Re: Stop IPv6 Google traffic
On Sun, 10 Apr 2016, Damian Menscher via NANOG wrote: Sorry to hear your legitimate users are impacted by captchas when trying to use Google web search. This can happen when you have significant amounts of abuse coming from your network. If switching to IPv4 means having more users share IPs, it could make the problem worse. Instead, let's try to quickly address the IPv6 issue. Please send me your IP allocation policy (off-list is fine). For example (guessing from the list at http://bgp.he.net/search?search%5Bsearch%5D=netassist&commit=Search): - 2a01:d0::/32 is allocated by /48 - 2a01:d0:8000::/33 is allocated by /56 - 2001:67c:1874::/48 is allocated by /64 - ... etc (IPv4 allocation is appreciated as well, if you also provide customers with large ranges there) I can then give that hint to our automated abuse systems, which will both make it easier for us to catch your abusive customers, and also to avoid over-blocking of your AS. Hi, just curious. Do you support the RIPE object called "assignment-size" automatically? https://apps.db.ripe.net/search/lookup.html?source=ripe&key=2001%3A980%3A3000%3A%3A/36&type=inet6num for instance, indicates that each customer in this /36 is a /48. Do you pick this up automatically and hint your abuse system about this? Does it send automatically generated abuse reports to the abuse contact as well? -- Mikael Abrahamssonemail: swm...@swm.pp.se
AW: mpls switches
Hi, L2VPN works also pretty well with the Extremes (X670). Only one thing doesn't work: LACP BPDU forwarding for the customer. This is caused by the method how Extreme let you configure the L2VPN on those small boxes. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Simon Lockhart Gesendet: Mittwoch, 13. April 2016 08:23 An: Colton Conor Cc: nanog@nanog.org Betreff: Re: mpls switches On Tue Apr 12, 2016 at 07:29:54PM -0500, Colton Conor wrote: > Someone told me to check out extreme networks, cisco or Ciena for the more > cost effective mpls kit. Any advice on which of the three would have the > most cost effective 10G MPLS switch? I'm using Extreme switches for VPLS - the X460 will give you up to 6 x 10G ports, and the X670 will give you 48 x 10G ports (and 4 x 40G ports). I've not tried them as P nodes (we use Cisco for that), or for any other MPLS features (L3VPN), but for VPLS they're working well for us. When we started using them, they were significantly cheaper than Cisco alternatives. Simon
Re: mpls switches
On Tue Apr 12, 2016 at 07:29:54PM -0500, Colton Conor wrote: > Someone told me to check out extreme networks, cisco or Ciena for the more > cost effective mpls kit. Any advice on which of the three would have the > most cost effective 10G MPLS switch? I'm using Extreme switches for VPLS - the X460 will give you up to 6 x 10G ports, and the X670 will give you 48 x 10G ports (and 4 x 40G ports). I've not tried them as P nodes (we use Cisco for that), or for any other MPLS features (L3VPN), but for VPLS they're working well for us. When we started using them, they were significantly cheaper than Cisco alternatives. Simon
Re: GeoIP database issues and the real world consequences
I like (sarcasm) how everybody here either wants to point fingers at MaxMind or offer up coordinates to random places knowing that it will never happen. What ever happened to holding people responsible for being stupid. When did it start becoming ((fill in the blank)) coffee shop’s for you burning your tongue on your coffee, etc. I’ve seen/used all sorts of geolocation solutions and never once thought to myself that when a map pin was in the middle of a political boundary, that the software was telling me anything other than the place was somewhere within the boundary. Furthermore, most geolocation services will also show a zoomed-out/in map based on certainty. So if you can see more than a few hundred miles in the map that only measures 200x200 pixels, then it probably isn’t that accurate. As to a solution, why don’t we just register the locations (more or less) with ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t imagine it would be too hard for them to maintain. They could offer it as part of their public whois service or even just make raw data files public. Just a though —Todd signature.asc Description: Message signed with OpenPGP using GPGMail
Connecting rural providers: ethernet to large city or nearby transit
Generic question. Say you have a municipal provider in small town where the municipality won the subsidy over the incumbent to deploy broadband. The easiest is for the town's ISP to buy transit from the incumbent. But incumbent will not be interested in offering competitive pricing. As a sanity check, would a rural ISP come out ahead getting an ethernet link to large city where cheaper transit is available as well as peering to offload a lot of traffic, or would buying transit at higher price locally end up being better ? Is the difference between the two small, or orders of magnitudes cheaper to go one way or the other ? context: in order to provide affordable backhaul to towns, the CRTC *might consider regulation. The Chairman used a key word today "market failure" indicating they are ready to listen to arguments on this.
Re: mpls switches
On 13/Apr/16 02:29, Colton Conor wrote: > Someone told me to check out extreme networks, cisco or Ciena for the > more cost effective mpls kit. Any advice on which of the three would > have the most cost effective 10G MPLS switch? > > Cisco's MPLS switch is the ASR 920 right? The useful ones are the ASR920 and ME3600X/3800X. The ASR920 is the way forward, and is generally half the price of the ME3600X. Mark.
Re: mpls switches
Someone told me to check out extreme networks, cisco or Ciena for the more cost effective mpls kit. Any advice on which of the three would have the most cost effective 10G MPLS switch? Cisco's MPLS switch is the ASR 920 right? On Tue, Apr 12, 2016 at 4:13 PM, George, Wes wrote: > > On 4/12/16, 9:22 AM, "NANOG on behalf of Tim Jackson" > wrote: > > > >>> (Broadcom chipset, > >> approach with caution). > > > >QFX5100 works fine for MPLS.. [snip] QFX5100 is a > >great P and lightweight PE.. > > WG] For some values of "fine" and "great" perhaps, but emphasis on the > "lightweight" is important, as its suitability is heavily dependent on > your intended use case. > Use it with a few thousand routes and nothing particularly exotic as far > as features go and you should be fine. However, there are sometimes little > gotchas where established features (esp in MPLS) either are missing or > behave differently in subtle ways compared with more traditional JunOS > routers like the MX. Some of these are limitations in the Broadcom chipset > and some are driven by customer demand prioritizing feature completion. > > Test carefully, and regard the higher-end multidimensional/route scale > numbers with healthy skepticism. > > > Wes George > > Anything below this line has been added by my company’s mail server, I > have no control over it. > --- > > > > > > This E-mail and any of its attachments may contain Time Warner Cable > proprietary information, which is privileged, confidential, or subject to > copyright belonging to Time Warner Cable. This E-mail is intended solely > for the use of the individual or entity to which it is addressed. If you > are not the intended recipient of this E-mail, you are hereby notified that > any dissemination, distribution, copying, or action taken in relation to > the contents of and attachments to this E-mail is strictly prohibited and > may be unlawful. If you have received this E-mail in error, please notify > the sender immediately and permanently delete the original and any copy of > this E-mail and any printout. >
Re: GeoIP database issues and the real world consequences
All GeoIP services would be forced to document their default lat/long values so that users know that when these values, they know it is a generic one for that country. (or supply +181. +91.0 which is an invalid value indicating that there is no lat/long, look at country code given).
Re: GeoIP database issues and the real world consequences
> On Apr 12, 2016, at 7:10 PM, Jean-Francois Mezei wrote: > > On 2016-04-11 13:22, Ken Chase wrote: >> Well they DO know the IP location is within the USA - > > > A friend in Australia was with an ISP onwed by a US firm and his IP > address often geolocated to the USA. > Similarly, IPv6 space thats been originated by a Canadian org, in Canada for 4 or 5 years is still shown as in the USA.
Re: GeoIP database issues and the real world consequences
Re: Sending police to middle of a lake.. Puts new meaning to a fishing expedition for police :-)
Re: GeoIP database issues and the real world consequences
On 2016-04-11 13:34, Steve Mikulasik wrote: > Mather says they’re going to change them. They are picking new default > locations for the U.S. and Ashburn, Virginia that are in the middle of bodies > of water, Why not the White House or Wahington Monument ? Or better yet, some large office complex in Fort Meade MD :-)
Re: GeoIP database issues and the real world consequences
On 2016-04-11 13:22, Ken Chase wrote: > Well they DO know the IP location is within the USA - A friend in Australia was with an ISP onwed by a US firm and his IP address often geolocated to the USA.
Re: GeoIP database issues and the real world consequences
On 4/12/2016 08:31, Leo Bicknell wrote: In a message written on Mon, Apr 11, 2016 at 03:10:44PM -0400, Sean Donelan wrote: If GeoIP insists on giving a specific lon/lat, instead of an uncertaintity how about using locations such as the followign as the "default I don't know where it is" United States: 38.8899 N, 77.0091 W (U.S. Capital Building) Missouri: 38.5792 N, 92.1729 W (Missouri State Capital Building) After the legislators get tired of the police raiding the capital buildings, they will probably do something to fix it. Massachusetts: 42.376702 N, 71.239076 W (MaxMind Corporate HQ) Maybe after seeing what it's like to be on the receiving end of their own inaccuracy they will be a bit more motivated to fix it. BINGO!!! -- sed quis custodiet ipsos custodes? (Juvenal)
Re: Why the US Government has so many data centers
--- s...@donelan.com wrote: From: Sean Donelan https://fcw.com/articles/2016/04/11/lyngaas-halvorsen-update.aspx - Wow, this is big news in that article for the companies that deal with selling network devices and computers to the DoD: (Defense Department CIO is Terry Halvorsen) "Halvorsen also briefed reporters on updates to the department's cybersecurity scorecard and its certification process. He said he expects to announce revisions in the coming weeks to DOD's accreditation and certification process for commercial IT products and services. "I think we have reached a point where we no longer can do specific hardware or software accreditation," he said, meaning a piecemeal approach won't keep up with continual updates to, say, cloud offerings. "Our process wouldn't sustain that," he said of certifying cloud offerings that are always being updated. "We need to look at how we do certification and accreditation by process and at some point maybe even by vendor."" scott
Re: mpls switches
On 4/12/16, 9:22 AM, "NANOG on behalf of Tim Jackson" wrote: >>> (Broadcom chipset, >> approach with caution). > >QFX5100 works fine for MPLS.. [snip] QFX5100 is a >great P and lightweight PE.. WG] For some values of "fine" and "great" perhaps, but emphasis on the "lightweight" is important, as its suitability is heavily dependent on your intended use case. Use it with a few thousand routes and nothing particularly exotic as far as features go and you should be fine. However, there are sometimes little gotchas where established features (esp in MPLS) either are missing or behave differently in subtle ways compared with more traditional JunOS routers like the MX. Some of these are limitations in the Broadcom chipset and some are driven by customer demand prioritizing feature completion. Test carefully, and regard the higher-end multidimensional/route scale numbers with healthy skepticism. Wes George Anything below this line has been added by my company’s mail server, I have no control over it. --- This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
Re: Why the US Government has so many data centers
Guess what, an IG decides to count "data centers" using OMB's definition of a data center. CIO points out those "data centers" won't save money. https://fcw.com/articles/2016/04/11/lyngaas-halvorsen-update.aspx The IG report knocked Halvorsen for not adjusting his strategy to account for a revised definition of data centers from the Office of Management and Budget. But Halvorsen defended that decision, saying the revised definition focused on special-purpose processing nodes, which are data centers that have no direct connection to the DOD Information Network. "Those nodes aren't where the money [is], and in most cases, there's no value in consolidating them," Halvorsen said.
Re: Any ATT.net mail admins here?
Got this a few months ago, posting publically so it makes it into the archives for the next guy. > Thank you for contacting the AT&T Postmaster. > > We need the IP address of the server sending mail from you to our customer/s. > This information is provided in the non-delivery report that would be returned > to you in the event that there was a problem with mail delivery. If your mail > server truncates that part of the error message, it may be necessary for you > to conduct a manual session with our mail server to capture the blocked IP > address. If you do not receive a rejection message then your messages are > potentially being filtered as bulk. If you believe that to be the case, email > mail-abuse-b...@cc.yahoo-inc.com and request the Bulk Mail form to be > whitelisted. > > The more information you can provide about what you are trying to accomplish > and the specifics involved the easier it is for us to help you. Please reply > to this message with as much detail about your problem as possible, but > specifically the points touched on above. > > Regards, > > > Postmaster > AT&T Client Security Management > abuse_...@abuse-att.net > http://att.net/blocks On Tue, Apr 12, 2016 at 09:31:51AM -0400, Jeremy Parr said: >I have two spam filters that relay outbound mail for a few dozen companies, >and as such generate a fair amount of traffic. We are fairly strict with >the spam filtering on outbound mail, but somehow end up blacklisted by >ATT/Prodigy/Bellsouth a few times a year. -- Ken Chase - m...@sizone.org
Re: mpls switches
On Tuesday, 12 April, 2016 14:04, "Colton Conor" said: > Do the Juniper EX switches support MPLS? I know they have models with > multiple 10G ports on them. There is also the QFX series. The EXes can also run in a "fabric extender" mode to the MX (and others?). Depending on geographical footprint and requirements, this might be worth a look. Regards, Tim.
Re: Telco Systems
I know of a WISP in Puerto Rico that loves them. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Colton Conor" To: "NANOG" Sent: Tuesday, April 12, 2016 8:07:44 AM Subject: Telco Systems Does anyone use Telco Systems Carrier Ethernet & MPLS Aggregation Switches? I have heard good things about them. Overall, the saying is they price 10G ethernet switches at 1G ethernet pricing. It looks like they support MPLS. http://www.telco.com/index.php?page=product-category&category=ethernet-mpls-aggregation
Re: GeoIP database issues and the real world consequences
On Tue, Apr 12, 2016 at 3:55 AM, John Levine wrote: > > Please don't guess (like, you know, MaxMind does.) USPS has its own > database of all of the deliverable addresses in the country. They > have their problems, but give or take data staleness as buildings > are built or demolished, that's not one of them. A qualifier. USPS has a database of *most* of the deliverable addresses in the country. I'm in an unorganized borough. The USPS actually has no mandate, funding or lever that I can pull (that I can find) to keep their database up to date. Easily 30% of the legitimate addresses in my area are not geocodable nor in the USPS database. I suspect that there are areas of my state with an even worse percentage of unavailable data. UPS and FedEx rely on the USPS database, but will not lift a finger to fix this gap. Even as a municipal body there is no available federal mechanism for updating the database. I've tried multiple times over 15+ years. So yeah, USPS' database does have its problems. -- Jeremy Austin (907) 895-2311 (907) 803-5422 jhaus...@gmail.com Heritage NetWorks Whitestone Power & Communications Vertical Broadband, LLC Schedule a meeting: http://doodle.com/jermudgeon
Re: mpls switches
On 12/Apr/16 15:22, Tim Jackson wrote: > QFX5100 works fine for MPLS.. ACX5k is QFX5100 hardware, but a > different train of software, and it's a bit different. QFX5100 is a > great P and lightweight PE.. As a P, fine (except if you're doing NG-MVPN, of course, which would make it a poor branch router). The "lightweight PE" is where my concern comes in. And if the EX4600 is the same as the QFX in this regard, same problem, i.e., if the OP is expecting all PE functionality he'd get on an MX in this unit, he needs to reset his expectations. Mark.
Re: GeoIP database issues and the real world consequences
In a message written on Mon, Apr 11, 2016 at 03:10:44PM -0400, Sean Donelan wrote: > If GeoIP insists on giving a specific lon/lat, instead of an uncertaintity > how about using locations such as the followign as the "default I don't > know where it is" > > United States: 38.8899 N, 77.0091 W (U.S. Capital Building) > Missouri: 38.5792 N, 92.1729 W (Missouri State Capital Building) > > After the legislators get tired of the police raiding the capital > buildings, they will probably do something to fix it. Massachusetts: 42.376702 N, 71.239076 W (MaxMind Corporate HQ) Maybe after seeing what it's like to be on the receiving end of their own inaccuracy they will be a bit more motivated to fix it. -- Leo Bicknell - bickn...@ufp.org PGP keys at http://www.ufp.org/~bicknell/ pgp7PpJPfkx2n.pgp Description: PGP signature
Any ATT.net mail admins here?
I have two spam filters that relay outbound mail for a few dozen companies, and as such generate a fair amount of traffic. We are fairly strict with the spam filtering on outbound mail, but somehow end up blacklisted by ATT/Prodigy/Bellsouth a few times a year.
Re: mpls switches
>> Do the Juniper EX switches support MPLS? I know they have models with >> multiple 10G ports on them. > > They do, but (deliberately) broken. I wouldn't try it. EX4600 does MPLS just fine, nothing else really does in the EX series.. EX4200 can do 1 label. The EX4600 featureset is pretty much the same as QFX5100 in addition to supporting MACSEC. >> There is also the QFX series. > > Not that I know of, but the ACX is a QFX-derivative (Broadcom chipset, > approach with caution). QFX5100 works fine for MPLS.. ACX5k is QFX5100 hardware, but a different train of software, and it's a bit different. QFX5100 is a great P and lightweight PE.. -- Tim
Re: mpls switches
On 12/Apr/16 15:04, Colton Conor wrote: > Do the Juniper EX switches support MPLS? I know they have models with > multiple 10G ports on them. They do, but (deliberately) broken. I wouldn't try it. > There is also the QFX series. Not that I know of, but the ACX is a QFX-derivative (Broadcom chipset, approach with caution). Mark.
Re: mpls switches
I know the 4500/4550 does but it requires a license. On Apr 12, 2016 8:07 AM, "Colton Conor" wrote: > Do the Juniper EX switches support MPLS? I know they have models with > multiple 10G ports on them. There is also the QFX series. > > On Wed, Apr 6, 2016 at 7:02 PM, Mike > wrote: > > > Hi, > > > > Im looking to deploy more mpls in my network. I like the Cisco 3600X > > series but the low density of 10g ports has me wanting to consider > perhaps > > others. I would love a minimum of 4 10g ports but of course more is > better. > > Cost would also be a factor. What are people using these days? > > > > Thanks. > > > > Mike- > > >
Telco Systems
Does anyone use Telco Systems Carrier Ethernet & MPLS Aggregation Switches? I have heard good things about them. Overall, the saying is they price 10G ethernet switches at 1G ethernet pricing. It looks like they support MPLS. http://www.telco.com/index.php?page=product-category&category=ethernet-mpls-aggregation
Re: mpls switches
Do the Juniper EX switches support MPLS? I know they have models with multiple 10G ports on them. There is also the QFX series. On Wed, Apr 6, 2016 at 7:02 PM, Mike wrote: > Hi, > > Im looking to deploy more mpls in my network. I like the Cisco 3600X > series but the low density of 10g ports has me wanting to consider perhaps > others. I would love a minimum of 4 10g ports but of course more is better. > Cost would also be a factor. What are people using these days? > > Thanks. > > Mike- >
Re: GeoIP database issues and the real world consequences
In article <20160411191347.gc4...@excession.tpb.net> you write: >* baldur.nordd...@gmail.com (Baldur Norddahl) [Mon 11 Apr 2016, 21:02 CEST]: >>They should stop giving out coordinates on houses period. Move the >>coordinate to the nearest street intersection if you need to be that >>precise (I would prefer nearest town square). Anything more than that >>should be illegal. > >That's going to make USPS's and FedEx's lives a lot harder. Please don't guess (like, you know, MaxMind does.) USPS has its own database of all of the deliverable addresses in the country. They have their problems, but give or take data staleness as buildings are built or demolished, that's not one of them. R's, John
