Anyone from Cloudflare ? (IPv6 issue)

[Brandon Applegate]

Anyone from Cloudflare able/willing to contact me off list to troubleshoot a 
very frustrating and intermittent IPv6 connectivity issue ?  I have plenty of 
data points, multiple test systems (Testing from 2 working ASes, and the 1 AS 
in question that’s broken).

Otherwise - if anyone could share a way to get to clue @Cloudflare I would 
greatly appreciate it.  I put a request in through the web support front door, 
but I got back about what I expected.

Thanks.

--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
830B 4802 1DD4 F4F9 63FE  B966 C0A7 189E 9EC0 3A74
"SH1-0151.  This is the serial number, of our orbital gun."



signature.asc
Description: Message signed with OpenPGP using GPGMail

RE: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Alex Rubenstein]

> > On Tue, Dec 16, 2014 at 12:32 PM, Alex Rubenstein  > > wrote:
> > >
> > > I just with Wifi calling was ubiquitous.
> >
> > isn't it in every android phone since ~1yr ago?

Perhaps they are, but AT&T and Verizon don't allow it, because they are 
terrible.

RE: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Matthew Huff]

If your users are all using the latest models... great

We still have people using flip phones...

We had to shut down our legacy signal booster when a provider sent us a cease 
and desist letter. We are still looking for a replacement solution that meets 
the new code.


Matthew Huff | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC   | Phone: 914-460-4039
aim: matthewbhuff    | Fax:   914-694-5669

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ca By
Sent: Tuesday, December 16, 2014 3:46 PM
To: Christopher Morrow
Cc: John Levine; Alex Rubenstein; nanog@nanog.org
Subject: Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

On Tuesday, December 16, 2014, Christopher Morrow 
wrote:

> On Tue, Dec 16, 2014 at 12:32 PM, Alex Rubenstein  > wrote:
> >
> > I just with Wifi calling was ubiquitous.
>
> isn't it in every android phone since ~1yr ago?
>

For some usa mobile providers nearly every android phone supports wifi
calling... And iPhone6 too.

For anyone doing VoLTE, VoWiFi should be a slam dunk.

CB

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Ca By]

On Tuesday, December 16, 2014, Christopher Morrow 
wrote:

> On Tue, Dec 16, 2014 at 12:32 PM, Alex Rubenstein  > wrote:
> >
> > I just with Wifi calling was ubiquitous.
>
> isn't it in every android phone since ~1yr ago?
>

For some usa mobile providers nearly every android phone supports wifi
calling... And iPhone6 too.

For anyone doing VoLTE, VoWiFi should be a slam dunk.

CB

Re: ARIN's RPKI Relying agreement

[John Curran]

> On Dec 16, 2014, at 2:19 PM, Christopher Morrow  
> wrote:
> 
> zombie-thread!
> 
>> On Thu, Dec 4, 2014 at 12:39 PM, John Curran  wrote:
>> t (i.e. exactly the opposite of your “my routing decisions are affected
>> and breakage happens” statement in your prior email.)
> 
> the discussion in the thread was interesting, sometimes a bit more
> personal than was required and at times devoid of useful data... but I
> did want to point out one thing, I didn't say the quoted section, at
> least not in this thread...

Ah, yes... "breakage happens" was another gentleman over on PPML 

(and apologies for any confusion!)

> thanks john for hanging in for the discussion...

Thanks to everyone for the important feedback (even if somewhat 
pointed at times... :-)

/John

John Curran
President and CEO
ARIN

RE: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Matthew Huff]

Be careful about the new rules that were put into place in the spring. My 
experience is that resellers are still promoting "consumer" devices for use in 
commercial buildings which is now a no-no. Under the new regulation, consumer 
devices are to be used only for individuals in their home, car, RV, boat, etc..

Industrial signal boosters are the only allowed non-grandfathered devices to be 
used in buildings. They have to be installed by certified installers and 
require a FCC license under the new regulations. The new fines are steep at 
$100,000 an instance, so the wireless providers really have a hold of the FCC.



Matthew Huff | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC   | Phone: 914-460-4039
aim: matthewbhuff    | Fax:   914-694-5669

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of John Schiel
Sent: Tuesday, December 16, 2014 1:28 PM
To: nanog@nanog.org
Subject: Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater


On 12/15/2014 07:45 PM, Ray Van Dolson wrote:

One thing you might also want to consider are any calls you make to 911 
whilst using a repeater.

I use a repeater supplied by T-Mobile and they made it very clear, and I 
had to specifically acknowledge a statement, that using such a repeater 
takes away from emergency services being able to find out where you are 
if you make a 911 call from your mobile.

Some may refer to this as a feature, depending on how much tin foil you 
have laying about, but the users of such device may need to be warned 
about emergency calls.  They'll need to be able to describe where they 
are to the responding sirens.

--John

> Hi all;
>
> Looking to improve cell reception for mixed ATT/Verizon users on the
> first floor of one of our buildings.
>
> Starting to dig into this and coming across items like this one at
> Amazon[1], but thought some of you out there might have recommendations
> for something that has worked well for you and has been reliable.
>
> Am in a position to run cable from the roof to the floor in question.
>
> Thanks,
> Ray
>
> [1] 
> http://www.amazon.com/Wilson-Electronics-Indoor-Cellular-Booster/dp/B00IWW9AB8/ref=lp_2407782011_1_1?s=wireless&ie=UTF8&qid=1418671553&sr=1-1

Re: How do I handle a supplier that delivered a faulty product?

[Baldur Norddahl]

No, but I would say that they were afraid they might not be able to fix the
problem and somebody in the sales organization misstepped. Our reseller
went the extra mile for us and managed to escalate the issue all the way to
the CTO level.

Apparently it was not an easy problem to fix. The problem would be with the
chipset. Our reseller found a competing product that used the same chipset,
and they had the same problem. Only the competing product would be stable
at 950 Mbps instead of the 750 Mbps we had on the Zhone product. We agreed
with Zhone that if they could tune it to 950 Mbps, we could live with that
as "good enough". But in the end they actually managed to fix it
completely, so now the Zhone product is line speed and the competing
product is not.

Learning from this, I would recommend everyone considering a GPON product
based on a new chipset, to test how it performs when downloading at line
speed, especially if the source is a 10 Gbps enabled server. There is
apparently a bad chipset out there, that requires careful tuning for it to
perform to spec. Even if you are not selling gigabit, there are microbursts
that could cause trouble.

Our speedtests now looks like this:
http://www.speedtest.net/my-result/3962524900 - this is good as in reality
the speedtest is what people are buying...

Regards,

Baldur



On 16 December 2014 at 18:49, Justin M. Streiner 
wrote:

> On Tue, 16 Dec 2014, Baldur Norddahl wrote:
>
>  Zhone reversed their stance on this and put everything on finding a fix.
>> Now we have a working firmware that moves data at line speed with no need
>> to put limits on downloads. Everyone are happy now. The 2301 with new
>> firmware is performing as expected and seems like a good product for our
>> needs.
>>
>
> Good to see they came around.  I take it they did not elaborate on their
> sudden change of heart?
>
> jms
>

Re: ARIN's RPKI Relying agreement

[Christopher Morrow]

zombie-thread!

On Thu, Dec 4, 2014 at 12:39 PM, John Curran  wrote:
> t (i.e. exactly the opposite of your “my routing decisions are affected
> and breakage happens” statement in your prior email.)

the discussion in the thread was interesting, sometimes a bit more
personal than was required and at times devoid of useful data... but I
did want to point out one thing, I didn't say the quoted section, at
least not in this thread...

thanks john for hanging in for the discussion...
-chris

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[John Schiel]

On 12/15/2014 07:45 PM, Ray Van Dolson wrote:

One thing you might also want to consider are any calls you make to 911 
whilst using a repeater.


I use a repeater supplied by T-Mobile and they made it very clear, and I 
had to specifically acknowledge a statement, that using such a repeater 
takes away from emergency services being able to find out where you are 
if you make a 911 call from your mobile.


Some may refer to this as a feature, depending on how much tin foil you 
have laying about, but the users of such device may need to be warned 
about emergency calls.  They'll need to be able to describe where they 
are to the responding sirens.


--John


Hi all;

Looking to improve cell reception for mixed ATT/Verizon users on the
first floor of one of our buildings.

Starting to dig into this and coming across items like this one at
Amazon[1], but thought some of you out there might have recommendations
for something that has worked well for you and has been reliable.

Am in a position to run cable from the roof to the floor in question.

Thanks,
Ray

[1] 
http://www.amazon.com/Wilson-Electronics-Indoor-Cellular-Booster/dp/B00IWW9AB8/ref=lp_2407782011_1_1?s=wireless&ie=UTF8&qid=1418671553&sr=1-1

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Mike Hammett]

Unless your native number is your GV number. ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

- Original Message -

From: "TJ"  
To: "John R. Levine" , "Christopher Morrow" 
 
Cc: "Alex Rubenstein" , nanog@nanog.org 
Sent: Tuesday, December 16, 2014 12:02:15 PM 
Subject: Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater 

Hangouts Dialer gets you VOIP calls, whether WiFi or Cellular data is in 
use ... albeit from your GVoice#, not native/telco number. 

/TJ 

On Tue Dec 16 2014 at 12:55:49 PM John R. Levine  wrote: 

> >> I just with Wifi calling was ubiquitous. 
> > 
> > isn't it in every android phone since ~1yr ago? 
> 
> Yes, but it works poorly when walking the dog. 
> 
> R's, 
> John 
> 

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[TJ]

Hangouts Dialer gets you VOIP calls, whether WiFi or Cellular data is in
use ... albeit from your GVoice#, not native/telco number.

/TJ

On Tue Dec 16 2014 at 12:55:49 PM John R. Levine  wrote:

> >> I just with Wifi calling was ubiquitous.
> >
> > isn't it in every android phone since ~1yr ago?
>
> Yes, but it works poorly when walking the dog.
>
> R's,
> John
>

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[John R. Levine]

I just with Wifi calling was ubiquitous.


isn't it in every android phone since ~1yr ago?


Yes, but it works poorly when walking the dog.

R's,
John

Re: How do I handle a supplier that delivered a faulty product?

[Justin M. Streiner]

On Tue, 16 Dec 2014, Baldur Norddahl wrote:


Zhone reversed their stance on this and put everything on finding a fix.
Now we have a working firmware that moves data at line speed with no need
to put limits on downloads. Everyone are happy now. The 2301 with new
firmware is performing as expected and seems like a good product for our
needs.


Good to see they came around.  I take it they did not elaborate on their 
sudden change of heart?


jms

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Josh Luthman]

Definitely not.  My Droid Maxx on VZW does not do Wifi calling.  I have yet
to see Wifi calls (excluding SIP clients and such) on any phone around here.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 16, 2014 at 12:35 PM, Christopher Morrow <
morrowc.li...@gmail.com> wrote:

> On Tue, Dec 16, 2014 at 12:32 PM, Alex Rubenstein 
> wrote:
> >
> > I just with Wifi calling was ubiquitous.
>
> isn't it in every android phone since ~1yr ago?
>

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Christopher Morrow]

On Tue, Dec 16, 2014 at 12:32 PM, Alex Rubenstein  wrote:
>
> I just with Wifi calling was ubiquitous.

isn't it in every android phone since ~1yr ago?

RE: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Alex Rubenstein]

These work well, I have an ATT in my house. However, in a broad deployment 
(like in a datacenter with lots of discreet visitors) it is pointless, because 
ATT requires registration of any phone connected and it is limited to 10.

I just with Wifi calling was ubiquitous.


> Assuming you have good Internet service, you might also consider femtocells,
> which are small cellular base stations that use your Internet service as 
> backhaul.
> 
> Verizon: http://www.verizonwireless.com/accessories/samsung-network-
> extender-scs-2u01/

Re: How do I handle a supplier that delivered a faulty product?

[Baldur Norddahl]

Hi,

Zhone reversed their stance on this and put everything on finding a fix.
Now we have a working firmware that moves data at line speed with no need
to put limits on downloads. Everyone are happy now. The 2301 with new
firmware is performing as expected and seems like a good product for our
needs.

Baldur

Is there a case for storm control and/or unknown traffic flood control in 'protected' bridge-domain?

[Jason Lixfeld]

Greetings,

Conceptually, a layer 2 port that is configured for either port protect mode 
(a’la Cisco 2950 vintage), UNI port-type (a’la Cisco ME3400 vintage) or EVC + 
split-horizon (a’la ME3600 vintage) should negate any requirement for features 
such as storm control or unknown traffic flood control to be configured in 
conjunction with either of those port modes.  In theory then, either of the 
three aforementioned configuration modes would prevent any and all cross-talk 
between ports, in the same bridge-domain, notwithstanding traffic hitting the 
‘trusted’ port, be it the trunk or uplink port, SVI, routed BD or whatever name 
your hardware uses to define that trusted port.

Assuming that’s an accurate theory, is there a case that I might be missing 
where one would need to use storm control or unknown traffic flood control in 
this sort of environment?

Re: Cisco AnyConnect speed woes!

[Zachary McGibbon]

We seem to have narrowed down the problem to our Cisco SCE packet shaper.
It seems to be misclassifying about 15-20% of the DTLS traffic into
encrypted bittorrent and since we have shaping rules in place to limit
torrent traffic, this was causing the issue.

To resolve the issue, we put the IP of our VPN ASA into a different package
on the SCE and did not apply any shaping rules to it.

We are still monitoring to be sure but we are quite confident this was the
issue.

So note to anyone out there using a shaper and has a DTLS VPN behind it,
check your classifications or whitelist your VPN box!

- Zachary

On Tue, Dec 9, 2014 at 7:39 PM, Zachary McGibbon <
zachary.mcgibbon+na...@gmail.com> wrote:
>
> Hi Roberto,
>
> - We have disabled the DTLS compression feature, this has been verified on
> the client side that compression says 'None'
> - We are not using the VPN load balancing feature, the two boxes are
> running in an active/standby configuration
> - Yes we are tunnelling all traffic however local lan access is available
> if the user checks the checkbox in their client
> - We are inspecting the following:
>   dns preset_dns_map, ftp, h323 h225, h323 ras, rsh, rtsp, esmtp, sqlnet,
> skinny, sunrpc, xdmcp, sip, netbios, tftp, ip-options, icmp
> - Jumbo frames are not configured
> - We are using the following encryption methods: AES128 and 2048 bit
> certificate
> - We are running ASA 9.2.2.8 on a 5545X
> - We are pushing the Anyconnect client version 3.1.05182
>
> Also, I should mention what I mean when we see slow speeds.  For example,
> my internet connection at home is a cable modem with 30mb down, 10mb up.  I
> have done a path mtu discovery to my VPN at work and it is 1500.  When I
> run an iperf to a server at the office without vpn I get about 28mb down,
> 9.5mb up.  When I connect to vpn, the iperf to the same server is about
> 1.2mb down, and 900k up.  This is way too slow!
>
> - Zachary
>
> On Tue, Dec 9, 2014 at 4:39 PM, Roberto  wrote:
>
>> > The big issue we are having is that many of our users are complaining
>> of low speed when connected to the VPN.
>> Please can you indicate more details ?
>>
>> Is it enabled on the ASA the "compression" feature ?
>> Is it enabled on the ASA the VPN Load Balancing feature ?
>> Are you using the AnyConnect FULL TUNNEL mode ?
>> Which are the inspection configured on the ASA for the "remote access"
>> clients ?
>> Have you configured the Jumbo MTU on the CISCO ASA interfaces ?
>> Which encryption are configured on the ASA (are you using Suite B
>> Algorithms) ?
>> Which version of ASA are you using ?
>> Which version of AnyConnect are you using ?
>>
>>
>> Note:
>> protocols such as L2TP/IPSec are not hardware accelerated -- the IPSec
>> portion of L2TP/IPSec is hardware-accelerated, but the L2TP portion is not.
>> Likewise, the SSL portions of SVC and WebVPN use hardware acceleration,
>> but the application layer protocols are done in software.
>>
>>
>> Best Regards,
>>
>> _
>> Roberto Taccon
>>
>> e-mail: robe...@ipnetworks.it
>> mobile: +39 340 4751352
>> fax: +39 045 4850850
>> skype: roberto.taccon
>>
>> -Messaggio originale-
>> Da: NANOG [mailto:nanog-boun...@nanog.org] Per conto di Zachary McGibbon
>> Inviato: martedì 9 dicembre 2014 21.18
>> A: Matthew Huff
>> Cc: NANOG
>> Oggetto: Re: Cisco AnyConnect speed woes!
>>
>> We are trying to use SSLVPN (udp 443) and results are really all over the
>> place.  Most of our complaints are users connecting on Teksavvy however we
>> haven't been able to reach anyone in their network team to find out if they
>> are doing any filtering or shaping on their side.
>>
>> We don't have a lot of traffic coming through Cogent, most of the users
>> are local here in Montreal on either Bell or Videotron and they traverse
>> through the QIX (www.qix.ca)
>>
>> On Tue, Dec 9, 2014 at 3:03 PM, Matthew Huff  wrote:
>>
>> > Are you using SSLVpn or IPSEC with anyconnect? I have had more luck
>> > with performance with IPSEC than SSLVpn.
>> >
>> > Also, just because your ISP is saying that they aren't
>> > shaping/filtering, doesn't mean they aren't.
>> >
>> > We had major issues with users using AnyConnect when it was
>> > transversing Cogent. We were getting 5-10% packet loss (although the
>> > Cisco stats didn't show it), and it was choking on it.
>> >
>> > 
>> > Matthew Huff | 1 Manhattanville Rd
>> > Director of Operations   | Purchase, NY 10577
>> > OTA Management LLC   | Phone: 914-460-4039
>> > aim: matthewbhuff| Fax:   914-694-5669
>> >
>> > -Original Message-
>> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Zachary
>> > McGibbon
>> > Sent: Tuesday, December 9, 2014 2:42 PM
>> > To: NANOG
>> > Subject: Cisco AnyConnect speed woes!
>> >
>> > I'm looking for some input on a situation that has been plaguing our
>> > new AnyConnect VPN setup.  Any input would be valuable, we are at a
>> > loss for what the problem is.
>> >
>> > We recent

AT&T - XO Peering (AS7018 and AS2828)

[Patrick Sumby]

Hi,

Please could someone from ATT and/or XO contact me off list to discuss 
some issues we've been seeing on a link between AS7018 and AS2828.


Thanks
Pat

--
---
Patrick Sumby
Director of Global Engineering
Sohonet

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[Colton Conor]

Wilson is the way to go. They have a couple of products not on their
website that only certified installers can sell that are even higher
powered. Works with all 4 4G carriers at once.

On Mon, Dec 15, 2014 at 9:14 PM, Ryan Wilkins  wrote:
>
>
> > On Dec 15, 2014, at 9:59 PM, Ammar Zuberi  wrote:
> >
> > Although this might not apply to you in the US, anyone else thinking
> about trying this might want to check up on possible legal backlash from
> using one of these devices. I know you can't legally use one of these in
> Dubai.
>
> They’re legal in the US as long as they’re registered with the carrier and
> meet the new regulations for intelligent cellular repeaters.  There were
> some new laws regarding these repeaters that went into effect earlier this
> year, I think around April.
>
> A Cel-Fi repeater that I used to own did a nifty thing by scanning for and
> amplifying only the signals belonging to the carrier the repeater was
> programmed for rather than doing a full band repeat of everyone.  I got rid
> of the Cel-Fi when I upgraded to the iPhone 5S which has WiFi calling
> available on it.  It works quite well and no need for the repeater any more.
>
> Best,
> Ryan Wilkins
>
>
>