-) -- with a single current generation consumer market edge NAT router, then yes, in fact, you Just Plug It All In. Well sure, but the same would be true for the equivalent IPv6 deployment. Is that in fact true? My takeaway from watching NANOG the last 8 years is that it doesn't always work like that. That's how it works for all our customers: they plug in the consumer market edge IPv4 NAT + IPv6 router we send them, and they have IPv4 + IPv6 and often don't even realize it. Mike.
Re: IPV6 in enterprise best practices/white papaers
Whereas, with IPv6 you have most, if not all of the same factors to consider, but there is some marginal added complexity around things like SLAAC/RA, some different terminology, binary math in hex instead of octal, network sizes are many orders of magnitude larger, etc. So the net effect is that even though under the hood it's not all that different, it all feels new and strange. And we all know how humans react to things that are new and strange. :) I think marginal added complexity is probably a polite understatement; No, it really isn't. I realize that the IPv6 zealots hate it when I say this, but in many ways you can treat IPv6 just like IPv4 with bigger addresses. I'm a pretty well known IPv6 zealot and I completely agree with you. 1. Don't filter ICMPv6. 2. Treat a /64 roughly the way you'd treat a /24 in IPv4. Actually, I'd say treat a /64 roughly the way you'd treat any sized subnet in IPv4, whether it's a /24, a /31, or something in between or even a really large IPv4 single network such as a /22. If it's an IPv4 /32, then think IPv6 /128. 3. Put SLAAC on the networks you have DHCPv4 on. 4. Statically assign addresses and networks for v6 on the systems you statically assign them on v4 (servers, etc.) 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need to worry about it (just like you hardly ever need to worry about arp). Voila! You've just learned 80% of what you need to know to be successful with IPv6. Agreed. The remainder has to do with: 1. Understanding and configuring RDNSS support if you're going to use SLAAC. 2. Understanding and configuring DHCPv6 if you want to use that. 3. Managing records and dealing with ip6.arpa (nearly identical to A and in-addr.arpa) 4. IPv6 routing protocols (if you are in a larger environment) 5. Security policies that are more complex than simply default-deny-all-inbound/permit-outbound. There's really not a whole lot else one needs to learn for most environments. No, quite the opposite. What I'm saying is that if you already understand how to run a network with v4 that learning the v6 terminology and equivalent concepts, plus the few extra things that you actually do need to manage for v6, is not that difficult. It just *seems* hard because before you tackle it, it's all new and strange. I 100% agree with this summary. Owen
Re: Muni fiber: L1 or L2?
One thing that is bothersome about carriers is that sometimes if they have Tons of fiber to your building, they still will only offer Layer2/3 services. If there's fiber there, I'd like to be able to lease it in some fashion (even if expensive, but preferably not). If a muni is making something that is good for the public, I think they can and should offer Layer2 services, but also make the option to directly get the fibers at a reasonable price .. even for Individuals and small companies. I think services that are offered should also provide the ability to order the subcomponents including Layer1. That should encourage competition, usability, and fun. I'd totally get a 10G from my work to home or whatever. On Tue, Jan 29, 2013 at 12:54 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Leo Bicknell bickn...@ufp.org I am a big proponent of muni-owned dark fiber networks. I want to be 100% clear about what I advocate here: - Muni-owned MMR space, fiber only, no active equipment allowed. A big cross connect room, where the muni-fiber ends and providers are all allowed to colocate their fiber term on non-discriminatory terms. - 4-6 strands per home, home run back to the muni-owned MMR space. No splitters, WDM, etc, home run glass. Terminating on an optical handoff inside the home. Hmmm. I tend to be a Layer-2-available guy, cause I think it lets smaller players play. Does your position (likely more deeply thought out than mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients are *also* permitted to get a Layer 1 patch to a provider in the fashion you suggest? (I concur with your 3-pair delivery, which makes this more practical on an M-A-C basis, even if it might require some users to have multiple ONTs...) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 -- Zach Giles zgi...@gmail.com
Re: Muni network ownership and the Fourth
There's a really simple solution to this problem... Let the muni provide L1/L2 network, and make sure that your L3 usage is entirely run over encrypted channels between you and your (non-muni) L3 service provider. At that point, sure, the muni can see that you sent a lot of packets full of gibberish back and forth to your ISP. And? Owen On Jan 29, 2013, at 08:46 , Rob McEwen r...@invaluement.com wrote: On 1/29/2013 10:59 AM, Jay Ashworth wrote: From: Rob McEwen r...@invaluement.com (C) The fact that the Internet is a series of PRIVATE networks... NOT owned/operated by the Feds... is a large reason why the 4th amendment provides such protections... it becomes somewhat of a firewall of protection against Federal gov't trampling of civil liberties... but if they own the network, then that opens up many doors for them. Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? Good question. Here is another thing to consider regarding SOME muni network... (at least where private citizens/businesses subscribe to that network) When any government entity desires log files from an ISP, and if that ISP is very protective of their customer's privacy and civil liberties, then the ISP typically ONLY complies with the request if there is a proper court order, granted by a judge, after probable cause of some kind of crime has been established, where they are not on a fishing expedition. But, in contrast, if the city government owns the network, it seems like a police detective contacting his fellow city employee in the IT department could easily circumvent the civil liberties protections. Moreover, there is an argument that the ISP being stingy with such data causes them to be heros to the public, and they gain DESIRED press and attention when they refuse to comply with such requests without a court order. In contrast, the city's IT staff and the police detective BOTH share the SAME boss's boss's boss. The IT guy won't get a pat on the back for making life difficult for the police department. He'll just silently lose his job eventually, or get passed up for a promotion. The motivation will be on him to PLEASE his fellow city employees, possibly at the expense of our civil liberties. PS - of course, no problems here if the quest to gain information involves a muni network that is only used by city employees. PPS - then again, maybe my log file example doesn't apply to the particular implementation that Jay described? Regardless, it DOES apply to various government implementations of broadband service. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: IPV6 in enterprise best practices/white papaers
On Mon, Jan 28, 2013 at 6:45 PM, Mukom Akong T. mukom.ta...@gmail.com wrote: On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.net wrote: I thought about running pure IPv6 inside and do 6to4, but it's too much of a headache, Nice call (skipping 6to4) not to mention that not all the internal equipment knows about IPv6 - L2 switches, some terminal servers and so on. Does an L2 switch really care about IPv6? (except for stuff like DHCPv6 snooping, etc?) It doesn't, I was talking about management IP addresses (for example HP2510 only uses IPv4 management addresses). Eugeniu
Re: IPV6 in enterprise best practices/white papaers
On Mon, Jan 28, 2013 at 8:58 PM, Doug Barton do...@dougbarton.us wrote: On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote: - configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets) Hopefully that did not included filtering ICMPv6? :) No, of course not :) I did a bit (actually very little) of reading about IPv6 before doing all that, but nothing compares to the actual implementation when you discover the quirks each vendor has in that regard :)) Eugeniu
Re: IPV6 in enterprise best practices/white papaers
On Mon, Jan 28, 2013 at 9:54 PM, Owen DeLong o...@delong.com wrote: On Jan 28, 2013, at 10:03 , Joe Maimon jmai...@ttec.com wrote: Eugeniu Patrascu wrote: On Sat, Jan 26, 2013 at 11:26 AM, Pavel Dimow paveldi...@gmail.com wrote: As being personally involved deploying IPv6 on an enterprise network, here's how I did it (keeping in mind the fact that we have our own ASN): I suggest this be step 0 Yes. - get a /48 PI from the local LIR And this be step 1 No, this is step 2 and /48 is not necessarily the right answer. Step 1 is to evaluate your network and figure out your addressing needs. If you have a single corporate office and are not an ISP, then /48 is fine. If you have multiple locations, then a /48 per location is more appropriate. Yes, I know this is the rule, but right now we only have one location, so I got only a /48. One thing that I missed in my first e-mail, was to say that for each subnet I allocated a /64 as it works with most equipment and no funky netmasks. One of my ISPs is running /126 netmask on the border links and the other runs /64 - probably a matter of preference by their network admins. Eugeniu
Re: Muni network ownership and the Fourth
On Jan 29, 2013, at 09:05 , Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 10:59:31AM -0500, Jay Ashworth wrote: Regular readers know that I'm really big on municipally owned fiber networks (at layer 1 or 2)... but I'm also a big constitutionalist (on the first, second, fourth, and fifth, particularly), and this is the first really good counter-argument I've seen, and it honestly hadn't occurred to me. Rob, anyone, does anyone know if any 4th amendment case law exists on muni- owned networks? I don't, but I'd like to point out here that I've long believed both sides of the muni-network argument are right, and that we the people are losing the baby with the bath water. I am a big proponent of muni-owned dark fiber networks. I want to be 100% clear about what I advocate here: - Muni-owned MMR space, fiber only, no active equipment allowed. A big cross connect room, where the muni-fiber ends and providers are all allowed to colocate their fiber term on non-discriminatory terms. Large munis will need more than one, no run from a particular MMR to a home should exceed 9km, allowing the providers to be within 1km of the MMR and still use 10km optics. - 4-6 strands per home, home run back to the muni-owned MMR space. No splitters, WDM, etc, home run glass. Terminating on an optical handoff inside the home. - Fiber leased per month, per pair, on a cost recovery basis (to include an estimate of OM over time), same price to all players. This is exactly what I have been advocating for years and is similar to what is already available in Sweden and is being implemented in Australia. (Or at least the intent of what is supposed to be in process there). I do NOT advocate that munis ever run anything on top of the fiber. No IP, no TV, no telephone, not even teleporters in the future. Service Providers of all types can drop a large count fiber from their POP to the muni-owned MMR, request individual customers be connected, and then provide them with any sort of service they like over that fiber pair, single play, double play, triple play, whatever. IMHO, this is horribly more expensive and inefficient than it should be. The MMR should, IMHO be a colo facility where service providers can lease racks if they choose. The colo should also be operated on a cost recovery basis and should only be open to installation of equipment directly related to providing service to customers reached via the MMR. See, the Comcast's and ATT of the world are right that governments shouldn't be ISP's, that should be left to the private sector. I want a choice of ISP's offering different services, not a single monopoly. In this case the technology can provide that, so it should be available. +1 At the same time, it is very ineffecient to require each provider to build to every house. Not only is it a large capital cost and barrier to entry of new players, but no one wants roads and yards dug up over and over again. Reducing down to one player building the physical in the ground part saves money and saves disruption. Amsterdam had an interesting solution to the repeated digging problem. As I understand it, if you want to trench something in there, you are required to provide notice and anyone else that wants to put something in the trench can join your build, but all comers share equally in the cost of digging and repairing. Regarding your 4th amendment concerns, almost all the data the government wants is with the Service Provider in my model, same as today. They can't find out who you called last week without going to the CDR or having a tap on every like 24x7 which is not cost effective. Could a muni still optically tap a fiber in this case and suck off all the data? Sure, and I have no doubt some paranoid service provider will offer to encrypt everything at the transport level. Exactly. Is it perfect? No. However I think if we could adopt this model capital costs would come down (munis can finance fiber on low rate, long term muni-bonds, unlike corporations, plus they only build one network, not N), and competition would come up (small service providers can reach customers only by building to the MMR space, not individual homes) which would be a huge win win for consumers. The biggest thing blocking this is the entrenched interests of the current monopoly providers and their very effective lobbying capabilities, IMHO. Maybe that's why the big players want to throw the baby out with the bath water. :P Exactly. Owen
Re: Muni network ownership and the Fourth
On 13-01-29 15:17, Jay Ashworth wrote: If you're at layer 1, and arguably at layer 2, then move-add-change on physical patches / VLAN assignments is all you would need to log, since you don't actually touch real traffic. It is in fact important for a government (municipal, state/privince or federal) to stay at a last mile layer 2 service with no retail offering. Wholesale only. Not only is the last mile competitively neutral because it is not involved in retail, but it them invites competition by allowing many service providers to provide retail services over the last mile network.
Re: Muni fiber: L1 or L2?
It's a matter of economies of scale. If everyone has to light their own fiber, you haven't saved that much. If the fiber is lit, at L2, and charged back on a cost-recovery basis, then there are tremendous economies of scale. The examples that come to mind are campus and corporate networks. Miles Fidelman Jay Ashworth wrote: - Original Message - From: Leo Bicknell bickn...@ufp.org I am a big proponent of muni-owned dark fiber networks. I want to be 100% clear about what I advocate here: - Muni-owned MMR space, fiber only, no active equipment allowed. A big cross connect room, where the muni-fiber ends and providers are all allowed to colocate their fiber term on non-discriminatory terms. - 4-6 strands per home, home run back to the muni-owned MMR space. No splitters, WDM, etc, home run glass. Terminating on an optical handoff inside the home. Hmmm. I tend to be a Layer-2-available guy, cause I think it lets smaller players play. Does your position (likely more deeply thought out than mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients are *also* permitted to get a Layer 1 patch to a provider in the fashion you suggest? (I concur with your 3-pair delivery, which makes this more practical on an M-A-C basis, even if it might require some users to have multiple ONTs...) Cheers, -- jra -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
Re: switch 10G standalone TOR, core to DC
Peter, Network visibility wasn't mentioned as a requirement, but it is worth considering since the ToR switches are the best place monitor server network I/O, tunneled traffic (VxLAN, GRE etc), storage (iSCSI, FCoE, HDFS etc). The Nexus 5548 switch does not include monitoring (i.e. no NetFlow/sFlow). The Nexus 3048, along with all the other 10G ToR switches so far mentioned on this thread, supports sFlow and provides wire speed 10G/40G monitoring. The following article provides additional background: http://blog.sflow.com/2012/02/10-gigabit-ethernet.html Cheers, Peter On Tue, Jan 29, 2013 at 7:15 AM, Steven Fischer sfischer1...@gmail.com wrote: although everyone here seems to hold Cisco in contempt, the Nexux 5548 is a rock-solid switch - at least that has been my experience with it. On Tue, Jan 29, 2013 at 6:27 AM, Piotr piotr.1...@interia.pl wrote: Hello, I looking some 10G switches, it should work as TOR or core in DC. It should have more than 40 port 10G in one unit, wirespeed L2 L3, with virtual routers and some other ip functions like some BGP, OSPF, policy routing, 1-2U, MLAG, g.8032 (ERPS) trill-like ? Other important features are big port buffers ( something similar to Juniper EX8200 - 512 MB per slot), defined counters accessible via snmp (like in junos), L3 statistics accessible via snmp Extreme 670 looks good but they have small port buffers. It can be also some small chassis with line cards but the cost per 10G ports is too big.. What vendor, model You prefer or suggest as a solution ? thanks for help best, Peter -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy
Re: Muni network ownership and the Fourth
On 1/29/13 3:50 PM, Jean-Francois Mezei wrote: It is in fact important for a government (municipal, state/privince or federal) to stay at a last mile layer 2 service with no retail offering. Wholesale only. That reminds me, the City of Eugene is interviewing for a CTO. I think the City could and should populate its rights of way (Eugene's public utility delivers water and power to residential customers) with physical media. Not only is the last mile competitively neutral because it is not involved in retail, but it them invites competition by allowing many service providers to provide retail services over the last mile network. My guess is that if the offering to use municipal transport was made to any access provider except those franchise incumbents (Comcast for ip/cdn, Verizon, ip/ss7), they would sue, under some equity theory or another, so the last mile competitively neutral really means the City is paying to do a buildout the local duopoly franchies won't, and the equity to access providers will be limited to the City owned infrastructure, not the infrastructure the duopolies have built out in the past under City granted franchise. Well, got to read some pleadings and FCC filings related to Oregon law and municipal authority to impose rights-of-way (ROW) compensation and management. Eric
Will wholesale-only muni actually bring the boys to your yard?
- Original Message - From: Jean-Francois Mezei jfmezei_na...@vaxination.ca It is in fact important for a government (municipal, state/privince or federal) to stay at a last mile layer 2 service with no retail offering. Wholesale only. Not only is the last mile competitively neutral because it is not involved in retail, but it them invites competition by allowing many service providers to provide retail services over the last mile network. This, Jean-Francois, is the assertion I hear relatively frequently. It rings true to me, in general, and I would go that way... but there is a sting in that tail: Can I reasonably expect that Road Runner will in fact be technically equipped and inclined to meet me to get my residents as subscribers? Especially if they're already built HFC in much to all of my municipality? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Will wholesale-only muni actually bring the boys to your yard?
On 1/29/2013 4:39 PM, Jay Ashworth wrote: - Original Message - From: Jean-Francois Mezei jfmezei_na...@vaxination.ca It is in fact important for a government (municipal, state/privince or federal) to stay at a last mile layer 2 service with no retail offering. Wholesale only. Not only is the last mile competitively neutral because it is not involved in retail, but it them invites competition by allowing many service providers to provide retail services over the last mile network. This, Jean-Francois, is the assertion I hear relatively frequently. It rings true to me, in general, and I would go that way... but there is a sting in that tail: Can I reasonably expect that Road Runner will in fact be technically equipped and inclined to meet me to get my residents as subscribers? Especially if they're already built HFC in much to all of my municipality? Cheers, -- jra If there is competition offering next-gen type services, that they can't reasonably or more easily offer via their existing HFC plant, then I would expect they'd start using the muni network. I think the biggest factor though, would be cost. If using the muni network is cheaper than their own HFC plant, they may actually phase out their HFC network over time. --John
Re: Muni fiber: L1 or L2?
In a message written on Tue, Jan 29, 2013 at 12:54:26PM -0500, Jay Ashworth wrote: Hmmm. I tend to be a Layer-2-available guy, cause I think it lets smaller players play. Does your position (likely more deeply thought out than mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients are *also* permitted to get a Layer 1 patch to a provider in the fashion you suggest? No, and there's good reason why, I'm about to write a response to Owen that will also expand on why. There are a number of issues with the muni running the ONT: - Muni now has to have a different level of techs and truck rolls. - The Muni MMR now is much more complex, requiring power (including backup generators, etc) and likely 24x7 staff as a result. - The muni-ont will limit users to the technologies the ONT supports. If you want to spin up 96x10GE WDM your 1G ONT won't allow it. - The optic cost is not significantly different if the muni buys them and provides lit L2, or if the service/provider user provides them. The muni should sell L1 patches to anyone in the MMR. Note, this _includes_ two on-net buildings. So if your work and home are connected to the same muni-MMR you could order a patch from one to the other. It may now be max ~20km, so you'll need longer reach optics, but if you want to stand up 96x10GE WDM you're good to go. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpa1jke7mH3w.pgp Description: PGP signature
Re: Muni network ownership and the Fourth
In a message written on Tue, Jan 29, 2013 at 02:14:46PM -0800, Owen DeLong wrote: The MMR should, IMHO be a colo facility where service providers can lease racks if they choose. The colo should also be operated on a cost recovery basis and should only be open to installation of equipment directly related to providing service to customers reached via the MMR. I'm not sure I agree with your point. The _muni_ should not run any equipment colo of any kind. The muni MMR should be fiber only, and not even require so much as a generator to work. It should not need to be staffed 24x7, have anything that requires PM, etc. I fully support the muni MMR being inside of a colocation facility run by some other company (Equinix/DLR/CoreSite, whatever) so folks can colo on site. I think it is also important someone be able to set up a colo down the street and just drop in a 1000 strand fiber cable to the actual MMR. Why is this important? Well, look at one of the failure modes of the CO system. When DSL was in its hayday, CO's would become full, and no new DSL providers would be able to get colo space. Plus the CO's could use space/power/hands time/etc as profit centers. Muni-fiber should stay as far away from these problems as possible. I think it's also important to consider the spectrum of deployments here. A small town of 1000 homes may have MuniMMRREIT come in and build a 5,000 sq foot building with 1,000 of that leased to the muni for fiber patch panels, and the other 4,000 sold to ISP's by the rack to provide service. On the other side consider a space like New York City, where MuniFiberCo builds out 50,000 square feet for fiber racks somewhere, and ISP #1 drops in 10,000 strands from 111 8th Ave, and ISP #2 drops in 10,000 strands from 25 Broadway, and so on. In the middle may be a mid-sized town, where the build the MMR in a business park, and 3 ISP's erect their own colos, and a colo provider builds the fourth a houses a dozen smaller players. In the small town case, MuniMMRREIT may agree to a regulated price structure for colo space. In the New York City case, it would make no sense for one colo to try and house all the equipment now and forever, and there would actually (on a per strand basis) be very minimal cost to pull 10,000 strands down the street. I'll argue that running 10,000 strands (which is as few as 12 860 strand fiber cables) a block or two down the street is far less cost than trying to shoehorn more colo into an existing building where it is hard to add generators/chillers/etc. Basically, running fiber a block or two down the street opens up a host of cheaper realestate/colo opportunities, and it doesn't cost significanly more than running the fiber from one end of a colo to another relative to all the other costs. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpcPnmYQ0Y32.pgp Description: PGP signature
Re: Will wholesale-only muni actually bring the boys to your yard?
On Jan 29, 2013, at 4:39 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Jean-Francois Mezei jfmezei_na...@vaxination.ca It is in fact important for a government (municipal, state/privince or federal) to stay at a last mile layer 2 service with no retail offering. Wholesale only. Not only is the last mile competitively neutral because it is not involved in retail, but it them invites competition by allowing many service providers to provide retail services over the last mile network. This, Jean-Francois, is the assertion I hear relatively frequently. It rings true to me, in general, and I would go that way... but there is a sting in that tail: Can I reasonably expect that Road Runner will in fact be technically equipped and inclined to meet me to get my residents as subscribers? Especially if they're already built HFC in much to all of my municipality? It doesn't actually matter. You don't necessarily need to be the only wholesale offering, you just need to be open to all service providers. This means that if Road Runner wants to pay for their own infrastructure instead of using yours, then that will increase their costs and likely make it harder for them to compete with ISPs (and other services) that choose to use your infrastructure. Owen
Re: Muni network ownership and the Fourth
In a message written on Tue, Jan 29, 2013 at 03:03:51PM -0500, Zachary Giles wrote: Not to sidestep the conversation here .. but, Leo, I love your concept of the muni network, MMR, etc. What city currently implements this? I want to move there! :) I don't know any in the US that have the model I describe. :( My limited understanding is some other countries have a similar model, but I don't know of any good english language summaries. For instance I believe the model used in Sweeden is substantially similar to what I describe... -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpBu2MnwbPIL.pgp Description: PGP signature
Re: Muni fiber: L1 or L2?
I would put it differently. I believe that the entity (muni, county, state, special district, or whatever) should be required to make dark fiber patches available. I believe they should be allowed to optionally provide L2 enabled services of various forms. I believe that they should be prohibited from engaging in L3+ services. I believe they should be required to offer more than a MMR type facility in order to enable cost-effective utilization by smaller providers. There are a number of ways this can be accomplished without necessarily requiring the muni to get into anything complicated. Owen On Jan 29, 2013, at 6:51 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 12:54:26PM -0500, Jay Ashworth wrote: Hmmm. I tend to be a Layer-2-available guy, cause I think it lets smaller players play. Does your position (likely more deeply thought out than mine) permit Layer 2 with Muni ONT and Ethernet handoff, as long as clients are *also* permitted to get a Layer 1 patch to a provider in the fashion you suggest? No, and there's good reason why, I'm about to write a response to Owen that will also expand on why. There are a number of issues with the muni running the ONT: - Muni now has to have a different level of techs and truck rolls. - The Muni MMR now is much more complex, requiring power (including backup generators, etc) and likely 24x7 staff as a result. - The muni-ont will limit users to the technologies the ONT supports. If you want to spin up 96x10GE WDM your 1G ONT won't allow it. - The optic cost is not significantly different if the muni buys them and provides lit L2, or if the service/provider user provides them. The muni should sell L1 patches to anyone in the MMR. Note, this _includes_ two on-net buildings. So if your work and home are connected to the same muni-MMR you could order a patch from one to the other. It may now be max ~20km, so you'll need longer reach optics, but if you want to stand up 96x10GE WDM you're good to go. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: Muni fiber: L1 or L2?
In a message written on Tue, Jan 29, 2013 at 07:11:56PM -0800, Owen DeLong wrote: I believe they should be allowed to optionally provide L2 enabled services of various forms. Could you expand on why you think this is necessary? I know you've given this some thought, and I'd like to understand. The way I see it, for $100 in equipment (2x$50 optics) anyone can light 1Gbps over the fiber. The only way the muni has significantly cheaper port costs than a provider with a switch and a port per customer is to do something like GPON which allows one port to service a number of customers, but obviously imposes a huge set of limitions (bandwiths, protocols you can run over it, etc). I also think the ONT adds unnecesary cost. They are used today primarily for a handoff test point, and to protect shared networks (like GPON) from a bad actor. With a dedicated fiber pair per customer I think they are unnecessary. I can see a future where the home gateway at the local big box has an SFP port (or even fixed 1000baseLX optics) and plugs directly into the fiber pair. No ONT cost, no ONT limitations, no need to power it (UPS battery replacement, etc). It's a value subtract, not a value add. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpQvpQliT8s4.pgp Description: PGP signature
Re: Muni network ownership and the Fourth
On Jan 29, 2013, at 7:03 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 02:14:46PM -0800, Owen DeLong wrote: The MMR should, IMHO be a colo facility where service providers can lease racks if they choose. The colo should also be operated on a cost recovery basis and should only be open to installation of equipment directly related to providing service to customers reached via the MMR. I'm not sure I agree with your point. The _muni_ should not run any equipment colo of any kind. The muni MMR should be fiber only, and not even require so much as a generator to work. It should not need to be staffed 24x7, have anything that requires PM, etc. I fully support the muni MMR being inside of a colocation facility run by some other company (Equinix/DLR/CoreSite, whatever) so folks can colo on site. I think it is also important someone be able to set up a colo down the street and just drop in a 1000 strand fiber cable to the actual MMR. There's a problem with this. You've now granted an effective monopoly to said colo facility and they can engage in uneven and/or egregious pricing schemes to block competition for local access services in much the way that the current utility owned HFC and twisted pair infrastructures do. Why is this important? Well, look at one of the failure modes of the CO system. When DSL was in its hayday, CO's would become full, and no new DSL providers would be able to get colo space. Plus the CO's could use space/power/hands time/etc as profit centers. Muni-fiber should stay as far away from these problems as possible. Full is full. In reality, no matter what mechanism you choose, this will be a potential issue, even with the MMR architecture. However, let's look at the real problems with COs… First, the COs were run by the incumbent monopoly carrier and said carrier was allowed to compete for services on the lines, not just manage the lines. Since the operator in this case isn't allowed to operate services on the lines and is neutral to all service providers, you don't have this issue. If the colo is operated on a cost-recovery basis, then it also isn't a profit center by definition. I think it's also important to consider the spectrum of deployments here. A small town of 1000 homes may have MuniMMRREIT come in and build a 5,000 sq foot building with 1,000 of that leased to the muni for fiber patch panels, and the other 4,000 sold to ISP's by the rack to provide service. On the other side consider a space like New York City, where MuniFiberCo builds out 50,000 square feet for fiber racks somewhere, and ISP #1 drops in 10,000 strands from 111 8th Ave, and ISP #2 drops in 10,000 strands from 25 Broadway, and so on. In the middle may be a mid-sized town, where the build the MMR in a business park, and 3 ISP's erect their own colos, and a colo provider builds the fourth a houses a dozen smaller players. Yes, let's consider these… Case 1 everything mostly works out OK, but the 4000 feet of colo space grants a form of monopoly to MuniMMRREIT which basically allows them to print money on the backs of local consumers. To make matters worse, nothing prevents them from crawling into bed with favored providers and producing policies, procedures, and costs which inhibit competition against those favored providers. Case 2, you move the CO Full problem from the CO to the adjacent cable vaults. Even with fiber, a 10,000 strand bundle is not small. It's also a lot more expensive to pull in 10,000 strands from a few blocks away than it is to drop a router in the building with the MMR and aggregate those cross-connects into a much smaller number of fibers leaving the MMR building. Case 3 actually seems closer to ideal to me, but you're depending on a lot of things happening exactly the right way in a situation where markets have proven to be significantly subject to manipulation by incumbents. More likely, $TELCO buys the business park and… In the small town case, MuniMMRREIT may agree to a regulated price structure for colo space. In the New York City case, it would make no sense for one colo to try and house all the equipment now and forever, and there would actually (on a per strand basis) be very minimal cost to pull 10,000 strands down the street. I'll argue that running 10,000 strands (which is as few as 12 860 strand fiber cables) a block or two down the street is far less cost than trying to shoehorn more colo into an existing building where it is hard to add generators/chillers/etc. In the NY case, it depends. If the colo is a 90+ story building, then it might well be practical. If you're talking about using existing buildings, then you might have to get creative. However, if you're starting with a vacant lot, then there are lot of possibilities. Basically, running fiber a block or two down the street opens up a host of cheaper realestate/colo opportunities, and it doesn't cost
Re: Muni fiber: L1 or L2?
On Jan 29, 2013, at 7:23 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 07:11:56PM -0800, Owen DeLong wrote: I believe they should be allowed to optionally provide L2 enabled services of various forms. Could you expand on why you think this is necessary? I know you've given this some thought, and I'd like to understand. The way I see it, for $100 in equipment (2x$50 optics) anyone can light 1Gbps over the fiber. The only way the muni has significantly cheaper port costs than a provider with a switch and a port per customer is to do something like GPON which allows one port to service a number of customers, but obviously imposes a huge set of limitions (bandwiths, protocols you can run over it, etc). But it's not $100 in equipment. It's $100 in optics + $350 in line cards + technician time to install… OTOH, if the muni operates L2 services and provides a pre-joined group of subscribers as a handoff to a single GPON optical port provided by the ISP or is allowed to provide pre-mused DWDM from a group of subscribers to a single-fiber hand-off to the ISP or whatever, then you increase the number and variety of competition and reduce certain barriers to that competition. I'm not saying it always makes sense in all situations. I'm saying that the muni should not necessarily be precluded from doing so where it does make sense. I also think the ONT adds unnecesary cost. They are used today primarily for a handoff test point, and to protect shared networks (like GPON) from a bad actor. With a dedicated fiber pair per customer I think they are unnecessary. I can see a future where the home gateway at the local big box has an SFP port (or even fixed 1000baseLX optics) and plugs directly into the fiber pair. You're going to need a handoff test point of some form for any residential service. If you think otherwise, then I would argue you simply don't have enough experience dealing with residential installations (from a provider perspective). Bad actor isolation is important on GPON, but it's not nearly as critical for point-to-point. However, you do still need the test point at the demarc. You want active equipment of some form at the CP that you own. You want everything past that active equipment to be the customer's problem. No ONT cost, no ONT limitations, no need to power it (UPS battery replacement, etc). It's a value subtract, not a value add. It really isn't. You'd be surprised how many uncompensated truck rolls are eliminated every day by being able to talk to the ONT from the help desk and tell the subscriber Well, I can manage your ONT and it's pretty clear the problem is inside your house. Would you like to pay us $150/hour to come out and troubleshoot it for you? Owen
Re: Muni network ownership and the Fourth
In a message written on Tue, Jan 29, 2013 at 07:46:06PM -0800, Owen DeLong wrote: Case 2, you move the CO Full problem from the CO to the adjacent cable vaults. Even with fiber, a 10,000 strand bundle is not small. It's also a lot more expensive to pull in 10,000 strands from a few blocks away than it is to drop a router in the building with the MMR and aggregate those cross-connects into a much smaller number of fibers leaving the MMR building. [snip] But what happens when you fill the cable vaults? It's really not an issue. 10,000 fibers will fit in a space not much larger than my arm. I have on my desk a 10+ year old cable sample of a Corning 864 strand cable (36 ribbons of 24 fibers a ribbon). It is barely larger around than my thumb. Each one terminated into an almost-full rack of SC patch panels. A web page on the cable: http://catalog.corning.com/CableSystems/en-US/catalog/ProductDetails.aspx?cid=pid=105782vid=106018 My company at the time build a duct bank by building 6x4 conduit, installing 3x1.25 innerduct in each conduct, and pulling one of those cables in each innerduct. That's a potential capacity of 15,525 fibers in a duct bank perhaps 14 wide by 8 tall. A vault as used for traditional telco or electrical (one big enough for a man to go down in) could hold millions of these fibers. They were never used, because they were way too big. There's also plenty of experience in this area, telcos have been putting much larger copper cables into CO's for a long time. Were there demand, they could easily put more ribbons in a single armored sheeth. The actual stack of fibers is about 1/2 wide and 3/8 thick for the 864 strands. You could extrapolate a single 10,000 strand cable that would be smaller than the power cables going to a typical commercial transformer. The cost of fiber is terminating it. Running 864 strands from one end of a colo to another inside, compared with running it a block down the street isn't significantly different; modulo any construction costs. Obviously if it costs $1M to dig up the street that's bad, but for instance if there is already an empty duct down the street and it's just pulling cable, the delta is darn near zero. That's why I think rather than having the muni run colo (which may fill), they should just allow providers to drop in their own fiber cables, and run a fiber patch only room. There could then be hundreds of private colo providers in a 1km radius of the fiber MMR, generating lots of competition for the space/power side of the equation. If one fills up, someone will build another, and it need not be on the same square of land -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: Muni fiber: L1 or L2?
In a message written on Tue, Jan 29, 2013 at 07:53:34PM -0800, Owen DeLong wrote: It really isn't. You'd be surprised how many uncompensated truck rolls are eliminated every day by being able to talk to the ONT from the help desk and tell the subscriber Well, I can manage your ONT and it's pretty clear the problem is inside your house. Would you like to pay us $150/hour to come out and troubleshoot it for you? I would love statistics from actual providers today. I don't know of any residential telco services (pots, ISDN BRI, or DSL) that has an active handoff they can test to without a truck roll. I don't know of any cable services with an active handoff similar to an ONT, although they can interrogate most cable boxes and modems for signal quality measurements remotely to get some idea of what is going on. On the flip side, when CableCo's provide POTS they must include a modem with a battery, and thus incur the cost of shipping new batteries out and old batteries back every ~5 years; which they sometimes do by truck roll... So it seems to me both of those services find things work just fine without an ONT-like test point. ONTs seem unique to FTTH deployments, of which most today are GPON... -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: Will wholesale-only muni actually bring the boys to your yard?
On 13-01-29 19:39, Jay Ashworth wrote: It rings true to me, in general, and I would go that way... but there is a sting in that tail: Can I reasonably expect that Road Runner will in fact be technically equipped and inclined to meet me to get my residents as subscribers? Especially if they're already built HFC in much to all of my municipality? I do not have numbers, but based on what I have read. municipal deployments have occured in cases where incumbents were not interested in providing modern internet access. What may happen is that once they see the minucipality building FTTH, they may suddently develop an interest in that city and deploy HFC and or DSL and then sue the city for reason X. The normal behaviour should be: we'll gladly connect to the municipal system. A good layer 2 deployment can support DHCP or PPPoE and thus be compatible with incumbents infrastructure. However, a good layer2 deployment won't have RFoG support and will prefer IPTV over the data channel (the australian model supports multicast). So cable companies without IPTV services may be at a disadvantage. In Canada, Rogers (cableco) has announced that they plan to go all IPTV instead of conventional TV channels.
Re: Muni network ownership and the Fourth
On 13-01-29 22:03, Leo Bicknell wrote: The _muni_ should not run any equipment colo of any kind. The muni MMR should be fiber only, and not even require so much as a generator to work. It should not need to be staffed 24x7, have anything that requires PM, etc. This is not possible in a GPON system. The OLT has to be carrier neutral so that different carriers can connect to it. It is the last point of aggregation before reaching homes. Otherwise, you would need to run multiple strands to each splitter box and inside run as many splitters as there are ISPs so that one home an be connect to the splitter used by ISP-1 while the next home's strand is connected to another splitter associated with ISP-2. This gets complicated. Much simpler for the municipality to run L2 to a single point of aggregation where different ISPs can connect. In the case of Australia, the aggregation points combine a few towns in rural areas. (so multiple OLTs). I fully support the muni MMR being inside of a colocation facility run by some other company (Equinix/DLR/CoreSite, whatever) so folks can colo on site. Just because it is a municipal system does not mean that it has to be municipal employees who run the OLT and do the maintenance of the fibre plant. It can very well be a private company comtracted by the city to provide carrier neutral services to any ISP who wants to connect.
Re: Muni network ownership and the Fourth
On Tue, Jan 29, 2013 at 8:10 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 07:46:06PM -0800, Owen DeLong wrote: Case 2, you move the CO Full problem from the CO to the adjacent cable vaults. Even with fiber, a 10,000 strand bundle is not small. It's also a lot more expensive to pull in 10,000 strands from a few blocks away than it is to drop a router in the building with the MMR and aggregate those cross-connects into a much smaller number of fibers leaving the MMR building. [snip] But what happens when you fill the cable vaults? It's really not an issue. 10,000 fibers will fit in a space not much larger than my arm. I have on my desk a 10+ year old cable sample of a Corning 864 strand cable (36 ribbons of 24 fibers a ribbon). It is barely larger around than my thumb. Each one terminated into an almost-full rack of SC patch panels. A web page on the cable: http://catalog.corning.com/CableSystems/en-US/catalog/ProductDetails.aspx?cid=pid=105782vid=106018 My company at the time build a duct bank by building 6x4 conduit, installing 3x1.25 innerduct in each conduct, and pulling one of those cables in each innerduct. That's a potential capacity of 15,525 fibers in a duct bank perhaps 14 wide by 8 tall. A vault as used for traditional telco or electrical (one big enough for a man to go down in) could hold millions of these fibers. They were never used, because they were way too big. There's also plenty of experience in this area, telcos have been putting much larger copper cables into CO's for a long time. Were there demand, they could easily put more ribbons in a single armored sheeth. The actual stack of fibers is about 1/2 wide and 3/8 thick for the 864 strands. You could extrapolate a single 10,000 strand cable that would be smaller than the power cables going to a typical commercial transformer. The cost of fiber is terminating it. Running 864 strands from one end of a colo to another inside, compared with running it a block down the street isn't significantly different; modulo any construction costs. Obviously if it costs $1M to dig up the street that's bad, but for instance if there is already an empty duct down the street and it's just pulling cable, the delta is darn near zero. That's why I think rather than having the muni run colo (which may fill), they should just allow providers to drop in their own fiber cables, and run a fiber patch only room. There could then be hundreds of private colo providers in a 1km radius of the fiber MMR, generating lots of competition for the space/power side of the equation. If one fills up, someone will build another, and it need not be on the same square of land It's more than just terminating it; the bulk fiber is not free. And it's not the customer end where you see congestion; unless you (expensively) splice out in the field at intermediate aggregation points, for a say 10,000 customer wire center you have 10,000 x the individual cable cross section area at the convergence point. Which you have to provision end-to-end unbroken as splicing is likely to screw with your overall cost model in an atrocious way. Unlike all the other media. Yes, you can buy some fiber that aggregates smaller bundles, but they don't split nicely 100 ways in a manner you can realistically fan out from one master bundle at the head end (unless there's a fiber type out there I am not aware of, I don't do this part of the stuff all the time). It's a pain in the ass to provision in a way that you can centralize a L1 dark fiber service, because of splices. If you're providing L2 then you don't splice, you just run to a pole or ground or vault box and terminate there, and have a few 10G or 40G or 100G uplink fibers from there to your interchange point wire center. If you're providing L1 then that's an amazingly complex fiber pull / conduit / delivered fiber quality / space management problem at the wire center. -- -george william herbert george.herb...@gmail.com
Re: IPV6 in enterprise best practices/white papaers
On Tue, Jan 29, 2013 at 09:07:57PM +1100, Karl Auer wrote: Also, if a switch does not do MLD snooping, it will flood multicast to all ports. You lose one of the major benefits of IPv6 multicast - less admin traffic. You need to spec new switches with IPv6 capability. NDP multicast has scaling issues, and I'd not be surprised if switches will soon stop learning it and flood all NDP multicasts to save space for the users' higher-traffic multicast groups. This is very reasonable, because end-host Ethernet chipsets have been discarding useless frames since the beginning. Even unicast frames were flooded in the times of coax and hubs; ethernet chipsets will drop disinteresting frames on the floor. The problem with ARP and other broadcasts was that they were never dropped by any ethernet chipset, because there was no way for it to know if it is interesting. NDP multicast addresses, on the other hand, allow for the device to program only the multicast MACs it is interested about in the ethernet chipset, so the CPU will never see the useless packets. This is a very good compromise for most cases; you haul some useless packets, but they are dropped by the ethernet chipset, so even the most measly print server or internet controlled coffee maker CPU will not be unduly burdened. You will also not need to burden your network with multicast groups (=state) to save hauling a few useless packets around. * * * There are some cases where it actually is expensive to flood ARP/NDP requests, like 802.11 WLANs where bandwidth can be limited and multicast/broadcast is implemented by transmitting at a very low bitrate to hope everyone can hear it, taking up airtime on access points, instead of transmitting at high rates with an ACK mechanism like unicast frames. (*) If the WLAN implements MLD snooping, an NDP broadcast is unlikely to be listened to by more than one host; a smart AP could deliver it like a unicast frame at a high rate to said single client. The other APs in the same L2 network can drop the frame on the floor altogether, or never see it if the wired network has MLD snooping. But even in this case it scales better to have access points throw away a small amount of frames than have the whole wired switch network learn a large amount of multicast groups that churn each time the client roams to a new AP. * I am aware this is a simplification, and many modern WLANs are smarter than this; many also do proxy ARP to eliminate the problem with flooded ARP broadcasts altogether.
Re: Looking for success stories in Qwest/Centurylink land
- Original Message - From: valdis.kletni...@vt.edu To: Rob McEwen r...@invaluement.com Cc: nanog@nanog.org Sent: Tuesday, January 29, 2013 6:38 AM Subject: Re: Looking for success stories in Qwest/Centurylink land snip So where are all the arrests and convictions for the mortgage games and other Wall Street malfeasance that led to the financial crisis of 2008? Seems that was a tad more egregious than anything Enron did, so there should have been more arrests and convictions? http://www.rollingstone.com/politics/news/secret-and-lies-of-the-bailout-20130104
Re: Muni network ownership and the Fourth
That's why I think rather than having the muni run colo (which may fill), they should just allow providers to drop in their own fiber cables, and run a fiber patch only room. There could then be hundreds of private colo providers in a 1km radius of the fiber MMR, generating lots of competition for the space/power side of the equation. If one fills up, someone will build another, and it need not be on the same square of land The two options are not mutually exclusive. Nothing precludes bringing additional fiber in where that makes sense even if you have an on-site colo facility. Owen
Re: Muni fiber: L1 or L2?
On Jan 29, 2013, at 20:16 , Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 07:53:34PM -0800, Owen DeLong wrote: It really isn't. You'd be surprised how many uncompensated truck rolls are eliminated every day by being able to talk to the ONT from the help desk and tell the subscriber Well, I can manage your ONT and it's pretty clear the problem is inside your house. Would you like to pay us $150/hour to come out and troubleshoot it for you? I would love statistics from actual providers today. I don't know of any residential telco services (pots, ISDN BRI, or DSL) that has an active handoff they can test to without a truck roll. Well, often they will (over the phone) tell the customer to take their phone (or DSL modem) out to the NIU and see if it works there with the rest of the house unplugged. So that covers POTS and DSL. I suppose it would probably also work for BRI if they took the NT out to the same point. I don't know of any cable services with an active handoff similar to an ONT, although they can interrogate most cable boxes and modems for signal quality measurements remotely to get some idea of what is going on. On the flip side, when CableCo's provide POTS they must include a modem with a battery, and thus incur the cost of shipping new batteries out and old batteries back every ~5 years; which they sometimes do by truck roll... In the cable world, they can interrogate not only your various boxes if available, but they can also probe your neighbor's boxes. Because of the tree-structured nature, if your connection is unresponsive, but your neighbors all respond, they can be pretty much narrow it down to your drop and/or your IW. However, in most cases, $CABLECO takes greater responsibility for the co-ax IW than $TELCO, so this may be somewhat moot. So it seems to me both of those services find things work just fine without an ONT-like test point. ONTs seem unique to FTTH deployments, of which most today are GPON... Not so much... First, as pointed out above, there is the (less useful, but somewhat equivalent NIU) for the UTP world. Cable is a somewhat different business model. Also, historically, while not residential (in most cases), don't forget about the various active components on T1 and DS0 circuits which could be remotely looped by the Telco. Yes, ONTs are unique to FTTH, but, they do represent one of the factors that makes FTTH cheaper and more sustainable that copper plants. Owen
Re: Muni network ownership and the Fourth
On Jan 29, 2013, at 20:30 , Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 13-01-29 22:03, Leo Bicknell wrote: The _muni_ should not run any equipment colo of any kind. The muni MMR should be fiber only, and not even require so much as a generator to work. It should not need to be staffed 24x7, have anything that requires PM, etc. This is not possible in a GPON system. The OLT has to be carrier neutral so that different carriers can connect to it. It is the last point of aggregation before reaching homes. Otherwise, you would need to run multiple strands to each splitter box and inside run as many splitters as there are ISPs so that one home an be connect to the splitter used by ISP-1 while the next home's strand is connected to another splitter associated with ISP-2. This gets complicated. Why can't the splitters be in the MMR? (I'm genuinely asking... I confess to a certain level of GPON ignorance). Much simpler for the municipality to run L2 to a single point of aggregation where different ISPs can connect. In the case of Australia, the aggregation points combine a few towns in rural areas. (so multiple OLTs). Yes, but this approach locks us into GPON only which I do not advocate. GPON is just the current fad. It's not necessarily the best long term solution. Owen
Re: Muni network ownership and the Fourth
On Jan 29, 2013, at 20:36 , George Herbert george.herb...@gmail.com wrote: On Tue, Jan 29, 2013 at 8:10 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Tue, Jan 29, 2013 at 07:46:06PM -0800, Owen DeLong wrote: Case 2, you move the CO Full problem from the CO to the adjacent cable vaults. Even with fiber, a 10,000 strand bundle is not small. It's also a lot more expensive to pull in 10,000 strands from a few blocks away than it is to drop a router in the building with the MMR and aggregate those cross-connects into a much smaller number of fibers leaving the MMR building. [snip] But what happens when you fill the cable vaults? It's really not an issue. 10,000 fibers will fit in a space not much larger than my arm. I have on my desk a 10+ year old cable sample of a Corning 864 strand cable (36 ribbons of 24 fibers a ribbon). It is barely larger around than my thumb. Each one terminated into an almost-full rack of SC patch panels. It's more than just terminating it; the bulk fiber is not free. And it's not the customer end where you see congestion; unless you (expensively) splice out in the field at intermediate aggregation points, for a say 10,000 customer wire center you have 10,000 x the individual cable cross section area at the convergence point. Which you have to provision end-to-end unbroken as splicing is likely to screw with your overall cost model in an atrocious way. Unlike all the other media. This can be addressed by the fiberoptic equivalent of Telco B Boxes out in the neighborhoods. You run a large fiber bundle to the B Box (or series of B Boxes) and run the individual fiber bundles from the B Box to each house in the immediate neighborhood. Same model as the current Telco F1/F2 cable bundles, etc. It's a pain in the ass to provision in a way that you can centralize a L1 dark fiber service, because of splices. If you're providing L2 then you don't splice, you just run to a pole or ground or vault box and terminate there, and have a few 10G or 40G or 100G uplink fibers from there to your interchange point wire center. If you're providing L1 then that's an amazingly complex fiber pull / conduit / delivered fiber quality / space management problem at the wire center. I don't think this is necessarily true if you include the possibility of passive LC patching at the neighborhood level. Owen
Re: IPV6 in enterprise best practices/white papaers
On Wed, 2013-01-30 at 06:41 +0200, Jussi Peltola wrote: On Tue, Jan 29, 2013 at 09:07:57PM +1100, Karl Auer wrote: Also, if a switch does not do MLD snooping, it will flood multicast to all ports. You lose one of the major benefits of IPv6 multicast - less admin traffic. NDP multicast has scaling issues, and I'd not be surprised if switches will soon stop learning it and flood all NDP multicasts to save space for the users' higher-traffic multicast groups. Can you be more specific about these scaling issues? Seems to me that each node is in relatively few multicast groups - one per interface (all link-local hosts), plus one per address (solicited node multicast), less if SLAAC is being used, because one SNMA is used for both the link local address and the SLAAC address. Some nodes may be participating in other groups - routers, for example, will also be in the all link-local routers group, and maybe things like the DHCPv6 all servers and relays group. If the node is doing temporary addressing, there will be an additional solicited node multicast address in play during the changeover. So a typical node in a subnet will be in three, maybe four groups. I'm guessing that's NOT the scalability problem you are talking about. if it is interesting. NDP multicast addresses, on the other hand, allow for the device to program only the multicast MACs it is interested about in the ethernet chipset, so the CPU will never see the useless packets. Yep - belt and braces. But that multicast packet still went over the wire as far as the NIC, and while it was doing that, other traffic was not able to use the wire. So getting that multicast traffic off the wire altogether is a Good Thing, and the place for that filtering to happen is in the switch. unduly burdened. You will also not need to burden your network with multicast groups (=state) to save hauling a few useless packets around. As long as it's a few, true. But one of the aims of moving to multicast was to enable larger subnets. That few useless packets can turn into a LOT of useless packets when there are a few hundred or a few thousand nodes on the subnet. If the WLAN implements MLD snooping, an NDP broadcast is unlikely to be listened to by more than one host; a smart AP could deliver it like a unicast frame at a high rate to said single client. How does the behaviour of this AP differ in principle from the behaviour of a switch doing MLD snooping and delivering multicast packets only to listeners in the particular group (and for the same reason)? than have the whole wired switch network learn a large amount of multicast groups that churn each time the client roams to a new AP. Why is it a large amount? See above - it's probably three or four per host. And they only churn when a client moves into or away from a connection point (AP or switch port). Most things connected to switch ports won't churn that much. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Re: IPV6 in enterprise best practices/white papaers
High density virtual machine setups can have 100 VMs per host. Each VM has at least a link-local address and a routable address. This is 200 groups per port, 9600 per 48 port switch. This is a rather large amount of state for what it's worth. If you have mld snooping on a switch aggregating multiple racks like this, you start hitting limits on some platforms. There is a similar situation with a WLAN that has large amounts of clients; a single AP, on the other hand, should not see that many groups. Multicast always requires state in the whole network for each group, or flooding. In the case of ndp, flooding may very well be the better option, especially if you view this as a DoS to your Really Important multicast groups - some virtual hosters give /64 per VM, which brings about all kinds of trouble not limited to multicast groups if the client decides to configure too many addresses to his server.