go daddy email administrator

2014-06-07 Thread Blake Pfankuch - Mailing List
Can I have a go daddy email admin shoot me a message off list?  Support will 
not work with me because I am not a customer, and it appears my corporate email 
domain is being throttled due to volume.  We are not a mass mail sender, 
however we send several thousand emails a day based on the size and nature of 
our business.

Thanks,
Blake


RE: Suggestion on Fiber tester

2013-09-25 Thread Blake Pfankuch - Mailing List
To follow up, all of this fiber is mm and all light is sx to sfp.  Currently 
all 1gbit, but it will be repulled as 10gbit capable soon... I guess I'm going 
to have to be a little less cheap and shoot for something under $1000.  I had 
an off list suggestion of the below listed fluke.  Any other suggestions or 
reccomendations?

http://www.flukenetworks.com/datacom-cabling/fiber-testing/SimpliFiber-Pro-Optical-Power-Meter-and-Fiber-Test-Kits

Thanks,
Blake

-Original Message-
From: Darius Jahandarie [mailto:djahanda...@gmail.com] 
Sent: Wednesday, September 25, 2013 9:09 PM
To: Blake Pfankuch - Mailing List
Cc: NANOG (nanog@nanog.org)
Subject: Re: Suggestion on Fiber tester

On Wed, Sep 25, 2013 at 10:23 PM, Blake Pfankuch - Mailing List 
 wrote:
> I am in the market for a simple fiber tester.  I have about 80 pairs running 
> through my complex and we are running into some possible issues with some of 
> the really old ones.  The pen light to confirm that it's the right strand is 
> going to require a little bit more insight to determine if there is an issue 
> with fiber in conduit or patch.
>
> I don't need something super fancy, just need something that gives a good, 
> bad or "holy crap is that concrete you are testing on" for starters.  I am 
> also shooting for about $150-250 tops.
>
> Any suggestions?

The keyword is Optical Power Meter. There are some all-in-one meters and some 
simpler meters, it depends on exactly what sort of fiber you're testing and so 
forth.

The more advanced tool is an Optical Time-Domain Reflectometer, which can tell 
you where the splices, breaks, and their locations are, but they are 
considerably more expensive and that's not what you're looking for from the 
sound of it.

--
Darius Jahandarie


Suggestion on Fiber tester

2013-09-25 Thread Blake Pfankuch - Mailing List
I am in the market for a simple fiber tester.  I have about 80 pairs running 
through my complex and we are running into some possible issues with some of 
the really old ones.  The pen light to confirm that it's the right strand is 
going to require a little bit more insight to determine if there is an issue 
with fiber in conduit or patch.

I don't need something super fancy, just need something that gives a good, bad 
or "holy crap is that concrete you are testing on" for starters.  I am also 
shooting for about $150-250 tops.

Any suggestions?

Thanks!

Blake


RE: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc...

2013-06-18 Thread Blake Pfankuch - Mailing List
Let me also clarify, Price per port is not the final deciding factor.  We are 
looking much more at a combination of daily operational sanity, troubleshooting 
features, operational feature set, vendor support quality and price.

Support is absolute key.  When we need help, we need help quickly and 
knowledgeable support.  The name checkpoint comes to mind when I think of 
something I DON’T want for support quality.  It also causes nausea…

Thanks,

Blake

From: Phil Fagan [mailto:philfa...@gmail.com]
Sent: Tuesday, June 18, 2013 6:08 PM
To: Blake Pfankuch - Mailing List
Cc: NANOG (nanog@nanog.org)
Subject: Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, 
Juniper, Extreme Networks etc...

I love JUNOS, don't really care for IOS. I really trust Cisco and Juniper's 
hardware, with that being said Arista is your best bet for cheapest port. I've 
only seen Arista in lab, not in the wild yet so I can't speak for how I would 
trust them. You mention getting bit by single sups, I believe as of late Arista 
has had issue with OSPF failover time between dual-sups in HA setups.

I used to have a Dell laptopbut I'm sure their great too. In the end for me 
I only trust Cisco or Juniper. I've been burnt by Foundry and am waiting to on 
Arista.

On Tue, Jun 18, 2013 at 5:53 PM, Blake Pfankuch - Mailing List 
mailto:blake.mailingl...@pfankuch.me>> wrote:
Howdy,
I have been working on a proposal for the organization I work 
for to move into the 10gbit datacenter.  We have a small datacenter currently 
of about 1000 ports of 1gbit.  We have traditionally been a full Cisco shop, 
however I was asked to do a price comparison as well as features with other 
major alternative vendors.  I was also asked to do some digging as far as what 
"the real world" thinks about these possible vendors.

We currently have 2 Cisco 6509's with 8 48 port cards Sup 3BXL, 2 Cisco 4506 
with 5x 48 port card and Sup V's and 2 4900M switches providing 10gbit to a 
very specialized implementation.  With all of our technology, we try to not be 
bleeding edge, but oozing edge.  We need 5 9's or more of uptime yearly so 
stability is preferable to cool features.  We currently have single supervisors 
in all of our switches (not my decision) and it has bit us recently.  
Everything we are looking at needs to support NSF/SSO/VSS of some kind.

What we have been looking to replace it with in Cisco world is Nexus 7004 Core 
and Nexus 5596UP with 2200 series Fabric extenders for Dist/Access as well as 
2200 Fabric Extenders within our Dell Blade Chassis.  Realistically we will be 
under 800 ports of 10gbit (excluding Blades) which puts us in a tough spot from 
what I can find.  Currently everything we have is EOR, however TOR would make 
more sense allowing us to switch to SFP+ twinax connectivity to servers.

With this in mind, I have a few questions...

It was mandated that I look at a company "Arista Networks" and investigate 
possible options.  I had not heard much about them, so I look to the experts.  
Pro's and Con's?  Real world experience?  Looks to me they have a lot of cool 
features, but I'm slightly concerned with how new they might be, how reliable 
it would be as well as their QA/bugfix history.  Also 24x4 support and hardware 
replacement.  Everything in our datacenter currently has a 2 or 4 hour cisco 
contract on it and critical core components have a cold spare in inventory.

Dell Force 10... I know Dell tries to get you to drink the Koolaid on this 
solution, I was a former Dell Partner and they even pushed me to get demo 
equipment going...  What's the experience with their chassis switches?  
Stability?  Configuration sanity?  What do people like?  What do people hate?

Juniper.  What do people like? What do people hate?  Have the Layer 2 issues of 
historical age gone away?  Is the config still xml ish?  It has been about 5 
years since I worked with anything Juniper.

Extreme networks.  I know very little about them historically.  What is good, 
what is bad?  Is the config sane?

I would be happy to compile any information I find, as well as our sanitized 
internal conclusions.  On and off list responses welcome.

If there is another vendor anyone would suggest, please add them to the list 
with similarly asked questions.

Thanks!

Blake



--
Phil Fagan
Denver, CO
970-480-7618


Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc...

2013-06-18 Thread Blake Pfankuch - Mailing List
Howdy,
I have been working on a proposal for the organization I work 
for to move into the 10gbit datacenter.  We have a small datacenter currently 
of about 1000 ports of 1gbit.  We have traditionally been a full Cisco shop, 
however I was asked to do a price comparison as well as features with other 
major alternative vendors.  I was also asked to do some digging as far as what 
"the real world" thinks about these possible vendors.

We currently have 2 Cisco 6509's with 8 48 port cards Sup 3BXL, 2 Cisco 4506 
with 5x 48 port card and Sup V's and 2 4900M switches providing 10gbit to a 
very specialized implementation.  With all of our technology, we try to not be 
bleeding edge, but oozing edge.  We need 5 9's or more of uptime yearly so 
stability is preferable to cool features.  We currently have single supervisors 
in all of our switches (not my decision) and it has bit us recently.  
Everything we are looking at needs to support NSF/SSO/VSS of some kind.

What we have been looking to replace it with in Cisco world is Nexus 7004 Core 
and Nexus 5596UP with 2200 series Fabric extenders for Dist/Access as well as 
2200 Fabric Extenders within our Dell Blade Chassis.  Realistically we will be 
under 800 ports of 10gbit (excluding Blades) which puts us in a tough spot from 
what I can find.  Currently everything we have is EOR, however TOR would make 
more sense allowing us to switch to SFP+ twinax connectivity to servers.

With this in mind, I have a few questions...

It was mandated that I look at a company "Arista Networks" and investigate 
possible options.  I had not heard much about them, so I look to the experts.  
Pro's and Con's?  Real world experience?  Looks to me they have a lot of cool 
features, but I'm slightly concerned with how new they might be, how reliable 
it would be as well as their QA/bugfix history.  Also 24x4 support and hardware 
replacement.  Everything in our datacenter currently has a 2 or 4 hour cisco 
contract on it and critical core components have a cold spare in inventory.

Dell Force 10... I know Dell tries to get you to drink the Koolaid on this 
solution, I was a former Dell Partner and they even pushed me to get demo 
equipment going...  What's the experience with their chassis switches?  
Stability?  Configuration sanity?  What do people like?  What do people hate?

Juniper.  What do people like? What do people hate?  Have the Layer 2 issues of 
historical age gone away?  Is the config still xml ish?  It has been about 5 
years since I worked with anything Juniper.

Extreme networks.  I know very little about them historically.  What is good, 
what is bad?  Is the config sane?

I would be happy to compile any information I find, as well as our sanitized 
internal conclusions.  On and off list responses welcome.

If there is another vendor anyone would suggest, please add them to the list 
with similarly asked questions.

Thanks!

Blake


RE: Data Center Installations

2013-05-02 Thread Blake Pfankuch - Mailing List
We have been going with rolls and cut to fit, however looking for something 
precut that way we don't end up with a NOC monkey putting a 18 inch piece of 
Velcro on 4 cat5 cables...  I do have pictures... If they only get 8 inch 
strips, it helps keep things cleaner, and then leave the cut to fit to the 
people who have "engineer" in their title.

Mike, I was looking at them as well and will add them to the list to pay 
attention to.  Thanks, for the suggestion, I will order a roll and have a look.

Thanks,
Blake

From: Mike Lyon [mailto:mike.l...@gmail.com]
Sent: Wednesday, May 1, 2013 5:33 PM
To: Otis L. Surratt, Jr.
Cc: Blake Pfankuch - Mailing List; Warren Bailey; NANOG
Subject: Re: Data Center Installations

For bulk velcro, I found Uline to be fairly cheap.

On Wed, May 1, 2013 at 4:30 PM, Otis L. Surratt, Jr. 
mailto:o...@ocosa.com>> wrote:
-Original Message-
From: Blake Pfankuch - Mailing List
[mailto:blake.mailingl...@pfankuch.me<mailto:blake.mailingl...@pfankuch.me>]
Sent: Wednesday, May 01, 2013 6:18 PM
To: Otis L. Surratt, Jr.; Warren Bailey; nanog@nanog.org<mailto:nanog@nanog.org>
Subject: RE: Data Center Installations

>Along this same line of questioning... favorite Velcro?  I used to get
spools of about 500 8 inch strips for a reasonable amount however the
vendor went out of business.  The cloth tabs are nice, but then end >up
getting in the way...
>
>Thanks,
>Blake

You should be able to get a roll from Graybar. Never checked with CSC
for that. We bought a large roll from Graybar and simply cut what we
need. It's not precut and pretty but it works.



--
Mike Lyon
408-621-4826
mike.l...@gmail.com<mailto:mike.l...@gmail.com>

http://www.linkedin.com/in/mlyon





RE: Data Center Installations

2013-05-02 Thread Blake Pfankuch - Mailing List
Along this same line of questioning... favorite Velcro?  I used to get spools 
of about 500 8 inch strips for a reasonable amount however the vendor went out 
of business.  The cloth tabs are nice, but then end up getting in the way...

Thanks,
Blake

-Original Message-
From: Otis L. Surratt, Jr. [mailto:o...@ocosa.com] 
Sent: Wednesday, May 1, 2013 1:40 PM
To: Warren Bailey; nanog@nanog.org
Subject: RE: Data Center Installations

-Original Message-
From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
Sent: Wednesday, May 01, 2013 2:24 PM
To: nanog@nanog.org
Subject: Data Center Installations

>Do any of you have a "go to" resource for materials used in
installations? Tie wraps, cable management, blahblahblah?
>
>I have found several places, but I'm curious to know what the nanog
ninja's have to say.
>
>//warren

We've used both CSC and Graybar, more frequently CSC better deals in our case.
For very nice affordable Cat 5e/6A patch cords iofast.com we've never purchased 
a patch from anywhere else since we found them.




RE: SSL Certificates and ... Providers

2012-12-27 Thread Blake Pfankuch
Thanks everyone for the quick responses.  Our stuff is currently through 
Verisign because of the "reliability of the name" and the nature of the 
industry.  Any suggestions for who I should look at to replace them with?  I 
know I will be saving money, but looking to keep the name reliability as well.  
Thawte and GeoTrust have the same "per server" model, and looking to get away 
from that.

Thanks!
Blake

-Original Message-
From: Blake Pfankuch [mailto:bl...@pfankuch.me] 
Sent: Thursday, December 27, 2012 12:48 PM
To: NANOG (nanog@nanog.org)
Subject: SSL Certificates and ... Providers

Ok, so this might be a little off topic but I am trying to validate something a 
vendor is telling me and hoping some people here have expertise in this area...

I am working with a SSL certificate provider.  I am trying to purchase a 
quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 
domains.  Vendor is telling me that the Wildcard certificates are licensed per 
physical device it is installed on.  This means instead of using a single 
wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 
servers.

This does not compute in my brain and also in my mind completely defeats the 
purpose of a wildcard cert as I know it.  Has anyone run into this before?

Thanks
Blake



SSL Certificates and ... Providers

2012-12-27 Thread Blake Pfankuch
Ok, so this might be a little off topic but I am trying to validate something a 
vendor is telling me and hoping some people here have expertise in this area...

I am working with a SSL certificate provider.  I am trying to purchase a 
quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 
domains.  Vendor is telling me that the Wildcard certificates are licensed per 
physical device it is installed on.  This means instead of using a single 
wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 
servers.

This does not compute in my brain and also in my mind completely defeats the 
purpose of a wildcard cert as I know it.  Has anyone run into this before?

Thanks
Blake


RE: IP Address Management IPAM software for small ISP

2012-12-19 Thread Blake Pfankuch
I actually was doing research on this today as well.  Anyone have any 
experience with the solutions that implement VLAN management as well like 
Gestioip?

-Original Message-
From: Beavis [mailto:pfu...@gmail.com] 
Sent: Wednesday, December 19, 2012 8:10 PM
To: Aftab Siddiqui
Cc: NANOG Operators' Group
Subject: Re: IP Address Management IPAM software for small ISP

+1 for ipplan http://iptrack.sourceforge.net/

-Ed

On Thu, Dec 13, 2012 at 4:10 AM, Aftab Siddiqui  
wrote:
> Kindly search the archives for many threads on the same subject, which 
> should be the normal practice.
>
> nevertheless, IPPlan, PHPIP, PHPIPAM are good enough as per the need. 
> The first one I assume should serve your purpose for both v4 and v6.
>
> Regards,
>
> Aftab A. Siddiqui
>
>
>
> On Thu, Dec 13, 2012 at 6:22 AM, Eric A Louie  wrote:
>
>> I'm looking for IPAM solutions for a small regional wireless ISP.  
>> There are 4 Tier 2 personnel and 2 NOC technicians who would be using 
>> the tool, and a small staff of engineers.
>>
>> They have regionalized IP addresses so blocks are local, but there 
>> are subnets that are global.
>>
>> don't care if it's a linux or windows solution.
>>
>> Need to be able to migrate from FreeIPdb (yes, I know, it's a 
>> dinosaur)
>>
>> We're not dealing with a lot now, but the potential for growth is 
>> pretty high.
>>
>> What are you using and how is it working for you?
>>
>>  Much appreciated, Eric
>>



--
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Disclaimer:
http://goldmark.org/jeff/stupid-disclaimers/




Check Point Firewall Appliances

2012-12-19 Thread Blake Pfankuch
Howdy,
I am just getting into an environment with a large Check Point 
deployment and I am looking for a little bit of feedback from other real world 
admins.  Looking for what people like, what people don't (why hopefully).  Also 
for those of you who might run Check Point devices in your environments what to 
dig into first as far as getting more experience on the devices and a better 
understanding of how not to break them.  I am slowly going through all of the 
official documentation, but would also like to hear a real world opinion.

Thanks in advance!

Blake


RE: gmail offline?

2012-12-10 Thread Blake Pfankuch
Just loaded for me, however quite a bit slower than normal.

-Original Message-
From: Peter Kristolaitis [mailto:alte...@alter3d.ca] 
Sent: Monday, December 10, 2012 10:00 AM
To: nanog@nanog.org
Subject: Re: gmail offline?

I'm getting the same thing when I try to access the web interface, but SMTP & 
IMAP seem to be working fine at the moment.

- Peter


On 12/10/2012 11:56 AM, Philip Lavine wrote:
> getting a 502 error





Looking for an Optimum Online engineer

2012-11-27 Thread Blake Pfankuch
We have been fighting with an issue with a customer who is having issues on a 
business Cable Line in Wyoming,  is there someone out there who might be able 
to help up troubleshoot a little?  We have been through normal routes, but 
because it is not a consistent issue, we cant actually see what is going on or 
trend it so we get a ticket closed.

Thanks!

Blake Pfankuch


RE: Recommended Generator Service in Northern Colorado (from nanog)

2012-09-19 Thread Blake Pfankuch
Since I have gotten many off list responses..

I have a submitted an "Information Request"  they sent me back the list which 
is on their website of 24 shops within 75 miles.  Looking for a little bit more 
information/history, as two of them I called this morning I went to their 
voicemail.  Of course they were the ones with reviews on the Generac website as 
well so no more real world feedback.

Thanks
--Blake

-Original Message-
From: Hal Murray [mailto:hmur...@megapathdsl.net] 
Sent: Wednesday, September 19, 2012 2:58 PM
To: Blake Pfankuch
Cc: Hal Murray
Subject: Re: Recommended Generator Service in Northern Colorado (from nanog)


> Looking for some recommendations on a company to do regularly 
> scheduled maintenance work on our Generac Generator in Northern 
> Colorado.  The company who did the installation is out of business, 
> and the company who most recently did work does not believe in answering the 
> phone...

Have you called the manufacturer?

They have a serious interest in making sure that somebody will service their 
gear.  If they don't actually now of a service company, they might know of 
other customers in your area.



--
These are my opinions.  I hate spam.






Recommended Generator Service in Northern Colorado

2012-09-19 Thread Blake Pfankuch
Looking for some recommendations on a company to do regularly scheduled 
maintenance work on our Generac Generator in Northern Colorado.  The company 
who did the installation is out of business, and the company who most recently 
did work does not believe in answering the phone...

Any suggestions welcome.

--Blake


RE: IPv6 Ignorance

2012-09-17 Thread Blake Pfankuch
VMware vSphere on quad processor 1u servers with 768gb of RAM :)  that should 
yield 80-140 VM's per host :)  that gets you close on density.

-Original Message-
From: Eugen Leitl [mailto:eu...@leitl.org] 
Sent: Monday, September 17, 2012 1:55 PM
To: nanog@nanog.org
Subject: Re: IPv6 Ignorance

On Mon, Sep 17, 2012 at 11:27:04AM -0700, Owen DeLong wrote:

> What technology are you planning to deploy that will consume more than 2 
> addresses per square cm?

Easy. Think volume (as in: orbit), and think um^3 for a functional computers ;)




RE: Heads-Up: GoDaddy Broke the Interwebs...

2012-09-11 Thread Blake Pfankuch
As someone else nicely pointed out "network problems starting when the anon 
post said they would, and ending when they said they would stop ironic?"

-Original Message-
From: William Herrin [mailto:b...@herrin.us] 
Sent: Tuesday, September 11, 2012 1:16 PM
To: Kyle Creyts
Cc: nanog@nanog.org
Subject: Re: Heads-Up: GoDaddy Broke the Interwebs...

On Tue, Sep 11, 2012 at 1:54 PM, Kyle Creyts  wrote:
> http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410

"many of our customers experienced intermittent service outages"

Must be that new definition of the word "intermittent." The one roughly 
synonymous with "total."

-Bill


--
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web:  Falls 
Church, VA 22042-3004




RE: MTU mismatch on one link

2012-08-31 Thread Blake Pfankuch
I was actually typing an email about this as well when this one showed up.  I 
ran into this with a customer about 2 weeks back with a single are ospf 
implementation.  They had one of their routers configured at MTU 1492 and I 
completely spaced this.  Lost about a half an hour of my life to this.

This Cisco article gives a good bit of information about it as well.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0d.shtml

-Original Message-
From: Justin M. Streiner [mailto:strei...@cluebyfour.org] 
Sent: Friday, August 31, 2012 7:59 AM
To: NANOG list
Subject: Re: MTU mismatch on one link

On Fri, 31 Aug 2012, Tom Taylor wrote:

> Has anyone run into a situation where the MTU at one end of a link was 
> configured differently from the MTU at the other end? How did you catch it?
> 
> In general, do you see any need for a debugging tool to be 
> standardized to find such mismatches?

Some routing protocols (OSPF comes to mind) will complain loudly and generally 
refuse to come up if configured on a link with mismatched MTUs.

As far as a debugging tool, I don't know if one is specifically needed for 
that, but another thing to watch out for is in cases where you use something 
like an Ethernet transport from a metro provider to get between two locations, 
make absolutely certain that you find out from the provider how the circuit is 
engineered, including what the MTU is for the link, and how they encapsulate 
your traffic to transport it across their network (MPLS, QinQ, etc).

jms




RE: NANOG poll: favorite cable labeler?

2012-08-21 Thread Blake Pfankuch
I have been using a Brothers PT-2430PC (usb attached) and the TZeS251 1 inch 
wide tapes.  Printed with 7 rows horizontal text and vertical tape, I can wrap 
around a cable on each end for nice organization and it sticks very well to 
itself.  With the cutline creation, I can print off about 60 labels at a time 
this way and give a minon something to do for an hour :)

-Original Message-
From: Mike Lyon [mailto:mike.l...@gmail.com] 
Sent: Tuesday, August 21, 2012 7:47 PM
To: Seth Mattinen
Cc: nanog@nanog.org
Subject: Re: NANOG poll: favorite cable labeler?

I bought the Brady BMP21 handheld labeler from Frys about a month ago.
It takes 6x AA batteries i believe. You can buy the power cable and case for it 
if you want. I love it so far.

-mike



Sent from my iPhone

On Aug 21, 2012, at 18:29, Seth Mattinen  wrote:

> On 8/21/12 6:10 PM, Robert E. Seastrom wrote:
>> Hey everyone,
>>
>> Many moons ago I worked in a place where we had a Brady LS2000 wire 
>> labeler.  So long as the supplies were fresh it was great.
>>
>> In the storage unit I have a Brady TLS2200.  Supplies are expensive, 
>> but it works reasonably well.  Unfortunately the battery is shot 
>> (gotta replace that).
>>
>> It seems to me that as cheap as the Brother P-Touch type labelers 
>> have gotten that there might be some product by 
>> (Brady|Dymo|Brother|etc) that everyone uses and recommends these days 
>> which is (a) cheap enough that they can be deployed en masse rather 
>> than treated as a scarce resource, (b) hopefully runs on standard 
>> (such as AAA) battery types, and (c) has reasonably priced supplies.
>>
>> Labeling cables is mostly what I'm interested in.  The el-cheapo 
>> p-touch seems adequate to putting hostnames on machines.
>>
>> Thoughts?
>>
>
>
> P-Touch with TZe tapes for me. I have stuff on the roof labeled with 
> TZe tape and they still look new after about a year of exposure Disclaimer:
> I'm in the high desert.
>
> ~Seth
>




RE: Bandwidth spikes due to Microsoft release of windows 8 on MSDN

2012-08-15 Thread Blake Pfankuch
I have the download completed, but still cant get a key... same boat though, 
took a long time to get that far.

-Original Message-
From: PC [mailto:paul4...@gmail.com] 
Sent: Wednesday, August 15, 2012 12:17 PM
To: Mark Gauvin
Cc: NANOG (nanog@nanog.org)
Subject: Re: Bandwidth spikes due to Microsoft release of windows 8 on MSDN

Considering I can't get the download links to work, nor the generate product 
key button to process without an error code we may either be at Microsoft 
limits, or not there yet.


On Wed, Aug 15, 2012 at 12:02 PM, Mark Gauvin  wrote:

> Or R2 service pack 3
>
> Sent from my iPhone
>
> On 2012-08-15, at 12:48 PM, "Matthew Petach" 
> wrote:
>
> > On Wed, Aug 15, 2012 at 10:34 AM, Blake Pfankuch 
> wrote:
> >> Anyone seeing a significant increase of traffic with this?
> >>
> >
> > Not yet.  Maybe everybody's waiting until service pack 2 is released?
> >
> > Matt
> >
>
>



Bandwidth spikes due to Microsoft release of windows 8 on MSDN

2012-08-15 Thread Blake Pfankuch
Anyone seeing a significant increase of traffic with this?


RE: MXLogic outage

2012-08-08 Thread Blake Pfankuch
We are on .11 and .12.  Our email is still a little delayed, but getting better.

-Original Message-
From: Ray Van Dolson [mailto:rvandol...@esri.com] 
Sent: Wednesday, August 08, 2012 10:43 AM
To: nanog@nanog.org
Subject: Re: MXLogic outage

On Wed, Aug 08, 2012 at 04:39:04PM +, Blake Pfankuch wrote:
> We are the same way.  Phones going nuts ringing as we are an MXLogic 
> partner.  I am slowly getting email with about a 2-3 hour delay right 
> now.  Anyone know any more?
> 
> -Original Message-
> From: Duane Toler [mailto:deto...@gmail.com]
> Sent: Wednesday, August 08, 2012 10:34 AM
> To: nanog@nanog.org
> Subject: MXLogic outage
> 
> Probably old news by now, but MXLogic folks are having some major 
> issues today and not reliably receiving inbound mail.  Several of our 
> customers are talking with MXLogic about it.
> 
> FYI.

What MX servers are your affected domains using?

Ours are:

208.65.145.3
208.65.145.2
208.65.144.2
208.65.144.3

And no obvious delays currently.

Ray




RE: MXLogic outage

2012-08-08 Thread Blake Pfankuch
We are the same way.  Phones going nuts ringing as we are an MXLogic partner.  
I am slowly getting email with about a 2-3 hour delay right now.  Anyone know 
any more?

-Original Message-
From: Duane Toler [mailto:deto...@gmail.com] 
Sent: Wednesday, August 08, 2012 10:34 AM
To: nanog@nanog.org
Subject: MXLogic outage

Probably old news by now, but MXLogic folks are having some major issues today 
and not reliably receiving inbound mail.  Several of our customers are talking 
with MXLogic about it.

FYI.

--
Duane Toler
deto...@gmail.com




RE: EBAY and AMAZON

2012-06-11 Thread Blake Pfankuch
I have a spam pit email address which I monitor for trends to have a little bit 
of jump on the possible things users might touch at work.  I started seeing the 
amazon, ebay and paypal ones a few weeks back.  The other one I have started to 
see a lot of is the "Free or cheaper home phone service through magic jack" 
ones.  Again as expected they link to some .ru domain and look just like the 
normal sign up page.  Also my handy dandy virtual machine was instantly owned 
with malware just by loading the page.  The VM runs Windows 7 as a non 
administrative user, UAC cranked up and IE9.  Something like 10 installed apps 
showed up including "Adobe Flash Player Latest."

The other cool one I have been seeing is along the lines of "How to better 
utilize your office phone system" or "New Business Phone systems" with supposed 
links to "popular new phone system trends".  This one is rather crafty as it 
has an embedded image which is a nice weblink to an infected jpg.  So you click 
show picture in outlook, or in your browser and you get another installed piece 
of nastyware.

-Original Message-
From: Kain, Rebecca (.) [mailto:bka...@ford.com] 
Sent: Monday, June 11, 2012 12:40 PM
To: n...@flhsi.com; Brandt, Ralph; nanog@nanog.org
Subject: RE: EBAY and AMAZON

I have gotten them from "amazon" stating "order number X was cancelled and 
please click on the below file for more information".  Because I order so much 
on amazon, I almost thought it was real and clicked on it but then went to the 
amazon site and looked at "my open orders".  It always pays to goto the site, 
not believe email.


-Original Message-
From: Nick Olsen [mailto:n...@flhsi.com]
Sent: Monday, June 11, 2012 2:06 PM
To: Brandt, Ralph; nanog@nanog.org
Subject: re: EBAY and AMAZON

I think it might just be coincidence. I've gotten about 10 of them and haven't 
been to ebay or amazon in months.
Most of them have been for >60 dollar books.

Nick Olsen
Network Operations (855) FLSPEED  x106


 From: "Brandt, Ralph" 
Sent: Monday, June 11, 2012 1:28 PM
To: nanog@nanog.org
Subject: EBAY and AMAZON

I have received bogus emails from both of the above on Friday. 

These look like I bought something that in both cases I did not buy.
The EBAY was a golf club for $887 and the Amazon was a novel for $82, far more 
than I would have spent on either.

I think I looked at the novel on Amazon and I remember the golf club came up on 
a search with something else on Ebay.  

How this information could get to someone spoofing is a little disconcerting.  

I have changed EBAY and Paypal Passwords as instructed.  

Ralph Brandt
Communications Engineer
HP Enterprise Services
Telephone +1 717.506.0802
FAX +1 717.506.4358
Email ralph.bra...@pateam.com
5095 Ritter Rd
Mechanicsburg PA 17055






RE: Commerical Backup Solutions

2012-05-17 Thread Blake Pfankuch
First, I work for a managed service provider.  We support a large number of 
traditional and over the wire backup solutions.  We have used Symantec Backup 
Exec, eVault, Acronis, Intronis, Asigra, Heroware (newer solution more DR 
focused) and many more I've purged from my memory.

I have been using BE since it was Veritas starting in about 2003.  Backup Exec 
is GREAT if you have a premise Disk server with Tape archive, or even a remote 
over fast WAN.  Acronis is nice, but not easy to manage historically.  Intronis 
get not only a no, but a "hell no please die now".  Asigra is probably one of 
my favorites.  You spend the cash for it, but it works right, it integrates 
with everything, depending on if you get it from a reseller or run your own 
vault, you get good reporting options and BMR is easy as pie.  Heroware has 
great DR and versioning options but its still growing.  Small datacenter 
platform, I like it a lot.

Aiming at Asigra a little more there are many vendors that offer over the wire 
backup using this.  Most of them price by the gig, but based on what you are 
doing you could probably do a peer replication where you run your own "vault" 
locally to back up to, and then integrate that to one of many providers to get 
your off site.  Asigra offers decent compression and integration into Windows 
and nix tools for open file and such.  We have used Asigra to backup up 
anything from nt4 to 2008r2, nix, bsd, as400, esx and esxi.  All the backup 
stuff is included.  You get the base software you get the ability to back up 
everything it can, with the exception of Message Level backup and restore in 
Exchange, and file level within SharePoint which require another service to be 
enabled.  The UI has its moments of clunky, but it has gotten WAY better over 
the past few years.  Reporting options are great, as is file growth trending.  
Restores are tricky the first time, but its just a learning curve like any 
other app.

As far as BMR restores on above products I've pretty much done them all.  We do 
a lot of SMB work so many times single server, often SBS.  I have done single 
DC, Exchange servers, mysql servers, file and print servers and many more.  By 
far the trickiest ones are the Windows Small Business Servers based solely on 
the fact they can be complicated to work with as they have Windows, AD, 
Exchange, SQL, RWW and SharePoint on 1 box.  If you have ever done a BMR of an 
SBS server 2000/2003/2008/2011 if everything isn't perfect you might as well 
rebuild.  All of these assume you have a well managed backup solution which is 
getting all the data needed for a full restore of course.

Backup Exec its possible and its not that hard.  EVault in theory, but the 
process can be difficult.  Acronis does a very nice job of it.  Intronis don't 
bother, spend the time working on a resume because a BMR from this is probably 
a career changing event.  I had to attempt it for one customer, I got the data 
I needed gave it the proverbial finger and built a new server to move it onto.  

Asigra makes it really easy.   I have done about 5 (about 18 in our company 
total) SBS full restores.  You have to jump through a few hoops, but we fully 
restored a failed SBS 2003 server onto a VM while replacement hardware came in 
in 12 hours, including line of business SQL app, Exchange, AD and about 200gb 
of data.

Heroware is very similar in theory.  It works off a replication technology 
(DoubleTake backend) which does snapshots within the replication.  Heroware is 
designed to have an "appliance" per 10-50 servers depending on size and load so 
it might not scale to the size you are looking.  

Dollars to doughnuts if I had the option, I would do Asigra every time if I had 
the budget from the customer for the offsite.  Why?  Many of the resellers out 
there even guarantee they can do a 24 or 48 hour RTO of a full environment 
assuming they have the correct backed up date.  It just works that well.  I 
have done 2 5+ server environments restore the whole thing from backups with no 
problems in 24 hours or less onto mismatched hardware as well.  Keep in mind we 
are working with customers with user counts between 10 and 150 in most cases 
and usually about $1 per gig  because they are lower size.  I've heard rumors 
of people getting as low as 25 cents a gig, but I cant speak to that.

Yes, I resell many of these products at my day job, however I also implement 
and support them and work with the various support teams from each vendor.  I 
favor Asigra because of personal preference and ease of use.  

--Blake

-Original Message-
From: Josh Baird [mailto:joshba...@gmail.com] 
Sent: Thursday, May 17, 2012 6:01 PM
To: Thomas York
Cc: nanog@nanog.org
Subject: Re: Commerical Backup Solutions

We have used Symantec's BackupExec (Veritas) in several locations but have 
standardized on IBM's Tivoli Storage Manager (TSM).  Not a fan of IBM, but it 
works, and it works well.  Be prepared to drop some seri

RE: Xirrus Wireless

2012-03-13 Thread Blake Pfankuch
Thanks very much to all of the useful on and off list releases.  

I would like to also thank Ron Valdez of Vall Technologies for his very prompt 
sales contact as well.  Very unprofessional, but nice try to cover up the 
contact with the excuse of "simple google searches while reaching out to local 
IT firms" to find my contact information and directly attempt to market a 
product which I just recently asked about here, and conveniently he happens to 
be a Xirrus Gold Partner.  

Summary of what I have learned, including quotes from a few people who said it 
better than I can reword it.  "Conceptually, it sounds like a good idea to 
increate spectral bandwidth, but I have a hunch that it falls down somewhat in 
practice."  Several people have mentioned that only a limited number of radios 
within each device (3) can do 2.4ghz at the same time (which makes sense) due 
to signal conflict and the specified specs which say 120 degrees of broadcast 
per antenna.  Several people have also stated (as well as math) that a single 
device can only handle about 90-120 2.4ghz clients before there is noticeable 
slowdown.  5ghz wise experience holds up to specs as far as client connections. 
 Having 802.11b enabled anywhere has had a very negative on performance of the 
device as one could expect.  In buildings with many smaller rooms, using a 
single device to cover so many rooms runs you into the problem of interference 
thanks to walls, refraction and material conflicts.  Scaling them back becomes 
tough because each device with its large number of radios saturates  the 
spectrum, allowing limited overlap...  "Xirrus is overkill [...] when doing 
small gigs and won't scale [to] very big events, compared to a truckload of 
cisco APs. Mostly because our venues are not stadium sized."  "Turn up the AP 
count, turn down the signal strength fill the building 'til it glows."

Thanks for all the input!

-Original Message-
From: Pete Carah [mailto:p...@altadena.net] 
Sent: Tuesday, March 13, 2012 4:46 PM
To: Blake Pfankuch; NANOG Mailing List
Subject: Re: Xirrus Wireless

On 03/13/2012 03:35 PM, Blake Pfankuch wrote:
> Thanks Pete, that does help.  Now hopefully I can get someone who has 
> experience with 500+ devices running on a single one in a fairly small area 
> (High School Gym).
There was a thread about this a couple of months back, I'm pretty sure it was 
after last November (but not absolutely sure); lots of discussion about density 
and Xirrrus was mentioned.  My personal experience with Xirrus is certainly not 
high-density, and the "real" hospital certainly copes with a bunch (though I'm 
guessing 20-30 users per AP from how many APs they have distributed among 
rooms.  They seem to do a bunch of their device telemetry on 802.11 but there 
are also some more dedicated frequencies/protocols for medical devices.  (even 
the IV pumps alarm at the nurse's station...)

I do have some experience with full-duplex RF transceiver design, though, and 
the Xirrus configuration can't be easy to make work well. 
Not impossible, but difficult.

-- Pete

>
> -Original Message-
> From: Pete Carah [mailto:p...@altadena.net]
> Sent: Tuesday, March 13, 2012 4:32 PM
> To: nanog@nanog.org
> Subject: Re: Xirrus Wireless
>
> On 03/13/2012 02:34 PM, Blake Pfankuch wrote:
>> I know this is a little outside of the traditional NANOG realm but...
>>
>> I have a customer looking at a fair number of Xirrus Wireless Arrays for 
>> 802.11a/b/g/n implementations and am looking for some real world insight 
>> into them.  On the cover they look cool, the white papers look cool, but I 
>> am yet to find technical commentary from a real person on these devices.  
>> Looking at the XN line, and just curious if anyone has deployed these, 
>> supports these or knows anything about them.
> I can only speak from indirect experience; the rehab place where my 
> wife is staying for a bit uses 4 or 5 of them (older, probably not 
> current, flying-saucer-like boxes suspended from the ceiling at 
> hallway
> junctions) and there, at least, they appear to work pretty well.  The 
> particular ones don't appear to my laptop to do 11a.  However, I don't think 
> there is any significant user density just from watching the nifty 
> directional light display, so this may not mean much  (I'd guess 3 to 10 
> users over the whole building including smartphones and a couple of pieces of 
> medical equipment that isn't used much).  Also there is no IT (or any real 
> technical maint) guy on-premises to talk to so I can't ask about any other 
> aspect.
>
> The local real hospital uses a Cisco system (or at least Cisco APs; don't 
> know about the AP manager box) which really does appear to work well; I'd 
> gu

Xirrus Wireless

2012-03-13 Thread Blake Pfankuch
I know this is a little outside of the traditional NANOG realm but...

I have a customer looking at a fair number of Xirrus Wireless Arrays for 
802.11a/b/g/n implementations and am looking for some real world insight into 
them.  On the cover they look cool, the white papers look cool, but I am yet to 
find technical commentary from a real person on these devices.  Looking at the 
XN line, and just curious if anyone has deployed these, supports these or knows 
anything about them.

Thanks!

Blake


RE: WW: Colo Vending Machine

2012-02-20 Thread Blake Pfankuch
I too would be VERY interested in something like this.  There are many times 
when I am out on site with customers who don't have anything connected to it 
and you need to figure out what is up.  Even a VGA input USB keyboard/mouse and 
application to match it for an Android/iFail tablet would be AWESOME.  I'm sure 
our office would buy about 10 of them the first week they were out...  I have 
USB inputs on my tablet that work for USB headphones and USB keyboard so I 
would think it would just be driver and software fun

-Original Message-
From: Jon Lewis [mailto:jle...@lewis.org] 
Sent: Monday, February 20, 2012 8:35 AM
To: nanog@nanog.org
Subject: Re: WW: Colo Vending Machine

On Sat, 18 Feb 2012, John Osmon wrote:

> At my $JOB[-1] they laughed at me when I pulled a Wyse out of the 
> trash bin and stuck it on a spare crash cart.
>
> Then I fixed something while they were still looking for USB-Serial, 
> etc.

Speaking of that sort of thing, I'd really LOVE if there were a device about 
the size of a netbook that could be hooked up to otherwise headless machines in 
colos that would give you keyboard, video & mouse.  i.e. a folding netbook 
shaped VGA monitor with USB keyboard and touchpad.  I know there are folding 
rackmount versions of this (i.e. from Dell), but I want something far more 
portable.  Twice in the past month, I'd had to drive 
100+ miles to a remote colo and took a full size flat panel monitor and
keyboard with me.  Has anyone actually built this yet?

--
  Jon Lewis, MCP :)   |  I route
  Senior Network Engineer |  therefore you are
  Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_




RE: Sonicwall 3500/netflow

2012-02-14 Thread Blake Pfankuch
I would be happy if it was Juniper or Cisco ish.  Right now it's just total 
crap :)

From: brandon.j@live.com [mailto:brandon.j@live.com] On Behalf Of 
Brandon Kim
Sent: Tuesday, February 14, 2012 9:14 AM
To: leigh.por...@ukbroadband.com; Blake Pfankuch; j...@miscreant.org; 
j...@baylink.com
Cc: nanog group
Subject: RE: Sonicwall 3500/netflow

Never messed around with Juniper



> From: leigh.por...@ukbroadband.com<mailto:leigh.por...@ukbroadband.com>
> To: brandon@brandontek.com<mailto:brandon@brandontek.com>; 
> bl...@pfankuch.me<mailto:bl...@pfankuch.me>; 
> j...@miscreant.org<mailto:j...@miscreant.org>; 
> j...@baylink.com<mailto:j...@baylink.com>
> CC: nanog@nanog.org<mailto:nanog@nanog.org>
> Subject: RE: Sonicwall 3500/netflow
> Date: Tue, 14 Feb 2012 15:53:43 +
>
>
>
> > -Original Message-
> > From: Brandon Kim 
> > [mailto:brandon@brandontek.com]<mailto:[mailto:brandon@brandontek.com]>
> > Sent: 14 February 2012 15:51
> > To: bl...@pfankuch.me<mailto:bl...@pfankuch.me>; 
> > j...@miscreant.org<mailto:j...@miscreant.org>; 
> > j...@baylink.com<mailto:j...@baylink.com>
> > Cc: nanog group
> > Subject: RE: Sonicwall 3500/netflow
> >
> >
> > I've been using 5.8 with no problems thus far. As for the CLI, yes it
> > is CLUNKY.
> >
> > But they are completely revamping it, it will be very similar to Cisco
> > in the near future...
>
> Why do people like to base their CLIs on the really rather awful Cisco style 
> interface rather than something with some more structure like Juniper?
>
>
> --
> Leigh Porter
>
>
>
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __


RE: Sonicwall 3500/netflow

2012-02-14 Thread Blake Pfankuch
JRA,
If you have questions contact me off list.  I would shoot for a little 
higher device to support that bandwidth if you are going to be enabling 
Services at all.  Also if you use services, make sure they are enabled only on 
1 zone as to not double scan traffic.  Also I would skip the DPI-SSL services 
for now, as they are extremely throughput intensive.  The company I work for 
manages a few hundred Sonicwalls, some of them in a pretty complex setup.  
SonicWall netflow is a little unique, they have a GUI feature called APPFlow 
which makes it pretty easy to trim down to watch exactly what you need (once 
you get the hang of it).  Some of the additional free features make the 
SonicWall very nice.  The SSLVPN portal is very handy for remote 
troubleshooting.  You can bind it to a VLAN interface with private addresses 
for management purposes as well as remote access.  

Careful though, they can either be a beast, or a joy to manage depending on how 
you set it up.

If you want to do entirely CLI management on the SonicWall, be prepared for a 
headache.  Everything is case sensitive, and not the cleanest.  If you build 
quick templates in your favorite text editor, it can be very simple to manage 
this way.  

SonicWall is pushing 5.8.1.4 firmwares to all of the partners as far as I know 
(maybe to everyone) if you call in with an issue.  Check the caveats though, we 
have a few conflicts related to VPN stuff as well as dynamic routing a few 
places.

Blake

-Original Message-
From: Jay Mitchell [mailto:j...@miscreant.org] 
Sent: Tuesday, February 14, 2012 3:59 AM
To: Jay Ashworth
Cc: NANOG
Subject: Re: Sonicwall 3500/netflow

According to the spec sheet it does, haven't had the opportunity to play with 
one to comment any further though.

http://www.sonicwall.com/us/products/NSA_3500.html#tab=specifications

--jay


On 14/02/2012, at 2:21 PM, Jay Ashworth  wrote:

> This will be my first time in Sonicwall territory.  I'm assuming this 
> thing will (effectively) *be* my edge router; does it support netflow, 
> as has been being discussed in the recent thread?
> 
> I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50 
> for backup/load bal; I don't think this will be a BGP application.  
> :-)
> 
> Cheers,
> -- jra
> -- 
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
> St Petersburg FL USA  http://photo.imageinc.us +1 727 647 1274
> 




IP KVM suggestions

2012-01-30 Thread Blake Pfankuch
I have a need for a small, portable, web based IP kvm with decent features that 
doesn't break the bank.  Preferably something that supports ISO mounting from 
http or ftp and USB connectivity.  Would also prefer something browser 
independent.  Small plugin like the Raritan devices would be acceptable too. It 
will be used internally for Remote access while building devices pre deployment 
to customers.  Any suggestions?

Thanks!

Blake


RE: Paypal outage?

2012-01-29 Thread Blake Pfankuch
Out of curiosity, are you using the latest Chrome Beta?  I have seen a few 
complaints this morning of other sites misbehaving with Chrome in general, more 
with the latest beta.

-Original Message-
From: Mark Tinka [mailto:mti...@globaltransit.net] 
Sent: Sunday, January 29, 2012 12:34 AM
To: nanog@nanog.org
Subject: Re: Paypal outage?

On Sunday, January 29, 2012 03:09:10 AM Chris wrote:

> I switched browsers and it seemed to clear it up. Just never seen an 
> odd error like that before..

Tried emptying your browser cache and limiting how much it grows over time? 
This helped solve a similar issue when my browser assumed my bank's Internet 
banking web site was under maintenance for 2 weeks :-).

Mark.



RE: Paypal outage?

2012-01-28 Thread Blake Pfankuch
Seems to be working for me now.

-Original Message-
From: Chris [mailto:cal...@gmail.com] 
Sent: Saturday, January 28, 2012 11:11 AM
To: NANOG list
Subject: Paypal outage?

Anyone getting a 400 Bad Request from Paypal when you try to login to your 
account or make a transaction?

--
--C

"The dumber people think you are, the more surprised they're going to be when 
you kill them." - Sir William Clayton




RE: online backup software vendor

2011-01-05 Thread Blake Pfankuch
Asigra is a great product, however branding isn’t possible from what I know of 
the solution.  We use Asigra through a partner, and when well managed it is a 
GREAT solution, however it can easily spin out of control if someone doesn't 
keep on top of it.  Randy if you are looking for a little more hands on 
information with Asigra, feel free to contact me off list and I can arrange a 
better demo.

-Original Message-
From: Randy Carpenter [mailto:rcar...@network1.net] 
Sent: Wednesday, January 05, 2011 9:50 AM
To: jake pollmann
Cc: Neil Robst; nanog@nanog.org
Subject: Re: online backup software vendor


Does anyone have any comments on any of these solutions being easily managed 
for end users? We need something that is easy for the customers to install and 
configure, and is centrally managed. It would also be very nice if it could be 
fully branded (the one thing that Vembu does well)

thanks,
-Randy

--
| Randy Carpenter
| Vice President, IT Services
| Red Hat Certified Engineer
| First Network Group, Inc.
| (419)739-9240, x1


- Original Message -
> On Wed, Jan 5, 2011 at 5:40 AM, Neil Robst 
> wrote:
> >
> > Asigra?
> >
> > http://www.asigra.com/
> >
> > Regards,
> > Neil
> >
> 
> I have hands on experience with Asigra and would recommend it.
> 
> JP



VPN issue, and possible cBeyond Engineer request

2010-10-22 Thread Blake Pfankuch
Howdy,
So I'm fighting a VPN issue, trying to establish a Client to 
Firewall VPN for remote access with 3 of my customers.  Customer is using a 
Sonicwall firewall (TZ210 or NSA240 with similar issues).  We have ruled out 
the firewall being the issue by terminating the internet connection to a 
switch, static IPing a laptop outside the firewall and successfully 
establishing a tunnel.  DHCP information is properly processed by the firewall 
every time, but under 25% of the time it is not received by the client.  Any 
thoughts as to what might be intermittently eating this information?

Alternatively anyone useful from cBeyond who might be able to assist me?  This 
works perfectly fine for 50+ customers however we have 3 customers on cBeyond 
service that it does not work with.  Again, we can bypass the cBeyond circuit 
and VPN client connections work as expected.

Any other ideas?

Blake Pfankuch


RE: How to have open more than 65k concurrent connections?

2010-10-14 Thread Blake Pfankuch
I believe the original poster was specifically requesting how to increase the 
File descriptor limits (ulimit -n) past 65k.  This is where the limitation 
would come in most likely for connections he is talking about.  

As someone else said, probably not the best place for this, however you can 
look at /etc/security/limits.conf and play with soft and hard nofile limits.  
Try unlimited maybe.

-Original Message-
From: Simon Perreault [mailto:simon.perrea...@viagenie.ca] 
Sent: Thursday, October 14, 2010 11:07 AM
To: nanog@nanog.org
Subject: Re: How to have open more than 65k concurrent connections?

On 2010-10-14 12:53, Joel Jaeggli wrote:
> you've only got 64511 ports per ip  on the box, to use for outgoing 
> connections.

As long as you're not connecting to the same destination IP/port pair, the same 
source IP/port pair can be reused. So even for outgoing connections there is 
virtually no limit.

Simon
--
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server--> http://numb.viagenie.ca
vCard 4.0   --> http://www.vcarddav.org



RE: Did your BGP crash today?

2010-08-27 Thread Blake Pfankuch
Ignoring the fact that the original poster has a thing for the dramatic, of 
those who did feel minor pain from this what hardware platforms were affected 
and what software versions just for curiosity sake.   

-Original Message-
From: Thomas Mangin [mailto:thomas.man...@exa-networks.co.uk] 
Sent: Friday, August 27, 2010 11:44 AM
To: n...@brevardwireless.com
Cc: 
Subject: Re: Did your BGP crash today?

Looking at the graph of at least one of the european exchange where RIS 
connect, it had an impact. Now saying it was nothing is like saying that the 
YouTube incident was nothing as you were not affected as you do not use YouTube.

Some people did feel the pain - lucky it was not you :)

Thomas
---
from my iPhone

On 27 Aug 2010, at 19:31, "Nick Olsen"  wrote:

> No down time here, Would have been all over the news and everything if 
> it really do "crash" the internet.
> 
> Nick Olsen
> Network Operations
> (321) 205-1100 x106
> 
> 
> 
> From: "Kasper Adel" 
> Sent: Friday, August 27, 2010 1:27 PM
> To: "NANOG list" 
> Subject: Did your BGP crash today?
> 
> Havent seen a thread on this one so thought i'd start one.
> 
> Ripe tested a new attribute that crashed the internet, is that true?
> 
> Kim
> 




RE: CIDR blocks, by country

2010-05-12 Thread Blake Pfankuch
http://countries.nerd.dk/ publishes files that can be used in some form of an 
RBL that covers most of this as well.  I use this for a geolocated DNS system 
and it works well.  I have actually manually referenced this to find where a 
specific block is from. 

-Original Message-
From: Larry Smith [mailto:lesm...@ecsis.net] 
Sent: Wednesday, May 12, 2010 10:22 AM
To: nanog@nanog.org
Subject: Re: CIDR blocks, by country

On Wed May 12 2010 11:09, Michael Holstein wrote:
> I am aware of sites that list all the netblocks associated with China 
> (for example) .. is there any place that publishes an updated list of 
> what netblocks are used by what countries? (all of them) .. CIDR 
> format would be ideal.
>
> If it matters, I'm specifically interested APNIC and AFRNIC.
>
> Regards,
>
> Michael Holstein
> Cleveland State Unviersity

Since blackholes.us went away, the only other one I have found semi-reliable is 
Country IP Blocks at http://www.countryipblocks.net

--
Larry Smith
lesm...@ecsis.net




RE: Edu versus Speakeasy Speedtest

2010-04-29 Thread Blake Pfankuch
Agreed.  Most of the sites are not accurate for large bandwidth locations.  
Speedtest.net is flash based, however I find that slightly more accurate up to 
about 50-100mbit range.

-Original Message-
From: Bret Clark [mailto:bcl...@spectraaccess.com] 
Sent: Thursday, April 29, 2010 10:05 AM
To: nanog@nanog.org
Subject: Re: Edu versus Speakeasy Speedtest

All the new OS's (IE Windows7) automatically adjust TCP window size.

Personally I've never found those website speed test to be that accurate on 
fast connections (over 15Mbps full duplex).  The only way to really confirm 
bandwidth is by running IPERF.


Robert Glover wrote:
> Adjust your TCP window size.
>
> -Original Message-
> From: "Murphy, William" 
> Date: Thu, 29 Apr 2010 10:53:01
> To: nanog@nanog.org
> Subject: Edu versus Speakeasy Speedtest
>
> I work for an Edu with multi-gigabit Internet connectivity and I get 
> questions from users saying "Why am I only getting 14Mb when I run 
> this speed test?"  I have got to believe that the various Internet 
> speed tests (Speakeasy or dslreports) are rate limited to prevent 
> someone from shutting them down.  I am able to get 300-400Mb running 
> from a PC inside my network to NDT servers located on Internet2, so 
> that tells me my border and internal network is healthy.  Can someone 
> on this list shed some light regarding reliability and accuracy of 
> these various speed tests especially for an Edu with lots'o bandwidth?  
> Thanks.
>
>  
>
> Bill Murphy
>
> University of Texas Health Science Center - Houston
>
>  
>
>
>
>
>   





RE: Home CPE choice

2010-03-31 Thread Blake Pfankuch
I'm running IPcop on a mini ITX machine (old processor out of my laptop T5500), 
a cheapo stick of memory and a sata to CF adaptor with a 4gb CF card.  All in 
all cost me about $350.  Been running IPcop's for about 6 years now on various 
hardware going back to a dual p3 500 with 256mb of ram and no complaints aside 
from ipv6 support which is slated for the 2.x branch.  I have a 50/10 cable 
line which I have kept saturated for multiple days at a time, 5 public IP's 
about 60 firewall rules and 3 network interfaces (LAN, WAN and guest wireless). 
 I migrated from a PPPOE dsl provider to cable about a year and a half ago.  
Also physically moved about that time and never powered off the device, or had 
any issues whatsoever.  

The UI is a bit weird, but once you set it up you never touch it.

17:16:19 up 568 days, 19:36, 0 users, load average: 0.00, 0.00, 0.00

-Original Message-
From: Charles N Wyble [mailto:char...@knownelement.com] 
Sent: Wednesday, March 31, 2010 4:56 PM
To: nanog@nanog.org
Subject: Home CPE choice


Hopefully this e-mail is considered operational content :)


The recent thread on the new linkys kit and ipv6 support got me thinking about 
CPE choice.

What good off the shelf solutions are out there? Should one buy the high end 
d-link/linksys/netgear products? I've had bad experiences with those (netgear 
in particular).

Should one get a "real" cisco router? The 877 or something? Maybe an ASA or the 
new small business targeted ISR (can't recall the model number off hand right 
now). There is mikrotik but I'm not so sure about the operating system.

Is there a market for a new breed of CPE running OpenWRT or pfsense on hardware 
with enough CPU/RAM to not fall over?

Granted that won't cost $79.00 at best buy. However it seems to me that decent 
CPE is going to run a couple hundred dollars in order to have sufficient 
ram/cpu.

My current home router is a cisco 1841. I keep my 6mbps DSL line pretty much 
saturated all the time. Often times my wife will be watching Hulu in the living 
room, I'll be streaming music and running torrents (granted I have tuned my 
Azures client fairly well) all at the same time and it's a good experience.  
Running that kind of traffic load through my linksys would cause it to need a 
reboot once or more a day.

What are folks here running in SOHO environments that doesn't require too 
frequent oil changes :)





RE: Network Naming Conventions

2010-03-15 Thread Blake Pfankuch
Can always call a router "packetloss".

I used to use the names of transformers ;)

-Original Message-
From: Antonio Querubin [mailto:t...@lava.net] 
Sent: Monday, March 15, 2010 12:14 PM
To: Greg Whynott
Cc: 'nanog@nanog.org'
Subject: Re: Network Naming Conventions

On Mon, 15 Mar 2010, Greg Whynott wrote:

> We use confidence inspiring names here for our devices, shakey, 
> broken, jitter, crusty

Ah, try endangered plants/animals :)

Antonio Querubin
808-545-5282 x3003
e-mail/xmpp:  t...@lava.net




RE: Linux Router distro's with dual stack capability

2010-02-10 Thread Blake Pfankuch
I actually spaced about vyatta when I wrote this email.  I have since been 
forcefully reminded.  About 30 times :)  In the process of testing it, however 
my main concern is some of the complexity of the config options.  The GUI is a 
welcome addition since 4, however I still find it a bit lacking.  I may go the 
vyatta route anyway based only on my sheer curiosity and future possible needs.

Thank you all for your input!

-Original Message-
From: Carlos A. Carnero Delgado [mailto:carloscarn...@gmail.com] 
Sent: Wednesday, February 10, 2010 9:19 PM
To: Blake Pfankuch
Cc: nanog@nanog.org
Subject: Re: Linux Router distro's with dual stack capability

Have you checked Vyatta?

HTH,
Carlos.


Linux Router distro's with dual stack capability

2010-02-10 Thread Blake Pfankuch
Anyone have some insight on a good dual stack Linux (or BSD) router distro?  
Currently using IPCop but it lacks ipv6 support.  I've used SmoothWall Express 
but not in some time and not sure how well it works with IPv6.  Not looking for 
something huge, just something for the equivalent of a small branch office.  
Site to Site VPN support and NAT translation capability for a few public IP 
addresses to private addresses are the only requirements.  Public or private 
responses are welcome!

Thanks!
Blake Pfankuch
Network Engineer



FW: Yahoo abuse

2010-02-09 Thread Blake Pfankuch
It's almost as much fun as getting them to recognize that my home mail server 
is not a bulk sender, however even after filling out their form they still 
continue to block me. 

In all seriousness my only suggestion is to fill this form out repeatedly.  My 
general experience is that they read 1 of 10 abuse reports... so...  
http://help.yahoo.com/l/us/yahoo/smallbusiness/abuse.html  

Also found they respond quicker (if at all) if you flag it as "illegal 
activity".

Good luck!

-Original Message-
From: John Peach [mailto:john-na...@johnpeach.com] 
Sent: Tuesday, February 09, 2010 5:55 AM
To: nanog@nanog.org
Subject: Yahoo abuse

Does anyone know how to get Yahoo abuse to recognize that they're hosting a 
phishing site? All I can ever get back from them is boilerplate telling me they 
know how frustrating it is to get spam, that it did not originate from them and 
how to read the headers. Not half as frustrating as their ignorance.


--
John




RE: New SPAM DOS

2010-01-08 Thread Blake Pfankuch
I too have been receiving these to my spamtrap domain...  again any ideas to 
combat this would be helpful.

-Original Message-
From: Shane Ronan [mailto:sro...@fattoc.com]
Sent: Friday, January 08, 2010 12:34 PM
To: Owen DeLong
Cc: Nanog list
Subject: Re: New SPAM DOS

I recently started receiving these as well for my domain.

Would appreciate anyone's input on what the deal is.

On Jan 8, 2010, at 2:22 PM, Owen DeLong wrote:

> At least this is new for me...
>
> I host scvrs.org on one of my servers, and, it does not have any
> outlook or owa services.  For some reason, someone decided to try and
> send this message out to various internet recipients:
>
>> Dear user of the scvrs.org mailing service!
>>
>> We are informing you that because of the security upgrade of the
>> mailing service your mailbox (x) settings were changed. In order to
>> apply the new set of settings click on the following link:
>>
>> http://scvrs.org/owa/service_directory/settings.php?email=x&from=
>> scvrs.org&fromname=wa2ibm
>>
>> Best regards, scvrs.org Technical Support.
>
> An now I'm having to clean up various blacklistings thinking that my
> server is a spamvertised web site.
>
> Anyone seen this before?  Any good techniques for combatting it?
>
> Owen
>





RE: Password repository

2009-11-19 Thread Blake Pfankuch
We have used Password Manager XP for quite some time.  It supports different 
user roles, allows security to be set per folder, the encryption levels it 
supports are insane, and it allows for a "database password" and then user 
level authentication (which can be tied to NT authentication from the 
workstation).  They also have a client for windows mobile devices.  The client 
also runs in wine exceptionally well.  You can configure it to do form filling, 
and you can define password expiration dates and it will remind you that 
passwords need changed.  Also supports the ability to define a database log, so 
that all changes can be sent off to a log server.  You can also add pretty 
detailed descriptions to the entry, and you can tie files into the entry as 
well.  Works great for attaching a private key for access to servers via SSH.  
All of the displayed fields inside of each folder are completely customizable 
and quite easy to change.  It supports multiple users pretty well, however we 
have had to restore the database from backups once when a user was writing to 
the database over SSLVPN and the connection dropped.  We have used it with a 
max of about 20 people and it worked great for that number, however as your 
database gets larger and larger it does take a while to make some changes.

-Original Message-
From: Jay Nakamura [mailto:zeusda...@gmail.com]
Sent: Wednesday, November 18, 2009 8:57 PM
To: NANOG
Subject: Password repository

Quick question, does anyone have software/combination of tools they recommend 
on centrally store various passwords securely?

Thanks.




RE: Failover how much complexity will it add?

2009-11-08 Thread Blake Pfankuch
>> -Original Message-
>> From: a...@baklawasecrets.com [mailto:a...@baklawasecrets.com]
>> Sent: Sunday, November 08, 2009 4:52 AM
>> To: nanog@nanog.org
>> Subject: Failover how much complexity will it add?
>>
>> HI,
>>
>> I was recently brought onto a project where some failover is desired, but I 
>> think that the number of connections provisioned
>> is excessive.  Also hoping to get some guidance with regards to how well I 
>> can get the failover to actually work.  So currently
>> 4 X 100Mb/s Internet connections have been provisioned.  One is to be used 
>> for general Internet, out of the organisation, it
>> also terminates VPNs from remote sites belonging to the organisation and 
>> some publicly accessible servers -routed DMZ and
>> translated IPs.  Second Internet connection to be used for a separate system 
>> which has a site-to-site VPN to a third party
>> support vendor.  Internet connections 3 and 4 are currently thought of as 
>> providing backups for one and two.  Both connections
>> firewalled by a Juniper SSG of some description.
>>
>> Now I couldn't get any good answers as to why Internet connections 1 and 2 
>> need to be separate.  I think the idea was to make
>> sure that there was enough bandwidth for the third party support VPN.  I 
>> feel that I can consolidate this into one connection
>> and just use rate limiting to reserve some portion of the bandwidth on the 
>> connection and this should be fine.  Now if I was to
>> do this then I can make a case for just having one backup Internet 
>> connection.  However I'm still concerned about failover and
>> reliability issues.  So my questions regarding this are:
>>
>> - Should I make sure that the backup Internet connection is from a separate 
>> provider?
>>

Yes yes yes yes a thousand times yes.  Depending on the criticality of internet 
connectivity you should also aim to have your redundant
connections coming from a complete separate direction.  Example, fiber from 
Level 3 come from the north in a dedicated conduit and
fiber from Verizon coming in a dedicated conduit from the south of the 
building.  Why?  Put simply we had construction ignore the
painted lines and dig up our conduit a few years back.  At that point we have 4 
bonded T1's from a single carrier.  That was a long
couple of days...  Carrier diversity is not a bad thing, spend some time 
shopping an additional provider.  Make sure they operate their
own network for last mile, and also make sure they don’t piggyback off the same 
network your main carrier does anywhere locally.
Comcast Ethernet, Verizon and Cogent make great secondary connections when you 
need high availability.  You don’t need your
secondary to have 99.999% uptime.  97% is usually good enough if it's on a 
separate network.  I wouldn't sway from the big names
for your primary connections either.

>>
>> - How can I acheive a failover which doesn't require me to change all the 
>> remote VPN endpoints in case of a failover?  Its
>> possible to configure failover VPNs on the Junipers, which should take care 
>> of this, but how do I take care of the DMZ hosts and
>> external translation?
>>

With recent experience with the Juniper SSG VPN functions put nicely they suck. 
 VPN failover is in there, but we had issues with the
tunnel staying active for extended periods of time.  Also depending on if you 
do a route based or a policy based VPN, it becomes so
much of a headache.  We used 2 SSG550 devices as a proof of concept and the one 
thing which annoyed me to no end was the complete and
total crap options within then VPN configuration.  When I typically set up a 
VPN, I use a SonicWall NSA or E-class device (yes I know
hiss boo) or an ASA.  Saying that the Juniper was lacking was a complete 
understatement.  I personally would completely avoid even
attempting VPN failover within a Juniper device.  I will say they are rock 
solid though for generic firewall functionality, just try
to keep the config simple or they turn into giant slow dogs.

>>
>> - In fact I think I'm asking what are my options with regard to failover 
>> between one Internet connection and the other?
>>

Considering you have 4x 100mbit lines, have you looked at BGP?  Even if you 
drop line 2 and its associated backup, you have 2x 100mbit
lines.  Or even if you have 3 unique carriers with a 100mbit from each of them 
it makes BGP very appealing.  I think this would be an
ideal situation for a BGP setup using a couple of small routers.  You could 
probably get away with something as small as a Cisco 3825
for each connection (purely redundancy).  If the Cisco name scares you Juniper 
routers are great as well.  Don’t forget Vyatta!

If you do BGP, you have 1 VPN to configure, you have 1 tunnel to configure, 
there is no VPN failover configuration and hopefully you
are not pushing more than 1 subnet across the VPN otherwise you end up doing a 
route based VPN instead of a policy based VPN and you
will be significantly happier.  T

RE: 大和一家[00273] ニコ動の私の動画が消される…!

2009-04-28 Thread Blake Pfankuch
Yahoo!グループからの重要なお知らせがメール下部にございます。ご確認ください。
---
What channel and network is that from.

-Original Message-
From: Leigh Porter [mailto:leigh.por...@ukbroadband.com]
Sent: Tuesday, April 28, 2009 6:45 AM
To: tamanoyam...@yahoogroups.jp
Cc: mic.davidoli...@yahoo.com.hk; barrdavidhowarde...@gmail.com; 
barrdavidhowarde...@gmail.com; mrs.larisa10...@yahoo.com.hk; 
parleypaulso...@yahoo.com.hk; henderson_mall...@yahoo.com.hk; 
chanleex...@live.com; i...@netvigator.com
Subject: Re: 大和一家[00269] ニコ動の私の動画が消される…!

Yahoo!グループからの重要なお知らせがメール下部にございます。ご確認ください。
---



13:40 <+frink> dub-MNF: I just got spammed by a similar fucktard
replying to a chinese email
13:40 <+frink> so I emailed him back
13:40 <+frink> Bad day?
13:40 <+frink> Steven Walker wrote:
13:40 <+frink> > > STOP SENDING ME BULLSHIT
13:40 < dub-MNF> yeah
13:40 <+frink> lol I got it too
13:40 <+frink> thats hilarious
13:41 < dub-MNF> and aaronfinley now
13:41 <@TestACL> frink you replied to ALL, idiot.
13:41 <+frink> Steven Walker innit
13:41 < dub-MNF> lol is that you?
13:41 <+frink> no
13:41 <+frink> I am frink innit
13:43 < dub-MNF> ffs he did it again
13:44 <+frink> coffee anybody?


Steven Walker wrote:
> STOP SENDING ME BULLSHIT
>
>
>> To: tamanoyam...@yahoogroups.jp
>> From: alamiki1...@yahoo.co.jp
>> Date: Tue, 28 Apr 2009 15:12:53 +0900
>> Subject: 大和一家[00240] ニコ動の私の動画が消される…!
>>
>> 日付 : 2009年02月03日 (火)
>> 件名 : ニコ動の私の動画が消される…!
>>    続けて書いちゃいますが。ずっと書きたかったこと。
>>
>>  
>> ニコニコ動画、みんな知ってますよね。著作者でJASRAC会員の私が推奨しちゃいけないけど、おもしろいから見てますよー。夫に無理矢理見せられてるのもあるけど。テレビ神奈川のアニメ『天体戦士サンレッド』。これおもしろいw
>>  テレビ神奈川は自ら放送済みのものをニコ動で流しているので何の問題もないです。テレビ神奈川偉い!
>>  
>> ヴァンプさん最高です!!(人が良くて天然でお料理好きで世話好きなところが、どうしても友達のゲイの子とキャラがかぶるんですが…)ピーちゃんも好き。リーサル・ウェポンだけど一度発動すると充電に8時間かかるとことか(笑)
>>
>>  で、本題。ニコ動に去年、珍しく私の曲がUPされていたのですよね。私自身も一番好きなアルバム『Say You Want 
>> Me』の中からウツ(宇都宮隆さん)が参加してくれてちょっとだけデュエット風になっている曲なのですが。『Next Time I Fall In
>>  
>> Love』。私も一度見に行きましたよー。UPしてくださった方ありがとうございます。素直に嬉しかった。だってあのアルバム廃盤なんですもん…。作詞作曲歌唱までしている者としては誰かが聴いてくれるだけでもとっても嬉しいです。あれで著作権を侵害されたなんて思わないし。逆に「ああこういう曲書くのか」って思っても
>> らえたらパブリシティではないですか。イギリスで制作した思い出も思い入れもものすごくあるあのアルバムだけでもいいから復刻して欲しい…。復刻じゃなくてもいいから曲だけでもこんなふうにネットに置きたいと思っていたのに。
>>
>>  
>> 著作物によっては映画などはネットにUPされると確かに困ります。映画を何度も何度も見る人はなかなかいない。筋がわかってしまえば終わりって方が多いでしょう。ただ音楽だけはその在り方が他の著作物と性質が違う。まず聴いてもらわないと始まらない。音楽は一度聴いて終わりものではなく、何度も何度も繰り返し楽しむ
>> もの。だからここらへんが映画などの著作物と違って、ネットを宣伝として使えるし、UPされて何度も聴いてもらって馴染んでもらうことは、私はいいことだと思っています。特に宣伝にお金も人力も何も使えないアーティストにとってはネットはすばらしい場所ではないかなあと思う。
>>
>>  で、そう思っていたところが、つい最近見に行ったら、なんと!! 削除されてました。理由は「権利者からの要請」。…誰?? 私じゃないですよ? 
>> 私は聴いてもらって喜んでいたくらいなんだから。作詞作曲歌唱すべて私です。では著作隣接権関連?
>>  演奏者とか原盤権を持っているレコード会社とか著作権管理してる出版社とか? それともJASRAC? でもJASRACKはニコ動と協定を結んだんですよね?
>>  
>> 包括契約を結ぶとかなんとか(正確に把握してませんが)。他にもたくさんの曲がUPされている中、何故私の曲(それも特にアクセス数がすごかったわけでもない)が??
>>  売れているミュージシャンのものならわかるけど…。原盤権を持っているレコード会社がわざわざ言ってくるとも思えない。だってアルバム自体が廃盤にな
>> っているのだから言う意味もない。私の曲がニコ動で流されて困る人っているんでしょうか…?? とっても謎です。
>>
>>  
>> ひろゆきさんにたずねればわかるでしょうか。私はネットやり始めた頃アクシデントで、たまたまできたばかりの2ちゃんねるにさ迷い込んで、まだ閑散としていた2ちゃんで毎晩遊んでいた時期がありました。ネットのこと知らない私はすっかり天然扱いされて、突っ込まれたり助言してもらったり、固定ハンドル(コテハン)
>> の人たちにもかわいがってもらいました(中の人知らないからみんな私をガキんちょだと思っていたらしい)。ひろゆきさんもいつもいて、私の「管理人さんていつもいるの?」って質問に「おいらは人工無脳ですよん」て答えてくれたので、それをずっと信じていた馬鹿です(笑)
>>
>>  
>> 2ちゃんねるの1周年記念パーティにもこっそり参加しましたよ。ホテルのスィートに集まったコテハンの人たちとただおしゃべりしてただけだけど。ほろ酔いのひろゆきさんに何故か頭叩かれた覚えがある(笑)
>>  一度一緒にお食事もしました。でも2ちゃんねるが大きくなるにつれすっかり疎遠になってしまいましたが。今こそ
>> 、このコネクションを使う時ではないのか? 
>> と思いましたよ。ええ、ええ。ひろゆきさん、いったい誰が私の動画を消すように申請したのですかーー??(と、ここで書いていても意味ないけど…)。とにかく謎ですわー。
>>
>>  ついでにぶっちゃけて書いちゃいますが。吉幾三さんの「おら東京さ行くだ」をサンプリングした『Get Wild』はすごいですね。とにかくうまい! 
>> MIXした人すごいです!
>>  
>> センスあります。歌詞の内容まで考慮されて幾三さんの合いの手になってるとことか笑いました。元々「おら東京さ行くだ」がラップ系だからサンプリングには持ってこいだし、どの曲ともわりと合わせ易いのだけど、『Get
>>  Wild』はその中でも秀逸。…って、私がこういうこと書いていていいのだろーか。まーいいや。
>>
>>  
>> また関係ないけどデビューしたての頃、プロモーションで吉幾三さんのラジオに出演させてもらったことがあります。とっても腰が低くて、その頃はしゃべるのが苦手だった私に対しても気にせず接してくれて、最後までにこにこと見送ってくれて優しい人だなあという印象だけは強く残ってます。何をしゃべったのかさっぱり覚
>> えてませんが(汗)
>>
>>  ということで、勢いでニコ動のこと書いちゃった。友達の出版社の○○ちゃん、ごめん。
>>
>>
>>
>>
>> -
>> Power up the Internet with Yahoo! Toolbar.
>>


ヘルプページ:   http://help.yahoo.co.jp/help/jp/groups/
グループページ: http://groups.yahoo.co.jp/group/TamanoYamato/
グループ管理者: mailto:tamanoyamato-ow...@yahoogroups.jp


・モバイル: http://rd.yahoo.co.jp/egroups/050616info/1.html
・移行手続: http://rd.yahoo.co.jp/egroups/050616info/2.html
・利用規約: http://rd.yahoo.co.jp/egroups/050616info/3.html 

---
【Yahoo!グループからのお知らせ】Yahoo!グループは7月7日にリニューアルします。
詳しくは「お知らせ」をご覧下さい。
http://groups.yahoo.co.jp/local/notice/sw.html



ヘルプページ:   http://help.yahoo.co.jp/help/jp/groups/
グループページ: http://groups.yahoo.co.jp/group/TamanoYamato/ 
グループ管理者: mailto:tamanoyamato-ow...@yahoogroups.jp 
 

・モバイル: http://rd.yahoo.co.jp/egroups/050616info/1.html
・移行手続: http://rd.yahoo.co.jp/egroups/050616info/2.html
・利用規約: http://rd.yahoo.co.jp/egroups/050616info/3.html 
 
---
【Yahoo!グループからのお知らせ】Yahoo!グループは7月7日にリニューアルします。
詳しくは「お知らせ」をご覧下さい。
http://groups.yahoo.co.jp/local/notice/sw.html




RE: 大和一家[00272] ニコ動の私の動画が消される…!

2009-04-28 Thread Blake Pfankuch
Yahoo!グループからの重要なお知らせがメール下部にございます。ご確認ください。
---
This idea pleases me.  Beer.  Oh tasty beer

-Original Message-
From: Leigh Porter [mailto:leigh.por...@ukbroadband.com]
Sent: Tuesday, April 28, 2009 6:42 AM
To: tamanoyam...@yahoogroups.jp
Cc: mic.davidoli...@yahoo.com.hk; barrdavidhowarde...@gmail.com; 
barrdavidhowarde...@gmail.com; mrs.larisa10...@yahoo.com.hk; 
parleypaulso...@yahoo.com.hk; henderson_mall...@yahoo.com.hk; 
chanleex...@live.com; i...@netvigator.com
Subject: Re: 大和一家[00268] ニコ動の私の動画が消される…!

Yahoo!グループからの重要なお知らせがメール下部にございます。ご確認ください。
---

Lets all meet up for beer and talk about this. We could form a group and
support eachother.

Steven Walker wrote:
> STOP SENDING ME BULLSHIT
>
>
>> To: tamanoyam...@yahoogroups.jp
>> From: alamiki1...@yahoo.co.jp
>> Date: Tue, 28 Apr 2009 15:12:53 +0900
>> Subject: 大和一家[00240] ニコ動の私の動画が消される…!
>>
>> 日付 : 2009年02月03日 (火)
>> 件名 : ニコ動の私の動画が消される…!
>>    続けて書いちゃいますが。ずっと書きたかったこと。
>>
>>  
>> ニコニコ動画、みんな知ってますよね。著作者でJASRAC会員の私が推奨しちゃいけないけど、おもしろいから見てますよー。夫に無理矢理見せられてるのもあるけど。テレビ神奈川のアニメ『天体戦士サンレッド』。これおもしろいw
>>  テレビ神奈川は自ら放送済みのものをニコ動で流しているので何の問題もないです。テレビ神奈川偉い!
>>  
>> ヴァンプさん最高です!!(人が良くて天然でお料理好きで世話好きなところが、どうしても友達のゲイの子とキャラがかぶるんですが…)ピーちゃんも好き。リーサル・ウェポンだけど一度発動すると充電に8時間かかるとことか(笑)
>>
>>  で、本題。ニコ動に去年、珍しく私の曲がUPされていたのですよね。私自身も一番好きなアルバム『Say You Want 
>> Me』の中からウツ(宇都宮隆さん)が参加してくれてちょっとだけデュエット風になっている曲なのですが。『Next Time I Fall In
>>  
>> Love』。私も一度見に行きましたよー。UPしてくださった方ありがとうございます。素直に嬉しかった。だってあのアルバム廃盤なんですもん…。作詞作曲歌唱までしている者としては誰かが聴いてくれるだけでもとっても嬉しいです。あれで著作権を侵害されたなんて思わないし。逆に「ああこういう曲書くのか」って思っても
>> らえたらパブリシティではないですか。イギリスで制作した思い出も思い入れもものすごくあるあのアルバムだけでもいいから復刻して欲しい…。復刻じゃなくてもいいから曲だけでもこんなふうにネットに置きたいと思っていたのに。
>>
>>  
>> 著作物によっては映画などはネットにUPされると確かに困ります。映画を何度も何度も見る人はなかなかいない。筋がわかってしまえば終わりって方が多いでしょう。ただ音楽だけはその在り方が他の著作物と性質が違う。まず聴いてもらわないと始まらない。音楽は一度聴いて終わりものではなく、何度も何度も繰り返し楽しむ
>> もの。だからここらへんが映画などの著作物と違って、ネットを宣伝として使えるし、UPされて何度も聴いてもらって馴染んでもらうことは、私はいいことだと思っています。特に宣伝にお金も人力も何も使えないアーティストにとってはネットはすばらしい場所ではないかなあと思う。
>>
>>  で、そう思っていたところが、つい最近見に行ったら、なんと!! 削除されてました。理由は「権利者からの要請」。…誰?? 私じゃないですよ? 
>> 私は聴いてもらって喜んでいたくらいなんだから。作詞作曲歌唱すべて私です。では著作隣接権関連?
>>  演奏者とか原盤権を持っているレコード会社とか著作権管理してる出版社とか? それともJASRAC? でもJASRACKはニコ動と協定を結んだんですよね?
>>  
>> 包括契約を結ぶとかなんとか(正確に把握してませんが)。他にもたくさんの曲がUPされている中、何故私の曲(それも特にアクセス数がすごかったわけでもない)が??
>>  売れているミュージシャンのものならわかるけど…。原盤権を持っているレコード会社がわざわざ言ってくるとも思えない。だってアルバム自体が廃盤にな
>> っているのだから言う意味もない。私の曲がニコ動で流されて困る人っているんでしょうか…?? とっても謎です。
>>
>>  
>> ひろゆきさんにたずねればわかるでしょうか。私はネットやり始めた頃アクシデントで、たまたまできたばかりの2ちゃんねるにさ迷い込んで、まだ閑散としていた2ちゃんで毎晩遊んでいた時期がありました。ネットのこと知らない私はすっかり天然扱いされて、突っ込まれたり助言してもらったり、固定ハンドル(コテハン)
>> の人たちにもかわいがってもらいました(中の人知らないからみんな私をガキんちょだと思っていたらしい)。ひろゆきさんもいつもいて、私の「管理人さんていつもいるの?」って質問に「おいらは人工無脳ですよん」て答えてくれたので、それをずっと信じていた馬鹿です(笑)
>>
>>  
>> 2ちゃんねるの1周年記念パーティにもこっそり参加しましたよ。ホテルのスィートに集まったコテハンの人たちとただおしゃべりしてただけだけど。ほろ酔いのひろゆきさんに何故か頭叩かれた覚えがある(笑)
>>  一度一緒にお食事もしました。でも2ちゃんねるが大きくなるにつれすっかり疎遠になってしまいましたが。今こそ
>> 、このコネクションを使う時ではないのか? 
>> と思いましたよ。ええ、ええ。ひろゆきさん、いったい誰が私の動画を消すように申請したのですかーー??(と、ここで書いていても意味ないけど…)。とにかく謎ですわー。
>>
>>  ついでにぶっちゃけて書いちゃいますが。吉幾三さんの「おら東京さ行くだ」をサンプリングした『Get Wild』はすごいですね。とにかくうまい! 
>> MIXした人すごいです!
>>  
>> センスあります。歌詞の内容まで考慮されて幾三さんの合いの手になってるとことか笑いました。元々「おら東京さ行くだ」がラップ系だからサンプリングには持ってこいだし、どの曲ともわりと合わせ易いのだけど、『Get
>>  Wild』はその中でも秀逸。…って、私がこういうこと書いていていいのだろーか。まーいいや。
>>
>>  
>> また関係ないけどデビューしたての頃、プロモーションで吉幾三さんのラジオに出演させてもらったことがあります。とっても腰が低くて、その頃はしゃべるのが苦手だった私に対しても気にせず接してくれて、最後までにこにこと見送ってくれて優しい人だなあという印象だけは強く残ってます。何をしゃべったのかさっぱり覚
>> えてませんが(汗)
>>
>>  ということで、勢いでニコ動のこと書いちゃった。友達の出版社の○○ちゃん、ごめん。
>>
>>
>>
>>
>> -
>> Power up the Internet with Yahoo! Toolbar.
>>


ヘルプページ:   http://help.yahoo.co.jp/help/jp/groups/
グループページ: http://groups.yahoo.co.jp/group/TamanoYamato/
グループ管理者: mailto:tamanoyamato-ow...@yahoogroups.jp


・モバイル: http://rd.yahoo.co.jp/egroups/050616info/1.html
・移行手続: http://rd.yahoo.co.jp/egroups/050616info/2.html
・利用規約: http://rd.yahoo.co.jp/egroups/050616info/3.html 

---
【Yahoo!グループからのお知らせ】Yahoo!グループは7月7日にリニューアルします。
詳しくは「お知らせ」をご覧下さい。
http://groups.yahoo.co.jp/local/notice/sw.html



ヘルプページ:   http://help.yahoo.co.jp/help/jp/groups/
グループページ: http://groups.yahoo.co.jp/group/TamanoYamato/ 
グループ管理者: mailto:tamanoyamato-ow...@yahoogroups.jp 
 

・モバイル: http://rd.yahoo.co.jp/egroups/050616info/1.html
・移行手続: http://rd.yahoo.co.jp/egroups/050616info/2.html
・利用規約: http://rd.yahoo.co.jp/egroups/050616info/3.html 
 
---
【Yahoo!グループからのお知らせ】Yahoo!グループは7月7日にリニューアルします。
詳しくは「お知らせ」をご覧下さい。
http://groups.yahoo.co.jp/local/notice/sw.html




Yahoo mail admin

2009-04-21 Thread Blake Pfankuch
Can I get a yahoo mail services admin to contact me off list?  the normal 
channels have been getting me nowhere.  "a representative will be in touch with 
you in a few days" has been going on for about 2 weeks.

Blake Pfankuch
Connecting Point of Greeley
Network Engineer
970-356-7224
[cid:image001.gif@01C9C2B5.E5BDA550]

<>

RE: Level3 funkiness

2009-04-15 Thread Blake Pfankuch
 2  dvr-edge-05.inet.qwest.net (72.165.27.181)  27.696 ms  27.688 ms  28.022 ms
 3  dvr-core-01.inet.qwest.net (205.171.10.89)  28.010 ms  28.001 ms  27.990 ms
 4  * * 67.14.2.89 (67.14.2.89)  50.773 ms
 5  xe-8-2-0.edge2.dallas3.level3.net (4.68.63.53)  51.120 ms 
xe-8-1-0.edge2.dallas3.level3.net (4.68.63.49)  51.107 ms  51.099 ms
 6  vlan79.csw2.Dallas1.Level3.net (4.68.19.126)  56.763 ms  37.806 ms 
vlan89.csw3.Dallas1.Level3.net (4.68.19.190)  33.368 ms
 7  ae-82-82.ebr2.Dallas1.Level3.net (4.69.136.145)  35.514 ms 
ae-72-72.ebr2.Dallas1.Level3.net (4.69.136.141)  44.125 ms 
ae-62-62.ebr2.Dallas1.Level3.net (4.69.136.137)  44.120 ms
 8  ae-2.ebr1.Denver1.Level3.net (4.69.132.105)  50.913 ms  50.895 ms  50.522 ms
 9  ge-6-0.hsa1.Denver1.Level3.net (4.68.107.3)  45.675 ms !H 
ge-6-1.hsa1.Denver1.Level3.net (4.68.107.67)  46.875 ms !H *



-Original Message-
From: J. Oquendo [mailto:s...@infiltrated.net]
Sent: Wednesday, April 15, 2009 1:36 PM
To: nanog@nanog.org
Subject: Level3 funkiness


Anyone else experience sporadic funkiness via
Level3? I can't even reach the main website from who
knows how many networks I've tried. Also friends
and former colleagues have tried to reach the site
to no avail.

One of my machines on AT&T:
# traceroute level3.net
traceroute to level3.net (63.211.236.36), 30 hops max, 40 byte packets

 4  cr1.n54ny.ip.att.net (12.122.105.58)  11.285 ms  21.702 ms  21.477 ms
 5  ggr2.n54ny.ip.att.net (12.122.131.141)  12.712 ms  10.194 ms  16.393 ms
 6  so-8-0-0.car3.NewYork1.Level3.net (4.68.127.149)  9.975 ms  10.019 ms  
10.833 ms
 7  vlan79.csw2.NewYork1.Level3.net (4.68.16.126)  10.162 ms  10.189 ms  14.474 
ms
 8  ae-71-71.ebr1.NewYork1.Level3.net (4.69.134.69)  15.763 ms  11.166 ms  
9.725 ms
 9  ae-3-3.ebr4.Washington1.Level3.net (4.69.132.93)  16.139 ms  30.616 ms  
16.275 ms
10  ae-64-64.csw1.Washington1.Level3.net (4.69.134.178)  15.684 ms 
ae-74-74.csw2.Washington1.Level3.net (4.69.134.182)  21.870 ms 
ae-84-84.csw3.Washington1.Level3.net (4.69.134.186)  28.729 ms
11  ae-92-92.ebr2.Washington1.Level3.net (4.69.134.157)  17.035 ms 
ae-62-62.ebr2.Washington1.Level3.net (4.69.134.145)  17.041 ms 
ae-72-72.ebr2.Washington1.Level3.net (4.69.134.149)  21.940 ms
12  ae-2-2.ebr2.Chicago2.Level3.net (4.69.132.69)  31.671 ms  42.407 ms  45.774 
ms
13  ae-1-100.ebr1.Chicago2.Level3.net (4.69.132.113)  31.922 ms  32.115 ms  
38.135 ms
14  ae-3.ebr2.Denver1.Level3.net (4.69.132.61)  75.265 ms  67.528 ms  67.937 ms
15  ge-9-0.hsa1.Denver1.Level3.net (4.68.107.35)  62.587 ms !H 
ge-9-1.hsa1.Denver1.Level3.net (4.68.107.99)  62.543 ms !H 
ge-9-2.hsa1.Denver1.Level3.net (4.68.107.163)  75.797 ms !H


(From Texas through Above.net)
$ traceroute level3.net|tail -n 1
traceroute to level3.net (63.211.236.36), 64 hops max, 40 byte packets
11  ge-6-2.hsa1.Denver1.Level3.net (4.68.107.131)  21.473 ms !H * 
ge-6-0.hsa1.Denver1.Level3.net (4.68.107.3)  21.547 ms !H

Confirmed it can't be reached from Travelers Ins, The
Hartford, none of my connections. Anyone else seeing
issues? I'm seeing drop off from clients going through
their Atlanta interconnects with Charter and two other
providers, which I can't make sense of. I DO KNOW they
experienced some sort of issue with a TDM switch or so
they said... Very broad statements: "We know teh
interwebs are down please stand by"

I know websites are one thing, but the chances of the
website going down, a TDM switch being wacky and now
clients traversing their networks complaining all at
once seems a little out of the ordinary.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E





Cox Abuse Contact

2009-03-03 Thread Blake Pfankuch
Can someone from the Cox Cable Abuse department contact me off list in regards 
to an account in Rhode Island?

Blake Pfankuch
Network Engineer
[cid:image001.gif@01C99C47.5ECB1B70]

<>

Documentation of switch maps

2009-02-26 Thread Blake Pfankuch
Howdy.

Had a customer come to me this morning who wanted to create a document for 
their switching infrastructure and thought I would bounce it off the rest of 
the world on how you usually do this.  Typically I use a spreadsheet with 
outlines to define the "switch" and then outlines for the ports and color 
coding for vlan's as well as a description of the port.  Curious what other 
people are doing, as this would be a huge undertaking for a customer who is 
using an entire /19 of rfc 1918 ip addresses and has well over 150 switches and 
40 active vlans.  The want to be able to look at this document and pull up any 
switch and look at the port and be able to see what vlan the port is on, as 
well as what device it is connected to as well as port channel membership, 
trunks and other fun things like that.  Needless to say their documentation is 
lacking on the physical connectivity however their cisco infrastructure does 
have labels on every port that goes to a named device outside of the DHCP 
pools.  Thoughts?

Thanks,
Blake Pfankuch


RE: comcast price check

2009-02-21 Thread Blake Pfankuch
Ok lets clarify.  Comcast recently started offering Ethernet (read fiber 
delivery) circuits.  Anyone know about stability and pricing on these.  Please 
exclude all the commentary on any Comcast services that are "cable" based.

-Original Message-
From: ChrisSerafin [mailto:ch...@chrisserafin.com]
Sent: Saturday, February 21, 2009 12:46 PM
To: Blake Pfankuch
Cc: Brielle Bruns; NANOG list
Subject: Re: comcast price check

I have a client that has a number of business AT&T DSL and Comcast
cable  circuits for small remote VPN sites.AT&T is great, rarely
goes down

Their Comcast circuits ALWAYS go down and are problems upstream per Comcast.

I 'm not sure how much they cost thought, sorry.

Chris Serafin




Blake Pfankuch wrote:
> Back to the original topic on price.  I am interested in this as well as we 
> are looking for a failover network and had actually talked with Comcast.  
> They were doing the work to see how far they had to trench.
>
> Does anyone out there actually use their Ethernet services?  How stable are 
> they?  Good pricing?
>
>
>
> -Original Message-
> From: Brielle Bruns [mailto:br...@2mbit.com]
> Sent: Saturday, February 21, 2009 8:42 AM
> To: NANOG list
> Subject: Re: comcast price check
>
> On 2/20/09 11:36 PM, Andrew Prowant wrote:
>
>> Yes, Comcast started providing transit late last year.  A couple hosting
>> providers have connectivity to them here in Chicago. FDCServers.net has
>> 30Gbps or 40Gbps to them.
>>
>>
>
>
> *raises an eyebrow*
>
> FDCservers.net eh?  That's always reassuring.
>
> Given my past experiences with them, I'm not sure I'd want to use them
> as a 'great example'.
>
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
>
>
> 
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.237 / Virus Database: 270.11.1/1962 - Release Date: 02/20/09 
> 07:26:00
>
>




RE: Consumer broadband please move (was:Re: comcast price check)

2009-02-21 Thread Blake Pfankuch
The original inquiry was aimed at comcast's Ethernet service, which no one has 
actually responded to and the whole thread turned south from there.

>> Does any one here use comcast's ethernet services?
>> If so, what is their price range?
>>
>>
>> Thanks in advance.

-Original Message-
From: mike [mailto:mike-na...@tiedyenetworks.com]
Sent: Saturday, February 21, 2009 10:15 AM
Cc: NANOG list
Subject: Consumer broadband please move (was:Re: comcast price check)




Steven M. Bellovin wrote:
> On Sat, 21 Feb 2009 11:52:23 -0500
> Steven King  wrote:
>
>
>> I can't even get reliable home cable internet service from them. No
>> way I would ever consider using them for transit. I would only
>> consider a stub peer with them to help out the poor Comcast customers
>> who are also trying to get to my data centers.
>>
>>
Guys, I mean no offense, but this discussion probabbly belongs on a home
user oriented forum like broadbandreports.com or similar.

Thanks.




RE: comcast price check

2009-02-21 Thread Blake Pfankuch
Maybe it just depends on the area I have had Comcast Business Class at my 
residences through the past 7 years with no problems at all.  Infact my current 
connection has almost a better uptime than our t1's at our office.  Connected 
(165d 13h 29m 37s) with 16/2 minimum speed.  I personally would use Comcast 
over Global Crossing based on personal experience :P  Ive got a /29 awesome 
reliability and the name of my business rep who I can call when I need 
something.  $99 a month doesn't seem bad for that.

-Original Message-
From: Steven King [mailto:sk...@kingrst.com]
Sent: Saturday, February 21, 2009 9:52 AM
To: Owen DeLong
Cc: NANOG list
Subject: Re: comcast price check

I can't even get reliable home cable internet service from them. No way
I would ever consider using them for transit. I would only consider a
stub peer with them to help out the poor Comcast customers who are also
trying to get to my data centers.

Owen DeLong wrote:
> Fair warning, Comcast is totally into the bait and switch game.
> Talk to any 3 people at Comcast and you will receive at least 4
> different answers about what is or isn't included.
>
> Having a particular offer in writing makes no difference to them.
>
> I will be contacting the Santa Clara County District Attorney about
> my experiences with Comcast in violation of CA B&P code S17500
> soon. I spent the last two months trying repeatedly to get Comcast
> to recognize and live up to their obligations under the offer they
> originally extended to me.  They waffled for a very long time before
> I finally reached someone who flat-out told me that they were not
> ever going to deliver what was promised.
>
> Owen
>
> On Feb 20, 2009, at 8:26 PM, John Martinez wrote:
>
>> Does any one here use comcast's ethernet services?
>> If so, what is their price range?
>>
>>
>> Thanks in advance.
>>
>>
>
>

--
Steve King

Network Engineer - Liquid Web, Inc.
Cisco Certified Network Associate
CompTIA Linux+ Certified Professional
CompTIA A+ Certified Professional





RE: comcast price check

2009-02-21 Thread Blake Pfankuch
Back to the original topic on price.  I am interested in this as well as we are 
looking for a failover network and had actually talked with Comcast.  They were 
doing the work to see how far they had to trench.

Does anyone out there actually use their Ethernet services?  How stable are 
they?  Good pricing?



-Original Message-
From: Brielle Bruns [mailto:br...@2mbit.com]
Sent: Saturday, February 21, 2009 8:42 AM
To: NANOG list
Subject: Re: comcast price check

On 2/20/09 11:36 PM, Andrew Prowant wrote:
> Yes, Comcast started providing transit late last year.  A couple hosting
> providers have connectivity to them here in Chicago. FDCServers.net has
> 30Gbps or 40Gbps to them.
>


*raises an eyebrow*

FDCservers.net eh?  That's always reassuring.

Given my past experiences with them, I'm not sure I'd want to use them
as a 'great example'.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org




RE: Private use of non-RFC1918 IP space

2009-02-02 Thread Blake Pfankuch
Using public IP space in general is typically just asking for trouble.  I 
worked with an "ISP" once who decided to use 192.0.0.0/24 for IP's to customers 
who didn't need a static ip.  They did it not knowing what they were doing (oh 
you mean 192.0.0.0/8 isnt rfc1918) but very quickly they had to change it.  In 
our current customer base we have run into it a few times where someone is 
using non rfc1918 space internally and propose changing it very quick as we 
have had several customers who don't know it, but need to get to something in 
that public space.

If you happen to be the funny guy who uses an IP range from some tiny foreign 
off the wall country because "we will never need to connect to their IP space" 
remember that IP address allocations change and you won't think it's so funny 
when the company who provides your anti-virus moves their update servers to 
match your internal IP space.

> There are sometimes good reasons to do this, for instance to ensure
> uniqueness in the face of mergers and acquisitions.

If you are going to force uniqueness and one of the parties in the merger was 
super smart in their original deployment and decided to use 10.0.0.0/8 for 
their network of 300 machines, force them to change to something smarter.  
Remind them how layer 3 networks inside of a single building work.  Even if a 
network is not publically seen, you have to keep in mind how many machines see 
it while they might see a public network.  A specific customer had a 
216.xx.xx.0/24 network for their private production network.  Their internal 
router also saw it and had an ACL on who could access it.  Meaning their entire 
staff couldn't get to their collocated webserver when their provider re 
addressed that floor in the datacenter.

All rambling aside, its much easier to renumber on the front end opposed to 
ending up with VPN natting that makes you cry on the inside.  Think of the 
person who will take over your network when you eventually leave your position.

>This is a bit off-topic, but I thought I'd mention that this is one reason I 
>recommend use of the 172.16/12 block to people building
>or renumbering enterprise networks. Most people seem to use 10/8 in large 
>organizations and 192.168/16 in smaller ones, so it raises
>your chances of not having to get into heavy natting down the road. My theory 
>on this is that most people who don't deal with CIDR on
>a daily basis find the /12 netmask a bit confusing and just avoid the block at 
>all.

Also a good point.  Most of "support engineers" I run into think that 
172.24.0.0 is public IP space.

-Original Message-
From: D'Arcy J.M. Cain [mailto:da...@druid.net]
Sent: Monday, February 02, 2009 10:20 AM
To: sth...@nethelp.no
Cc: nanog@nanog.org
Subject: Re: Private use of non-RFC1918 IP space

On Mon, 02 Feb 2009 18:03:57 +0100 (CET)
sth...@nethelp.no wrote:
> > What reason could you possibly have to use non RFC 1918 space on a
> > closed network?  It's very bad practice - unfortunately I do see it done
> > sometimes
>
> There are sometimes good reasons to do this, for instance to ensure
> uniqueness in the face of mergers and acquisitions.

How does that help?  If you are renumbering due to a merger, couldn't
you just agree on separate private space just as easily?

--
D'Arcy J.M. Cain  |  Democracy is three wolves
http://www.druid.net/darcy/|  and a sheep voting on
+1 416 425 1212 (DoD#0082)(eNTP)   |  what's for dinner.




RE:

2009-01-12 Thread Blake Pfankuch
Laughing at me.  You make me cry on the inside.

-Original Message-
From: Aaron Imbrock [mailto:aimbr...@gmail.com]
Sent: Sunday, January 11, 2009 11:12 PM
To: NANOG@nanog.org
Subject:

Stop






RE: Level 3 issues

2008-12-28 Thread Blake Pfankuch
I have heard this story several times.  The train derailment was yesterday in 
New York unless it has not made it to news.google.com on a search for train 
derail.  Issues did not start until 1030 MST.  It seems highly unlikely that a 
train derailment yesterday caused major network issues today.

-Original Message-
From: Alex H. Ryu [mailto:r.hyuns...@ieee.org]
Sent: Sunday, December 28, 2008 2:44 PM
To: Blake Pfankuch
Cc: Derek Bodner; nanog@nanog.org
Subject: Re: Level 3 issues

It seems that there was fiber cut because of train derailment around NY
area.

Alex



Blake Pfankuch wrote:
> Any word on the actual cause of the issue?
>
> From: Derek Bodner [mailto:subscribedli...@derekbodner.com]
> Sent: Sunday, December 28, 2008 11:53 AM
> To: Blake Pfankuch
> Cc: Jon Wolberg; Jason Cheslock; nanog@nanog.org
> Subject: Re: Level 3 issues
>
> Looks like most providers here in the east coast are routing through level3 
> again, and I'm not seeing any packet loss or latency anymore.
> On Sun, Dec 28, 2008 at 1:47 PM, Blake Pfankuch 
> mailto:bpfank...@cpgreeley.com>> wrote:
> Seems to be normalizing here in Colorado as well, however still having 
> occasional packet loss to NY.
>
> -Original Message-
> From: Jon Wolberg 
> [mailto:j...@defenderhosting.com<mailto:j...@defenderhosting.com>]
> Sent: Sunday, December 28, 2008 11:40 AM
> To: Jason Cheslock
> Cc: nanog@nanog.org<mailto:nanog@nanog.org>
> Subject: Re: Level 3 issues
>
> Confirmed here as well.
>
>
> Jon
>
>
> - Original Message -
> From: "Jason Cheslock" mailto:sangrevie...@gmail.com>>
> To: "marco" mailto:ma...@zero11.com>>
> Cc: nanog@nanog.org<mailto:nanog@nanog.org>
> Sent: Sunday, December 28, 2008 1:35:45 PM GMT -05:00 US/Canada Eastern
> Subject: Re: Level 3 issues
>
> According to L3, this issue should be fixed and we should start seeing
>
>
>> the traffic normalizing.
>> Can anyone confirm?
>>
>
> Here in Richmond Virginia, everything seems to be back to normal now.
>  Traffic coming from my Comcast connection can get through L3 now.
>
>
>  7 11 ms 13 ms 11 ms 
> te-0-3-0-0-cr01.mclean.va.ibone.comcast.net<http://te-0-3-0-0-cr01.mclean.va.ibone.comcast.net>
>  [68.
> 86.91.121]
>  8 10 ms 11 ms 12 ms 
> xe-11-1-0.edge1.Washington1.Level3.net<http://xe-11-1-0.edge1.Washington1.Level3.net>
>  [4.79.231
> .9]
>  9 12 ms 17 ms 18 ms 
> vlan89.csw3.Washington1.Level3.net<http://vlan89.csw3.Washington1.Level3.net> 
> [4.68.17.190]
>
>  10 12 ms 17 ms 17 ms 
> ae-84-84.ebr4.Washington1.Level3.net<http://ae-84-84.ebr4.Washington1.Level3.net>
>  [4.69.134.1
> 85]
>  11 16 ms 26 ms 16 ms 
> ae-3-3.ebr1.NewYork1.Level3.net<http://ae-3-3.ebr1.NewYork1.Level3.net> 
> [4.69.132.94]
>  12 32 ms 30 ms 17 ms 
> ae-81-81.csw3.NewYork1.Level3.net<http://ae-81-81.csw3.NewYork1.Level3.net> 
> [4.69.134.74]
>
>  13 15 ms 19 ms 16 ms 
> ae-3-89.edge1.NewYork1.Level3.net<http://ae-3-89.edge1.NewYork1.Level3.net> 
> [4.68.16.142]
>
>
>
> --
> Derek Bodner
> subscribedli...@derekbodner.com<mailto:subscribedli...@derekbodner.com>
>
>
>
>




RE: Level 3 issues

2008-12-28 Thread Blake Pfankuch
Any word on the actual cause of the issue?

From: Derek Bodner [mailto:subscribedli...@derekbodner.com]
Sent: Sunday, December 28, 2008 11:53 AM
To: Blake Pfankuch
Cc: Jon Wolberg; Jason Cheslock; nanog@nanog.org
Subject: Re: Level 3 issues

Looks like most providers here in the east coast are routing through level3 
again, and I'm not seeing any packet loss or latency anymore.
On Sun, Dec 28, 2008 at 1:47 PM, Blake Pfankuch 
mailto:bpfank...@cpgreeley.com>> wrote:
Seems to be normalizing here in Colorado as well, however still having 
occasional packet loss to NY.

-Original Message-
From: Jon Wolberg 
[mailto:j...@defenderhosting.com<mailto:j...@defenderhosting.com>]
Sent: Sunday, December 28, 2008 11:40 AM
To: Jason Cheslock
Cc: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: Re: Level 3 issues

Confirmed here as well.


Jon


- Original Message -
From: "Jason Cheslock" mailto:sangrevie...@gmail.com>>
To: "marco" mailto:ma...@zero11.com>>
Cc: nanog@nanog.org<mailto:nanog@nanog.org>
Sent: Sunday, December 28, 2008 1:35:45 PM GMT -05:00 US/Canada Eastern
Subject: Re: Level 3 issues

According to L3, this issue should be fixed and we should start seeing

> the traffic normalizing.
> Can anyone confirm?

Here in Richmond Virginia, everything seems to be back to normal now.
 Traffic coming from my Comcast connection can get through L3 now.


 7 11 ms 13 ms 11 ms 
te-0-3-0-0-cr01.mclean.va.ibone.comcast.net<http://te-0-3-0-0-cr01.mclean.va.ibone.comcast.net>
 [68.
86.91.121]
 8 10 ms 11 ms 12 ms 
xe-11-1-0.edge1.Washington1.Level3.net<http://xe-11-1-0.edge1.Washington1.Level3.net>
 [4.79.231
.9]
 9 12 ms 17 ms 18 ms 
vlan89.csw3.Washington1.Level3.net<http://vlan89.csw3.Washington1.Level3.net> 
[4.68.17.190]

 10 12 ms 17 ms 17 ms 
ae-84-84.ebr4.Washington1.Level3.net<http://ae-84-84.ebr4.Washington1.Level3.net>
 [4.69.134.1
85]
 11 16 ms 26 ms 16 ms 
ae-3-3.ebr1.NewYork1.Level3.net<http://ae-3-3.ebr1.NewYork1.Level3.net> 
[4.69.132.94]
 12 32 ms 30 ms 17 ms 
ae-81-81.csw3.NewYork1.Level3.net<http://ae-81-81.csw3.NewYork1.Level3.net> 
[4.69.134.74]

 13 15 ms 19 ms 16 ms 
ae-3-89.edge1.NewYork1.Level3.net<http://ae-3-89.edge1.NewYork1.Level3.net> 
[4.68.16.142]



--
Derek Bodner
subscribedli...@derekbodner.com<mailto:subscribedli...@derekbodner.com>


RE: Level 3 issues

2008-12-28 Thread Blake Pfankuch
Seems to be normalizing here in Colorado as well, however still having 
occasional packet loss to NY.

-Original Message-
From: Jon Wolberg [mailto:j...@defenderhosting.com]
Sent: Sunday, December 28, 2008 11:40 AM
To: Jason Cheslock
Cc: nanog@nanog.org
Subject: Re: Level 3 issues

Confirmed here as well.


Jon


- Original Message -
From: "Jason Cheslock" 
To: "marco" 
Cc: nanog@nanog.org
Sent: Sunday, December 28, 2008 1:35:45 PM GMT -05:00 US/Canada Eastern
Subject: Re: Level 3 issues

According to L3, this issue should be fixed and we should start seeing

> the traffic normalizing.
> Can anyone confirm?

Here in Richmond Virginia, everything seems to be back to normal now.
 Traffic coming from my Comcast connection can get through L3 now.


  7 11 ms 13 ms 11 ms te-0-3-0-0-cr01.mclean.va.ibone.comcast.net [68.
86.91.121]
  8 10 ms 11 ms 12 ms xe-11-1-0.edge1.Washington1.Level3.net [4.79.231
.9]
  9 12 ms 17 ms 18 ms vlan89.csw3.Washington1.Level3.net [4.68.17.190]

 10 12 ms 17 ms 17 ms ae-84-84.ebr4.Washington1.Level3.net [4.69.134.1
85]
 11 16 ms 26 ms 16 ms ae-3-3.ebr1.NewYork1.Level3.net [4.69.132.94]
 12 32 ms 30 ms 17 ms ae-81-81.csw3.NewYork1.Level3.net [4.69.134.74]

 13 15 ms 19 ms 16 ms ae-3-89.edge1.NewYork1.Level3.net [4.68.16.142]



RE: Level 3 issues

2008-12-28 Thread Blake Pfankuch
Ive got connection issues from Colorado to new York on level3 that have been 
restored, but still nothing from Chicago to Colorado, and way too many other 
places to list.  Anyone have a ticket number with level3?

-Original Message-
From: Pierre-Henri [mailto:phac...@gmail.com]
Sent: Sunday, December 28, 2008 11:06 AM
To: marco
Cc: nanog@nanog.org
Subject: Re: Level 3 issues

marco a écrit :
> is anyone having issues with Level3?
>
>
hi,
theplanet.com and many websites (cnn.com ; amazon.com ; ... ) have not
been accessible from France (Orange, home connection) for about 30 minutes.
Don't know if there is a link with your question, but .


Pierre-Henri




RE: Comcast DNS

2008-12-08 Thread Blake Pfankuch
Having paid attention to this thread, im having issues with all pop3 
communication to google mail severs for about the past 24 hours for another 
email account.  Noticed it when outlook started throwing send and receive 
errors before I went to sleep last night.

-Original Message-
From: Mike Lewinski [mailto:[EMAIL PROTECTED]
Sent: Monday, December 08, 2008 9:48 PM
To: nanog@nanog.org
Subject: Re: Comcast DNS

There are issues between Google and Comcast in the Denver area for at
least the last 12 hours. Pages are sporadically stalling before load
(indefinitely as far as I can tell). I found a gmail message I'd sent
more than 30 minutes prior still processing. This is affecting all
google services that I've tried so far.

However, I don't see any evidence this problem is DNS-related, and have
not otherwise been experiencing name resolution problems or had any
other recent Comcast connectivity issues.

So, if there's a clue-wielder from either company around, I'm happy to
provide traces and dumps if you want to ping me offlist.




RE: VoIP E911 - was: Telecom Collapse?

2008-12-04 Thread Blake Pfankuch
I would agree on that, my voip setup at my house took several faxes back and 
forth to the provider to get it working right.  Then it took a week for the 911 
dispatch center to actually see my address as correct when I placed test calls.

-Original Message-
From: Jeremy Jackson [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2008 7:22 AM
To: Mike Lyon
Cc: nanog@nanog.org
Subject: VoIP E911 - was: Telecom Collapse?

With one provider in Canada at least, the E911 address to phone number
registration is a large bureaucratic manual process, likely involving
fax machines.

Meanwhile, the ILEC presumably has an address in a database for the
loop...

So, I wonder about more direct access to PSAPs by CLEC, anywhere from
dark fibre to database API?

On Wed, 2008-12-03 at 23:10 -0800, Mike Lyon wrote:
> That makes two of us...
>
> Anyways, for residential VOIP, where are we these days with E911? Are
> providers like Vonage and such providing reliable E911 when people
> call 911? That is one of the major problems I see with the residential
> realm going with VOIP offerings...
>
> -Mike

--
Jeremy Jackson
Coplanar Networks
(519)489-4903
http://www.coplanar.net
[EMAIL PROTECTED]





RE: an over-the-top data center

2008-12-02 Thread Blake Pfankuch
I would agree with the psychological effects.  That would be a downside to 
working in a place that aside from that is so unbelievably kickass.

-Original Message-
From: Jeff Shultz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2008 1:28 PM
To: NANOG list
Subject: Re: an over-the-top data center

Marshall Eubanks wrote:
>
>
> On Dec 2, 2008, at 2:25 PM, Brian Raaen wrote:
>
>> Maybe it isn't dry ice Maybe it is from liquid oxygen, in which
>> case it
>> better be a smoke free workplace.
>>
>
> This is of course off-off-topic, but I would suspect the room
> temperature ultrasonic
> misters, not dry ice or wood smoke.
>

I'd be more worried about the artificial waterfalls... the sound of
flowing water has an established physiological effect.

Um... where's the bathroom?

--
Jeff Shultz





RE: Qwest Issues?

2008-11-24 Thread Blake Pfankuch
Anything that might narrow down the region?  Perhaps a state?  Im seeing sprint 
issues (who isn't) but nothing with my qwest t's in Colorado, or the link to a 
datacenter in seattle.

-Original Message-
From: Matthew Elmore [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2008 3:07 PM
To: nanog
Subject: Re: Qwest Issues?

No problems here

On Nov 24, 2008, at 4:01 PM, [EMAIL PROTECTED] wrote:

> Anyone else seeing Qwest issues? Lost routing at about 2:09PM CST
>
> Route back dies at cer-core-01.inet.qwest.net
>
>





RE: Go daddy mail services admin

2008-10-01 Thread Blake Pfankuch
Thank you all for your help.  The issue is now resolved, in an ass backwards 
sort of way.  We purchased a VPS and set up a smtp proxy on an obscure port and 
mail is now being processed.

-Original Message-
From: Matthew Huff [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 8:34 AM
To: 'Jeff Kinz'; Blake Pfankuch
Cc: 'nanog@nanog.org'
Subject: RE: Go daddy mail services admin

We encountered some mail systems  where they checked each hop in the received 
list and if each and every one could not be reverse resolved, the mail would 
bounce. And even if they resolved, they were checked against the PBL. We had to 
add some internal mail servers to our external dns because of this. I would 
have preferred just to let the mail bounce, but since they were customers, we 
had to bend.

Designing a mail system that paranoid is certainly up to individual sites, but 
they shouldn't be surprised when legitimate mail bounces. Even if you are doing 
this, it should be to setup a score and mark the header, rather than bouncing.


Matthew Huff   | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
www.ox.com | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139


-Original Message-
From: Jeff Kinz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2008 10:17 AM
To: Blake Pfankuch
Cc: nanog@nanog.org
Subject: Re: Go daddy mail services admin

On Tue, Sep 30, 2008 at 07:21:52AM -0600, Blake Pfankuch wrote:
> Amazingly its not a route problem.  Its actually confirmed an issue
> with the mail server.  Hense me asking for a mail services admin.  The
> issue is confirmed from 3 locations with 3 different ISP's and I do
> actually know whats going on.  I can connect to the server, but it
> will not allow me to send messages, even when authenticated.  Returns
> a 554.  It has been doing this with legitimate mail.  They do not have
> the ability to send outbound as they get a 554 from their home office.
> The secondary smtp server links me to spamhaus saying that it will not
> allow relay based on an existing PBL entry.  The PBL entry is because
> it's a residential DHCP connection, and the PBL entry was put in place
> by the isp.  Please see http://www.spamhaus.org/pbl/query/PBL191963 if
> you have questions.
>
> So.  Again.  Looking for a GoDaddy Mail services Admin.

Hi Blake -

With Godaddy The 554 code is a tipoff.
Does the error also contain the text:
SMTP error from remote mail server after end of data:
host smtp.where.secureserver.net [xx.xx.xx.xx]:
554 The message was rejected because it contains prohibited virus or spam 
content


GoDaddy has an unusual policy of rejecting any email that mentions anything 
that resolves to an IP address on the PBL list

Note this means any text string with the email body itself, not the originating 
IP of the email.

Any text, a URL or a even a dotted quad that resolves to the PBL list will 
cause the email to blocked.

By way of example, this policy blocks emails from amazon ec2 merchants even if 
the email only mentions a web site hosted at ec2, and the email itself is from 
a static web server with proper MX records.

They have been contacted multiple times over the years about this issue and 
refuse to change their policy.  The PBL list explicitly describes how to use 
their list and this way of using it is incorrect.  The PBL list is supposed to 
be used to check the IP address of the system actually delivering the email to 
your server, not the contents of the email.

Based on their long term refusal to adjust their policy to conform to PBL 
intended usage of the list I suspect this issue cannot be corrected.  The only 
answer I have found is to inform the affected people they have to move from 
GoDaddy to a company that does a better job to correct the problem.

If this is NOT the issue creating your problem, then you may be able to get 
GoDaddy to do something to help.

Good luck.
Jeff Kinz.







RE: Go daddy mail services admin

2008-09-30 Thread Blake Pfankuch
Apologies about my response if it sounded a bit terse.  I got about 30 private 
replies of "can you ping it?  Can you telnet the smtp port?"

-Original Message-
From: Frank Bulk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2008 10:02 AM
To: Blake Pfankuch; nanog@nanog.org
Subject: RE: Go daddy mail services admin

Blake:

Sorry -- when you wrote "communicate" it wasn't clear if you had L3
connectivity to that server or not.

All the best!

Frank

-Original Message-
From: Blake Pfankuch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2008 8:22 AM
To: Frank Bulk; nanog@nanog.org
Subject: RE: Go daddy mail services admin

Amazingly its not a route problem.  Its actually confirmed an issue with the
mail server.  Hense me asking for a mail services admin.  The issue is
confirmed from 3 locations with 3 different ISP's and I do actually know
whats going on.  I can connect to the server, but it will not allow me to
send messages, even when authenticated.  Returns a 554.  It has been doing
this with legitimate mail.  They do not have the ability to send outbound as
they get a 554 from their home office.  The secondary smtp server links me
to spamhaus saying that it will not allow relay based on an existing PBL
entry.  The PBL entry is because it's a residential DHCP connection, and the
PBL entry was put in place by the isp.  Please see
http://www.spamhaus.org/pbl/query/PBL191963 if you have questions.

So.  Again.  Looking for a GoDaddy Mail services Admin.

-Original Message-
From: Frank Bulk [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2008 9:07 PM
To: Blake Pfankuch; nanog@nanog.org
Subject: RE: Go daddy mail services admin

This would be when a tcp traceroute would be very helpful in diagnosing the
problem.

Frank

-----Original Message-
From: Blake Pfankuch [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2008 12:59 PM
To: nanog@nanog.org
Subject: Go daddy mail services admin

Could I get a godaddy mail admin to contact me off list?  Ive been working
with a client who has a hosted website and mail services and lost the
ability to communicate with their SMTP server about 6 weeks ago.  Been
through about 4 hours on the phone with Godaddy Support and Comcast.

Thanks


Blake Pfankuch
Connecting Point of Greeley
Network Engineer
970-356-7224
[cid:image001.jpg@01C9222A.D05DF880][cid:[EMAIL PROTECTED]







RE: Cisco interface - GB of transfer software

2008-09-30 Thread Blake Pfankuch
I would be interested in this as well.

-Original Message-
From: Dale Turner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2008 8:52 AM
To: nanog@nanog.org
Subject: Cisco interface - GB of transfer software

Good morning all,

I hope my post isn't too off topic but I was wondering if anyone is
using some open source or purchased software that would give me the
monthly Data transfer from cisco switch ports so I can monitor/bill
against some hosting customers. I know we can create our own but looking
to see if there was something that anyone is using and recommends.

Thank you very much

Dale Turner






RE: Go daddy mail services admin

2008-09-30 Thread Blake Pfankuch
Amazingly its not a route problem.  Its actually confirmed an issue with the 
mail server.  Hense me asking for a mail services admin.  The issue is 
confirmed from 3 locations with 3 different ISP's and I do actually know whats 
going on.  I can connect to the server, but it will not allow me to send 
messages, even when authenticated.  Returns a 554.  It has been doing this with 
legitimate mail.  They do not have the ability to send outbound as they get a 
554 from their home office.  The secondary smtp server links me to spamhaus 
saying that it will not allow relay based on an existing PBL entry.  The PBL 
entry is because it's a residential DHCP connection, and the PBL entry was put 
in place by the isp.  Please see http://www.spamhaus.org/pbl/query/PBL191963 if 
you have questions.

So.  Again.  Looking for a GoDaddy Mail services Admin.

-Original Message-
From: Frank Bulk [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2008 9:07 PM
To: Blake Pfankuch; nanog@nanog.org
Subject: RE: Go daddy mail services admin

This would be when a tcp traceroute would be very helpful in diagnosing the
problem.

Frank

-Original Message-----
From: Blake Pfankuch [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2008 12:59 PM
To: nanog@nanog.org
Subject: Go daddy mail services admin

Could I get a godaddy mail admin to contact me off list?  Ive been working
with a client who has a hosted website and mail services and lost the
ability to communicate with their SMTP server about 6 weeks ago.  Been
through about 4 hours on the phone with Godaddy Support and Comcast.

Thanks


Blake Pfankuch
Connecting Point of Greeley
Network Engineer
970-356-7224
[cid:image001.jpg@01C9222A.D05DF880][cid:[EMAIL PROTECTED]






Go daddy mail services admin

2008-09-29 Thread Blake Pfankuch
Could I get a godaddy mail admin to contact me off list?  Ive been working with 
a client who has a hosted website and mail services and lost the ability to 
communicate with their SMTP server about 6 weeks ago.  Been through about 4 
hours on the phone with Godaddy Support and Comcast.

Thanks


Blake Pfankuch
Connecting Point of Greeley
Network Engineer
970-356-7224
[cid:image001.jpg@01C9222A.D05DF880][cid:[EMAIL PROTECTED]


<><>

RE: the Intercage mess

2008-09-24 Thread Blake Pfankuch
Ok, as this seems to have turned into a pissing match, can we slow this down a 
bit?  50+ emails a day for a week and nothing good of it?  Yes yes we have 
purged the internet of evil.  Instead of all the bickering and finger pointing, 
let's do something worthwhile like helping identify the root of the problem.  
So abuse@ wasn't monitored previously.  It will be soon if you would give it a 
chance.  They are working on it, so I saw we lighten up on the pitchfork gig.  
Everyone put down the torches and stop screaming witch.  Let's give them some 
time to actually act on a lot of the information they are getting from 
anti-abuse, and anything usable they might have been able to filter out of this 
flood of a week on nanog.  Perhaps we could revisit this in a month, not as a 
bash and finger point but more as a "hey here is one more thing you could do to 
help keep your network clean."

-Original Message-
From: Paul Ferguson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 9:14 PM
To: William Pitcock
Cc: nanog@nanog.org
Subject: Re: the Intercage mess

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Sep 24, 2008 at 8:10 PM, William Pitcock
<[EMAIL PROTECTED]> wrote:

>
> I said _new_ approach. I agree that it was overdue, but they are being
> cooperative with the anti-abuse community, so I think it is appropriate
> to give them an opportunity to deliver on their promise. If they fail,
> then shut them off again.

That sounds reasonable to me.

>
> Esthost are nullrouted as of this morning. Even their administrative
> network is nullrouted.
>

That's only because after they tried to set up shop in NL, they were outed.

As I said, many eyes are watching -- and not just Atrivo/Intercage either.

Cheers,

- - ferg

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFI2wIBq1pz9mNUZTMRAjtDAKCHaW9XvIUoxbKLXNK3MsvKpPAyLQCeIM4b
io/ntq8rb6mcj6w+ZCvkGZQ=
=0Xnm
-END PGP SIGNATURE-

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/




UK DNS server

2008-08-09 Thread Blake Pfankuch
Hello.  Looking for a UK based DNS server that allows open relay.  Please 
contact me off list, using it to test a slightly problematic geo dns system.


RE: was bogon filters, now "Brief Segue on 1918"

2008-08-06 Thread Blake Pfankuch
Where I work we are more aimed towards the SMB market, and we do run into that 
issue a lot.  Of course a lot of the problem we run into is that the 
"engineers" who set up these SMB clients, even getting into some of the larger 
businesses just use what they always do.  I can think of one specific engineer 
who everything he does is 192.168.1.0/24 .254 gateway .1 server which has cause 
issues.  We have one particular client who has nearly 40 VPN's between partners 
and they have actually had to do a lot of natting at the vpn endpoint as they 
have 3 clients they connect to that are 10.0.1.0/24 and several that are 
192.168.0.0/24 however a lot of the newer VPN firewalls that we work with 
actually do a pretty slick job.  SonicWall NSA series devices have a "NAT VPN 
range" checkbox when you build the VPN and you just give it the range to use, 
as do the Fortinet devices.

-Original Message-
From: Darden, Patrick S. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 7:26 AM
To: nanog@nanog.org
Subject: was bogon filters, now "Brief Segue on 1918"


Was looking over 1918 again, and for the record I have only run into one
network that follows:

   "If two (or more) organizations follow the address allocation
   specified in this document and then later wish to establish IP
   connectivity with each other, then there is a risk that address
   uniqueness would be violated.  To minimize the risk it is strongly
   recommended that an organization using private IP addresses choose
   *randomly* from the reserved pool of private addresses, when
allocating
   sub-blocks for its internal allocation."

I added the asterisks.

Most private networks start at the bottom and work up: 192.168.0.X++,
10.0.0.X++, etc.  This makes
any internetworking (ptp, vpn, etc.) ridiculously difficult.  I've seen
a lot of hack jobs
using NAT to get around this.  Ugly.

--Patrick Darden


-Original Message-
From: Darden, Patrick S.
Sent: Wednesday, August 06, 2008 9:19 AM
To: 'Leo Bicknell'; nanog@nanog.org
Subject: RE: Is it time to abandon bogon prefix filters?



Yes.  1918 (10/8, 172.16/12, 192.168/16), D, E, reflective (outgoing
mirroring), and as always individual discretion.

--Patrick Darden


-Original Message-
From: Leo Bicknell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 9:10 AM
To: nanog@nanog.org
Subject: Is it time to abandon bogon prefix filters?



"Bogon" filters made a lot of sense when most of the Internet was
bogons.  Back when 5% of the IP space was allocated blocking the
other 95% was an extremely useful endevour.  However, by the same
logic as we get to 80-90% used, blocking the 20-10% unused is
reaching diminishing returns; and at the same time the rate in which
new blocks are allocated continues to increase causing more and
more frequent updates.

Have bogon filters outlived their use?  Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?

--
   Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/




RE: Cable Colors

2008-06-17 Thread Blake Pfankuch
Course it can still get a little rough.  In our noc we have a well working 
standard.

Blue == IPKVM
Black == Internal Data VLAN
Red == WAN VLAN
Green == Client managed device
Yellow == Client device (we manage)
White == to Desktop (or phone)
Pink == iSCSI
Orange == SAN fiber

Sadly we don't have any white and red (as someone else pointed out.  Poor new 
tech with no fingers)

-Original Message-
From: Matthew Kaufman [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2008 8:24 PM
To: Peter Wohlers
Cc: nanog@nanog.org
Subject: Re: Cable Colors

Peter Wohlers wrote:
> As you can see, by and large, people assign colors to functions. What
> color to what function varies like the wind. Unlike a previous employer
> whose colo-manager person insisted on using colors to represent cable
> lengths (Doh!), color -> function mapping seems pretty universal.

I used to do that too... Until I stood behind a rack trying to figure
out which of the 70 or so gray wires from the switch was the one going
to the box I was having the problem with. Then I bought as many
different colors as I could find, and mixed things up a bit.

Matthew Kaufman




RE: unsubscribe

2008-05-27 Thread Blake Pfankuch
Didn't even notice as my rule is set as [EMAIL PROTECTED]

-Original Message-
From: Jim Popovitch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 27, 2008 12:03 PM
To: [EMAIL PROTECTED]
Subject: Re: unsubscribe

On Tue, May 27, 2008 at 1:55 PM, Scott Weeks <[EMAIL PROTECTED]> wrote:
> Should 10,000 folks change what they do to what you ask because of that?

How many of those 10,000 would need to change, let alone notice a
change?  I suspect the number is less than 10 (that's ten, not ten
thousand).   ;-)

-Jim P.




Re: [NANOG] Charter Communications going to sniff traffic foradvertising?

2008-05-15 Thread Blake Pfankuch
I noticed this as well with a windows mobile device and activesync over the 
ail.  Enforcing SSL communication seems to have fixed it, as I no longer get 
these after doing that.  Of course this assumes that your mail server does not 
need plain text authentication.  I noticed this a lot when I was flying back 
and forth from Houston and DFW out of Denver.  Never identified the culprit of 
who was harvesting but

-Original Message-
From: Jean-Michel Planche [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 14, 2008 2:47 PM
To: Jake Matthews
Cc: nanog@nanog.org
Subject: Re: [NANOG] Charter Communications going to sniff traffic 
foradvertising?

In same spirit, something worst I think ...
If you are in some airport with a GSM/Wifi phone, you are going to  
receive a mail, from local Wifi provider to explain you how to reach  
his (local wifi) network.
Tested in Roissy / France, with iPhone. iPhone will switch from edge  
to wifi connection. I think that some application try to reach their  
server (like mail) and local provider sniff differents things (user  
name / mail sure but what about passwd ??) to send you back an email.
Interesting ...



-
Jean-Michel Planche blog: 
http://www.jmp.net
Chairman and co-founder Witbe   web : 
http://www.witbe.net
Follow me   
http://www.twitter.com/jmplanche
---
2.0 Monitoring : relevant End to End monitoring for critical app. and  
carrier class services



Le 14 mai 08 à 22:31, Jake Matthews a écrit :

> Apparently Charter is going to packetsniff its users and use that for
> commercial purposes.
>
> Looks like the only way to somewhat opt out is by getting a cookie set
> at the below link - which is not only a dumb idea, but still - not  
> even
> https.
> http://connect.charter.com/cas/portal/settings/privacyoptout.aspx
>
> Anyones thoughts on this?
>
> -j
>
>
> ___
> NANOG mailing list
> NANOG@nanog.org
> http://mailman.nanog.org/mailman/listinfo/nanog
>



___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog


Re: [NANOG] AT&T DSL problems?

2008-04-30 Thread Blake Pfankuch
Im hearing the same thing from qwest customers.  Whats weird is
sometimes they can ping the ip of the destination, but services like
HTTP HTTPS are not available.  I can duplicate it from a colom machine
in Chicago, but the site works fine from my house as well as the office.

-Original Message-
From: Roy [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 30, 2008 12:01 PM
To: nanog
Subject: [NANOG] AT&T DSL problems?

I am hearing of problems from AT&T DSL customer to some destinations on 
the Internet.  Is anyone else hearing these reports?

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog