Re: [External] Re: OOB management options @ 60 Hudson & 1 Summer

[Hunter Fuller via NANOG]

 On Tue, Apr 20, 2021 at 12:03 PM Saku Ytti  wrote:

> On Tue, 20 Apr 2021 at 19:53, Lady Benjamin Cannon of Glencoe, ASCE <
> l...@6by7.net> wrote:
>
> Maybe a list for mutual OOB trades?
>>
>
> I would advise against this, OPEX nightmare. Who will NOC call when it is
> down? What will they say to the other end to identify the circuit? When
> will it get fixed? If not, how to escalate?
> Free OOB is too expensive for me.
>
>
I think these are definitely concerns to keep in mind.

But, keeping them in mind, if anyone is at DR ATL1 (56 Marietta) and wants
to do this sort of OOB trade, hit me up off-list, please. lol

--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Network Engineering

>

Re: Malicious SS7 activity and why SMS should never by used for 2FA

[bzs]

Something which binds them together are their insurance underwriters
who generally want to set minimum requirements without having to
review home-brewed security schemes. They want buzzwords and acronyms
to put onto checklists.

Others would be courts (e.g., when lawsuits arise) and government and
other contractors who, similarly, don't want to have to evaluate
beyond checklists of accepted industry practices.

And a major value of standardized practices is precisely so they don't
become competitive advantages particularly by their omission.

It's one reason, for example, car manufacturers are ok with something
like requiring seat belts or air bags, or in many industries
environmental regs, precisely so a competitor can't lower their costs
(and likely prices) by omitting them. Everyone has to have them and up
to some standard, compete on something else.

Perhaps if we began referring to a lot of this as "safety" rather than
"security" that would sink in.

On April 20, 2021 at 06:59 mark@tinka.africa (Mark Tinka) wrote:
 > 
 > 
 > On 4/20/21 01:46, b...@theworld.com wrote:
 > 
 > > If they want to protect trillions of dollars in assets maybe they need
 > > to toss in a few billion to help, and stop hoping some bad press for
 > > the technical community will shame some geniuses into dreaming up
 > > better security for them mostly for free in terms of research and
 > > specs and acceptance but that's the hard part.
 > >
 > > You know what the net did successfully produce, over and over? Some of
 > > the wealthiest individuals and corporations etc in the history of
 > > civilization. Maybe the profit margins were a little too high and now
 > > we're paying the price, or someone is.
 > >
 > 
 > For the most part, services that (want to) rely on security are 
 > providing their own security solutions. But they are bespoke, and each 
 > one is designing and pushing out their own solution in their own silo. 
 > So users have to contend with a multitude of security ideas that each of 
 > the services they consume come up with. Standardization, here, would go 
 > a long way in fixing much of this, but what's the incentive for them to 
 > all work together, when "better security" is one of their selling points?
 > 
 > If, "magically", the Internet community came up with a solution that one 
 > felt is fairly standard, we've seen how well that would be adopted, a la 
 > DNSSEC, DANE and RPKI.
 > 
 > At the very least, the discussions need to be had; but not as separate 
 > streams. Internet folk. Mobile folk. Telco folk. Service folk.
 > 
 > Mark.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: OOB management options @ 60 Hudson & 1 Summer

[Saku Ytti]

On Tue, 20 Apr 2021 at 19:53, Lady Benjamin Cannon of Glencoe, ASCE <
l...@6by7.net> wrote:

Maybe a list for mutual OOB trades?
>

I would advise against this, OPEX nightmare. Who will NOC call when it is
down? What will they say to the other end to identify the circuit? When
will it get fixed? If not, how to escalate?
Free OOB is too expensive for me.

-- 
  ++ytti

Re: OOB management options @ 60 Hudson & 1 Summer

[Mike Hammett]

*nods* band support, where the directional antenna is pointing, etc. 




cellmapper.com has a good map of tower locations, sector coverage, etc. If you 
have an Android device, you can contribute to the crowd-sourcing. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Eric Kuhnke"  
To: "Matthew Crocker"  
Cc: "NANOG"  
Sent: Thursday, April 15, 2021 8:08:55 PM 
Subject: Re: OOB management options @ 60 Hudson & 1 Summer 



Before getting rid of the cellular based OOB, look into some more detail about 
exactly what LTE modems are in those. I've seen some remarkable results from 
equipment using the 600/700 bands (tmobile, verizon) for getting signal into 
deeply buried concrete structures. There's a lot of different types and 
capabilities of cellular data modems on the market. 








On Thu, Apr 15, 2021 at 3:15 PM Matthew Crocker < matt...@corp.crocker.com > 
wrote: 






I have routers in both 60 Hudson St & 1 Summer St and I’m looking for some low 
cost bandwidth options for out of band management. Currently I have Opengear 
boxes at each site with cell modems but they don’t work too well. I either need 
to replace them with new cell based devices or find a wireless/ethernet 
bandwidth option. I only need a couple serial ports and ethernet for when 
everything breaks. 

I’m in DR space @ 60 Hudson and the Markeley MMR @ 1 Summer 

I’m surprised OOB bandwidth isn’t a feature for colocation providers. 

Thanks 

Re: OOB management options @ 60 Hudson & 1 Summer

[Robert Blayzor via NANOG]

On 4/15/21 6:14 PM, Matthew Crocker wrote:

I’m in DR space @ 60 Hudson and the Markeley MMR @ 1 Summer




I'm in both locations as well. We have a 10MB static IP connection for 
them and I think it's like $50/mo. Depends on how "out of band" you want 
it to be.


I also think Markley @ 1 summer offers something similar.

--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://pgp.inoc.net/rblayzor/

Re: OOB management options @ 60 Hudson & 1 Summer

[Lady Benjamin Cannon of Glencoe, ASCE]

We don’t advertise it, but we’ll do the same where we can, which is most POPs.  
 The 2mbit waived commit is smart, clean. I like it!

Maybe a list for mutual OOB trades?  

—L.B.

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
l...@6by7.net 
"The only fully end-to-end encrypted global telecommunications company in the 
world.”
FCC License KJ6FJJ



> On Apr 16, 2021, at 12:47 PM, Patrick W. Gilmore  wrote:
> 
> On Apr 16, 2021, at 1:49 PM, Warren Kumari  > wrote:
>> On Fri, Apr 16, 2021 at 1:08 PM Bryan Fields  wrote:
>>> On 4/16/21 1:33 AM, Saku Ytti wrote:
>>> https://www.markleygroup.com/cloud/network/out-of-band
>> 
>> Wow, this is an impressive offering.  I wish more providers would do this.
>> 
>> +manylots. It's always surprising to me how often companies (in all 
>> industries) can be broken up into those that understand the value of 
>> goodwill and those that instead nickel-and-dime.
>> My local Potbelly (sandwich ship) every now and then will just say "No 
>> charge, this one's on us". This only happens around once every 30-40 times I 
>> go in, but they loyalty that it has created means that I go there **way** 
>> more often than I otherwise would. It also means that in the few times that 
>> something goes wrong/I have a bad experience, I don't really care.
>> 
>> The additional profit that they've made from having me as a loyal customer 
>> more than covers the cost of 1 free sammich every N. 
>> 
>> In many ways Markley seems similar - they feel like they understand that 
>> some things (like OOB) are annoying to deal with, and that the loyalty / 
>> goodwill provided by being "nice" more than repays the cost of the service.
> 
> As the person who created that product for Markley, I can tell you that is 
> precisely what we were thinking.
> 
> It cost us nearly nothing, made customers stickier, generated good will, and 
> created a chance to talk to them about cloud offerings or similar. The only 
> “catch” is you need a fiber xconn. The thinking was it was barely more than a 
> copper xconn for POTS yet you get gigabit instead of dialup, or you would 
> have used fiber to another ISP anyway.
> 
> Every serious colo has enough bandwidth that 2 Mbps won’t be noticed, 
> competent network engineers (one hopes), and free switch ports (or can get 
> them cheap). Why don’t they do this? Perhaps someone in finance feels it can 
> be “monetized”. I feel the monetization lowers adoption and kills the other 
> benefits Warren mentions above - which are worth a hell of a lot more than 
> the paltry sum they would get from billing a few customers.
> 
> -- 
> TTFN,
> patrick
> 
> PS: The guest SSID at Markley has no captive portal. It was a problem for 
> customers who wanted to have their equipment get on the wifi to download 
> images, etc, so we took it off.

Re: Zayo or HE for IP transit

[James Jun]

On Tue, Apr 20, 2021 at 04:28:12PM +, Luke Guillory wrote:
> No issues with HE, only gripe was that if you had transit along with IX 
> peering, traffic will always prefer transit over IX ports.
> 
> 

That's how it's supposed to work, and is not specific to HE.

Customer routes > peer routes

Most providers wouldn't allow simultaneous peer + customer relationship, but in 
this case, I would argue that HE is doing you a favor by leaving your 
settlement-free peering adjacency in place, for you to dump outbound traffic 
toward their customers for free.

James

RE: Zayo or HE for IP transit

[Luke Guillory]

No issues with HE, only gripe was that if you had transit along with IX 
peering, traffic will always prefer transit over IX ports.





From: NANOG  On Behalf Of 
Patrick W. Gilmore
Sent: Tuesday, April 20, 2021 11:12 AM
To: North American Operators' Group 
Subject: Re: Zayo or HE for IP transit

*External Email: Use Caution*
Hurricane has probably the most peering of any large network on the  planet. 
They also carry more v6 traffic than anyone. But they have a famous problem 
with v6 - you cannot get to Cogent (174) from HE. Since you have Cogent, that 
should not be a problem. Private, smart people, customer service is excellent, 
generally good network. One minor thing to keep in mind: They do not have as 
many weird “features” as some of the other big networks. If you are looking for 
something very specific (as opposed to vanilla transit), you should check to 
see if they support it. Not saying they won’t, just saying I would check. 
Which, frankly, is good advice for any network.

I have not used Zayo in many years, so cannot comment on them.

--
TTFN,
patrick


On Apr 19, 2021, at 5:30 PM, James Lumby 
mailto:ja...@jlent.net>> wrote:

What is the current experience with Zayo or HE?  I’m looking at possibly adding 
one of them into a mix of cogent and a mix from my datacenter.  Would be using 
BGP full routes.  Any experiences would be appreciated.

Sincerely,
James

Re: Zayo or HE for IP transit

[Adam Thompson]

IMHO:

  *   Zayo = worse coverage/connectivity, adequate connectivity to other 
Tier1/Tier2, massive fiber network
  *   HE = less redundancy built into their network, but best-connected to 
leaves/edges of the internet (and still good connectivity to core)

Others may have had different experiences, but that's what I see from where I 
sit.
-Adam

Adam Thompson
Consultant, Infrastructure Services
[1593169877849]
100 - 135 Innovation Drive
Winnipeg, MB, R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
athomp...@merlin.mb.ca
www.merlin.mb.ca


From: NANOG  on behalf of James 
Lumby 
Sent: April 19, 2021 16:30
To: nanog@nanog.org 
Subject: Zayo or HE for IP transit


What is the current experience with Zayo or HE?  I’m looking at possibly adding 
one of them into a mix of cogent and a mix from my datacenter.  Would be using 
BGP full routes.  Any experiences would be appreciated.



Sincerely,

James

Re: Malicious SS7 activity and why SMS should never by used for 2FA

[Mel Beckman]

Shop with your feet if security is weak. I changed banks because of SMS 2FA.

-mel via cell

On Apr 20, 2021, at 9:06 AM, Mike  wrote:


An unfortunate fact is that many companies don't support anything other than 
sending a token via email, SMS, or sometimes a voice call. I've seen several 
large banks, insurers, etc. who do this. It's maddening when you sign up for 
access to something and are restricted to these options.

On Mon, Apr 19, 2021 at 11:49 AM William Herrin 
mailto:b...@herrin.us>> wrote:
On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka  wrote:
> It's all about convenience, and how much they can get
> done without speaking to human.

Hi Mark,

Convenience is the most important factor in any security scheme. The
user nearly always has a choice, even if the choice is as
rough-grained as "switch to a different company." If your process is
too onerous (the user's notion of onerous) then it simply won't be
used. An effective security scheme is the strongest which can be built
within that boundary.

> If a key fob can be sent to them - preferably for free - that would help.

Hint: carrying around a separate hardware fob for each important
Internet-based service is a non-starter. Users might do it for their
one or two most important services but yours isn't one of them.

Regards,
Bill Herrin

--
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: Zayo or HE for IP transit

[Nuno Vieira via NANOG]

>From those two i would pick Zayo.

HE.net don't allow you to play with communities and TE.

cheers
/nuno


On Mon, 2021-04-19 at 21:30 +, James Lumby wrote:
> What is the current experience with Zayo or HE?  I’m looking at
> possibly adding one of them into a mix of cogent and a mix from my
> datacenter.  Would be using BGP full routes.  Any experiences would
> be appreciated.
>  
> Sincerely,
> James
>  

Re: Zayo or HE for IP transit

[Mike Lyon]

I use both of them.

I’d recommend you use either as a primary and bump cogent to secondary.

Or axe cogent and use Zayo and HE.

Cogent sucks.

-Mike

> On Apr 20, 2021, at 09:09, James Lumby  wrote:
> 
> 
> What is the current experience with Zayo or HE?  I’m looking at possibly 
> adding one of them into a mix of cogent and a mix from my datacenter.  Would 
> be using BGP full routes.  Any experiences would be appreciated.
>  
> Sincerely,
> James
>  

Re: Zayo or HE for IP transit

[Robert Blayzor via NANOG]

On 4/19/21 5:30 PM, James Lumby wrote:
What is the current experience with Zayo or HE?  I’m looking at possibly 
adding one of them into a mix of cogent and a mix from my datacenter.  
Would be using BGP full routes.  Any experiences would be appreciated.



Well AFAIK Zayo is not filtering invalid ROA's from their network. So if 
tht matters to you, take that into consideration.


--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://pgp.inoc.net/rblayzor/

Re: Zayo or HE for IP transit

[Patrick W. Gilmore]

Hurricane has probably the most peering of any large network on the  planet. 
They also carry more v6 traffic than anyone. But they have a famous problem 
with v6 - you cannot get to Cogent (174) from HE. Since you have Cogent, that 
should not be a problem. Private, smart people, customer service is excellent, 
generally good network. One minor thing to keep in mind: They do not have as 
many weird “features” as some of the other big networks. If you are looking for 
something very specific (as opposed to vanilla transit), you should check to 
see if they support it. Not saying they won’t, just saying I would check. 
Which, frankly, is good advice for any network.

I have not used Zayo in many years, so cannot comment on them.

-- 
TTFN,
patrick

> On Apr 19, 2021, at 5:30 PM, James Lumby  wrote:
> 
> What is the current experience with Zayo or HE?  I’m looking at possibly 
> adding one of them into a mix of cogent and a mix from my datacenter.  Would 
> be using BGP full routes.  Any experiences would be appreciated.
>  
> Sincerely, 
> James

Zayo or HE for IP transit

[James Lumby]

What is the current experience with Zayo or HE?  I'm looking at possibly adding 
one of them into a mix of cogent and a mix from my datacenter.  Would be using 
BGP full routes.  Any experiences would be appreciated.

Sincerely,
James

Re: Malicious SS7 activity and why SMS should never by used for 2FA

[Mike]

An unfortunate fact is that many companies don't support anything other
than sending a token via email, SMS, or sometimes a voice call. I've seen
several large banks, insurers, etc. who do this. It's maddening when you
sign up for access to something and are restricted to these options.

On Mon, Apr 19, 2021 at 11:49 AM William Herrin  wrote:

> On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka  wrote:
> > It's all about convenience, and how much they can get
> > done without speaking to human.
>
> Hi Mark,
>
> Convenience is the most important factor in any security scheme. The
> user nearly always has a choice, even if the choice is as
> rough-grained as "switch to a different company." If your process is
> too onerous (the user's notion of onerous) then it simply won't be
> used. An effective security scheme is the strongest which can be built
> within that boundary.
>
> > If a key fob can be sent to them - preferably for free - that would help.
>
> Hint: carrying around a separate hardware fob for each important
> Internet-based service is a non-starter. Users might do it for their
> one or two most important services but yours isn't one of them.
>
> Regards,
> Bill Herrin
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/
>