Re: RPKI and Trust Anchor question
Actually, ICANN had an RPKI pilot in operation back in 1996 or so. For political reasons (as far as I can tell), the RIRs refused to let ICANN/IANA play. Unless the RIRs are willing to accept ICANN/IANA as the root TA as recommended by the IAB, ICANN can't move forward. the rirs should get their next (ipv6) address allocations from the nro pool, eh?
Re: RPKI and Trust Anchor question
On Aug 6, 2013, at 12:25 AM, Doug Barton do...@dougbarton.us wrote: John, Thanks for the update! It's good to hear that progress is being made. Is there a place where the challenges and solutions are being discussed publicly? It's interesting that you raise DNSSEC in comparison since the two technologies have many similarities. One of the things that made DNSSEC successful was the wide-ranging public discussion that not only led to concerns that would likely not have been uncovered otherwise, but also solutions to those and other problems. Agreed. I believe that it is necessary to do the same with respect to any global trust anchor architecture for RPKI, and believe that much of this needs to take place initially in the IETF sidr working group. The first step of that process is to have an initial draft doc for discussion (which is presently being written by the ICANN/RIR technical folks.) FYI, /John John Curran President and CEO ARIN
Re: RPKI and Trust Anchor question
Barb, You've apparently forgotten ICANN's time distortion field (which they'll be inventing very shortly with the zillions of dollars they'll get from the new gTLD program). Err, yeah. 2006. Apologies -- typing on a cellphone can be distracting. Regards, -drc On Aug 5, 2013, at 3:22 PM, Barbara Roseman barbara.rose...@icann.org wrote: I think David meant 2006, not 1996. -Barb Roseman On 8/5/13 12:08 PM, David Conrad d...@virtualized.org wrote: Actually, ICANN had an RPKI pilot in operation back in 1996 or so. For political reasons (as far as I can tell), the RIRs refused to let ICANN/IANA play. Unless the RIRs are willing to accept ICANN/IANA as the root TA as recommended by the IAB, ICANN can't move forward. Regards, -drc Mobile device, sorry about tpyos On Aug 5, 2013, at 11:59 AM, Rubens Kuhl rube...@gmail.com wrote: NRO, the RIRs collective, is still working on this. It's listed as an open action item since Q2 this CY at NRO Executive Council meetings: http://www.nro.net It's very unlikely that ICANN, which sees the NRO as it's address support organization, will move on this before NRO does. Rubens On Mon, Aug 5, 2013 at 3:26 PM, Marcel Plug marcelp...@gmail.com wrote: Hi Nanog, Does anyone have any inside information what may be happening in the effort to have a single trust anchor for RPKI? Is ICANN still working on this? If so is there any timeline or published info of any kind? Most of the information i can find is about 2 years old. Any links or info of any kind would be much appreciated. Thanks, Marcel Plug
Comcast contact
Any chance someone on this list is affiliated with Comcast who could contact me off-list? I have an employee in Virginia who works from home using, in part, a VOIP desk telephone tied into our office phone system back in Nebraska. She's had nothing but problems maintaining a stable connection and I'm at my wit's end to diagnose and fix whatever is causing her problems. I've got this exact setup with several employees around the country, but this one person is the only one who, 1 - has problems and 2 - has Comcast. Much appreciated! Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular
Re: Comcast contact
Have you monitored your user's home Comcast connection with regards to packet loss or latency, preferably from network-near the SIP termination point? On Tue, Aug 6, 2013 at 10:56 AM, Andy Ringsmuth a...@newslink.com wrote: Any chance someone on this list is affiliated with Comcast who could contact me off-list? I have an employee in Virginia who works from home using, in part, a VOIP desk telephone tied into our office phone system back in Nebraska. She's had nothing but problems maintaining a stable connection and I'm at my wit's end to diagnose and fix whatever is causing her problems. I've got this exact setup with several employees around the country, but this one person is the only one who, 1 - has problems and 2 - has Comcast. Much appreciated! Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular
RE: Comcast contact
Make sure the remote phone is using a low bandwidth codec too. In a previous life changing a remote (home) user's phone from G.711 to G.729 made all the difference in the world to their call quality. Matthew Shaw – Sr. Network Administrator FairPoint Communications | ms...@fairpoint.com www.FairPoint.com -Original Message- From: Brandon Galbraith [mailto:brandon.galbra...@gmail.com] Sent: Tuesday, August 06, 2013 12:11 PM To: Andy Ringsmuth Cc: NANOG list Subject: Re: Comcast contact Have you monitored your user's home Comcast connection with regards to packet loss or latency, preferably from network-near the SIP termination point? On Tue, Aug 6, 2013 at 10:56 AM, Andy Ringsmuth a...@newslink.com wrote: Any chance someone on this list is affiliated with Comcast who could contact me off-list? I have an employee in Virginia who works from home using, in part, a VOIP desk telephone tied into our office phone system back in Nebraska. She's had nothing but problems maintaining a stable connection and I'm at my wit's end to diagnose and fix whatever is causing her problems. I've got this exact setup with several employees around the country, but this one person is the only one who, 1 - has problems and 2 - has Comcast. Much appreciated! Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular ___ This e-mail message and its attachments are for the sole use of the intended recipients. They may contain confidential information, legally privileged information or other information subject to legal restrictions. If you are not the intended recipient of this message, please do not read, copy, use or disclose this message or its attachments, notify the sender by replying to this message and delete or destroy all copies of this message and attachments in all media.
Re: RPKI and Trust Anchor question
On Tue, 06 Aug 2013 07:35:32 -0700, David Conrad said: You've apparently forgotten ICANN's time distortion field Apple will almost certainly sue for infringing their reality distortion field patents. pgpmQRDRlLPdd.pgp Description: PGP signature
Re: Comcast contact
If you run something like a pingplotter or MTR from pbx side towards the Remote, and do similar from remote towards the pbx side... Let it run for a bit, and compare / analyse the results.. you will spot your problem very quickly. --- We find that the IP Transit is often overloaded between Comcast networks and certain IP Transit providers. or Some common IP Transit provider have their routers overloaded thus having packet loss. We have had to some route engineering to get around these issues. In our case we are fortunate to have multiple IP Transit Carriers, so that was possible. --- Regards Faisal Imtiaz Snappy Internet Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net - Original Message - From: Andy Ringsmuth a...@newslink.com To: NANOG list nanog@nanog.org Sent: Tuesday, August 6, 2013 11:56:23 AM Subject: Comcast contact Any chance someone on this list is affiliated with Comcast who could contact me off-list? I have an employee in Virginia who works from home using, in part, a VOIP desk telephone tied into our office phone system back in Nebraska. She's had nothing but problems maintaining a stable connection and I'm at my wit's end to diagnose and fix whatever is causing her problems. I've got this exact setup with several employees around the country, but this one person is the only one who, 1 - has problems and 2 - has Comcast. Much appreciated! Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular
Re: Returned mail: see transcript for details
as it so happens, i could still use a decent contact over at AS3209. noc channels are unresponsive. even tried this one listed in radb: n...@adm.arcor.net. they are doing something really funky with their cg-nat setup for mobile subs. like, frag mapping gone wrong, therefore crazy retries or acks never received, etc. for us, it is breaking SSL.
Re: Comcast contact
On 8/6/2013 11:56 AM, Andy Ringsmuth wrote: Any chance someone on this list is affiliated with Comcast who could contact me off-list? I have an employee in Virginia who works from home using, in part, a VOIP desk telephone tied into our office phone system back in Nebraska. She's had nothing but problems maintaining a stable connection and I'm at my wit's end to diagnose and fix whatever is causing her problems. I've got this exact setup with several employees around the country, but this one person is the only one who, 1 - has problems and 2 - has Comcast. Much appreciated! Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular I have found Comcast rate shapes or resets long running encrypted sessions such as https. At $DAYJOB I had to set our SSL VPN system to re-key via new-tunnels every 5 minutes to keep it under their threshold of what looks like seven minutes for a tcp session. After that the sessions appeared to rate shape down to 128kbps. It may also only kick in during local POP congestion. I am assuming this is DPI trying to do peer-2-peer mitigation. --- James M Keller
Re: RPKI and Trust Anchor question
Thanks for your detailed response John. Further comments inline. On Mon, Aug 5, 2013 at 9:58 PM, John Curran jcur...@arin.net wrote: So, Marcel, please allow me to turn the question around... Do you do you believe that there should be an RPKI Global Trust Anchor? Are you concerned about the potential aggregation of control and risk that may result? (Feel free to answer me privately if you would prefer.) Having a single root seems like the right way to go. There will always be the threat (real or imagined) of outside interference. For that reason I'm sure there will be a small droid army of independent systems monitoring and studying every change the Global Trust Anchor makes - ready to sound the alarm. It's probably easier to keep an eye on one trust anchor than it is to monitor 5 of them. All the other arguments I've heard are in favour of a one-TA system so I won't repeat them. At the point in time when we understand the technical architecture being proposed and its implications, we will formally poll the ARIN and NANOG community on the question of whether there is support for having an RPKI Global Trust Anchor. My best estimate is that this will occur near the end of this year, but there's nothing wrong with having some discussion in the meantime if the mailing list is otherwise quiet. :-) I hope this provides some insight - thank you for asking about it, as it has been too long since any status update on this project (I will work on that as well for the very near future.) As I said, thanks for the update. Thanks! /John John Curran President and CEO ARIN Marcel
Re: Comcast contact
Shaw, Matthew ms...@fairpoint.com writes: Make sure the remote phone is using a low bandwidth codec too. In a previous life changing a remote (home) user's phone from G.711 to G.729 made all the difference in the world to their call quality. i think you've got that backwards. 80 kbit/sec on the wire is not a lot these days, and in a world where we're conditioned to accept gsm or worse, un-transcoded g.711u sounds startlingly good. if you're so short on bandwidth that moving to a 24 kbit/sec on the wire codec makes a difference, you're on the ragged edge of being hosed. -r
