Re: Satelite Internet Provider

2018-06-07 Thread Kevin Shymkiw 
Edwin,

You could try Isotropic - https://isosat.net/

We have used them in several remote locations and have had great luck with
them.

Kevin

On Mon, May 28, 2018 at 8:28 AM, Ing. Edwin Salazar via NANOG <
nanog@nanog.org> wrote:

> Hi,
>
> I would like to know if anyone knows any satellite internet provider for
> the Galapagos Islands in Ecuador that I can contact?
>
> Best regards,
> Edwin Salazar.

Re: Satelite Internet Provider

2018-06-07 Thread Ing. Edwin Salazar via NANOG 
Dear Itay,

We need 35M capacity in one of the Galapagos Islands in Ecuador

Saludos cordiales,

Edwin Salazar. 
Cel: +593 993-080208
edwin.sala...@wifitelecom.ec

> On Jun 7, 2018, at 09:45, Max Tulyev  wrote:
> 
> Uses Yamal 402 Russian (spy)service ;)
> 
> 07.06.18 08:35, Itay Fisher пише:
>> Dear Edwin,
>> 
>> IO-SAT is a Vsat internet provider for both fixed and 
>> maritime purposes.
>> Please share with us what exactly do you need and the estimate capacity you 
>> are looking for.
>> 
>> 
>> Regards ,
>> Itay Fisher
>> [Description: 250x100]
>> www.io-sat.com
>> 
>>+972 537755134
>> Phone.: +972 772201298
>> email: it...@io-sat.com
>> 
>> 
>> 
>> iosat Support:
>> Telephone:  +972-3-9784270
>> Internal Extension: 550003
>> Emergency Tel:  +44-19-23381108
>> Email: supp...@io-sat.com
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -- Forwarded message --
>> From: Ing. Edwin Salazar via NANOG mailto:nanog@nanog.org>>
>> Date: Mon, May 28, 2018 at 12:28 PM
>> Subject: Satelite Internet Provider
>> To: nanog@nanog.org
>> 
>> 
>> Hi,
>> 
>> I would like to know if anyone knows any satellite internet provider for the 
>> Galapagos Islands in Ecuador that I can contact?
>> 
>> Best regards,
>> Edwin Salazar.
>> 
>>

Re: VPOP/Equipment rental contacts for any DC of IX.br / PTT.br Fortaleza

2018-06-07 Thread Rubens Kuhl 
If you think the DC itself will be able to help, the contacts for DCs in
IX.br @ Fortaleza are:
http://ix.br/adesao/ce

Of the listed DCs, Eletronet is the more likely to have STM-1 gear, since
they used STM-n in their fiber ring for a long time.

Globenet connection to IX.br is still under construction, so they are not
listed above; u...@globenet.net is their US office e-mail address.

I'll send privately the contact of a local Fortaleza network consultant.

Rubens


On Thu, Jun 7, 2018 at 11:57 AM Eric Loos  wrote:

> Hi Everyone,
>
> Does anyone know whom could help me get a conversion done from STM-1 to
> Ethernet at any DC which has a IX.br  presence in
> Fortaleza?
>
> Please contact me off-list, thanks!
>
> (yes I already tried ix.br  contacts, no joy)
>
> Kind regards,
>
> Eric Loos

Re: broken DNS

2018-06-07 Thread Stephane Bortzmeyer 
On Thu, Jun 07, 2018 at 11:31:15AM -0400,
 harbor235  wrote 
 a message of 5 lines which said:

> I was hoping for some DNS wisdom,

Then this is more a dns-operations mailing list issue.

> would a change in a SOA record cause a
> DNSSEC  broken trust chain? incorrect RRSIG?

No. The SOA record is not part of the trust chain (unless of course it
is the record you query).

Re: FW: Satelite Internet Provider

2018-06-07 Thread Max Tulyev 
Uses Yamal 402 Russian (spy)service ;)

07.06.18 08:35, Itay Fisher пише:
> Dear Edwin,
> 
> IO-SAT is a Vsat internet provider for both fixed and 
> maritime purposes.
> Please share with us what exactly do you need and the estimate capacity you 
> are looking for.
> 
> 
> Regards ,
> Itay Fisher
> [Description: 250x100]
> www.io-sat.com
> 
> +972 537755134
> Phone.: +972 772201298
> email: it...@io-sat.com
> 
> 
> 
> iosat Support:
> Telephone:  +972-3-9784270
> Internal Extension: 550003
> Emergency Tel:  +44-19-23381108
> Email: supp...@io-sat.com
> 
> 
> 
> 
> 
> 
> 
> 
> -- Forwarded message --
> From: Ing. Edwin Salazar via NANOG mailto:nanog@nanog.org>>
> Date: Mon, May 28, 2018 at 12:28 PM
> Subject: Satelite Internet Provider
> To: nanog@nanog.org
> 
> 
> Hi,
> 
> I would like to know if anyone knows any satellite internet provider for the 
> Galapagos Islands in Ecuador that I can contact?
> 
> Best regards,
> Edwin Salazar.
> 
>

broken DNS

2018-06-07 Thread harbor235 
I was hoping for some DNS wisdom, would a change in a SOA record cause a
DNSSEC  broken trust chain? incorrect RRSIG?


Mike

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread keith 
In my previous life, we used a nac appliance from Bradford Networks whereby the 
mac address of every device needed to be registered or the switch port it was 
plugged into would be disabled.
This kept spurious devices from appearing on the network and worked quite well.
Cheers, Keith

Sent from my android device.

-Original Message-
From: Jason Hellenthal 
To: segs 
Cc: nanog@nanog.org
Sent: Thu, 07 Jun 2018 7:54
Subject: Re: Application or Software to detect or Block unmanaged swicthes

As someone already stated the obvious answers, the slightly more difficult 
route to be getting a count of allowed devices and MAC addresses, then moving 
forward with something like ansible to poll the count of MAC’s on any given 
port ... of number higher than what’s allowed, suspend the port and send a 
notification to the appropriate parties.


All in all though sounds like a really brash thing to do to your network team 
and will generally know and have a very good reason for doing so... but not all 
situations are created equally so good luck.


-- 

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Jun 7, 2018, at 03:57, segs  wrote:
> 
> Hello All,
> 
> Please I have a very interesting scenario that I am on the lookout for a
> solution for, We have instances where the network team of my company bypass
> controls and processes when adding new switches to the network.
> 
> The right parameters that are required to be configured on the switches
> inorder for the NAC solution deployed to have full visibility into end
> points that connects to such switches are not usually configured.
> 
> This poses a problem for the security team as they dont have visibility
> into such devices that connect to such switches on the NAC solution, the
> network guys usually connect the new switches to the trunk port and they
> have access to all VLANs.
> 
> Is there a solution that can detect new or unmanaged switches on the
> network, and block such devices or if there is a solution that block users
> that connect to unmanaged switches on the network even if those users have
> domain PCs.
> 
> Anticipating your speedy response.
> 
> Thank You!

FW: Satelite Internet Provider

2018-06-07 Thread Itay Fisher 
Dear Edwin,

IO-SAT is a Vsat internet provider for both fixed and 
maritime purposes.
Please share with us what exactly do you need and the estimate capacity you are 
looking for.


Regards ,
Itay Fisher
[Description: 250x100]
www.io-sat.com

+972 537755134
Phone.: +972 772201298
email: it...@io-sat.com



iosat Support:
Telephone:  +972-3-9784270
Internal Extension: 550003
Emergency Tel:  +44-19-23381108
Email: supp...@io-sat.com








-- Forwarded message --
From: Ing. Edwin Salazar via NANOG mailto:nanog@nanog.org>>
Date: Mon, May 28, 2018 at 12:28 PM
Subject: Satelite Internet Provider
To: nanog@nanog.org


Hi,

I would like to know if anyone knows any satellite internet provider for the 
Galapagos Islands in Ecuador that I can contact?

Best regards,
Edwin Salazar.

VPOP/Equipment rental contacts for any DC of IX.br / PTT.br Fortaleza

2018-06-07 Thread Eric Loos 
Hi Everyone,

Does anyone know whom could help me get a conversion done from STM-1 to 
Ethernet at any DC which has a IX.br  presence in Fortaleza? 

Please contact me off-list, thanks!

(yes I already tried ix.br  contacts, no joy)

Kind regards,

Eric Loos

Re: 3rd party QSFP-100G-LR4-S for Cisco

2018-06-07 Thread Alex S. 
Axiom
Used variety of their sfps, twinax cables etc.
Been rock solid


On Tue, Jun 5, 2018 at 14:42 Ryugo Kikuchi  wrote:

> Hey all,
>
> Does anyone have a recommended model of 3rd party's "QSFP-100G-LR4-S" for
> Cisco ASR and Nexus?
>
> Cisco's original 100G SFP costs us an arm and a leg, so we want to try to
> use 3rd party 100g SFP.
> But we are not sure which manufacturer's SFP is reliable or has good
> performance.
>
> Does anyone have experience?
>
> Many thanks,
>
> Roy
>

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread Mel Beckman 
When we do NIST-CSF audits, we run an SNMP NMS called Intermapper, which has a 
Layer-2 collection feature that identifies the number and MACs of devices on 
any given switch port. We export this list and cull out all the known managed 
switch links. Anything remaining that has more than one MAC per port is a 
potential violation that we can readily inspect. It’s not perfect, because an 
unmanaged switch might only have one device connected, in which case it wont be 
detected. You can also get false positives from hosts running virtualization, 
if the v-kernel generates synthetic MAC addresses. But it’s amazing how many 
times we find unmanaged switches squirreled away under desks or in ceilings.

 -mel 

> On Jun 7, 2018, at 4:54 AM, Jason Hellenthal  wrote:
> 
> As someone already stated the obvious answers, the slightly more difficult 
> route to be getting a count of allowed devices and MAC addresses, then moving 
> forward with something like ansible to poll the count of MAC’s on any given 
> port ... of number higher than what’s allowed, suspend the port and send a 
> notification to the appropriate parties.
> 
> 
> All in all though sounds like a really brash thing to do to your network team 
> and will generally know and have a very good reason for doing so... but not 
> all situations are created equally so good luck.
> 
> 
> -- 
> 
> The fact that there's a highway to Hell but only a stairway to Heaven says a 
> lot about anticipated traffic volume.
> 
>> On Jun 7, 2018, at 03:57, segs  wrote:
>> 
>> Hello All,
>> 
>> Please I have a very interesting scenario that I am on the lookout for a
>> solution for, We have instances where the network team of my company bypass
>> controls and processes when adding new switches to the network.
>> 
>> The right parameters that are required to be configured on the switches
>> inorder for the NAC solution deployed to have full visibility into end
>> points that connects to such switches are not usually configured.
>> 
>> This poses a problem for the security team as they dont have visibility
>> into such devices that connect to such switches on the NAC solution, the
>> network guys usually connect the new switches to the trunk port and they
>> have access to all VLANs.
>> 
>> Is there a solution that can detect new or unmanaged switches on the
>> network, and block such devices or if there is a solution that block users
>> that connect to unmanaged switches on the network even if those users have
>> domain PCs.
>> 
>> Anticipating your speedy response.
>> 
>> Thank You!

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread Jason Hellenthal 
As someone already stated the obvious answers, the slightly more difficult 
route to be getting a count of allowed devices and MAC addresses, then moving 
forward with something like ansible to poll the count of MAC’s on any given 
port ... of number higher than what’s allowed, suspend the port and send a 
notification to the appropriate parties.


All in all though sounds like a really brash thing to do to your network team 
and will generally know and have a very good reason for doing so... but not all 
situations are created equally so good luck.


-- 

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Jun 7, 2018, at 03:57, segs  wrote:
> 
> Hello All,
> 
> Please I have a very interesting scenario that I am on the lookout for a
> solution for, We have instances where the network team of my company bypass
> controls and processes when adding new switches to the network.
> 
> The right parameters that are required to be configured on the switches
> inorder for the NAC solution deployed to have full visibility into end
> points that connects to such switches are not usually configured.
> 
> This poses a problem for the security team as they dont have visibility
> into such devices that connect to such switches on the NAC solution, the
> network guys usually connect the new switches to the trunk port and they
> have access to all VLANs.
> 
> Is there a solution that can detect new or unmanaged switches on the
> network, and block such devices or if there is a solution that block users
> that connect to unmanaged switches on the network even if those users have
> domain PCs.
> 
> Anticipating your speedy response.
> 
> Thank You!

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread Matthew Pounsett 
On 7 June 2018 at 04:57, segs  wrote:

> Hello All,
>
> Please I have a very interesting scenario that I am on the lookout for a
> solution for, We have instances where the network team of my company bypass
> controls and processes when adding new switches to the network.
>
> To put a finer point on things others have already said:
If you have employees with enable on your networking gear not following
policies and procedures, that is a management problem, not a technical
one.  There's nothing you can do to prevent someone who admin's a network
device from changing its configuration.

The various ways the company can handle this is by training, clearly
defined *and communicated* policies, and eventually by discipline if
necessary.  If the company is unwilling or unable to enforce reasonable
policy on its employees then my recommendation would be to find a new
company.

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread Jimmy Hess 
On Thu, Jun 7, 2018 at 3:57 AM, segs  wrote:
[snip]
> Please I have a very interesting scenario that I am on the lookout for a
> solution for, We have instances where the network team of my company bypass
> controls and processes when adding new switches to the network.

The  NETWORK management team of your own company?

The answer is adequate change controls, policy, procedures,
technical auditing (Such as logging of all CLI commands),  and
mandatory training with clearly-communicated in advance severe
consequences for violators of the compulsory security policy that
all switches must be of X type and configured according to Y process
before being connected to the network, signed off  by management.

There are technical controls that can be implemented to help prevent/
mitigate end users  from attaching an unauthorized switch to a normal
access port,

But as you mention...  clearly an employee on the NETWORKING team
can likely just configure a port as  Trunk and  circumvent any technical
protections.

Two methods that could effectively prevent End Users (not Network/IT team) from
connecting unmanaged switches would be:

*  Port-security feature common on many managed switches  that allow you to
   limit the number of MAC Addresses that can use a port to 1 or given
number of MAC addresses.
   (Use a short MAC address aging time  such as 30 seconds to allow
people to unplug
and plug a different device in, but a low MAC address account and
Err-Disable violation
to  kill the port if a Switch is connected)

 * 802.1x Wired Port Security -   More detailed system that requires a
   PKI + RADIUS server infrastructure and authentication by every
client to every port.


--
-JH

Re: Subsea availability

2018-06-07 Thread Mark Tinka 



On 5/Jun/18 21:03, Mehmet Akcin wrote:
> I have reached out to several subsea cable operators asking
> them to help provide data but so far let's say, I am not as luck as I
> thought I would be.

Cable system operators are typically not keen to share this kind of
information, for any reason, as I'm sure you're finding out :-)...

Mark.

Re: Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread Nick Hilliard 

segs wrote on 07/06/2018 09:57:

Is there a solution that can detect new or unmanaged switches on the
network, and block such devices or if there is a solution that block users
that connect to unmanaged switches on the network even if those users have
domain PCs.


this is really an enterprise question, but 802.1x should do the trick, 
or static MAC ACLs on your network edge ports.


Nick

Application or Software to detect or Block unmanaged swicthes

2018-06-07 Thread segs 
Hello All,

Please I have a very interesting scenario that I am on the lookout for a
solution for, We have instances where the network team of my company bypass
controls and processes when adding new switches to the network.

The right parameters that are required to be configured on the switches
inorder for the NAC solution deployed to have full visibility into end
points that connects to such switches are not usually configured.

This poses a problem for the security team as they dont have visibility
into such devices that connect to such switches on the NAC solution, the
network guys usually connect the new switches to the trunk port and they
have access to all VLANs.

Is there a solution that can detect new or unmanaged switches on the
network, and block such devices or if there is a solution that block users
that connect to unmanaged switches on the network even if those users have
domain PCs.

Anticipating your speedy response.

Thank You!